Privacy Policy

Last updated: 12 March 2026

This Privacy Policy explains how personal data is collected and processed through the website of Bernini Suites (the "Website"), in connection with information requests, direct bookings, and services related to the hospitality activity managed by Anima Servizi S.R.L.

1. Data Controller

Anima Servizi S.R.L.
Registered Office: Via Gaggini 36, Acquedolci, ME – 98070, Italy
VAT Number: IT03788430837
PEC: animaservizisrl@legalmail.it
Recipient Code: KRRH6B9

For any privacy-related request, the Data Controller may be contacted at the PEC address above and at any additional contact details published on the Website.

2. Categories of Personal Data Collected

The Website may collect and process the following categories of personal data:

identification and contact data, such as first name, last name, email address, phone number, and any information voluntarily provided by the user;
booking-related data, such as stay dates, number of guests, preferences, special requests, and information required to manage a reservation;
data transmitted through third-party booking platforms, where applicable;
payment and invoicing data, where necessary to manage bookings, issue invoices, or comply with legal obligations;
technical navigation data, such as IP address, browser type, device information, access date and time, referring pages, and system logs;
data relating to cookie preferences and consent choices;
any additional data provided by the user in communications sent via forms, email, phone, or other channels.

If the user voluntarily provides special categories of personal data — for example health-related information relevant to accessibility or accommodation needs — such data will only be processed where strictly necessary and on an appropriate legal basis.

3. Purposes of Processing and Legal Bases

a) Website operation and security

To ensure the proper functioning of the Website, maintain system security, prevent abuse, unauthorized access, fraud, and malicious activity.
Legal basis: legitimate interest of the Data Controller.

b) Handling information requests

To respond to inquiries, messages, requests for availability, and communications sent by the user.
Legal basis: pre-contractual measures taken at the request of the data subject.

c) Managing bookings and hospitality services

To process, confirm, modify, and manage direct bookings, provide pre-stay and post-stay assistance, manage check-in and check-out operations, and deliver services related to the stay.
Legal basis: performance of a contract and/or pre-contractual measures.

d) Compliance with legal obligations

To comply with obligations arising under applicable laws and regulations, including tax, accounting, public security, administrative, and record-keeping obligations.
Legal basis: compliance with a legal obligation.

e) Protection of legal rights

To establish, exercise, or defend legal claims and rights of the Data Controller.
Legal basis: legitimate interest of the Data Controller.

f) Marketing communications

Only if expressly activated and consented to by the user, to send promotional communications, offers, updates, newsletters, or information relating to Bernini Suites.
Legal basis: consent.

g) Analytics and advertising tools

Only if such tools are actually installed on the Website, to measure traffic, analyze usage, improve performance, and run advertising or remarketing activities.
Legal basis: consent, where required by applicable law.

4. Nature of the Provision of Data

Providing personal data for browsing the Website is technically necessary for its operation.

Providing data through contact forms, booking forms, email, or phone is optional. However, failure to provide the requested data may prevent the Data Controller from answering the request or managing the reservation.

Providing data required by law is mandatory where applicable. Failure to provide such data may make it impossible to complete, document, or manage the stay.

5. Source of Personal Data

Personal data may be collected:

directly from the user;
through communications sent by the user;
through third-party booking platforms, where applicable;
through technical systems used to operate the Website.

6. Recipients of Personal Data

Personal data may be shared, where necessary and relevant, with:

IT service providers, hosting providers, security providers, and website maintenance providers;
booking engine, PMS, channel manager, or related hospitality software providers, if used;
accountants, legal advisors, consultants, and administrative service providers;
payment service providers and banking institutions, where necessary;
public authorities or institutions where disclosure is required by law;
third-party platforms involved in reservations or services requested by the user.

Such parties will act, depending on the case, as independent data controllers or as data processors duly appointed by the Data Controller.

7. International Data Transfers

Some third-party services used by the Website may involve the transfer of personal data outside the European Economic Area. Where this occurs, such transfer will take place in accordance with applicable data protection law and subject to appropriate safeguards, including adequacy decisions, standard contractual clauses, or other lawful transfer mechanisms.

8. Data Retention

Personal data will be retained only for as long as necessary to fulfill the purposes for which it was collected, including compliance with legal, tax, accounting, and defensive obligations. As a general rule:

contact requests: for the time necessary to manage the request and any related follow-up;
booking and stay data: for the duration of the contractual relationship and the applicable limitation periods;
tax and accounting data: for the period required by law;
technical logs and security data: for a limited period proportionate to security needs;
marketing data: until consent is withdrawn or no longer valid.

9. Processing Methods and Security Measures

Personal data is processed using manual, electronic, and digital means, in accordance with the principles of lawfulness, fairness, transparency, minimization, and integrity. The Data Controller adopts appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction, alteration, or unlawful disclosure.

10. Data Subject Rights

Under applicable data protection law, the data subject has the right to:

access their personal data;
request rectification of inaccurate data;
request erasure of data, where applicable;
request restriction of processing;
object to processing, where applicable;
request data portability, where applicable;
withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal;
lodge a complaint with the competent supervisory authority.

To exercise these rights, the data subject may contact the Data Controller at: animaservizisrl@legalmail.it

11. Third-Party Websites

The Website may contain links to third-party websites or services. The Data Controller is not responsible for the privacy practices of such third parties. Users should review their respective privacy policies.

12. Changes to this Privacy Policy

This Privacy Policy may be updated from time to time. Any changes will be published on this page together with the updated revision date.