Privacy policy

PRIVACY POLICY – INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA

TITLE I – DATA CONTROLLER

Controller: Sofie Sillis (hereinafter the “Controller” or “Casa Sofia”)

Address: Zandstraat 22A, 9600 Ronse (BELGIUM).

Tax Code: SLLSMR71E43Z103U

Contacts: info@casadisofialanghe.com

TITLE II – PREAMBLE

SECTION A – PURPOSE OF THE INFORMATION NOTICE

This document refers exclusively to the Website casadisofialanghe.com (hereinafter referred to as the “Website”). 

Please note that all notices provided on our Website refer to and are valid only for the latter and not also for other websites that may be consulted by the User through links present on the platform. The Controller has no control over such websites nor over the procedures they apply for compliance with data confidentiality and, therefore, we suggest consulting the privacy rules of all parties with whom one comes into contact before communicating personal information.

This document is intended to inform the User about which of their data we collect, how we process them, to whom we transmit them, for what purposes they are collected and on which legal basis.

The foregoing is in implementation of the applicable Italian and European provisions on the matter – by way of example, reference is made to: Regulation (EU) 2016/679 hereinafter also referred to for brevity as “GDPR”; the Privacy Code (Legislative Decree 30 June 1993, no. 196, as amended by Legislative Decree 10 August 2018, no. 101 hereinafter also referred to for brevity as the Privacy Code), the measures and guidelines of the Italian Data Protection Authority (hereinafter also referred to for brevity as “GPDP”).

This document deliberately reproduces, in quotation marks, the contents of the Regulation, the Privacy Code and the Measures mentioned above, which the User may in any event find on the website of the Italian Data Protection Authority (GPDP).

SECTION B - TO WHOM THIS INFORMATION NOTICE IS ADDRESSED

To the User, namely You, also referred to as the Data Subject, being the person who consults the website, whether a natural person or a person acting in the name and on behalf of legal entities by providing personal data.

SECTION C- CHANGES

The Controller reserves the right to make changes to the Website, to the notices published anywhere on the Website, at any time. At the time of consultation, the User must always refer, as the current version, to the published text.

The changes will become effective at the moment they are published on the Website. The continuation of the use of the Website by the User, following a change, will be considered as acceptance of such changes.

All Users may verify at any time, by connecting to the Website, the latest version of the Information Notice as updated from time to time by the Controller.

This Privacy Notice is updated as of 21.04.2026

TITLE III - WHICH DATA WE PROCESS AND WHY?

The User assumes responsibility for the personal data of third parties published or shared through this website and guarantees that they have the right to communicate or disclose them, releasing the Controller from any liability towards third parties.

SECTION A - BROWSING DATA

The IT systems and applications dedicated to the functioning of the Website may detect, during Users’ browsing, certain Personal Data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected in order to be associated with identified data subjects, but which by its very nature could, through processing and association with data held by third parties, make it possible to identify users. The data collected include: the Internet Protocol (IP) address used to connect Your computer to the Internet, browser type, the location, model and time zone of Your device, parameters of the device used to connect to the website, name of the Internet service provider (ISP), date and time of the visit, the referring and exit web pages of the visitor, possibly the number of clicks,….and other parameters relating to the operating system and the IT environment used by the User.

Our website collects some of these data and, in some cases, also through cookies (for more information reference is made to the Cookie Policy) for the following purposes:

  1. Security or compliance with legal obligations

in relation to access to the systems. The data may be communicated to the competent authorities, upon their order, for reasons of security and public interest. 

To comply with any type of obligation contemplated and provided for by the laws, regulations, related rules and commercial practices in force, in particular in tax/fiscal matters.

LEGAL BASIS: legal obligation, art. 6, par. 1, letter c) of the GDPR.

NATURE OF THE PROVISION: necessary.

RETENTION PERIOD: the data collected are processed for the time necessary to carry out the above purposes and according to what is provided by law, in any case for a period not exceeding that dictated by civil law, therefore for 10 years.

  1. Technical/Functional

to make the website usable, enabling its basic functionalities because the website is not able to function properly without these cookies. For more information on which ones we use, please refer to the cookie policy in the section relating to Technical/Functional Cookies.

DATA COLLECTED: Usage data collected through cookies

LEGAL BASIS: Performance of a service, a contract or pre-contractual measures art. 6, par. 1, letter b) 

NATURE OF THE PROVISION: The provision is necessary to make the website and the service requested by users usable.

RETENTION PERIOD: according to the retention terms of the tracking systems indicated in the Cookie Policy.

  1. Statistics

to collect information in aggregated form on the number of Users and on how they visit the Website, therefore for statistical purposes. For more information on which ones we use, please refer to the cookie policy in the section relating to Statistical Cookies.

DATA COLLECTED: Usage data collected through cookies

LEGAL BASIS: consent pursuant to art. 6, par. 1, letter a) of the GDPR.

NATURE OF THE PROVISION: optional, consent is expressed by the User through the cookies information banner.

RETENTION PERIOD: according to the retention terms of the tracking systems indicated in the Cookie Policy.

  1. Advertising and Profiling

to encourage the User to return to our website, showing them our advertising announcements while browsing other websites on the network, to submit personalized advertisements to them and measure their performance, through remarketing cookies. For more information on which ones we use, please refer to the cookie policy in the section relating to Marketing/Profiling Cookies.

DATA COLLECTED: Usage data collected through cookies

LEGAL BASIS: consent pursuant to art. 6, par. 1, letter a) of the GDPR.

NATURE OF THE PROVISION: optional, consent is expressed by the User through the cookies information banner.

RETENTION PERIOD: until consent is withdrawn according to the retention terms of the tracking systems indicated in the Cookie Policy.

SECTION B - DATA VOLUNTARILY PROVIDED BY THE USER

The Website may collect other personal data in addition to browsing data, in the event of voluntary use by the User of the services offered by the portal such as: communication services (contact forms, availability request forms), newsletter subscriptions. 

When the provision of the data is necessary, this is marked with an asterisk; conversely, all other provisions are optional but, if provided, they will allow the Data Subject to be contacted by other means.

Such data will be used for the provision of the requested service and also for other purposes, including marketing and profiling where provided for, by virtue of specific legal bases. 

You may provide the data through the following areas of the Website:

  1. Through the contract/request availability areas

It allows the User to send requests to the Controller through the contact form or WhatsApp channel, as well as to receive commercial proposals subject to specific consent where the check box is present. In this area it is possible to view and download the rules of the accommodation facility.

DATA COLLECTED: common data such as, for example: first name, last name, email and telephone number.

Provided for the following purposes.

  1. Management of requests

for the purpose of processing the requests made by Users such as information or availability requests.

LEGAL BASIS: Performance of a service, a contract or pre-contractual measures, including quotations, art. 6, par. 1, letter b) 

NATURE OF THE PROVISION: The provision of the data marked with an asterisk is necessary in order to process the requests; the other data are optional.

RETENTION PERIOD: for the time necessary to process the request or for the validity period of the quotation agreed between the parties. Conversely, when the data are collected for purposes connected with the performance of a contract between the Controller and the User, they will be retained until the performance of such contract has been completed, and consequently for 10 years from the last record pursuant to art. 2220 of the Italian Civil Code.

  1. Soft spam

To allow the Controller to send You in the future by email promotional communications concerning Services/Products similar to those that You are purchasing or have previously purchased (where there is a fair balance between the interests of the Controller and the rights of the Customer and there is a relevant and appropriate relationship). This may take place without Your express and prior consent, through the sending of newsletters, sms and WhatsApp, as provided for by art. 130, paragraph 4, of the Privacy Code; This processing is based on art. 130, paragraph 4, of the Privacy Code as amended by Legislative Decree no. 101 of 2018. 

LEGAL BASIS: legitimate interest of the Controller, art. 6, par. 1, letter f) of the GDPR.

NATURE OF THE PROVISION: necessary

RETENTION PERIOD: Until objection.

  1. Direct marketing

For the sending of commercial and informational communications concerning the sector in which the Controller operates or personalized advertisements and to measure their performance. Through the sending of newsletters also with DEM campaigns, sms and WhatsApp.

LEGAL BASIS: consent, art. 6, par. 1, letter a) of the GDPR, expressed through the double opt-in procedure.

NATURE OF THE PROVISION: optional, expressed by the User by selecting the relevant box. Omission will only result in the non-sending of commercial proposals without however preventing the processing of the requests

RETENTION PERIOD: Until consent is withdrawn (opt-out).

  1. Through direct contact using the contact details indicated in the footer.

It allows the User to send requests to the Controller through the contact details indicated in the footer.

DATA COLLECTED: those spontaneously provided by the User at the time of making contact. 

They are collected for the following Purposes: 

  1. Processing requests

The data are provided for the purpose of managing and processing the requests.

LEGAL BASIS: Performance of a service, a contract or pre-contractual measures art. 6, par. 1, letter b).

NATURE OF THE PROVISION: The provision of the data is necessary in order to process the requests.

RETENTION PERIOD: for the time necessary to process the request or for the validity period of the quotation agreed between the parties. Conversely, when the data are collected for purposes connected with the performance of a contract between the Controller and the User, they will be retained until the performance of such contract has been completed, and consequently for 10 years from the last record pursuant to art. 2220 of the Italian Civil Code.

TITLE IV - METHODS OF PROCESSING

The Processing of personal data communicated by Users is carried out by means of the operations indicated in art. 4 no. 2) of the GDPR, namely: “collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, communication, deletion and destruction of data”.

The processing of the data of Data Subjects (Users) takes place through the use of tools and procedures suitable to guarantee a high level of security and confidentiality, pursuant to art. 32 of the GDPR, by specifically authorized subjects, in compliance with the provisions of art. 29 of the GDPR, and may be carried out both through our Website and through other electronic tools, and sometimes also by telephone or with the aid of paper media. In particular, our Website has an SSL certificate and uses the HTTPS protocol to make personal data more secure. With the use of this protocol, transactions and data transmitted on websites take place with maximum security and the content of the communication is not read or manipulated in any way by third parties.

TITLE V - RECIPIENTS AND DATA TRANSFER

The Controller processes Users’ data in compliance with the obligations for the protection of personal data provided for by the applicable legislation. The Controller ensures that the duty of confidentiality is also respected by its trainees, employees and/or collaborators and guarantees that Your data will not be disclosed to undetermined subjects by making them available or accessible for consultation.

SECTION A - RECIPIENTS

In relation to the purposes indicated above, personal data are communicated, with this term meaning making them known to one or more specific subjects, to the following subjects:

  1. Authorized persons

Collaborators or other personnel authorized to process data (by way of example: administrative, commercial, accounting staff, system administrators) within the limits necessary to perform their duties at the Controller, subject to an appointment letter as authorized person imposing the duty of confidentiality and security.

  1. External processors

Subjects appointed as external processors pursuant to art. 28 of the GDPR, including those who provide services for the management of the IT system used by the Controller and of the telecommunications networks (email, newsletter, website management, hosting, etc…) or self-employed professionals, firms or companies in the context of assistance and consultancy relationships (accountants, lawyers, etc..), our consultants, within the limits necessary to perform their duties, with the duty of confidentiality and security. The following are indicated:

- The website hosting provider is HOST SpA, located in Italy

- For the management of website cookie consents we use Cookiebot provided by Usercentrics A/S located in Denmark. 

- For spam protection we use reCAPTCHA provided by Google, located in Ireland and the United States

- For statistics through cookies we use Google Analytics provided by Google Ireland Limited and its affiliates, located in Ireland and the United States.

- For the tracking of Marketing/Profiling Cookies we use the following services: Google ADS provided by Google Ireland Limited and its affiliates, located in Ireland and the United States.

  1. Independent Controllers

Subjects operating in total autonomy as separate Independent Data Controllers, who need to access the data for purposes ancillary to the relationship with the Controller (by way of example, companies carrying out commercial investigation activities on behalf of the Controller).

Public or private entities that may access the data by virtue of regulations and legal provisions, or with respect to whom we have an obligation of communication, within the limits of their respective and specific competence as provided therein, such as for example:

- judicial and tax authorities (e.g. for accounting or tax reasons,..) where there is a legal notification obligation;

- other recipients (e.g. banking institutions). 

SECTION B - TRANSFER

The Controller relies exclusively on certified service providers, transferring personal data to them only when strictly necessary within the limits of the performance of their task, following verification of compliance with the duties of confidentiality and security. Some of the providers, already listed under Title V Section A of this notice, are established:

  1. Within the EEA 

Those countries belonging to the European Economic Area (EEA, namely EU + Norway, Liechtenstein, Iceland).

  1. Outside the EEA

Those countries whose adequacy is recognized through a decision of the European Commission (art. 45 of Regulation EU 2016/679) and specifically:

- in the United States to third parties that have adhered to the Data Privacy Framework.

The transfers are authorized and no further consent is required, since they take place in accordance with the applicable legal provisions and, in particular, in compliance with articles 44 – 45 – 46 – 47 – 48 and 49 of the GDPR and other applicable legal rules.

The Data Subject may request further information by writing to the following email address: info@casadisofialanghe.com

TITLE VI - DATA RETENTION PERIOD

In compliance with the principles of lawfulness, purpose limitation and data retention and minimization, pursuant to art. 5 of the GDPR, the retention period of Users’ personal data is established for a period of time not exceeding the achievement of the purposes for which they are collected and processed, or for the entire duration of the fulfilment of the aforementioned purposes. For further information, please refer to Title III of this Policy (which data we process and why)

At the end of the retention period, the Personal Data of the Data Subjects will be deleted from every physical and IT medium (records/database) of the Controller. 

TITLE VII - USER RIGHTS

SECTION A - WHAT YOUR RIGHTS ARE

Below are Your rights; in any case, we invite You always to communicate to us any variation of Your personal data so that we can ensure that the data collected are accurate and updated. 

  1. Access

Access Your own data as provided for by art. 15 of the GDPR 

  1. Rectification 

Request the modification of Your own data as provided for by art. 16 of the GDPR.

  1. Erasure

Request erasure, pursuant to art. 17 of the GDPR

  1. Restriction 

Request that Your own data not be subject to further processing and may no longer be modified pursuant to art. 18 of the GDPR. We specify that the collection of website browsing data, so-called technical or functional cookies (limited to those collected in order to make the website usable, enabling only the basic functionalities) are essential for the functioning of the website itself. Users, therefore, have no right to restrict such processing.

  1. Portability

to receive the personal data concerning them, where processing is carried out by automated means, in a structured, commonly used and machine-readable format and to transmit them to another Controller or obtain direct transfer, pursuant to art. 20 of the GDPR.

  1. Objection

The right to object to the processing of the data concerning them as well as to the sending of advertising material, direct selling and for the carrying out of market research). pursuant to art. 21 of the GDPR.

  1. Complaint

The right to lodge a complaint or reports with the Data Protection Authority as supervisory authority on the matter of personal data protection, or to bring proceedings before the Judicial Authority.

SECTION B - HOW YOU CAN EXERCISE YOUR RIGHTS

The User may exercise the rights listed above by making a request to Casa Sofia, pursuant to art. 38 of the GDPR, to be sent to the email address: info@casadisofialanghe.com

The Controller shall confirm receipt of Your request and provide information relating to the action taken, with reference to the exercise of Your rights provided for in articles 15 to 22 of the GDPR.

Should the Controller fail to comply with the User’s request within the period of 1 (one) month from receipt of the request, the latter shall be informed of the reasons for the failure to comply, informing the User as of now of the possibility to lodge a complaint with the Supervisory Authority (Italian Data Protection Authority - GPDP), as specified pursuant to art. 13, paragraph 2, letter (d) and governed by articles 77 et seq. of the GDPR and 141 et seq. of Legislative Decree 196/2003, as amended by Legislative Decree 101/2018. 

TITLE VIII – LEGAL DEFENCE

The User’s Personal Data may be used for the defence by the Controller in court or in the stages leading to its possible establishment, in the event of abuses or violations committed by the User. The User also declares to be aware that the Controller may be required to disclose the Data upon request by public authorities.

TITLE IX - MINORS

The Controller does not intentionally collect, through the Website, data relating to minors under 18 years of age.