Patriziella· Sorrento
privacy notice

Privacy

How we handle your data when you contact us, book a stay or browse the site. GDPR-compliant.

Data controller

The data controller is Patriziella 4 Rooms — Via Marziale 27, 80067 Sorrento (NA), Italy.

VAT 10047981211 · CIN IT063080C16UNSJX9Q.

For any request regarding your personal data, write to reservation@patriziella4rooms.com.

What data we collect

Contact form. When you write from the site we collect your name, email address, optional phone number and the message text.

Booking. Bookings are made through InReception, our external PMS provider. Booking data (name, contact, payment, documents) is processed by the provider and by us as joint controllers under the relevant agreements.

Public-safety reporting. Italian law requires us to report guest data to the Alloggiati Web portal (State Police) and to ISTAT (this is the legal basis for collecting a copy of your ID).

Browsing. Our hosting provider (Vercel) logs technical data (IP address, user agent, path) for security, abuse prevention and diagnostics. We do not use analytics or marketing cookies.

Why we process your data

To respond to your enquiries — legal basis: pre-contractual measures (art. 6.1.b GDPR).

To manage your booking and stay — legal basis: performance of contract (art. 6.1.b GDPR).

To comply with legal obligations on public security, taxation and tourism statistics — legal basis: legal obligation (art. 6.1.c GDPR).

For site security (rate limiting, spam prevention) — legal basis: legitimate interest (art. 6.1.f GDPR).

We do not profile users; we do not sell or transfer your data to third parties for marketing purposes.

How long we keep your data

Contact form: messages are kept for 24 months, unless longer retention is needed to follow up on your request.

Bookings and invoicing: for the period required by Italian tax law (10 years).

Guest register: for the period required by public-security authorities.

Vercel technical logs: per the provider's retention schedule (typically 24 months).

External processors

To run the service we rely on the following providers, each appointed as an external data processor:

• Resend (Resend, Inc., USA) — delivery of transactional emails generated by the contact form. Non-EU transfer covered by Standard Contractual Clauses (SCCs).
• Vercel (Vercel, Inc., USA) — hosting and CDN. Transfer covered by SCCs.
• Sanity (Sanity.io AS, Norway) — content management.
• InReception (Italian provider) — booking system and PMS.
• Meta Platforms — when you open WhatsApp from our site, the conversation is handled by Meta under its own privacy policy.

We can provide on request an updated list of processors and the relevant contracts.

Your rights

You have the right to:

• access your personal data and receive a copy of it;
• ask for rectification of inaccurate data or completion of incomplete data;
• request erasure of data in the cases set out in art. 17 GDPR;
• request restriction of processing (art. 18 GDPR);
• object to processing based on legitimate interest;
• receive your data in a structured, portable format;
• withdraw consent at any time, without affecting the lawfulness of previous processing.

To exercise these rights write to reservation@patriziella4rooms.com. You also have the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).

Updates

This notice may be updated from time to time. The current version takes effect on 29 April 2026. Material changes will be notified on the site.