Skip to main content






Privacy Policy – La Bella Palermo

Privacy Policy

(pursuant to Article 13 of Regulation (EU) 2016/679 – “GDPR” and applicable Italian data protection laws)

1. Data Controller

The Data Controller is La Bella Palermo (hereinafter, the “Controller”).
Address: [insert full address]
Email: info@labellapalermo.com
Website: https://www.labellapalermo.com

2. Types of Data Processed

During navigation and use of this website, the following types of personal data may be collected:

  • Personal and contact data voluntarily provided by users (such as name, surname, email address, and phone number) through contact or booking forms, as well as any preferences or notes related to stays or services.
  • Browsing data (e.g., IP address, browser type, operating system, pages visited, access date and time), automatically collected by the website’s systems.
  • Cookies and tracking technologies (technical, analytical, and, subject to consent, profiling or third-party cookies). More information is available in the Cookie Policy.

3. Purposes and Legal Basis for Processing

Personal data are processed for the following purposes:

a) to respond to requests for information or quotes submitted via the website forms (legal basis: performance of pre-contractual measures);
b) to manage bookings, stays, contracts, payments, invoicing, and administrative or tax obligations (legal basis: performance of a contract and legal obligation);
c) to send promotional communications or newsletters, where explicitly requested and consented by the user (legal basis: consent);
d) to perform statistical analyses (in aggregated/anonymous form) on website usage and to improve the services provided (legal basis: legitimate interest of the Controller);
e) to comply with legal obligations or respond to lawful requests from public authorities (legal basis: legal obligation).

Providing personal data is optional; however, failure to provide certain information may make it impossible to deliver the requested service.

4. Processing Methods

Data are processed manually and electronically, in compliance with the principles of lawfulness, fairness, transparency, and data minimization. Access to personal data is restricted to authorized personnel and to third-party service providers appointed as Data Processors under Article 28 of the GDPR.

5. Data Retention

Data are retained only for as long as necessary to fulfill the purposes for which they were collected:

  • Contact requests: up to 12 months after the last communication.
  • Contractual/tax data: for the period required by applicable law (up to 10 years).
  • Marketing/newsletter data: until consent is withdrawn.

6. Data Communication and Transfers

Personal data will not be publicly disclosed. They may be shared with service providers and partners acting on behalf of the Controller (e.g., hosting, IT maintenance, booking platforms, consultants) or with public authorities when required by law.
Any transfer of data outside the European Economic Area (EEA) will occur in compliance with Articles 44–49 of the GDPR, ensuring appropriate safeguards (e.g., adequacy decisions, standard contractual clauses).

7. Data Subject Rights

The user, as data subject, may exercise at any time the rights provided for in Articles 15–22 of the GDPR, including the right to access, rectify, erase, restrict or object to processing, and to data portability.
Consent may be withdrawn at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Requests should be sent to info@labellapalermo.com.
Data subjects also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali).

8. Cookies and Tracking Technologies

The website uses necessary technical cookies, and, subject to user consent, analytical and profiling cookies (including third-party cookies).
Upon first visit, a cookie banner allows the user to accept, reject, or customize preferences. Preferences can be changed at any time using the “Cookie Settings” link.
Detailed information on the types of cookies used, their purposes, and third parties involved is available in the Cookie Policy.

9. Data Security

The Controller implements appropriate technical and organizational measures to ensure a level of security proportionate to the risk, including HTTPS encryption, restricted access, and regular backups.
Any personal data breaches will be managed in accordance with Articles 33 and 34 of the GDPR.

10. Minors

The website’s services are not intended for children under 14 years of age. Should data from minors be inadvertently collected, the Controller will promptly delete them.

11. Updates to This Policy

This Privacy Policy may be updated periodically to reflect changes in legal requirements or website functionalities. The latest version will always be available on this page.

Last updated: October 31, 2025