top of page

Privacy Policy

Last Update: June 30, 2025

This Privacy Policy explains how Palazzo Piccinno (“we”, “us”, “our”) collects, uses, shares, and protects your personal data when you visit our website, contact us, or stay with us.
 

We comply with the EU General Data Protection Regulation (GDPR) and Italian data protection law.

1. Who we are (Data Controller)

  • Controller: CONTI srl (trading as Palazzo Piccinno)

  • Registered address: Via Coltura 41, 73052 Parabita (LE), Italy

  • VAT/Tax ID: IT05190120757

  • Email: palazzo.piccinno@palazzopiccinno.com

2. What data we collect

Identification & contact data

  • Full name, nationality, ID/passport details (as required by Italian public safety laws), date of birth, address, email, phone.


Booking & stay data

  • Dates of stay, room type, preferences (e.g., pillow, dietary needs), special requests, traveling companions, communications with us.
     

Payment & billing data

  • Partial card details (tokenized via payment processors), billing address, transaction amounts, invoices/receipts.


Marketing & communications data

  • Newsletter subscriptions, campaign engagement (opens, clicks), preferences and consents.


Technical & usage data (website/app)

  • IP address, device identifiers, browser type, pages viewed, session data, cookies/trackers (see Cookie Policy).


Experience/activities data

  • Bookings for experiences (e.g., transfers, dinners, boat tours, wellness), any relevant notes needed to operate them.


Sensitive data (only if strictly necessary and with consent)

  • Health-related notes you voluntarily share for accessibility or dietary reasons (e.g., allergies, mobility needs).
    We only process this with your explicit consent and solely to provide the requested service.

3. How we collect your data

Directly from you (website forms, email, phone, messaging apps, at check-in).

  • From booking platforms you use (e.g., Booking.com, Tablet/Michelin, Little Hotelier).

  • From payment providers when you pay online.

  • From partners when you book third-party experiences through us (only data needed to operate the service).

  • Automatically via cookies and similar technologies when you use our site (see Cookie Policy).

4. Why we process your data (Purposes) & legal bases

We process your data for:
 

  1. Managing bookings and your stay (contract performance; Art. 6(1)(b))

    • Confirming reservations, pre-arrival communication, check-in, room allocation, housekeeping coordination, check-out.

  2. Legal compliance (Art. 6(1)(c))

    • Registration with public security authorities (guest identity notification), tax & accounting obligations, consumer law, safety rules.

  3. Payments & fraud prevention (legitimate interests; Art. 6(1)(f); and/or contract; Art. 6(1)(b))

    • Processing payments through certified providers, preventing misuse.

  4. Personalising services & experiences (legitimate interests; Art. 6(1)(f); and/or consent for special categories)

    • Preparing amenities, activities, restaurant tips, wellness; handling allergies or accessibility on explicit consent (Art. 9(2)(a)).

  5. Communication & customer support (contract; Art. 6(1)(b); legitimate interests; Art. 6(1)(f))

    • Pre/post-stay messages, responding to inquiries.

  6. Marketing with your consent (consent; Art. 6(1)(a))

    • Newsletters, updates, offers via [Klaviyo or other ESP]. You can unsubscribe anytime.

    • For existing guests, we may send limited, related offers under legitimate interests (Art. 6(1)(f))—you can opt out.

  7. Website operations, analytics, and security (legitimate interests; Art. 6(1)(f); or consent via Cookie banner)

    • Improving site performance and content, preventing abuse, remembering preferences.

  8. Business operations (legitimate interests; Art. 6(1)(f))

    • Internal reporting, service quality, partner coordination.
       

We do not make decisions based solely on automated processing that produce legal effects concerning you (no automated decision-making).

5. Sharing your data (Recipients)

We share data only as necessary and under GDPR-compliant agreements:
 

  • Booking & PMS/IBE platforms: e.g., Booking.com, Tablet/Michelin, [Little Hotelier/other PMS].

  • Payment processors: e.g., [Stripe/Adyen/Nexi/SumUp] (we do not store full card data).

  • Email & marketing tools: e.g., [Klaviyo] (newsletter, campaigns).

  • Website hosting & CRM: e.g., [Wix/Framer/other host]; [CRM if used].

  • Experience partners: trusted providers (transfers, boat tours, wellness, restaurants) strictly for the booked service.

  • Professional advisors & authorities: accountants, legal counsel; law enforcement or authorities where required.

  • IT/security providers: to maintain our systems and safeguard data.
     

We do not sell your personal data.

6. Data retention

We retain data only as long as necessary for the purposes above:
 

  • Guest registry/public security: as required by Italian law.

  • Tax and accounting: typically 10 years (Italian Civil Code/Tax law).

  • Contracts/communications: for the statute of limitations (to manage claims).

  • Marketing data: until you withdraw consent or for a defined inactivity period (e.g., 24 months of no engagement).

  • Cookies/analytics: per the periods stated in our Cookie Policy.

7. Your privacy rights

Under GDPR, you have the right to:
 

  • Access your data and obtain a copy.

  • Rectify inaccurate or incomplete data.

  • Erase data (“right to be forgotten”) where applicable.

  • Restrict processing in certain cases.

  • Object to processing based on legitimate interests or direct marketing.

  • Data portability for data you provided to us, where processed by automated means and based on consent or contract.

  • Withdraw consent at any time (without affecting prior lawful processing).

  • Lodge a complaint with a Supervisory Authority.
     

To exercise your rights, contact us at palazzo.piccinno@palazzopiccinno.com.

8. Security

We maintain appropriate technical and organisational measures to protect your data, including secure hosting, access controls, encryption in transit where applicable (HTTPS), staff confidentiality commitments, and data-minimisation practices. No method is 100% secure, but we work to continually improve our safeguards.

9. Children's data

Our services are not directed to children under 18. We do not knowingly collect their data without parental consent. If you believe a child has provided us data, please contact us to delete it.

10. Cookies & similar technologies

We use cookies and similar technologies for site functionality, analytics, and (with consent) marketing.
 

  • On first visit, you can manage preferences via our Cookie Banner/Manager.

  • For details on categories, purposes, providers, and retention, see our Cookie Policy.

11. Social Media & External links

Our website and emails may link to external sites (Instagram, partners, press). We are not responsible for their content or privacy practices. Please review their privacy policies.

12.  CCTV

If CCTV operates on the premises, it is used solely for security and safety, limited to common areas, retained for a short period unless an incident requires longer retention, and shared only with competent authorities or service providers under contract. Signage is displayed where cameras are in use.

13. Hospitality partners & experiences

When you book an experience (e.g., transfers, dinners at Masseria Le Stanzie, boat rides with Mino, wellness with Manuel Verardi), we share only the data necessary to operate that service (e.g., name, date/time, dietary note). These partners act as independent controllers or processors depending on the service. You may also receive their privacy information directly.

14. Lawful refusal of service

We reserve the right to decline or cancel a reservation where required or permitted by law (e.g., identity verification issues, overbooking, policy violations, safety concerns). Any data processed for this assessment is limited and justified by legitimate interests and/or legal obligations.

15. Changes to this Policy

We may update this Policy from time to time. The latest version will always be published on our website with the effective date.

16. Contact us

For questions about this Privacy Policy, to exercise your rights, or to obtain details of data transfers and safeguards:
Email: palazzo.piccinno@palazzopiccinno.com
Address: Via Coltura 41, 73052 Parabita (LE), Italy

bottom of page