Privacy Policy
Last Updated: December 11, 2025
1. Introduction
Leonardo's Rooms ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you visit our website or make a booking.
2. Data Controller
The data controller responsible for your personal data is Leonardo's Rooms, located in Pontassieve, Florence, Italy.
3. Information We Collect
We collect the following types of personal data:
- Booking Information: Name, email address, phone number, payment card details, arrival/departure dates
- Communication Data: Messages sent via email, WhatsApp, or our website
- Technical Data: IP address, browser type, device information, cookies
- Usage Data: Pages visited, time spent on site, referring URLs
4. Legal Basis for Processing
We process your personal data based on:
- Contract Performance: To fulfill your booking and provide accommodation services (GDPR Art. 6(1)(b))
- Legal Obligation: To comply with tax, accounting, and anti-money laundering laws (GDPR Art. 6(1)(c))
- Legitimate Interest: To improve our services, prevent fraud, and ensure security (GDPR Art. 6(1)(f))
- Consent: For marketing communications, where applicable (GDPR Art. 6(1)(a))
5. How We Use Your Data
We use your personal data to:
- Process and confirm your booking
- Communicate with you about your reservation
- Process payments and prevent fraud
- Comply with legal and regulatory requirements
- Improve our website and services
- Send promotional offers (only with your consent)
6. Data Sharing
We may share your data with:
- Payment Processors: To process credit/debit card transactions securely
- Service Providers: Email services, hosting providers, analytics tools
- Legal Authorities: When required by law or to protect our rights
We do not sell your personal data to third parties.
7. Data Retention
We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy, typically:
- Booking Data: 10 years (Italian tax law requirement)
- Marketing Data: Until you withdraw consent
- Technical Data: Up to 2 years
8. Your Rights
Under GDPR and applicable data protection laws, you have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data (subject to legal obligations)
- Restriction: Limit how we process your data
- Portability: Receive your data in a structured, machine-readable format
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: For marketing communications
To exercise these rights, contact us at the email or phone number provided on our website.
9. Cookies
We use cookies to enhance your browsing experience, analyze site traffic, and personalize content. You can manage cookie preferences through your browser settings. For more details, see our Cookie Policy.
10. Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or misuse. However, no internet transmission is 100% secure.
11. International Transfers
Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure adequate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.
12. Children's Privacy
Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children.
13. Changes to This Policy
We may update this Privacy Policy from time to time. The latest version will be posted on this page with an updated "Last Updated" date.
14. Contact Us
If you have questions about this Privacy Policy or wish to exercise your rights, please contact us via email or WhatsApp. We will respond within 30 days.
15. Supervisory Authority
If you believe we have not handled your data properly, you have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) or your local supervisory authority.