Skip to main content

Privacy Policy

Pursuant to Art. 13 GDPR

Introduction

Before sharing any personal data, the Data Controller invites you to carefully read this Privacy Policy ("Privacy Policy"), as it contains important information on the protection of your personal data and on the security measures adopted to ensure confidentiality in full compliance with applicable law.

This Privacy Policy applies only to this website and does not apply to other websites that may be accessed through external links; it is intended as the notice provided under Art. 13 of applicable law for users interacting with this website.

The Data Controller informs you that your personal data will be processed according to principles of lawfulness, fairness, transparency, purpose limitation, storage limitation, data minimization, accuracy, integrity, and confidentiality.

Your personal data will therefore be processed in accordance with applicable legal provisions and confidentiality obligations.

Section 1 - Identity and contact details of the Data Controller

The Data Controller of your personal data is Angelo Poggi (hereinafter, the "Data Controller").

For any question regarding personal data processing, you may contact the Data Controller at the following certified e-mail (PEC): poggi.allegra@pec.it.

Section 2 - Categories of personal data, purposes, and legal basis

The personal data collected by the website are the following:

A) Browsing data

The website's IT systems collect certain personal data whose transmission is implicit in the use of Internet communication protocols.

These are information items not collected to be associated with you, but which by their nature could, through processing and association with data held by third parties, allow your identification.

This includes IP addresses or domain names of devices used to connect to the website, URI addresses of requested resources, request time, method used to submit the request to the server, size of the file obtained in response, numeric code indicating server response status (successful, error, etc.), and other parameters related to your operating system and IT environment.

These data are used to obtain anonymous statistical information on website use, to verify proper operation, to enable proper delivery of requested features, for security reasons, and to ascertain liability in case of potential cybercrimes against the website or third parties.

These data are deleted after 6 months and in any case no later than 12 months, in compliance with applicable laws.

B) Data voluntarily provided by the user

Through the website, you may voluntarily provide personal data such as your phone number and WhatsApp nickname/identifier by clicking on +39 351 441 0805 in the "About us" section.

You may also provide your e-mail address by sending a message to info@allegrasuites.it, also shown in the "About us" section.

The Data Controller processes these data in compliance with applicable law, assuming they refer to you or to third parties who have expressly authorized you to provide them on an appropriate legal basis.

In the latter case, you act as an independent data controller, taking full legal obligations and responsibilities, and you indemnify the Data Controller from claims by third parties whose data were processed through your use of the website in breach of applicable law.

By clicking the "Book now" button, you are redirected to the Wubook hospitality management platform. Personal data provided there are processed by Wubook according to its own Privacy Policy.

C) Browsing data collected via Google Analytics

Browsing data collected via Google Analytics include information on visited pages, time on site, traffic source, device type, and approximate geographic location.

These data are collected in aggregated and anonymous form and do not allow direct identification of the user.

Processing purposes and legal basis

a) To process your contact request submitted via WhatsApp or e-mail. Legal basis: Art. 6(1)(b) GDPR.

b) To establish, exercise, or defend legal claims, or whenever authorities exercise judicial functions. Legal basis: legitimate interest under Art. 6(1)(f) GDPR.

c) To comply with legal, regulatory, or EU obligations applicable to the Data Controller (e.g., tax/accounting obligations, requests from competent authorities). Legal basis: Art. 6(1)(c) GDPR.

d) Website browsing data via Google Analytics are collected only after the user's consent, which is the legal basis for processing.

Section 3 - Categories of recipients

The Data Controller will not disclose your personal data to third parties.

Section 4 - Processing methods and retention period

Your personal data are processed using electronic tools to ensure data security and confidentiality.

Your personal data are retained for no longer than necessary to achieve the purposes for which they are processed, without prejudice to legal retention periods.

Data you provide for requests or information are retained for 30 days from the request and then deleted.

Personal data may also be processed for a longer period if an interruption and/or suspension of limitation periods justifies extended retention.

Your personal data will not be transferred, sold, or moved outside EU countries.

Specific security measures are adopted to minimize risks of destruction, accidental loss, unauthorized access, or unlawful/non-compliant processing.

However, such measures cannot fully exclude risks of interception or compromise of personal data transmitted electronically.

Users are advised to ensure their devices are equipped with adequate software protections for data transmission (e.g., updated antivirus, firewall, anti-spam filters).

As described above, the website uses Google Analytics for browsing data collection only with user consent.

Google Analytics Privacy Policy: Privacy Policy - Privacy & Terms - Google.

Special categories of data: none of the personal data processed by the Data Controller fall within the special categories under Art. 9 of Regulation (EU) 2016/679. If such data are transmitted without explicit written consent, they will be deleted immediately.

Section 5 - Data subject rights

As a data subject, you may exercise your rights under the Regulation at any time by sending a written request to the PEC address indicated above.

Communications and actions taken by the Data Controller are free of charge; however, if requests are manifestly unfounded or excessive, especially repetitive, the Data Controller may charge a reasonable fee or refuse the request.

1) Right of access: obtain confirmation as to whether personal data are processed, access to such data and information under Art. 15 GDPR, and a copy of processed data.

2) Right to rectification: obtain correction of inaccurate data and completion of incomplete data.

3) Right to erasure: obtain deletion of personal data in the cases provided by Art. 17 GDPR, except where processing remains necessary for legal obligations or legal defense.

4) Right to restriction: obtain restriction of processing in the cases provided by Art. 18 GDPR.

5) Right to data portability: receive personal data in a structured, commonly used, machine-readable format and transmit them to another controller, where technically feasible.

6) Right to object: object to processing based on public interest or legitimate interest, unless overriding legitimate grounds exist or processing is necessary for legal defense.

7) Right to lodge a complaint: lodge a complaint with the competent Data Protection Authority, without prejudice to any other administrative or judicial remedy.

Last update: 25.03.26