Information notice pursuant to Art. 13 GDPR

Privacy Policy

Information notice on the processing of personal data pursuant to Regulation (EU) 2016/679 (GDPR) and Italian Legislative Decree 196/2003 as amended.

Last updated: 15 April 2026

1. Data controller

The data controller is {0}, located in {1}, VAT no. {2}, reachable at {3}.

2. Data collected from guests

When a guest registers and uses the portal to look for a beach establishment, book an umbrella for a specific time slot and complete the payment, we process the following categories of personal data:

  • identification and contact data (e.g. first name, last name, email, optional phone number);
  • account credentials and technical data (hashed password, IP address, access logs);
  • booking data (establishment, umbrella, date, time slot, amount);
  • payment data handled by external providers (e.g. PayPal); we do not store full payment card details;
  • user-generated content, such as reviews left after the stay and messages exchanged with our support.

3. Data collected from managers

Managers publishing one or more establishments on the portal provide the following categories of data:

  • identification and contact data of the reference person;
  • tax and business identification data (company name, VAT no., tax code, registered office, electronic invoicing code / SDI, certified email);
  • data related to the managed establishments (address, pictures, umbrella configuration, prices, opening hours);
  • data related to received bookings, payments, invoices and monthly turnover.

4. Purposes and legal bases of processing

Data is processed for the following purposes, each based on a specific legal ground:

  • Performance of contract (Art. 6.1.b GDPR) — account registration and management, handling of bookings, payments, operational communications and customer support.
  • Legal obligation (Art. 6.1.c GDPR) — accounting, tax, e-invoicing and anti-money laundering obligations.
  • Legitimate interest (Art. 6.1.f GDPR) — platform security, fraud prevention, service improvement and management of complaints or disputes.
  • Consent (Art. 6.1.a GDPR) — analytics and marketing cookies, optional promotional communications. Consent can be withdrawn at any time.

5. Hosting and technical data storage

The portal, the relational database and the uploaded files (logos, establishment pictures, attachments) are hosted by {0}, with servers located in {1}. The hosting provider acts as an external data processor pursuant to Art. 28 GDPR and adopts adequate technical and organisational measures (backups, access controls, encryption in transit) to ensure security and service continuity.

6. Recipients of the data

Personal data may be disclosed to the following categories of recipients, appointed as external data processors where applicable:

  • Hosting provider — SmarterASP.NET (server in Europa)
  • Payment provider — PayPal (Europe) S.à r.l. et Cie, S.C.A.
  • Transactional email service — SMTP provider used to send confirmation emails, review requests and service communications.
  • Analytics and marketing tools — Google Ireland Limited (Google Analytics, Google Ads)
  • Competent authorities — where required by legal obligations, court orders or supervisory authorities.

7. Transfers of data outside the EU

The use of Google Analytics and Google Ads may involve the transfer of personal data (in particular online identifiers and IP address) to the United States. Such transfers take place in compliance with the EU-US Data Privacy Framework and, where necessary, on the basis of the Standard Contractual Clauses approved by the European Commission (Art. 46 GDPR), together with supplementary measures such as IP address pseudonymisation and anonymisation.

8. Retention periods

Personal data is stored for the time strictly necessary for the purposes for which it was collected and, in any case, according to the following criteria:

  • account data: for the duration of the relationship and until deletion of the account by the user;
  • booking and payment data: 10 years, in compliance with civil and tax obligations;
  • invoices and accounting documents: 10 years from issuance (Art. 2220 of the Italian Civil Code);
  • data for direct marketing purposes: until consent is withdrawn;
  • access logs and security logs: maximum 12 months.

9. Cookies and similar technologies

The website uses technical cookies required to operate and, with the user's consent, analytics and marketing cookies (Google Analytics, Google Ads). Consent can be changed or withdrawn at any time through the cookie banner available at the bottom of the page.

Read the full Cookie Policy →

10. Rights of the data subject

The data subject can exercise at any time the following rights granted by Articles 15-22 GDPR:

  • right to access personal data;
  • right to rectify inaccurate or incomplete data;
  • right to erasure (right to be forgotten); guests can also request it from their personal area;
  • right to restriction of processing;
  • right to object to processing based on legitimate interest;
  • right to data portability;
  • right to withdraw consent, without affecting the lawfulness of processing carried out previously;
  • right to lodge a complaint with the supervisory authority: Italian Data Protection Authority — www.garanteprivacy.it

To exercise these rights you can write to {0}. We will reply within the timeframes set by the applicable law.

11. Automated decision-making

The data controller does not carry out fully automated decision-making, including profiling, that produces legal effects on the data subject or similarly significantly affects them.

12. Nature of data provision

Providing identification, contact and tax data required for registration, booking management and invoicing is mandatory: refusal makes it impossible to use the service. Providing data for marketing purposes is always optional.

13. Changes to this notice

This notice may be updated as a result of changes to the services, the infrastructure, the measurement tools used or the applicable legislation. Updated versions will always be published on this page with the date of the last update.