Privacy Policy – Adagio Umbro
Last update: October 3, 2025
1) Data Controller
Controller: Adagio Umbro – Xanadu srl
Address: Loc. Sustrico 4 (Mustaiole 30), 06049 Spoleto (PG), Italy
Email: info@adagioumbro.it
Phone: +39 351 406 4726
2) Types of data processed
- Personal identification and contact details (name, surname, birth data, ID/passport, email, phone).
- Booking and service data (accommodation via Motopress Hotel Booking Pro, tennis court via BookingPress, dates, preferences, payment references – without storing full card details).
- Fiscal and administrative data (billing).
- Navigation data and cookies (IP address, technical logs, identifiers).
- Communications via email, WhatsApp Business (Joinchat), social media.
3) Purposes and legal basis
- Booking management (accommodation, tennis court, related services). Legal basis: contract execution (Art. 6.1.b GDPR).
- Public security obligations (guest data transmission to Italian Police Authority – art. 109 T.U.L.P.S.). Legal basis: legal obligation (Art. 6.1.c).
- Administrative and fiscal obligations. Legal basis: legal obligation (Art. 6.1.c).
- Faster check-in for future stays. Legal basis: consent (Art. 6.1.a), revocable anytime.
- Marketing and newsletter communications. Legal basis: consent (Art. 6.1.a).
- IT security and legal protection. Legal basis: legitimate interest (Art. 6.1.f).
4) Data retention
- Contractual and fiscal data: 10 years.
- Guest check-in data: transmitted to Police Authority as required by law and not stored by the Controller.
- Future check-in data: up to 24 months or until consent withdrawal.
- Marketing data: until consent withdrawal.
- Technical logs: max 24 months.
5) Data recipients
- Italian Police Authority (Questura).
- Tax and legal consultants.
- Technical providers (hosting, maintenance, WordPress plugins, antispam, security).
- Payment providers (Stripe, PayPal) as independent controllers.
Personal data will not be publicly disclosed.
6) Services and third parties
- Hosting/Platform: Aruba – WordPress Managed Hosting (EU).
- Booking: Motopress Hotel Booking Pro (accommodation), BookingPress (tennis court).
- Cookie consent: Complianz (WordPress plugin).
- Communication: Email, WhatsApp Business (Joinchat), Social Media (Instagram, TikTok, Facebook, X, Pinterest).
- Payments: Stripe and PayPal.
- Other services: Google Maps, Google Analytics, Google Fonts, WooCommerce.
7) Data transfers outside EU/EEA
Some providers (Stripe, PayPal, Meta, Google, TikTok) may process data outside the EU/EEA. Transfers are carried out under GDPR rules (adequacy decisions, Standard Contractual Clauses, and supplementary safeguards if required).
8) Processing methods and security
Data is processed lawfully, fairly and transparently, using paper and electronic tools. We apply appropriate security measures (HTTPS, backups, access control, logging).
9) Data subject rights
You have the rights under GDPR (Articles 15–22): access, rectification, erasure, restriction, objection, portability.
You can withdraw consent at any time.
To exercise your rights, please write to: info@adagioumbro.it.
You can also lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).
10) Cookies and similar technologies
The site uses technical (necessary) cookies and, upon consent, analytics and marketing cookies. Consent is managed via Complianz.
- On first visit, a banner appears with Accept / Reject / Customize options.
- Choices can be changed anytime via the “Manage Cookie Consent” link in the footer.
- The full and updated list of cookies is available in the Cookie Policy generated by Complianz.
11) Marketing communications
We may send newsletters and promotional offers only with your consent. You can unsubscribe anytime via email “unsubscribe” link, sending STOP in WhatsApp/SMS, or writing to info@adagioumbro.it.
12) Minors
Our services are restricted to guests aged 18+ for the B&B and 14+ for the tennis court. We do not knowingly process data of children under these ages. If you believe a minor’s data was provided, please contact us for removal.
13) Updates
This Privacy Policy may be updated due to legal or service changes. The latest version will always be published on this page.
Annex A – Data Processing Map
| Data | Purpose | Legal basis | Recipients | Retention |
|---|---|---|---|---|
| Identification, contact | Quotes, bookings | Art. 6.1.b GDPR | Controller; Motopress; BookingPress | 12 months (quotes) / duration of contract |
| Guest details | Transmission to Police Authority | Art. 6.1.c GDPR | Questura | Technical time needed |
| Fiscal data | Billing | Art. 6.1.c GDPR | Consultants; Tax Authority | 10 years |
| Preferences/Notes | Service personalization | Art. 6.1.b / 6.1.a GDPR | Controller | Duration of contract / until withdrawal |
| Marketing data | Newsletter, offers | Art. 6.1.a GDPR | Controller | Until withdrawal |
| Logs/IP | Site security | Art. 6.1.f GDPR | IT providers | Max 24 months |
