1. Data Controller

The Data Controller is Bagni D’Arienzo S.r.l., headquartered at Via Pasitea, 71 – 84017 Positano (SA), Italy, VAT ID: IT02972990655.

Contacts:

• Email: reservation@solepositano.com
• Telefono/WhatsApp: +39 089 097 8253

2. Scope and Legal Framework

This Policy applies to personal data collected via:

• https://solepositano.com/
• https://booking.solepositano.com

Legal frameworks covered:

• GDPR (EU): access, rectification, deletion, portability, objection
• CCPA/CPRA (California): right to know, delete, restrict data sharing
• DMA (EU): transparency and fairness in processing
• LGPD (Brazil): principles of purpose, necessity, accountability
• POPIA (South Africa): explicit consent, security safeguards

3. Purposes and Legal Bases

Purpose	Legal Basis
Booking management, customer support	GDPR Art. 6(1)(b); LGPD: contractual execution; CCPA: operational necessity
WhatsApp/SMS notifications	Explicit consent during booking
Newsletter/promotions	Consent (non-customers); legitimate interest (existing customers)
Accounting, tax compliance	GDPR Art. 6(1)(c); LGPD: legal obligations; POPIA: specific purpose
Targeted advertising	Cookie-based consent; CCPA: restrictions on data “sale”

Note: Failure to provide mandatory data may result in service denial.

4. Marketing and Communications

• WhatsApp/SMS: only with explicit opt-in; unsubscribe by replying “STOP” or contacting us
• Newsletter: consent-based for new users; legitimate interest for clients. All emails include an “unsubscribe” link
• Cookie/Consent Mode: preferences managed via cookie banner

5. Data Subject Rights

Jurisdiction	Rights
GDPR	Access, rectification, deletion, restriction, portability, objection
CCPA/CPRA	Access to data (12 months), deletion, opt-out of sharing
LGPD	Confirmation, anonymization, explanation of processing
POPIA	Rectification, consent withdrawal, data portability

To exercise your rights:

• Email: reservation@solepositano.com
• WhatsApp/SMS: +39 089 097 8253

6. Data Recipients

Data may be shared with:

• Technical providers (hosting, email tools)
• Legal/tax authorities
• Marketing platforms (e.g., Google, Meta) with prior consent

Transfers outside the EU are covered by appropriate safeguards (e.g., Standard Contractual Clauses).

7. Data Retention

Data Type	Retention Period
Booking & contracts	Up to 5 years (Italian Civil Code Art. 2948)
Tax documents	10 years (Italian Civil Code Art. 2220)
Marketing data	Until consent withdrawal

8. Cookies and Online Tracking

• Technical cookies: essential for the site
• Marketing cookies: subject to consent (e.g., Google Ads, Meta)
  Manage settings via banner or Cookie Policy.

9. Data Security

We implement technical and organizational measures to protect personal data from unauthorized access, loss, or unlawful processing.

10. Policy Updates

This Privacy Policy may be updated to remain compliant with legal requirements.
Last updated: 02/05/2025