Ravida Resort Privacy Policy (EN)

Effective date: June 20, 2025
Data Controller: Ravida Resort – VAT No. 06384840655
Privacy contact: ravida.pomodori.tech@gmail.com

1. Personal Data Collected

We collect only the information you voluntarily provide via the website (e.g., contact/booking forms) or by email/phone, including:

  • First and last name

  • Email address

  • Phone number

  • Request details (e.g., stay dates, number of guests, preferences)

  • Any additional notes you decide to share

(For mere website access, certain technical data may be processed automatically, such as IP address, user-agent, security logs. See the Cookie Policy, if available.)

2. Purposes of Processing

We use your data solely to:

  • Handle inquiries and booking requests and provide requested services (quotes, availability, confirmations).

  • Send service communications and customer support (e.g., booking changes, stay information).

  • Send occasional promotional communications (events, offers, news) only with your consent.

  • Ensure website security and prevent abuse (technical logs, antispam, intrusion prevention).

  • Comply with legal, tax, and accounting obligations related to service provision.

3. Legal Bases

We process personal data based on:

  • Performance of a contract or pre-contractual steps (Art. 6(1)(b) GDPR): managing inquiries/bookings, assistance.

  • Consent (Art. 6(1)(a) GDPR): marketing communications. The form includes an unchecked checkbox, and we log the consent date/time.

  • Legal obligation (Art. 6(1)(c) GDPR): tax and accounting compliance.

  • Legitimate interests (Art. 6(1)(f) GDPR): website security and protection of the Controller’s rights.

4. Data Retention

  • Inquiry/booking data: retained for the time needed to manage your request and, where a contract is formed, in line with statutory terms (e.g., tax records up to 10 years).

  • Marketing data: retained until you withdraw consent, which you can do at any time.
    To request deletion, write to ravida.pomodori.tech@gmail.com.

5. Recipients and Transfers

We may share data with external service providers (e.g., hosting, email/newsletter platforms, antispam and security tools) acting as Processors under Art. 28 GDPR.
We do not sell your data.
If any provider is located outside the EEA, transfers occur with appropriate safeguards (e.g., Standard Contractual Clauses or other applicable compliance mechanisms).

6. Security Measures

We implement appropriate technical and organizational measures, including:

  • HTTPS secure connection

  • Regular database backups

  • Role-based, password-protected access

  • Encryption of sensitive data where applicable

  • Hosting with providers certified to recognized security standards

7. Your Rights

You may exercise your rights under Articles 15–22 GDPR at any time:

  • Access, rectification, erasure

  • Restriction and objection to processing

  • Data portability

  • Withdrawal of consent (without affecting the lawfulness of prior processing)
    To exercise your rights, contact ravida.pomodori.tech@gmail.com.
    You also have the right to lodge a complaint with your Data Protection Authority (e.g., the Italian Garante).

8. Children

Our services are not intended for children under 14. If data from a child is received without parental/guardian consent, it will be deleted.

9. Policy Updates

We may update this policy periodically (e.g., yearly or when required by law/operations). Material changes will be highlighted via a banner or notice on the website.