Privacy Policy
Last updated: February 2025
Trentino Short Stay ("we", "us", or "our") operates ItalyHoliday.org. This Privacy Policy explains how we collect, use, disclose, and protect your personal data in accordance with the EU General Data Protection Regulation (GDPR) and Italian data protection laws.
1. Data Controller
The data controller responsible for your personal data is Trentino Short Stay, based in Trentino, Italy. For any questions regarding your personal data, you may contact us through our contact page.
2. Data We Collect
We may collect the following categories of personal data: Identity data (first name, last name); Contact data (email address, phone number, country); Booking data (check-in/check-out dates, number of guests, property preferences); Payment data (processed securely by Stripe — we do not store card details); Technical data (IP address, browser type, device information, cookies); Usage data (how you interact with our Platform).
3. Legal Basis for Processing
We process your personal data based on the following legal grounds: Contract performance — to process your bookings and provide our services; Legitimate interest — to improve our Platform, prevent fraud, and communicate with you; Legal obligation — to comply with tax, accounting, and regulatory requirements; Consent — where you have given explicit consent, such as for marketing communications.
4. How We Use Your Data
We use your personal data to: Process and manage your bookings; Communicate with you about your reservations; Process payments through our secure payment provider; Send you service-related notifications; Improve our Platform and services; Comply with legal and regulatory obligations; Protect against fraud and misuse.
5. Data Sharing
We may share your personal data with: Property owners/managers — to facilitate your booking and stay; Payment processors (Stripe) — to process payments securely; Analytics providers — to help us understand Platform usage; Legal authorities — when required by law or to protect our rights. We do not sell your personal data to third parties.
6. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes described in this policy, or as required by law. Booking records are retained for the period required by Italian tax and accounting regulations.
7. Your Rights (GDPR)
Under the GDPR, you have the following rights: Right of access — to request a copy of your personal data; Right to rectification — to request correction of inaccurate data; Right to erasure — to request deletion of your data ("right to be forgotten"); Right to restriction — to request limited processing of your data; Right to data portability — to receive your data in a structured, machine-readable format; Right to object — to object to processing based on legitimate interest; Right to withdraw consent — where processing is based on consent. To exercise any of these rights, please contact us through our contact page.
8. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. This includes encrypted data transmission (SSL/TLS), secure authentication through Clerk, and secure payment processing through Stripe.
9. International Data Transfers
Some of our service providers may process data outside the European Economic Area (EEA). In such cases, we ensure appropriate safeguards are in place, such as EU Standard Contractual Clauses, to protect your data.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.
11. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us through our contact page. You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali).
