LumaLuma Apartments
Book
Back to home

Privacy Policy

Last updated: 9 May 2026

This policy describes how personal data of users who visit and use the website lumaapartment.it ("the Site"), managed by the data controller referred to in section 1, is processed. The processing of personal data is carried out in compliance with Regulation (EU) 2016/679 (GDPR) and applicable national legislation.

1. Data Controller

The data controller is Nicolò Guglietta, reachable at the email address infolumapartment@gmail.com for any request relating to the processing of personal data.

2. Data Protection Officer

The Data Protection Officer (DPO) is Nicolò Guglietta, reachable at the email address infolumapartment@gmail.com.

3. Personal data collected

Data voluntarily provided through the contact form

First name, last name, title, email address, preferred stay dates (check-in and check-out), number of guests, apartment of interest, optional message. Providing first name, last name and email is required to respond to the request; the other fields are optional.

Browsing data

The computer systems and software procedures used to operate the Site acquire, in the course of their normal operation, certain data whose transmission is implicit in the use of Internet communication protocols: IP address, browser type, operating system, date and time of visit, pages visited, referral source. Such data are used solely to obtain anonymous statistical information about Site usage and to verify its correct functioning, and are periodically deleted.

Technical cookies

The Site uses technical cookies necessary for its operation, including the language preference cookie (i18n_locale). For detailed information on cookies, please refer to the Cookie Policy accessible via the "Cookie preferences" link in the footer.

4. Purposes and legal basis of processing

Managing the booking request and communications relating to the potential stay

Performance of pre-contractual measures at the request of the data subject (Art. 6(1)(b) GDPR)

Responding to requests for information, clarification or assistance

Performance of pre-contractual measures at the request of the data subject (Art. 6(1)(b) GDPR)

Fulfilment of legal obligations (e.g. tax, accounting and record-keeping obligations)

Legal obligation (Art. 6(1)(c) GDPR)

Operation of the Site and improvement of the browsing experience (technical cookies)

Legitimate interest of the controller (Art. 6(1)(f) GDPR)

5. Disclosure and transfer of data to third parties

The personal data collected are not sold, disclosed or shared with third parties, except in the following cases:

Web3Forms (Elfin Works Ltd)

An email forwarding service used for the contact form. Data entered in the form (first name, last name, email, request details) are transmitted to Web3Forms servers for email delivery to the controller. Web3Forms is a service based in the United States. URL: web3forms.com

Cloudflare Inc.

The Site is hosted on Cloudflare infrastructure, headquartered in San Francisco, CA, USA. Cloudflare processes browsing data (IP addresses, HTTP requests) to provide hosting and protection services. URL: cloudflare.com

Google LLC (Google Maps)

The Site embeds interactive maps via Google Maps on the "Location" page. When a map loads, Google may collect browsing data and set cookies. For Google's privacy policy: policies.google.com/privacy

Legal obligations

Data may be disclosed to public authorities or law enforcement agencies in fulfilment of legal obligations.

Since Web3Forms and Cloudflare operate outside the European Economic Area, the transfer of data to these entities is carried out in compliance with the GDPR by means of standard contractual clauses approved by the European Commission, ensuring an adequate level of protection.

6. Data retention period

Personal data provided through the contact form are retained for a maximum period of 24 months from receipt of the request, unless legal obligations require longer retention. After this period, data are deleted or anonymised. Browsing data collected from server logs are retained for a maximum of 14 days, except for data necessary for the security and operation of the Site.

7. Rights of the data subject

Pursuant to Articles 15–22 of the GDPR, you have the right to:

  • Access your personal data (right of access, Art. 15)
  • Obtain rectification or completion of inaccurate or incomplete data (right to rectification, Art. 16)
  • Obtain erasure of personal data in the cases provided for by law (right to erasure, Art. 17)
  • Restrict processing of data in certain circumstances (right to restriction, Art. 18)
  • Object to processing on grounds relating to your particular situation (right to object, Art. 21)
  • Request portability of data provided in a structured, machine-readable format (right to data portability, Art. 20)

To exercise your rights, you may contact the data controller or the Data Protection Officer by writing to infolumapartment@gmail.com. You also have the right to lodge a complaint with the competent supervisory authority (Garante per la Protezione dei Dati Personali, garanteprivacy.it).

8. Cookies

The Site uses exclusively technical cookies necessary for its operation. There are no profiling cookies, third-party analytics cookies or marketing cookies. For detailed information and to manage cookie preferences, please refer to the Cookie Policy accessible via the "Cookie preferences" link in the footer.

9. Links to third-party websites

The Site contains links to third-party websites (including Google Maps, Instagram, WhatsApp). Nicolò Guglietta is not responsible for the privacy policies of linked sites and recommends consulting their respective privacy notices.

10. Changes to this policy

The data controller reserves the right to amend this policy at any time, notifying users via the Site. Users are advised to consult this page periodically.

11. Contact

For any questions relating to the processing of your personal data or to exercise your rights, you may contact the data controller, Nicolò Guglietta, or the Data Protection Officer at infolumapartment@gmail.com.