PRIVACY POLICY
(pursuant to Regulation (EU) 2016/679 – GDPR)
Last updated: 13/Jan/2026
1. DATA CONTROLLER
The Data Controller of personal data is:
ZALORA MANAGEMENT SRL SOCIETÀ AGRICOLA
Registered office: Contrada Faldino (SNC) – Italy
Email: reservation@azalo.it
PEC: zaloramanagementsrl@pec.it
Dedicated privacy email: gdpr@azalo.it
Legal representative: Roberto Redaelli
2. TYPES OF DATA PROCESSED
The website www.azalo.it processes the following categories of personal data:
a) Browsing data
The IT systems automatically acquire certain data, including:
-
IP address
-
browser and device type
-
visited pages
-
date and time of access
These data are used exclusively for statistical and security purposes.
b) Data voluntarily provided by the user
Through the website, the following data may be collected:
c) Booking-related data
For booking management, the following data are processed:
3. PURPOSES AND LEGAL BASIS OF PROCESSING
Personal data are processed for the following purposes:
| Purpose |
Legal basis |
| Responding to information requests |
Data subject’s consent |
| Managing quotation requests |
Performance of pre-contractual measures |
| Managing bookings and stays |
Performance of a contract |
| Administrative and tax obligations |
Legal obligation |
| Public Security obligations (Alloggiati Web) |
Legal obligation |
| Website analytics and statistics |
Consent |
| Marketing activities (Meta / Facebook Pixel) |
Consent |
| Property protection and security (video surveillance) |
Legitimate interest |
4. PROCESSING METHODS
Personal data are processed using electronic and IT tools, in compliance with appropriate technical and organizational security measures to ensure confidentiality, integrity and availability of the data.
Personal data are not disclosed to the public.
5. COOKIES AND TRACKING TOOLS
The website uses:
The use of cookies is governed by a specific Cookie Policy, available on the website.
Consent may be given or withdrawn at any time through the cookie banner.
6. DATA RECIPIENTS
Personal data may be communicated to third parties acting as:
-
IT and hosting service providers
-
booking management software providers (PMS Scidoo)
-
channel managers and online travel agencies (e.g. Booking.com, Expedia, Airbnb)
-
payment service providers (Nexi, Stripe, PayPal, Satispay)
-
insurance service providers (BeSafe Rate)
-
tax, accounting and labor consultants
-
competent public authorities (Police Headquarters, ISTAT, Tax Authority)
These parties process data as Data Processors or Independent Data Controllers, as applicable.
7. TRANSFER OF DATA OUTSIDE THE EU
Some service providers (e.g. Google, Meta, Stripe) may involve the transfer of personal data outside the European Union.
Such transfers are carried out in accordance with Articles 44 et seq. of the GDPR, using Standard Contractual Clauses (SCCs) or other appropriate safeguards provided by law.
8. DATA RETENTION PERIOD
Personal data are retained as follows:
-
browsing data: according to cookie duration
-
contact data: for the time necessary to handle the request
-
booking and stay data: for the duration required by contractual and legal obligations
-
accounting and tax data: 10 years
-
Public Security data: minimum 5 years
-
video surveillance recordings: maximum 7 days, unless specific events require longer retention
9. DATA SUBJECT’S RIGHTS
Data subjects may exercise the rights provided under Articles 15–22 of the GDPR at any time, including:
Requests may be sent to: gdpr@azalo.it
10. RIGHT TO LODGE A COMPLAINT
Data subjects have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) if they believe that the processing of their personal data violates applicable laws.
11. CHANGES TO THIS PRIVACY POLICY
The Data Controller reserves the right to update this Privacy Policy at any time.
Any changes will be published on this page with the updated revision date.
