Privacy policy

Website users

INFORMATION REGARDING THE PROCESSING OF PERSONAL DATA OF USERS OF THE WEBSITE WWW.ESTAY.IT PURSUANT TO ARTICLES. 13 AND 14 OF EU REGULATION 2016/679 (GDPR)

With this information, pursuant to the provisions of art. 13 of EU Regulation no. 2016/679 (also called “GDPR”), we wish to inform you regarding the processing of your personal data acquired and processed during your interaction with the website www.estay.it.

Use: With reference to the treatments resulting from booking stays via the linkBook, you can refer to the information dedicated toConductors.

With reference to the processing resulting from the sending of communications via the linkBecome a Local Manager, you can refer to the information dedicated toIndependent and coordinated collaborators, including ilocal managers.

Reference is also made tocookie information present on the website for any information relating to the processing of the interested party's browsing data. In this regard, it is specified that the purpose of such processing is to improve the functionality and quality of the Estay website, and that they are based on the legal basis of the legitimate interest of the Data Controller, except in the case of cookies operating with the express consent of the Data Controller. Interested. It is also specified that third-party suppliers of cookies must be considered externally responsible for the processing entrusted to them. Finally, please refer to the information provided by each cookie provider mentioned in the specific Estay information.

 

1. DATA CONTROLLER

The data controller is Estay s.r.l. with registered office in P.za Deffenu n. 9, 09125 – Cagliari (CA), in the person of its legal representative pro tempore. For any need relating to personal data, the Data Controller may be contacted via ordinary or registered mail delivered to the registered office indicated above, or via e-mail to the address amministrazione@estay.it, or via PEC at estaysrl@pec.net.

The Personal Data Protection Officer (RPD or DPO) is Mr. Giovanni Molinari, who can be contacted via e-mail at dpo@estay.it.

2. CATEGORIES OF PERSONAL DATA SUBJECT TO THE PROCESSING

The Data Controller processes the following categories of personal data relating to the Interested Party, provided or acquired during communication to the Data Controller by the Interested Party through the appropriate channels.form present on the site www.estay.it there linkContacts, Request It isEntrust us with your property:

  • Personal identification data: name and surname;
  • Contact details: email address and telephone number;
  • Any other data possibly contained in the text of the message.
  • Further data with specific reference to requests for information via the linkEntrust us with your property, and in particular:
    • Location of the property;
    • Type and image of the property.

3. PURPOSE OF THE PROCESSING AND LEGAL BASIS

The purpose of the processing is to be able to find the requests and communications transmitted by the interested party to Estay through the channels present on the website. The legal basis of such processing is the free and informed consent of the interested party, implicit in the request for feedback addressed to the Data Controller.

The provision of data for the purposes indicated above is instrumental, necessary and mandatory for the purposes themselves, therefore any failure to provide such data makes it objectively impossible to pursue them.

4. TREATMENT METHODS

The processing of personal data will take place in full compliance with the principles of confidentiality, correctness, necessity, relevance, lawfulness and transparency provided for by the GDPR. The processing and storage of personal data will be carried out using both paper and electronic tools, in compliance with current regulatory provisions. Suitable security measures will be observed to prevent the loss of personal data, illicit or incorrect use of the same or unauthorized access. The data will be processed exclusively by personnel authorized by the data controller who will be given specific instructions on the methods and purposes of the processing.

4.1. INFORMATION SPECIFIC TO THE ESTAY APP
The Estay app may require the use of the user's location. If explicitly requested by the app, this permission is for the sole purpose of ensuring its proper technical functioning.

User location data is NOT collected by the data controller in any way.

5. DATA CONSERVATION PERIOD AND CRITERIA

The duration of the processing will correspond to the process of replying to communications or evaluating browsing preferences. The data will be stored until and no later than the maximum period of1 years from the time of collection. This is without prejudice to extensions of the aforementioned deadlines due to the management of any disputes, as well as any derogation possibly provided for by Italian or Euro-Community regulations.

6. DATA COMMUNICATION

In addition to any communications required by law or by administrative or judicial authorities, all data collected and processed may be communicated to the following subjects, where necessary appointed external managers of the processing delegated to them, correct appointment and instructions provided in writing pursuant to art. 28, par. 3, GDPR:

  • business consultants; companies that provide maintenance or assistance on platforms and applications; specialists in information systems and company electronic devices, as well as their possible collaborators; business and management software providers, as well as providers of communication services such as email.

The data relating to communications between the interested party and the Data Controller may also be communicated to intermediaries in the real estate sector, including the associated company Estima s.r.l., with registered office in Viale Trieste n. 40, 09123 – Cagliari (CA), contactable at no. tel. +393499720364 e-mail address immobiliare@estima.re.it, with which Estay collaborates to carry out its business activities.

6.1. Data transfers to third countries

The Data Controller does not foresee transfers of personal data outside the European Economic Area. However, the data processed through the software and service providers listed below may transit through servers located outside the EEA.

Below are the links to which this Data Controller refers for consultation of the measures adopted by suppliers to adapt the protection of personal data to the standards required by the GDPR.

- Microsoft Corporation, with reference to servers located in the United States of America:

https://privacy.microsoft.com/it-it/privacystatement; https://privacy.microsoft.com/it-IT/; https://www.microsoft.com/it-it/trust-center/privacy?rtc=1; https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWRql1?culture=it-it&country=IT

(see attachment:Compliance with EU transfer requirements for personal data in the Microsoft Cloud).

- Google Ireland Limited, with reference to the email serviceGmail, equipped with servers located all over the world:

https://policies.google.com/privacy#inforetaining; https://policies.google.com/privacy/frameworks.

In this regard, it is noted that both Microsoft Corporation and Google Ireland Limited adhere to the FrameworkData Privacy Framework developed by the United States of America and the European Commission and declared adequate by the latter on 10 July 2023.

 

7. RIGHTS OF THE INTERESTED PARTY

At any time the interested party can exercise, pursuant to the articles. 15 et seq. of the GDPR 2016/679, the right to:

  • Access (art. 15 EU Regulation no. 2016/679);
  • Correction (art. 16 EU Regulation no. 2016/679);
  • Cancellation (art. 17 EU Regulation no. 2016/679);
  • Limitation (art. 18 EU Regulation no. 2016/679);
  • Portability (art. 20 EU Regulation no. 2016/679);
  • Opposition to processing (art. 21 EU Regulation no. 2016/679);
  • Revocation of consent to processing, if based on this legal basis, without prejudice to the lawfulness of the processing based on the consent acquired before the revocation (art. 7, par. 3 EU Regulation no. 2016/679);
  • Submit a complaint to the Guarantor Authority for the Protection of Personal Data and/or appeal to the competent Judicial Authority (articles 77 and 78 of EU Regulation no. 2016/679).

7.1 Details on the right to access data

The interested party has the right to obtain confirmation from the Data Controller as to whether or not personal data concerning them is being processed. Furthermore, where such processing is underway, the interested party has the right to obtain access to their personal data and the following information: purpose of the processing(s); categories of personal data processed; recipients or categories of recipients to whom the personal data have been or will be communicated; data retention period or criteria for determining this period; existence of the interested party's right to request rectification or deletion of personal data, or limitation of the processing of personal data concerning him/her; right to object to processing (where the right to object is provided for); right to portability.

The Data Controller is required to respond within one month from the date of receipt of the request, a period which can be extended up to three months in the case of particular complexity of the request.

7.2 Details on the right to complain

The interested party has the right to lodge a complaint with the Supervisory Authority. For further information on the right to lodge a complaint, please consult the institutional website of the Privacy Guarantor: www.garanteprivacy.it.

 

To exercise his rights and for any need relating to the processing that concerns him, the interested party can contact the Data Controller and the DPO by contacting them at the addresses indicated in par. 1