|

Privacy Policy

Updated on 26.04.22

1. INTRODUCTION

We respect your privacy in line with Regulation (EU) 2016/679 (also referred to as GDPR). Our aim is to protect and safeguard your personal data when you use our website to book your stay with us. If you do not agree with this policy, we would kindly ask you not to continue using this website. Our booking online service is not intended for use by children.

The Data Controller is
Malù Messina bed & breakfast
Via Torrente, 10 | 98166 Sant'Agata (Messina)
VAT: 03349150833

and the Data Processor is QUOVAI S.r.l..

2. WHAT INFORMATION WE COLLECT, USE AND SHARE

We do NOT collect personal information about you when you browse our website anonymously. For users who make a reservation, we collect the following information when you complete our online form as part of the booking process:

  •     name
  •     surname
  •     e-mail address
  •     mobile phone number
  •     information disclosed voluntarily under guest NOTE, which could contain sensitive data relating to your health such as a disability, dietary preferences etc.
  •     credit card details if you choose that method of payment

If you send a request for information via our contact form, we collect the following information in order to respond to your query:

  •     name
  •     surname
  •     e-mail address
  •     information disclosed voluntarily under guest NOTE, which could contain sensitive data relating to your health such as a disability, dietary preferences etc.

We receive bookings from third parties: OTAs, travel agencies, social media sources and otherwise. In such cases, we are supplied with a minimal set of personal data such as guest’s name and surname and, in certain cases, telephone number and/or email address in line with your settings on those third party services.

We share a Data Processing Agreement with our EU-based PMS cloud vendor (PMS QUOVAI) to process our reservations and manage our property. The vendor is compliant with the Regulation (EU) 2016/679 (GDPR-compliant).

The personal data supplied to us from our website or by phone, fax, email, chat, in person, via the OTAs, travel agencies or otherwise are processed by the PMS in order to: deliver a quote; complete the booking process; complete the documentation foreseen by the Italian law on Public Security (sending of notifications to the Public Security Authority – article 109 del T.U.L.P.S., which includes personal information on date of birth, nationality, city of residency and passport/ID card with a photo; notifications to ISTAT (National Institute of Statistics – Regulation (EU) 692/2011); calculate the tourist tax; prepare invoices or receipts for fiscal purposes; retain statistics to measure our performance and respect COVID-19 regulations.

Your credit card details (name, card number and expiry date) are collected by Auric Systems. AuricVault (as part of Auric Systems) provides a safe and secure off-site PCI compliant storage service for credit card account numbers.

3. LEGAL BASIS FOR PROCESSING

Our lawful basis for processing is based on:

  •     Performance of the contract (short-term paid holiday). The legal basis is Article 6 1b) of Regulation (UE) 2016/679.
  •     Consent (e.g., we will only send you (adult of the guest party) marketing information where you have opted in to receive these communications. You can opt out of receiving marketing material at any time using the unsubscribe link that can be found at the end of each email that we send). The legal basis is Article 6 1a) of Regulation (UE) 2016/679.
  •     Legal obligation (in relation to public security and other accounting and fiscal requirements). The legal basis is Article 6 1c) of Regulation (UE) 2016/679.

4. DISCLOSURE TO THIRD PARTIES

We do NOT share, trade or sell your personal information to any company or third parties. We may disclose personal information if required to do so by law, Court order or for the purposes of prevention of fraud or other crime or to protect our rights. If we are acquired by a third party, in which case personal data held by us about its guests/contractors will be one of the transferred assets.

5. PLACE OF DATA PROCESSING

Data processing takes place at our headquarters and at the HETZNER data centers, which are located in Germany. No data transfer is made outside of the European Union.

6. SAFEGUARDING OF YOUR PERSONAL DATA

To prevent unauthorised access to your personal information and maintain data accuracy, we are guaranteed by our PMS service provider that the appropriate physical and electronic measures have been taken to safeguard and secure the information that we collect online.

7. COOKIE POLICY

For further information, please refer to our Cookie policy.

8. RETENTION OF YOUR PERSONAL DATA

We will hold your personal information for as long as is necessary for the activity in question. Your tokenised credit card data and Public Security data are deleted 5 days after your check-out. We do not collect any special categories of personal data. Nevertheless, if you enter this information into any free text section of our site, such as the request form or during the booking process, this information (if identified as such) will be deleted 5 days after your check-out.

Your e-mail address is kept for marketing purposes only (subject to your explicit consent).

Based on our business activities, we have decided to conduct regular audits and to check through our records to make sure that we are not holding onto personal data for too long or deleting it prematurely.

9. LINKS TO OTHER SITES

Our website may contain links to other websites of interest such as Google Maps. Nevertheless you should note that we do not have any control over those websites. Therefore, once you have used these links to leave our website, we are not responsible for the protection and privacy of any information that you provide whilst visiting such sites. These sites are not governed by our privacy policy. You should exercise caution and carefully read their privacy policy.

10. YOUR DATA PROTECTION RIGHTS

Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.

  •     Your right of access
  •     Your right to rectification
  •     Your right to erasure
  •     Your right to restriction of processing
  •     Your right to data portability
  •     Your right to make a complaint

You also have recourse to the Data Protection Authority:

  •     Garante per la Protezione dei Dati Personali: Piazza di Monte Citorio n. 121, Rome, 00186, Italy
  •     Tel: + 39 06 69677-3785
  •     Web site: www.garanteprivacy.it/

11. CONTACT US

  •     If you have a query relating to the processing of your personal data, please email us at supporto@quovai.com.
  •     If you are unable to make a query in writing, please ring us at + 39 02 87198048.

12. UPDATES

  • We reserve the right to amend or modify this Privacy Policy at any time and in response to changes in applicable data protection and privacy legislation.
  • Please therefore re-visit this Privacy Policy regularly to stay informed. The date at the top of this Privacy Policy indicates when it was last updated.

Previous versions of this Policy will be archived here. Currently, this is the first version.