Information on the processing of personal data pursuant to Art. 13 of EU Regulation n. 679/2016 (GDPR).
This policy describes how the personal data of users visiting Comorooms.com and using the services of Alca srl are managed.
1. Data Controller
The Data Controller is Alca srl, with registered office at Via Tommaso Grossi 14, 22100 – Como (CO), Italy, VAT [Insert VAT], Email: info@alcasrl.it.
2. Types of Data Collected
The Controller collects the following data:
• Identification and Contact Data: Name, surname, address, email, phone number (via contact forms and newsletters).
• Browsing and Tracking Data: IP address, location data, statistical cookies (Google Analytics), and Tracking Pixels (e.g., Meta Pixel) for advertising remarketing purposes.
• Booking and Stay Data: Personal details, stay dates, and identity document information (via the Krossbooking engine).
• Financial and Credit Card Data: Credit card information managed through Stripe and Krossbooking. Users are informed that Alca srl, by virtue of agreements with technological providers, has direct access to credit card data provided as a guarantee or for payment, assuming responsibility for processing in compliance with PCI-DSS security standards.
3. Purposes and Legal Bases for Processing
• Booking Management: Performance of the hospitality contract at our properties (Art. 6.1.b GDPR).
• Public Security Obligations: Mandatory communication of guest data to the State Police via the “Alloggiati Web” portal (Art. 6.1.c GDPR).
• Payment Management: Processing of transactions and bank guarantees (Performance of the contract).
• Accessory Services: Sharing of data (including identity documents) with third-party providers for services requested by the user, such as boat tours or transfers (Performance of pre-contractual/contractual measures).
• Marketing and Remarketing: Sending newsletters and displaying targeted advertisements based on browsing history, subject to user consent (Art. 6.1.a GDPR).
4. Data Recipients and Extra-EU Transfer
Data may be communicated to Public Security authorities, tax consultants, technological providers (Krossbooking, Stripe, web agencies), and tourism service partners.
Extra-EU Transfer: The use of services such as Google or Meta may involve data transfer to the United States. Alca srl ensures that such transfers occur in compliance with Standard Contractual Clauses (SCC) or adequacy decisions by the European Commission.
5. Retention Period
• Fiscal and Contractual Data: 10 years (as required by law).
• Credit Card Data: Only for the period required for the guarantee or payment completion.
• Marketing Data: Until consent is withdrawn (opt-out).
6. User Rights
Users may exercise their rights of access, rectification, erasure, restriction, and objection to processing by writing to info@alcasrl.it.
