Policy & Cookie
Introduction and scope of application
Pursuant to EU Regulation 2016/679 (GDPR) and Legislative Decree No. 196/2003 as amended by Legislative Decree No. 101/2018, this policy describes how the Data Controller processes personal data both through the website and in the management of accommodation facilities, with reference to the data of users who consult the website and guests during the booking and stay phases and in compliance with legal obligations, including through the use of self-check-in systems.
1. Data controller
The data controller is Silvia Rigato, VAT number 03589681208, who can be contacted at the email address z8.apartments@gmail.com and on +39 375 8255993.
The Data Controller manages the following accommodation facilities:
• Z8 Apartments, operational headquarters: Via Guido Zucchini, 8, 40126 Bologna BO
• Affittacamere Biscotti22, operational headquarters: Via Giuseppe Petroni, 4, 40126 Bologna BO
This policy applies:
• to users who visit the website www.z8apartments.it;
• to guests of both facilities, even if they book through third-party portals or use external services to fill in their details (Vikey app).
2. Types of data processed
2.1 Data collected via the website
The following may be processed:
• Browsing data (IP address, browser, pages visited, time spent on the site).
• Data provided voluntarily in contact forms or information requests (first name, last name, email address, telephone number).
• Technical and session cookies (no persistent profiling cookies such as user tracking systems).
2.2 Data collected from guests of the facility
In relation to the reservation and stay, the following data is processed:
• personal data (first name, last name, date and place of birth), contact details (email, telephone number);
• identity document data for legal obligations;
• data relating to the stay and preferences;
• tax and accounting data (for invoicing);
• any photographic image provided during check-in via the Vikey App.
3. Purpose and legal basis of processing
Purpose | Legal basis |
Management of reservations and stays | Art. 6(1)(b) GDPR (performance of the contract) |
Legal obligations (Alloggiati Web, tax) | Art. 6(1)(c) GDPR (legal obligation) |
Authentication and verification via online check-in | art. 6(1)(b) GDPR |
Website security and anonymous statistics | Art. 6(1)(f) GDPR (legitimate interest) |
These categories derive from the principles of fairness, transparency, lawfulness, and minimization set forth in the GDPR. | |
4. Processing methods
The data is processed using electronic and manual tools, with technical and organizational measures in place to ensure security and confidentiality, in accordance with Articles 5 and 32 of the GDPR. The data will be processed by the Data Controller’s staff and collaborators and/or by external parties duly designated by contract as data processors and persons in charge of processing.
5. Recipients of the data
The data may be disclosed:
• to public authorities for legal compliance (e.g., communication of guests to the police headquarters);
• to external data processors (e.g., management software, online check-in services);
• to banks for payment management;
• to external consultants authorized to process data on behalf of the Data Controller.
The data will not be disclosed in an improper manner.
6. Data retention
The data will be retained:
• for the time necessary to execute the contract and fulfill legal obligations (e.g., tax obligations and reporting to public security authorities);
• for a period appropriate to the stated purposes.
7. Rights of the data subject
According to Articles 15-22 of the GDPR, the data subject has the right to:
• obtain confirmation of the existence of data concerning him/her;
• access, rectify, or erase the data;
• restrict or object to the processing;
• obtain data portability;
• withdraw consent where given, without prejudice to the lawfulness of the processing based on the consent given.
To exercise these rights, you may contact the Data Controller at the addresses indicated in section 1. You also have the right to lodge a complaint with the Italian Data Protection Authority.
8. Cookie policy
Cookies are pieces of information stored by the browser when a website is visited using any suitable device (such as a PC, tablet, or smartphone). Each cookie contains various data (e.g., the name of the server it comes from, a numerical identifier, etc.), may remain in the system for the duration of a session (until the browser is closed) or for long periods, and may contain a unique identification code.
The website www.z8apartments.it uses technical and session cookies that are necessary for the functioning and efficient use of the website; persistent profiling cookies are not used. The use of cookies complies with current legislation on cookies and privacy.
8.1 Consent
Any consent given by the User is stored by the Data Controller using a technical cookie. The User is informed both by the brief information notice in the banner displayed on the website until consent is given or denied, and by this extended information notice.
8.2 Online tools
Please note that the website www.youronlinechoices.com/it not only provides further information on cookies, but also allows you to check the installation of numerous cookies on your browser/device and, where supported, to disable them.
9. Transfer of data to third countries
Any transfers of personal data to third countries will be carried out exclusively with adequate safeguards in accordance with the GDPR (e.g., Standard Contractual Clauses).
10. Changes to the privacy policy
The Data Controller reserves the right to update this policy and will publicize it on the page where it is published. Users and guests are required to consult the policy regularly.
Final note
This policy has been drawn up in accordance with the principles and obligations of the GDPR and applies uniformly to online activities and guest management activities of the facilities listed.
For any requests or clarifications, please contact the Data Controller at the addresses indicated in section 1.
