Privacy Policy En

With this document, the Casa Vacanze Ca’ Lodola accommodation facility provides users of the website https://calodola.it/ with information regarding the data collected and tracked through the website and its related subdomains, the purposes of this collection, and the rights that users can exercise regarding their personal data.

Data Controller

The Data Controller is:
San Gaetano Società Cooperativa Sociale
Via Don Sturzo 2 – 42020 Albinea (RE), Italy

For inquiries: info@calodola.it

Place of Data Processing

Data is processed at the registered office located at Via Don Sturzo 2 – 42020 Albinea (RE), Italy. For further information, you may contact the Data Controller at the email address provided above.

Information Collected and Data Processed

The Data Controller processes the following data:

  • Personal Identification Data: Name, surname, date and place of birth, tax code (codice fiscale), document number and expiry date, residential address, relating to the user and/or their minor child, provided to complete and submit a booking request.
  • Contact Details: Email address, residential address, phone number, IP address, as well as any further information voluntarily provided by the data subject, which might contain special categories of data regarding their health status. The aforementioned data may also be collected in relation to any third parties and/or children (including minors) sharing the stay.
  • Statistical Data: Browser type used, date and time of the website visit, and the physical address of the device from which the connection is made.
  • Payment Data: For direct bookings through the website, payments are managed via PayPal. The accommodation facility does not directly collect or process credit card data or IBAN details; such data is processed exclusively by PayPal under its own responsibility (see the section dedicated to Data Recipients).

By filling out the available form fields, the user consents to the processing of the provided data for the purpose of fulfilling the request.

Booking Channels and Data Processing

The property manages bookings through two distinct channels:

1. Direct Booking via Website (HBook Plugin)

Bookings made directly through the calodola.it website are processed via the HBook plugin. The data entered by the user in the booking form is processed by the Data Controller for the execution of the accommodation contract.

2. Booking via Booking.com

The property is listed on the Booking.com platform (Booking.com B.V., based at Herengracht 597, 1017 CE Amsterdam, Netherlands). For bookings made through this platform:

  • Booking.com acts as an independent Data Controller regarding the data collected on its own platform.
  • The property receives guest data from Booking.com (name, surname, contacts, booking details) and processes it exclusively for purposes related to the execution of the accommodation service.
  • Data processing by Booking.com is governed by its own Privacy Policy, which can be consulted at: https://www.booking.com/content/privacy.html
  • No channel manager is used: bookings from Booking.com are managed manually by the property.

Purposes of Data Processing and Legal Basis

The Data Controller processes the collected data in compliance with the principles of lawfulness, fairness, and transparency, in accordance with current legislation (Art. 13 of EU Regulation 679/2016), using appropriate organizational tools and measures to minimize risks related to data processing and to ensure data security. Specifically, data processing is carried out based on the following legal grounds:

  • To handle an information request received via the website contact form, email, or other communication tools: the processing is optional, and its legal basis is the user’s freely given consent. Failure to provide one or more data points will prevent the Controller from fulfilling the request.
  • To process a booking request: data is processed to execute the accommodation contract and any ancillary services (such as Wi-Fi service), or for the execution of pre-contractual measures taken at the request of the data subject (Art. 6, paragraph 1, letter b) of the GDPR). Failure to provide one or more data points makes it impossible to process the request.
  • Processing of special categories of data: Should it be necessary to process special categories of data, such as information concerning the health status of the data subject, this processing is carried out pursuant to Art. 9, paragraph 2, letters a) and g) of the GDPR, based on the informed and explicit consent of the data subject. Without such consent, it will not be possible to fulfill the request.
  • Website Optimization: To allow the website to function at its best through statistical analysis of traffic and user behavior. The processing is optional, and its legal basis is the user’s consent.
  • Legal Obligations: To comply with tax obligations and other legal requirements, pursuant to Art. 6, paragraph 1, letter c) of the GDPR.
  • Legitimate Interest: To protect the rights of the Data Controller in the event of disputes, and in any case of legitimate interest, pursuant to Art. 6, paragraph 1, letter f) of the GDPR.
  • Soft-Spam: For sending so-called “soft-spam” communications regarding services similar to those already booked, without the need for specific consent, pursuant to Art. 130, paragraph 4, of Italian Legislative Decree 196/2003. The legal basis is the legitimate interest of the Data Controller (Art. 6, paragraph 1, letter f) of the GDPR). The data subject can object to this processing at any time.

Data Retention Period

The Data Controller stores and processes data for the time strictly necessary to achieve each of the purposes indicated in this document.

  • Data collected for the provision of the accommodation service will be kept for the time necessary to perform the service, and in any case for a period not exceeding 10 (ten) years.
  • Data collected based on freely given consent may be kept until the user decides to withdraw their consent.
  • Data collected for marketing purposes will be stored for a maximum period of 24 months from the provision of consent, while data collected for profiling purposes will be stored for a period not exceeding 12 months.
  • Data processed for sending “soft-spam” communications will be kept for a period not exceeding 2 years from the last interaction between the data subject and the Data Controller.

The data subject may request the interruption of processing or the deletion of data at any time, unless there are prevailing legitimate reasons for the Controller to retain it.

Data Recipients

Recipients of the data, other than the Data Controller, include:

  • Natural and/or legal persons acting on behalf of the Controller under specific collaboration agreements (e.g., external collaborators, accountants, hosting providers).
  • Service providers for the management of invoicing and the IT system.
  • Public or private entities that can access the data in compliance with legal obligations (e.g., Public Safety Authorities / Questura), limited to the purposes for which the data was collected.

PayPal

For payments via the website, the property uses PayPal. The processing of payment data (including credit/prepaid card data) takes place directly under the responsibility of PayPal (Europe) S.à r.l. et Cie, S.C.A., with registered office in L-2449 Luxembourg. The property does not directly collect or process this data.

For information on data processing by PayPal, please refer to its Privacy Policy: https://www.paypal.com/webapps/mpp/ua/privacy-full

Booking.com

For bookings received via Booking.com, the property receives guest data transmitted by that platform and processes it exclusively for purposes related to the execution of the accommodation service. Booking.com acts as an independent data controller for data collected on its platform.

For information on data processing by Booking.com: https://www.booking.com/content/privacy.html

HBook (Booking Engine)

With reference to the direct booking service on the website, data processing is carried out through the HBook plugin. This entity may operate as a Data Processor.

The complete list of Data Processors can be requested from the Data Controller at any time by writing to info@calodola.it. Any further form of dissemination of the provided data is excluded.

Data Transfer Outside the EU

Some of the data recipients might process personal data outside the European Economic Area (EEA). In particular:

  • PayPal may transfer data to third countries. Such transfers take place in compliance with the guarantees provided by the GDPR, including the Standard Contractual Clauses (SCC) approved by the European Commission.
  • Booking.com, despite being based in the Netherlands (EU), may utilize technical infrastructure located in third countries. In this case as well, transfers take place in compliance with applicable legislation.

For further information on the safeguards adopted for extra-EU transfers, you can contact the Data Controller at info@calodola.it.

Cookie Policy

This website uses cookies. To learn more, users can consult the full Cookie Policy available on the website.

User Rights

If the processing is based on consent, the user can withdraw it at any time, in addition to being able to exercise the rights provided for by Articles 7, 15-22 of European Regulation 679/2016.

This free choice does not affect the lawfulness of the processing carried out before the withdrawal.

To exercise your rights, simply write to: info@calodola.it

In particular, the user may request:

  1. The purposes of the processing;
  2. The categories of personal data concerned;
  3. The recipients or categories of recipients to whom the personal data have been or will be disclosed;
  4. The data retention period, or the criteria used to determine that period;
  5. The existence of the right to request rectification, erasure of data, restriction of processing, or the right to object to such processing;
  6. The right to lodge a complaint with a supervisory authority (in Italy: www.garanteprivacy.it);
  7. If data is not collected from the user, any available information as to their source;
  8. The existence of automated decision-making, including profiling, as referred to in Art. 22 of the GDPR.

In addition to requesting the correction or rectification of data, the user may object to the processing, request its restriction, and request data portability in a structured, commonly used, and machine-readable format.

If the user believes that their data is not being processed in compliance with current legislation, they can write to the Data Controller, without prejudice to their right to lodge a complaint with the competent supervisory authority (Garante per la Protezione dei Dati Personali – www.garanteprivacy.it).

Existence of Automated Decision-Making

The Data Controller does not adopt any automated decision-making process pursuant to Art. 22 of the GDPR (EU Reg. 679/2016).

Last modified: June 16, 2026

Scroll to Top