Privacy Policy

1. Data Controller

G&G s.r.l.
Corso Sicilia 43, 95131 Catania (CT), Italy
P.IVA / C.F.: 03622570871
Email: info@citrusvillasicily.com
Phone: +39 320 179 0404

2. Types of Data Collected

We collect the following personal data:

  • Booking data: first name, last name, email, phone, country, check-in/check-out dates, number of guests, special requests
  • Payment data: processed securely by Stripe and/or PayPal — we do not store credit card numbers
  • Contact form data: name, email, phone, message content
  • Experience inquiry data: name, email, phone, participants, preferred date, message
  • Technical data: IP address, browser type, device information, pages visited (via cookies)

3. Purpose of Data Processing

Your data is processed for the following purposes:

  • Booking management: to process reservations, generate contracts, send confirmations and reminders
  • Payment processing: to complete transactions via Stripe/PayPal
  • Communication: to respond to inquiries, send pre-arrival information, and booking-related notifications
  • Legal obligations: tax records, tourist tax reporting, contractual obligations
  • Website improvement: analytics to improve user experience (only with consent)

4. Legal Basis

We process your data based on:

  • Contract performance (Art. 6(1)(b) GDPR) — for booking and payment processing
  • Legal obligation (Art. 6(1)(c) GDPR) — for tax and regulatory compliance
  • Consent (Art. 6(1)(a) GDPR) — for marketing communications and analytics cookies
  • Legitimate interest (Art. 6(1)(f) GDPR) — for website security and fraud prevention

5. Data Sharing

We may share your data with:

  • Stripe, Inc. — payment processing (Stripe Privacy Policy)
  • PayPal — payment processing (PayPal Privacy Policy)
  • Brevo (Sendinblue) — transactional email delivery
  • Airbnb — calendar synchronization (availability only, no personal data)
  • Google — analytics and fonts (only with consent)

We do not sell your personal data to third parties.

6. Data Retention

  • Booking data: retained for 10 years (Italian tax law requirements)
  • Contact form submissions: retained for 12 months
  • Payment records: retained for 10 years
  • Cookies: see our Cookie Policy

7. Your Rights

Under GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data (“right to be forgotten”)
  • Restrict processing
  • Data portability
  • Object to processing
  • Withdraw consent at any time

To exercise your rights, contact us at info@citrusvillasicily.com.

You may also lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) at www.garanteprivacy.it.

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • SSL/TLS encryption for all data transmission
  • Secure payment processing via PCI-DSS compliant providers (Stripe, PayPal)
  • Access controls and authentication for administrative systems
  • Regular security updates

9. International Transfers

Some of our service providers (Stripe, PayPal, Google) may process data outside the EU/EEA. These transfers are protected by Standard Contractual Clauses or adequacy decisions.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version is always available on this page.

Last updated: April 2026