Skip to main content

Privacy Policy

Last Updated: 18 March 2026

1. Introduction

Palazzo Ceraselli ("we", "us", or "our") is a luxury hospitality property located in Martina Franca, Valle d'Itria, Apulia, Italy. We are committed to protecting your personal data and respecting your privacy in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation, or "GDPR"), the Italian Legislative Decree no. 196/2003 (Privacy Code) as amended by Legislative Decree no. 101/2018, and all applicable data protection laws.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website palazzoceraselli.com, make a reservation, stay at our property, or communicate with us in any other way.

2. Data Controller

The Data Controller responsible for your personal data is:

Edilrinnova SRL Strada Santantuono, Zona E, Int 1, Martina Franca (TA), 74015, Puglia, Italy

Email: privacy@palazzoceraselli.com

Website: www.palazzoceraselli.com

3. Personal Data We Collect

3.1 Information You Provide Directly

When you interact with us, we may collect the following categories of personal data:

  • Identity Data: full name, date of birth, nationality, passport or identity document number
  • Contact Data: email address, postal address, telephone number
  • Reservation Data: check-in/check-out dates, number of guests, room preferences, special requests
  • Financial Data: payment card details (processed securely through PCI DSS-compliant providers), billing address
  • Communication Data: messages, emails, or other correspondence you send us
  • Health and dietary information provided voluntarily for the purpose of tailoring your stay
  • Marketing preferences: your choices regarding receiving marketing communications

3.2 Information Collected Automatically

When you visit our website, we automatically collect certain technical data:

  • Device and browser information (type, operating system, browser version)
  • IP address and approximate geographic location
  • Pages viewed, time spent on pages, referral URLs, and navigation paths
  • Cookie identifiers and similar tracking technologies (see Section 8 – Cookies)

3.3 Information from Third Parties

We may receive personal data about you from third-party sources, including online travel agencies (OTAs) such as Booking.com, Airbnb, and Expedia; payment service providers; and review platforms.

4. Legal Basis for Processing

We process your personal data on the following legal bases under Article 6 GDPR:

  • Performance of a contract (Art. 6(1)(b)): to confirm and manage your reservation, process payments, and provide the requested hospitality services
  • Legal obligation (Art. 6(1)(c)): to comply with Italian hospitality law (public security registration requirements under TULPS), tax obligations, and anti-money laundering regulations
  • Legitimate interests (Art. 6(1)(f)): to improve our services, protect our property, prevent fraud, and conduct direct marketing to existing guests (where not overridden by your interests)
  • Consent (Art. 6(1)(a)): for non-essential cookies, newsletter subscriptions, and any processing activity for which we explicitly request your permission

Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

5. How We Use Your Personal Data

We use your personal data for the following purposes:

  • To process and manage reservations and bookings
  • To provide and personalise the hospitality experience during your stay
  • To process payments and prevent fraudulent transactions
  • To communicate with you regarding your booking, special requests, and pre-/post-stay correspondence
  • To comply with legal obligations, including registration of guests with the Italian Public Security Authority (Questura)
  • To send you newsletters, special offers, and promotional materials where you have consented or where we have a legitimate interest
  • To respond to your enquiries, feedback, and complaints
  • To conduct satisfaction surveys and improve the quality of our services
  • To operate and improve our website, analyse usage, and ensure technical security
  • To manage relationships with business partners, suppliers, and service providers

6. Sharing Your Personal Data

We do not sell, rent, or trade your personal data. We may share it with the following categories of recipients, strictly on a need-to-know basis:

  • Italian Public Security Authority (Questura): mandatory guest registration pursuant to Italian law (Art. 109 TULPS)
  • Revenue Agency (Agenzia delle Entrate) and tax authorities: for fiscal and invoicing compliance
  • Payment processors and banking institutions: to process transactions securely
  • Booking platforms and OTAs (e.g., Booking.com, Airbnb): where your booking originated from such a platform
  • IT and website service providers, including hosting companies and CRM providers, acting as Data Processors under GDPR Art. 28 agreements
  • Email marketing platforms (where you have subscribed to our newsletter)
  • Legal, accounting, and professional advisors bound by confidentiality obligations
  • Law enforcement or regulatory authorities when required by law

All third-party service providers are required to implement appropriate technical and organisational measures to protect your data.

7. International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). Where data is transferred to countries outside the EEA, we ensure an adequate level of protection through:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Binding Corporate Rules or other appropriate safeguards

You may request a copy of the safeguards applicable to your data by contacting us at privacy@palazzoceraselli.com.

8. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience, analyse website traffic, and support our marketing activities. Cookies are small text files placed on your device.

8.1 Types of Cookies We Use

  • Strictly Necessary Cookies: essential for the website to function (e.g., session management, security). Cannot be disabled.
  • Analytics Cookies: help us understand how visitors interact with our website (e.g., Google Analytics). Require your consent.
  • Marketing Cookies: used to deliver relevant advertising and track campaign effectiveness. Require your consent.
  • Functional Cookies: remember your preferences (e.g., language, currency). May require consent.

8.2 Managing Cookies

You can manage or withdraw your consent for non-essential cookies at any time via our Cookie Consent Banner or through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. For full details, please refer to our Cookie Policy.

9. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law:

Data CategoryRetention PeriodReservation and guest records10 years from check-out (Italian civil and tax law)Public security registration data (Questura)Minimum 5 years, as required by lawFinancial and invoicing records10 years (Italian fiscal law)Marketing dataUntil consent withdrawn; max 3 years inactiveWebsite analytics dataUp to 26 monthsCorrespondence and enquiries3 years from last contact

At the end of the applicable retention period, data is securely deleted or anonymised.

10. Your Rights Under GDPR

As a data subject, you have the following rights under the GDPR and Italian data protection law:

  • Right of Access (Art. 15): to obtain confirmation of whether we process your data and request a copy of it
  • Right to Rectification (Art. 16): to request correction of inaccurate or incomplete data
  • Right to Erasure / "Right to be Forgotten" (Art. 17): to request deletion of your data where there is no compelling reason for continued processing
  • Right to Restriction of Processing (Art. 18): to request that we limit the use of your data in certain circumstances
  • Right to Data Portability (Art. 20): to receive your data in a structured, machine-readable format and transfer it to another controller
  • Right to Object (Art. 21): to object to processing based on legitimate interests or direct marketing at any time
  • Right to Withdraw Consent (Art. 7(3)): where processing is based on consent, to withdraw it at any time
  • Rights related to automated decision-making (Art. 22): not to be subject to solely automated decisions that significantly affect you

To exercise any of these rights, please contact us at privacy@palazzoceraselli.com. We will respond within 30 days of receipt of your request. You will not be charged a fee unless your request is manifestly unfounded or excessive.

You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) at www.garanteprivacy.it, or with the supervisory authority of your country of residence within the EU.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. These measures include SSL/TLS encryption of data in transit, access controls and authentication measures, regular security assessments, staff training on data protection, and engagement of PCI DSS-compliant payment processors.

Notwithstanding these measures, no data transmission over the internet or electronic storage is entirely secure. In the event of a data breach likely to result in risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, inform you without undue delay.

12. Children's Privacy

Our services are not directed to children under the age of 16. We do not knowingly collect personal data from minors without verifiable parental consent. If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@palazzoceraselli.com and we will take steps to delete such data.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated policy on our website with the revised effective date. Where changes are significant, we will notify you by email or through a prominent notice on our website. We encourage you to review this page periodically.

14. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact:

Data Protection Contact

Edilrinnova SRL Strada Santantuono, Zona E, Int 1, Martina Franca (TA), 74015, Puglia, Italy

Email: privacy@palazzoceraselli.com

Website: www.palazzoceraselli.com