Legal · Privacy
Privacy
Policy
Last updated: March 2025 · Ca' Rina B&B, Breno (BS)
This Privacy Policy describes how Ca' Rina collects, uses, and protects personal data in accordance with EU Regulation 2016/679 (GDPR). By using this website or making a booking, you acknowledge that you have read and understood this notice.
01
Data Controller
The data controller is Ca' Rina, a bed & breakfast located at Viale 28 Aprile, 38 — 25043 Breno (BS), Italy. VAT: 03174060982.
For any privacy-related enquiry, you may contact us at info@carinabb.it.
02
Data We Collect
We may collect the following categories of personal data:
| Category | Examples | Source |
|---|---|---|
| Identity | First name, last name, ID / passport number | Provided by you |
| Contact | Email address, phone number | Provided by you |
| Booking | Check-in / check-out dates, number of guests | Provided by you |
| Payment | Transaction reference (no card data stored) | Payment processor |
| Technical | IP address, browser type, pages visited | Automatic (cookies) |
We do not collect sensitive categories of data (health, political opinions, etc.) and we never sell personal data to third parties.
03
Purposes of Processing
Your data is processed for the following purposes:
| Purpose | Detail |
|---|---|
| Booking management | Processing and confirming reservations, pre-stay communication |
| Legal obligations | Guest registration with local authorities (art. 109 T.U.L.P.S.) |
| Accounting | Invoicing and fiscal compliance |
| Customer care | Responding to enquiries and complaints |
| Website analytics | Understanding traffic and improving our pages (anonymised) |
| Marketing | Sending newsletters — only with explicit consent |
04
Legal Basis
Processing is based on one or more of the following legal grounds under GDPR Art. 6:
Contract performance — processing necessary to manage your booking and stay.
Legal obligation — mandatory guest registration with the Questura (Italian Public Safety authority).
Legitimate interests — website analytics and fraud prevention, where these do not override your fundamental rights.
Consent — marketing communications, which you may withdraw at any time.
05
Retention Period
Booking and guest data is retained for 10 years as required by Italian fiscal law.
Data collected for marketing purposes is kept until you withdraw your consent or for a maximum of 3 years from the last interaction.
Technical and browsing data (logs, cookies) is stored for no longer than 13 months.
After the applicable retention period, all data is securely deleted or anonymised.
06
Sharing & Transfers
Your data is never sold. It may be shared with:
Public authorities — the local Questura for mandatory guest registration.
Payment processors — third-party services that handle transactions under their own data protection frameworks.
Booking platforms — where a reservation originates from a third-party platform (e.g., Booking.com), their respective privacy policy applies to data shared with them.
IT providers — hosting and email services operating within the EU or under EU-adequate safeguards.
No data is transferred outside the European Economic Area without appropriate legal safeguards in place.
07
Cookies
This website uses cookies to ensure basic functionality and to understand how visitors interact with our pages.
| Type | Purpose | Duration |
|---|---|---|
| Technical | Session management, language preference | Session |
| Analytics | Anonymous traffic statistics (e.g., page views) | Up to 13 months |
| Marketing | Personalised content — only with consent | Up to 12 months |
You can manage or withdraw cookie consent at any time via our Cookie Policy page or through your browser settings.
08
Your Rights
Under the GDPR, you have the right to:
Access — obtain a copy of the personal data we hold about you.
Rectification — request correction of inaccurate or incomplete data.
Erasure — ask us to delete your data, where no legal obligation requires us to retain it.
Restriction — request that we limit processing in certain circumstances.
Portability — receive your data in a structured, machine-readable format.
Objection — object to processing based on legitimate interests or for direct marketing.
Withdrawal of consent — where processing relies on consent, you may withdraw it at any time without affecting prior lawful processing.
To exercise any of these rights, write to info@carinabb.it. We will respond within 30 days. You also have the right to lodge a complaint with the Italian Data Protection Authority ((((Garante per la protezione dei dati personali).
09
Minors
This website is not directed at children under the age of 16. We do not knowingly collect personal data from minors. If you believe a child has submitted personal data to us, please contact us immediately at info@carinabb.it and we will delete it promptly.
10
Changes to this Policy
We may update this Privacy Policy from time to time to reflect changes in law, our practices, or our services. The date at the top of this page indicates when the policy was last revised. We encourage you to review this page periodically.
Continued use of our website or services after changes are published constitutes acceptance of the updated policy.
11
Contact
For any question regarding this Privacy Policy or your personal data, you may reach us at:
Ca' Rina B&B
Viale 28 Aprile, 38 — 25043 Breno (BS), Italy
p style="margin-bottom:6px;">info@carinabb.it
p style="margin-bottom:0;">+39 376 282 4094