Language: IT | EN

Privacy Policy

Information on personal data protection

Creation date: April 20, 2026

Last updated: April 28, 2026

1. Scope

This notice is provided pursuant to Art. 13 of Regulation (EU) 2016/679 ("GDPR") and applies to personal data processing through:

  • www.myplacemalpensa.it
  • www.myplacemalpensa.com
  • www.myplacemalpensa.eu

All three domains are managed by the same Data Controller and follow the same data protection framework, unless otherwise specified for specific services.

2. Data Controller

Minaudo Holiday Home Solutions
Registered office: Piazza Visconti 12, 21019 Somma Lombardo (VA), Italy
VAT number: 03743090122
Email: privacy@myplacemalpensa.it

3. Categories of personal data

  • Identification and contact data: first name, last name, email, phone, company details where applicable, VAT number, tax code, PEC, address.
  • Booking/request data: dates, preferences, notes, special requests, number of guests.
  • Technical browsing data: IP address, user agent, operating system, visited pages, date/time, technical logs.
  • Data provided voluntarily: content submitted via contact forms, email, phone or WhatsApp.

Providing mandatory form data is necessary to process requests; otherwise, the requested service may not be available.

4. Purposes and legal bases

  • Managing inquiries and quotations - Art. 6(1)(b) GDPR.
  • Managing bookings and customer support - Art. 6(1)(b) GDPR.
  • Legal, tax and administrative compliance - Art. 6(1)(c) GDPR.
  • Website security, abuse prevention and legal defense - Art. 6(1)(f) GDPR.
  • Direct marketing (where enabled) - Art. 6(1)(a) GDPR (consent, revocable at any time).

5. Processing methods and security

Data is processed through electronic and telematic tools in accordance with GDPR principles of lawfulness, fairness, transparency, minimization and storage limitation.

The Data Controller adopts appropriate technical and organizational security measures to prevent unauthorized access, loss, destruction or alteration of data.

6. Data recipients and external processors

Data may be processed by authorized personnel and, where necessary, by external providers acting as Data Processors, including:

  • hosting and infrastructure providers (e.g., IONOS, Hostinger);
  • security and anti-bot providers (e.g., Cloudflare, Google reCAPTCHA);
  • map and embedded third-party content providers (e.g., Google Maps);
  • analytics providers in aggregated/anonymized form (e.g., Google Analytics, where enabled);
  • technical, legal, administrative and tax consultants.

7. Transfers outside the EEA

Where needed, some data may be transferred outside the European Economic Area. Such transfers are performed in compliance with GDPR Chapter V through adequacy decisions and/or Standard Contractual Clauses (SCCs), with additional safeguards where required.

8. Data retention periods

  • Information/quotation requests: up to 24 months from the last interaction, unless otherwise required by law.
  • Contractual/administrative/tax data: up to 10 years according to applicable law.
  • Consent-based processing: until consent withdrawal.
  • Technical/security logs: for the period strictly necessary for security and service continuity purposes.

9. Cookies and tracking tools

The websites use technical cookies and, where applicable, analytics cookies and other tracking tools in compliance with applicable regulations. Full details on categories, purposes, legal bases and consent management are available in the Cookie Policy.

10. Data subject rights

Data subjects may exercise rights under Articles 15-22 GDPR, including:

  • right of access;
  • right to rectification;
  • right to erasure (where applicable);
  • right to restriction of processing;
  • right to data portability;
  • right to object (including direct marketing);
  • right to withdraw consent at any time.

To exercise your rights, contact privacy@myplacemalpensa.it.

11. Complaint to the supervisory authority

Without prejudice to any other administrative or judicial remedy, data subjects have the right to lodge a complaint with the competent supervisory authority pursuant to Art. 77 GDPR (for Italy: Garante per la Protezione dei Dati Personali, www.garanteprivacy.it).

12. Minors

The websites are not intended for minors under 16 years of age. The Data Controller does not knowingly collect personal data from minors without parental/legal guardian involvement where required by law.

13. Changes to this privacy notice

This Privacy Policy may be updated at any time due to legal, technical or organizational changes. Updates will be published on this page and the "Last updated" date will be revised accordingly.