Privacy Policy

1. Data Controller

Marco Frusoni
Via Solferino, 6 — 00069 Trevignano Romano (RM), Italy
Email: info@lacasettadelborgo.it

The Data Controller is Marco Frusoni, a natural person who manages La Casetta del Borgo as host of the accommodation. There is no Data Protection Officer (DPO), as the appointment of a DPO is not required for natural persons operating outside a structured professional or business context.

2. Personal data collected

We collect the following categories of personal data through the channels indicated:

2.1 Contact form

• Full name
• Email address
• Phone number (optional)
• Message text

2.2 Online check-in form

• First name, last name, gender
• Date and place of birth, nationality
• Country and city of residence
• Type, number and place of issue of identity document
• Copy of identity document (image or PDF)
• Stay dates and number of guests

Check-in data is handled manually by the Data Controller and is not transmitted automatically to external systems.

2.3 Navigation data and cookies

• Visitor IP address
• Browser, operating system and device
• Pages visited, duration of visit, traffic source
• Data collected via analytics and marketing cookies (see section 8)

3. Purposes of processing

The personal data collected is processed for the following purposes:

• Handling information requests: responding to requests submitted via the contact form or by email.
• Legal obligations — guest registration: communication of guest data to public security authorities (Questura) via the Alloggiati Web portal, as required by art. 109 of the T.U.L.P.S.
• Tax and administrative obligations: management of the tourist tax and related accounting obligations.
• Statistical website analysis (analytics): understanding how visitors interact with the site in order to improve usability, on the basis of legitimate interest.
• Marketing and remarketing (with consent only): sending promotional communications and displaying personalised ads via Meta Pixel, following acquisition of the user's explicit consent.
• Website security: prevention of unauthorised access and fraudulent activity.

4. Legal basis for processing

Purpose	Legal basis (GDPR)
Handling information requests (contact form)	Consent — art. 6(1)(a)
Booking management and contractual relationship	Performance of a contract — art. 6(1)(b)
Guest registration (Questura — Alloggiati Web)	Legal obligation — art. 6(1)(c)
Tourist tax	Legal obligation — art. 6(1)(c)
Statistical website analysis (Google Analytics)	Legitimate interest — art. 6(1)(f)
Marketing and remarketing (Meta Pixel)	Consent — art. 6(1)(a)

5. Third-party services and transfers outside the EU

The website uses the following third-party services that may process visitors' personal data:

5.1 Google Analytics (Google LLC)

We use Google Analytics 4 (GA4) to collect anonymous statistical data about site usage. The service is provided by Google LLC, based in the United States. Google LLC adheres to the EU-US Data Privacy Framework, which ensures an adequate level of protection pursuant to art. 45 GDPR.

More information: policies.google.com/privacy

5.2 Meta Pixel (Meta Platforms Inc.)

We use Meta Pixel to measure the effectiveness of any advertising campaigns on Facebook and Instagram. The service is provided by Meta Platforms Inc., based in the United States. Meta Platforms Inc. adheres to the EU-US Data Privacy Framework. Data is collected only with the user's explicit consent.

More information: facebook.com/privacy/policy

5.3 Google Maps (Google LLC)

Some pages of the site embed maps via Google Maps. The use of this feature may involve the collection of data by Google LLC. The Data Privacy Framework mentioned above applies here as well.

5.4 Booking platforms (Airbnb, Booking.com)

Bookings are made through third-party platforms (primarily Airbnb, soon also Booking.com). The processing of data carried out within those platforms is subject to their respective privacy policies, not this one.

6. Data retention

• Contact form data: retained for the time strictly necessary to fulfil the request, and in any event no longer than 12 months from the last contact.
• Check-in data (guest registration): retained for the period required by current legislation on public security and tax obligations (generally 5 years).
• Copies of identity documents: deleted within 30 days of the end of the stay, unless a longer legal retention obligation applies.
• Navigation data and analytics cookies: Google Analytics cookies are retained for a maximum of 26 months.
• Marketing cookies (Meta Pixel): retained for a maximum of 90 days.
• Technical cookies: retained for the duration of the session or until the stated expiry date (see section 8).

7. Rights of data subjects

Pursuant to arts. 15–22 of the GDPR, every data subject has the right to:

• Access (art. 15): obtain confirmation of whether or not their personal data is being processed and, if so, receive a copy of it.
• Rectification (art. 16): obtain the correction of inaccurate or incomplete data.
• Erasure — "right to be forgotten" (art. 17): obtain the deletion of their data, unless legal retention obligations apply.
• Restriction of processing (art. 18): obtain restriction of processing in the cases provided for by law.
• Portability (art. 20): receive their data in a structured, commonly used and machine-readable format.
• Objection (art. 21): object at any time to the processing of their data on grounds relating to their particular situation.
• Withdrawal of consent: withdraw consent at any time, without affecting the lawfulness of processing based on consent given before withdrawal.

To exercise these rights, write to: info@lacasettadelborgo.it

You also have the right to lodge a complaint with the Italian Data Protection Authority: www.garanteprivacy.it

8. Cookie Policy

This website uses cookies and similar technologies. Below we provide detailed information about the types of cookies used, their purpose and duration.

8.1 Technical cookies (necessary)

These cookies are essential for the correct functioning of the site and do not require the user's consent.

Name	Purpose	Duration
cookie-consent	Stores the user's cookie consent preference	12 months
CSRF token	Protects forms against cross-site request forgery attacks	Session
Session cookie	Maintains the user session during navigation	Session

8.2 Analytics cookies — Google Analytics (GA4)

We use Google Analytics 4 to collect anonymous statistics about site usage. These cookies are set only with the user's consent (or on the basis of legitimate interest with anonymised IP).

Name	Purpose	Duration
_ga	Uniquely identifies a user for statistics	26 months
_ga_*	Maintains GA4 session state	26 months
_gid	Distinguishes users for daily statistics	24 hours

Provider: Google LLC — Google Privacy Policy

8.3 Marketing cookies — Meta Pixel

Meta Pixel is activated only with the user's explicit consent and allows us to measure the effectiveness of advertising on Facebook and Instagram.

Name	Purpose	Duration
_fbp	Identifies browsers to deliver advertising services	90 days
_fbc	Stores the last click on a Facebook ad	90 days

Provider: Meta Platforms Inc. — Meta Privacy Policy

8.4 How to manage and disable cookies

You can manage your cookie preferences at any time through the cookie banner on this page. Alternatively, you can disable cookies directly from your browser:

• Google Chrome
• Mozilla Firefox
• Apple Safari
• Microsoft Edge

To opt out of Google Analytics tracking specifically: Google Analytics Opt-out Add-on.

For Facebook/Meta ad preferences: Facebook Ad Settings.

9. Data security

We adopt appropriate technical and organisational measures to protect personal data from unauthorised access, loss, destruction or unauthorised disclosure. In particular:

• Encrypted communications via HTTPS/TLS protocol
• Access to data restricted to the Data Controller only
• Form protection with CSRF tokens
• Secure deletion of data at the end of the retention period

10. Changes to this policy

The Data Controller reserves the right to amend this policy at any time, giving adequate notice of the changes by updating the date at the top of this page. You are invited to check this page periodically.

Last updated: April 2026

Terms & Conditions

These Terms and Conditions govern the use of La Casetta del Borgo accommodation, managed by Marco Frusoni, Via Solferino, 6 — 00069 Trevignano Romano (RM), Italy. CIN: IT058107C2NRQOGMZB.

1. Bookings and platforms

Bookings are made through third-party platforms, primarily Airbnb and, soon, Booking.com. The accommodation contract is governed by the general terms and conditions of the platform used for the booking. Cancellation, refund and payment conditions are those provided by the platform at the time of booking and accepted by the guest upon confirmation.

2. Check-in and check-out

• Check-in: between 15:00 and 20:00. Different times must be agreed in advance with the host.
• Check-out: by 10:00 on the day of departure.
• Mandatory in-person identification: in compliance with Art. 109 of the Italian T.U.L.P.S. (Royal Decree 18 June 1931, no. 773) and the Italian Ministry of the Interior Circular of 18 November 2024, guest identification must take place in person upon arrival. Self check-in solutions (key-boxes, lockboxes, etc.) are not permitted.
• Filling out the online check-in form is optional and highly recommended: it speeds up the registration procedure on arrival, but does not replace the in-person identification required by law.

3. House rules

• Smoking is not permitted inside the property.
• No pets allowed.
• Organising unauthorised parties or events is prohibited.
• Guests are asked to respect the neighbours' rest during night-time hours (22:00–08:00).
• The maximum number of guests is that stated in the booking. Hosting unregistered persons is not permitted.

4. Maximum length of stay

The maximum permitted duration for a single stay is 30 consecutive days.

5. Security deposit

No separate security deposit is required. Any guarantees or deposits are managed directly by the booking platform used, in accordance with its terms.

6. Damages and liability

The guest is responsible for any damage caused to the property, furnishings or equipment during their stay. The property is covered by an insurance policy. Any damage caused may be charged via the booking platform.

7. Legal obligations — CIN and guest registration

The property is duly registered with the National Identification Code (CIN): IT058107C2NRQOGMZB. Guest data is communicated to public security authorities pursuant to art. 109 of the T.U.L.P.S.

8. Jurisdiction

For any dispute relating to this accommodation contract, without prejudice to the consumer's right to bring proceedings before the court of their domicile pursuant to applicable consumer protection law, the competent court is the Tribunale di Roma (Rome Court).

9. Applicable law

The accommodation relationship is governed by Italian law. Matters not expressly covered herein are governed by the Italian Civil Code and the legislation in force regarding non-hotel accommodation facilities.

Last updated: April 2026