Datenschutzrichtlinie
1. DATA CONTROLLER
The Data Controller is:
Giulio Conti – Loft SPA Massa Marittima
Via Populonia 14, 58024 Massa Marittima (GR), Italy
For any request regarding the protection of personal data, you may contact us using the details above.
2. TYPES OF DATA COLLECTED
By browsing our website and using our services, we may collect the following categories of personal data:
2.1. Data voluntarily provided by the user
• First and last name
• Email address
• Phone number
• Payment and billing details (in case of direct bookings)
• Information provided through contact forms
2.2. Data collected automatically
• IP address
• Browser type and device used
• Pages visited and time spent on the site
• Cookies and tracking technologies (see Cookie Policy)
3. PURPOSES OF PROCESSING AND LEGAL BASIS
The collected data are processed for the following purposes:
Purpose
Legal Basis
Providing booking and hospitality services
Performance of a contract (Art. 6(1)(b) GDPR)
Responding to user requests
User consent (Art. 6(1)(a) GDPR)
Fulfilling legal and tax obligations
Legal obligation (Art. 6(1)(c) GDPR)
Improving the website and user experience
Legitimate interest (Art. 6(1)(f) GDPR)
Marketing activities
User consent (Art. 6(1)(a) GDPR)
4. DATA RETENTION
Personal data are retained for the time strictly necessary for the purposes for which they were collected, and specifically:
• Booking and contract data → up to 10 years (tax and accounting obligations)
• Contact and request data → up to 12 months
• Marketing data → until consent is withdrawn
• Cookies and browsing data → as specified in the Cookie Policy
5. DATA SHARING
Personal data will not be sold to third parties, but may be shared with:
• IT and hosting service providers (website operation)
• Payment platforms (for bookings)
• Competent authorities, where required by law
All third parties are bound by confidentiality and GDPR compliance obligations.
6. TRANSFER OF DATA OUTSIDE THE EU
Data may be transferred to service providers located outside the European Economic Area (EEA). In such cases, we ensure that transfers comply with the Standard Contractual Clauses approved by the European Commission or other lawful safeguards under the GDPR.
7. USER RIGHTS
Under Articles 15–22 of the GDPR, you have the right to:
• Access your personal data
• Request rectification or updates
• Request deletion (“right to be forgotten”)
• Restrict processing
• Receive your data in a portable format
• Withdraw consent (for consent-based processing)
• Object to processing based on legitimate interest
To exercise your rights, you may send a request to: info@loftspa.it
If you believe that your data is being processed in violation of the GDPR, you may lodge a complaint with the Italian Data Protection Authority: www.garanteprivacy.it
8. DATA SECURITY
We adopt technical and organisational measures to protect personal data from unauthorized access, loss, or alteration.
9. COOKIE POLICY
Our website uses technical, analytical, and profiling cookies. For more details on their use, please refer to our Cookie Policy.
10. CHANGES TO THIS PRIVACY POLICY
We reserve the right to modify this Privacy Policy at any time. Updates will be published on this page along with the date of revision.
Loft SPA Massa Marittima
Effective date: February 2025