Privacy Policy
Last updated: 23 March 2026
This privacy policy describes how HOSTRAST (hereinafter "we", "our") collects, uses and
protects the personal data of visitors to the website hostrast.it and guests of our
accommodation properties, in accordance with Regulation (EU) 2016/679 (GDPR) and Italian Legislative
Decree 196/2003 (Privacy Code), as amended by Legislative Decree 101/2018.
1. Data controller
The Data Controller is:
[COMPANY_NAME]
VAT No.: [VAT_NUMBER]
Email: info@hostrast.it
Phone: +39 351 499 2022
2. Data collected
Data you provide voluntarily
- First and last name
- Email address
- Phone number
- Booking details (stay dates, number of guests, identity document as required by Italian law)
Data collected automatically
- IP address (anonymised)
- Browser type and device
- Pages visited and time spent
- Technical cookies (see Cookie Policy)
3. Purposes and legal basis
- Booking management — Legal basis: performance of a contract (Art. 6.1.b GDPR)
- Legal obligations — Reporting guest data to Italian Police (Art. 109 TULPS), tax
compliance — Legal basis: legal obligation (Art. 6.1.c GDPR)
- Responding to enquiries — via email, phone or WhatsApp — Legal basis: legitimate
interest (Art. 6.1.f GDPR)
- Website operation — essential technical cookies — Legal basis: legitimate interest
(Art. 6.1.f GDPR)
- Interactive maps — Google Maps to display property locations — Legal basis: consent
(Art. 6.1.a GDPR)
4. Third-party services
5. Data retention
- Booking data: retained for 10 years for tax compliance
- Guest registration (Police): submitted within 24 hours of check-in, not retained beyond
the legal requirement
- Contact data: retained for 24 months from the last contact, unless you request earlier
deletion
- Browsing data: deleted within 90 days
6. Your rights
Under Articles 15–22 of the GDPR, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Request erasure ("right to be forgotten")
- Restrict processing
- Object to processing
- Receive your data in a portable format
- Withdraw consent at any time
To exercise your rights, contact us at: info@hostrast.it
You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante
per la protezione dei dati personali) at www.garanteprivacy.it.
7. Data transfers
Some third-party services (Google, Meta/WhatsApp) may transfer data outside the European Economic Area
(EEA). Where this occurs, transfers are made on the basis of European Commission adequacy decisions or
Standard Contractual Clauses (SCCs).
8. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised
access, loss or destruction, in accordance with Art. 32 of the GDPR.
9. Changes
We reserve the right to update this privacy policy. Changes will be published on this page with the
updated date.