Privacy Policy

Last updated: 30 April 2026

This Privacy Policy describes how the personal data of users visiting the website benedictrooms.com (hereinafter, the “Site”) is processed, in accordance with Regulation (EU) 2016/679 (“GDPR”) and Italian Legislative Decree 196/2003 as amended (“Privacy Code”).

1. Data Controller

The Data Controller is BENEDICT ROOMS, who can be contacted regarding any privacy-related matter at the email address: benedictrooms@gmail.com — CIN IT037006C1RSUKM4QL.

2. Types of data collected

The Site collects the following personal data:

a) Browsing data — Automatically, while browsing the Site, data is collected whose transmission is implicit in the use of internet communication protocols: IP addresses, browser type, operating system, pages visited, date and time of request, length of stay. Such data is not associated with identified users but, by its nature, could allow identification through processing and association with data held by third parties.

b) Data voluntarily provided by the user — If the user fills in contact forms on the Site or sends communications through the published email address, the personal data provided (name, email address, message content) is collected.

c) Data collected through cookies and similar technologies — For details, please refer to the dedicated Cookie Policy.

The Site does not collect payment data, health data, biometric data or other special categories of personal data pursuant to Art. 9 GDPR. Bookings take place exclusively outside the Site through WhatsApp or direct email.

3. Purposes and legal bases of processing

PurposeLegal basis
Delivery of Site content and technical operationLegitimate interest (Art. 6.1.f GDPR)
Response to contact requests sent by the userPerformance of pre-contractual measures at the request of the data subject (Art. 6.1.b GDPR)
Site security, fraud and abuse preventionLegitimate interest (Art. 6.1.f GDPR)
Anonymous or aggregated browsing statisticsUser consent (Art. 6.1.a GDPR) collected through cookie banner
Compliance with legal obligationsLegal obligation (Art. 6.1.c GDPR)

4. Processing methods and retention periods

Data is processed using electronic tools, adopting technical and organisational measures appropriate to prevent loss, unauthorised access, undue disclosure or modification of data (Art. 32 GDPR).

Data is retained for the time strictly necessary for the purposes for which it was collected:

  • Contact data (email): up to 24 months from the last interaction, unless deletion is requested
  • Browsing and security logs: up to 12 months
  • Technical backups: up to 30 days from generation
  • Aggregated statistical data: up to 26 months

5. Data recipients and processors

Personal data may be processed, on behalf of the Data Controller, by the following entities appointed as Data Processors pursuant to Art. 28 GDPR:

  • Hostinger International Ltd. (Cyprus/EU) — provider of hosting and Site infrastructure
  • Defiant, Inc. — Wordfence (USA) — Site security and protection services
  • Google LLC / Google Ireland Ltd. (Ireland/USA) — statistical services (Google Analytics) and backup storage (Google Drive), where activated with user consent
  • MonsterInsights (USA) — analytics connector
  • Complianz B.V. (Netherlands) — technical management of cookie consent

Data is not disclosed nor transferred to third parties for commercial purposes.

6. Non-EU transfers

Some of the providers listed above are based or have infrastructures in countries outside the European Union (in particular the United States). Such transfers take place in compliance with Art. 46 GDPR, on the basis of:

  • adherence to the EU-U.S. Data Privacy Framework (for participating US providers);
  • Standard Contractual Clauses approved by the European Commission (Decision 2021/914/EU).

The user can request a copy of the safeguards applied by writing to benedictrooms@gmail.com.

7. Rights of the data subject

Pursuant to Articles 15-22 of the GDPR, the user has the right at any time to:

  • access their personal data (Art. 15);
  • request rectification of inaccurate data or completion of incomplete data (Art. 16);
  • obtain erasure of data, where the conditions provided for apply (Art. 17);
  • request restriction of processing (Art. 18);
  • receive the data in a structured and commonly used format (portability, Art. 20);
  • object to processing, particularly when based on legitimate interest (Art. 21);
  • withdraw consent at any time, without affecting the lawfulness of processing based on consent before withdrawal (Art. 7.3);
  • not be subject to automated decisions producing legal effects (Art. 22) — the Data Controller does not perform automated profiling.

To exercise their rights, the user can write to benedictrooms@gmail.com. The response will be provided within 30 days of receipt of the request (extendable by a further 60 days in case of complex requests, pursuant to Art. 12.3 GDPR).

8. Complaint to the supervisory authority

The user who believes that the processing of their personal data takes place in violation of the GDPR has the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali):

  • Website: www.garanteprivacy.it
  • Email: garante@gpdp.it
  • Address: Piazza Venezia 11, 00187 Rome, Italy

9. Changes to the Privacy Policy

The Data Controller reserves the right to amend this Privacy Policy at any time to reflect regulatory, organisational or technical changes. Any changes will be published on the Site with indication of the update date. Users are invited to consult this page periodically.