Privacy Policy
Last updated: December 30, 2025
This Privacy Policy describes how personal data is collected, used and protected when users browse and use the website
https://gardarentals.com (the “Website”), in accordance with Regulation (EU) 2016/679
(“GDPR”) and applicable Italian data protection laws.
1. Data Controller
The Data Controller of the personal data is:
Mattia Accordini, sole proprietor of
Garda Property Management di Mattia Accordini
Registered office: Località Gazzoli 20, 37010 Costermano sul Garda (VR), Italy
VAT No.: 04702540230
Email: privacy@garda.management
Phone: +39 351 971 2680
The Data Controller determines the purposes and means of the processing of personal data.
2. Types of Data Processed
a) Personal data voluntarily provided
Personal data may include, but is not limited to:
- First name and last name
- Email address
- Phone number
- Residential or billing address
- Data submitted through contact forms
- Information required to manage bookings
b) Booking and stay data
When a booking is made, data related to:
- Guests
- Dates of stay
- Payment preferences
- Payment status and amount
may be processed. Partial payment information (e.g. last four digits of a credit card or IBAN, payment date and amount)
may be visible.
Bookings are managed through Beds24, used as a Property Management System (PMS) and channel manager.
c) Browsing data
Technical browsing data (such as anonymized IP address, browser type and operating system) may be collected to ensure
proper website functionality and security.
3. Purposes and Legal Basis of Processing
| Purpose | Legal basis (Art. 6 GDPR) |
|---|---|
| Handling information requests | Art. 6(1)(b) |
| Managing bookings and stays | Art. 6(1)(b) |
| Payment management | Art. 6(1)(b) |
| Tax and accounting obligations | Art. 6(1)(c) |
| Mandatory communications to public authorities (Alloggiati Web, ISTAT, local authorities) | Art. 6(1)(c) |
| Website security and abuse prevention | Art. 6(1)(f) |
| Anonymous statistical analysis of website traffic | Art. 6(1)(f) |
4. Processing Methods
Personal data is processed using electronic and IT tools, in compliance with the principles of lawfulness, fairness,
transparency, data minimization and security required by the GDPR.
Appropriate technical and organizational measures are adopted to protect data against unauthorized access, loss or
unlawful disclosure.
5. Service Providers and Data Recipients
Personal data may be processed by third-party service providers supporting the business activity, including:
- Beds24 – booking and property management system (Data Processor)
- Stripe and other payment service providers – independent Data Controllers for payment data
- Kinsta and Hostinger – hosting and technical infrastructure providers
- IT service providers and technical consultants
Where required, such providers are appointed as Data Processors pursuant to Article 28 GDPR.
6. Data Transfers Outside the EU
Personal data is primarily processed within the European Union. Any transfer of data to non-EU countries takes place
only where appropriate safeguards are in place, such as adequacy decisions or Standard Contractual Clauses approved by
the European Commission.
7. Website Analytics
The Website uses Fathom Analytics, a privacy-focused analytics tool.
- No cookies are used
- No cross-site tracking is performed
- No personally identifiable data is collected
- IP addresses are anonymized
No profiling or marketing tracking tools are used.
8. Third-Party Content and Services
The Website may integrate:
- Google Maps to display property locations
- YouTube for embedded video content
- Messaging services such as WhatsApp
Interaction with these services is governed by the respective providers’ privacy policies.
9. Data Retention
Personal data is retained for a period of time no longer than necessary to achieve the purposes for which it is
processed, in accordance with the data minimization and storage limitation principles set out in Article 5(1)(e) of
the GDPR.
In particular:
-
contractual, tax and accounting data is retained for the period required by applicable law, generally up to
10 years, in order to comply with legal obligations; -
booking and stay-related data may be retained for longer periods where this is necessary for managing the
relationship with the guest, for administrative and organizational purposes, and to allow the handling of future
stays by returning guests; - contact data collected for information requests is retained for the time necessary to process the request.
Personal data may be deleted or anonymized at the request of the data subject, provided that no legal obligations or
legitimate grounds require its continued retention.
10. Data Subject Rights
Data subjects may exercise the rights provided for by Articles 15–22 GDPR, including:
- Right of access
- Right to rectification
- Right to erasure
- Right to restriction of processing
- Right to object
- Right to data portability
- Right to withdraw consent, where applicable
Requests may be sent to: privacy@garda.management
Data subjects also have the right to lodge a complaint with the competent supervisory authority, in particular the
Italian Data Protection Authority (Garante per la Protezione dei Dati Personali).
11. Changes to this Privacy Policy
This Privacy Policy may be updated from time to time. Any changes will be published on this page together with the
updated revision date.