top of page

Privacy Policy of heimatsrl.wixsite.com/heimat, heimat.haus, and third-party platforms

Image by Joanna Kosinska

PRIVACY NOTICE

Heimat S.r.l. (hereinafter "Data Controller") is committed to protecting your privacy and ensuring the security of your personal data. This notice describes how we collect, process, and protect personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data Controller Information

The Data Controller is:

Heimat S.r.l.
Registered office: Corso Sicilia 61
VAT number: 13038860014
Email: heimat.torino@gmail.com
Phone: +393518966757

2. Types of Personal Data Collected

We collect the following types of personal data:

  • Identification data: name, surname, date of birth, ID document.

  • Contact data: email address, phone number.

  • Payment data: payment method details (e.g., credit card number, PayPal).

  • Booking data: check-in and check-out dates, preferences, booking details.

  • Communication data: messages exchanged via WhatsApp, email, or other messaging platforms.

  • Usage data: IP address, device type, browser information, pages visited (via cookies).

3. Purposes of Data Processing

Your personal data will be processed for the following purposes:

  1. Booking Management: To process and manage your bookings at our properties (necessary for the performance of a contract).

  2. Marketing Communications: To send newsletters, promotional offers, and communications related to our services, subject to your consent.

  3. Compliance with Legal Obligations: To comply with fiscal, administrative, and legal obligations (e.g., retention of tax data).

  4. Support and Assistance Services: To respond to your inquiries and provide assistance during your stay.

  5. Service Improvement and Analytics: To carry out statistical analysis and improve the guest experience (legitimate interest of the Data Controller).

4. Legal Basis for Processing

The processing of your personal data is based on the following legal grounds:

  • Consent: for sending marketing communications and promotional offers (when explicitly provided).

  • Contract performance: for managing bookings, including all related services.

  • Legal obligation: for compliance with fiscal, contractual, and legal obligations.

  • Legitimate interest: for analyzing and improving our services and defending against potential misuse.

5. Methods of Data Processing and Security

Personal data is processed electronically and manually, with organisational and technical measures closely related to the purposes stated above. The processing is carried out in accordance with the security measures required by the UK GDPR to prevent unauthorized access, disclosure, alteration, or destruction of the data.

6. Recipients of Personal Data

Your personal data may be shared with the following recipients:

  • Booking Platforms (OTAs) such as Airbnb, Booking.com, Expedia, which process your data for booking management purposes.

  • Payment service providers (e.g., PayPal, Stripe) for payment processing.

  • Technical and support service providers (e.g., hosting, marketing agencies).

  • Assistance and communication service providers (e.g., WhatsApp for communications).

  • Other parties where necessary to comply with legal obligations or execute the contract.

If data is transferred abroad, we ensure that such transfers comply with the UK GDPR through the use of standard contractual clauses or other legal safeguards.

7. Data Retention Period

Your personal data will be retained for as long as necessary to fulfil the purposes for which it was collected:

  • Booking data: retained until the end of the stay and for the fulfilment of fiscal obligations (up to 10 years).

  • Marketing data: retained until consent is withdrawn.

  • Payment data: retained for the duration necessary to complete the transaction and fulfil legal obligations.

At the end of the retention period, data will be deleted or anonymised.

8. User Rights

Under the UK GDPR, you have the right to exercise the following rights:

  1. Access to data: request a copy of the personal data we process.

  2. Correction of data: correct any inaccurate or incomplete data.

  3. Data deletion: request the deletion of data that is no longer necessary for legal purposes.

  4. Restriction of processing: in certain cases, request to limit the processing of your data.

  5. Data portability: receive your data in a structured, commonly used, and machine-readable format.

  6. Objection to processing: object to the processing of data for direct marketing purposes, including the use of cookies.

To exercise your rights, you can contact the Data Controller using the contact details provided above.

9. Data Transfers Outside the UK

Your data may be transferred to service providers located in countries outside the UK, such as booking platforms (e.g., Airbnb, Booking.com) whose servers may be located in third countries. In such cases, we ensure that necessary safeguards are implemented to protect your data, such as the use of standard contractual clauses or other legal measures.

10. Cookies and Tracking

This website uses cookies to collect information and improve your browsing experience. Cookies may be used for analytical purposes, marketing, and to personalise your experience.

For further details, please refer to our Cookie Policy.

11. Changes to the Privacy Policy

We reserve the right to modify this privacy policy at any time. Any changes will be published on this page with the updated date. We encourage you to regularly check this section to stay informed about any updates.

12. Complaints

If you believe that your rights have been violated, you can file a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection, or pursue legal action.

Last updated: 8th January 2025

  • Linkedin
  • Instagram
  • Facebook
bottom of page