Privacy & Cookies Policy

1. Controller of the Personal Data

Letters to Juliet Apartment — Donata Brizzi (Host & Owner)
Via Santa Chiara 11/C, 37122 Verona (Italy)
Contact: letterstojuliet.apartment@gmail.com | +39 349 446 2071

2. Collected Personal Data

When you submit the contact/quote form, we collect:

  • Full Name, Email, Phone, Message, Consent to Privacy Policy

  • Form IP address and timestamp (technical data).

No sensitive / health data is collected. Consent is provided explicitly before sending.

3. Purpose & Legal Basis of Processing

We process your data for:

  1. Responding to your booking requests and inquiries (Art. 6(1)(b) GDPR).

  2. Complying with Italian tourism law — guest registration, payments, taxes (Art. 6(1)(c)).

  3. Ensuring site functionality and preventing spam (Art. 6(1)(f)).

4. Data Recipients

Your data is shared only with:

  • Italian public authorities (e.g. Questura) as required by law for tourist registration.

  • Email/hosting providers, trusted contact form service providers.

No commercial marketing or external data sharing occurs unless explicitly authorized first.

5. Data Retention Period

  • Contact form submissions: retained up to 12 months.

  • Guest stay records: kept per law (up to 10 years for tourism tax and police reporting).

  • Cookies: see section 7 below.

6. Data Subject Rights

Under GDPR you have the rights to:

  • Access, correct, delete or restrict your personal data (Articles 15–18 GDPR).

  • Withdraw consent at any time (Article 7(3)).

  • Lodge a complaint with the Italian Data Protection Authority (Garante) (Article 77) if you suspect misuse.

To request any of the above, contact Donata at the email above. We typically respond within 30 days.

7. Cookie Policy

We use:

  • Essential cookies to enable site functionality (form, navigation, security).

  • Optional analytics cookies (e.g. Google Analytics) to track anonymous statistics only if you consent.

Upon first visit you are asked to accept or reject non-essential cookies. You can withdraw consent anytime via the cookie banner link at the footer. No analytics tracking before explicit approval. All cookies are managed in compliance with GDPR and Italian Garante guidelines.

8. Security Measures

We implement appropriate technical and organizational measures to:

  • Protect data confidentiality, integrity and availability (per Article 32 GDPR).

  • Limit access to authorized personnel (host and trusted providers).

  • Regularly review security status and backup data securely.

9. Children & Age Restrictions

Our services are intended for persons aged 16 years or older. We do not knowingly collect data from minors under 16. If we become aware of such submission, we will promptly delete it.

10. International Data Transfers

We do not transfer personal data outside the European Economic Area (EEA). If we ever do (e.g. for backups or external services), we will ensure GDPR-compliant safeguards (e.g. adequacy decisions, Standard Contractual Clauses).

11. Updates to This Policy

We may update this policy occasionally (e.g. to comply with new legislation). The latest version will always be posted here with an updated date.