Salisù Privacy Policy 

Introduction

This Privacy Policy outlines Quinto Piano SRLS (“we”, “our” or “the Company”) practices with respect to information collected from users who access our website at https://www.quintopiano.it (“Site”), or otherwise share personal information with us (collectively, “Users”).

Grounds for data collection 

Processing of your personal information (meaning any data that may reasonably identify you; hereinafter “Personal Information”) is carried out because (i) it is necessary for the performance of the accommodation or services contract you request from us, (ii) it serves our legitimate interests in running, securing and improving Quinto Piano, and (iii) it enables us to comply with Italian and EU legal-accounting obligations.

By using the Site, you agree to the collection, storage, use, disclosure and other processing of your Personal Information as set out in this Privacy Policy.

We encourage all Users to read this Policy carefully and rely on it to make informed decisions.

What information we collect?

3. Data We Collect

We collect two categories of information from Users.

3.1 Non-Personal Information

“Non-Personal Information” is information that cannot, by itself, be used to identify you.

It is generated automatically while you browse the Site and helps us keep the website fast, secure and user-friendly. Examples include :

Technical data – browser type and version, operating-system, language setting, screen resolution, referring URL, access time.

Usage data – pages viewed, clicks, session length, booking-engine steps, scroll depth.

Aggregated statistics – total visits per page, bounce-rate, device mix (mobile / desktop).

We cannot link this data back to a specific individual and we use it only in aggregate for analytics, performance optimisation (e.g., reducing page-load time) and fraud-prevention (e.g., blocking bot traffic).

3.2 Personal Information

“Personal Information” is data that identifies you directly or can do so with reasonable effort. Depending on how you interact with us, we may collect:

We never store your full card number or CVV in our systems; all card data are handled by PCI-DSS compliant gateways (e.g., Stripe / GuestyPay).

How do we receive information about you?

We receive your Personal Information from various sources:

• When you voluntarily provide us your personal details in order to register on our Site;
• When you use or access our Site in connection with your use of our services;
• From third party providers, services and public registers (for example, traffic analytics vendors).

What information we collect?

6. How we use and share your information

We do not rent, sell or trade your data. We process it only as described below or where European / Italian law requires us to do so.

6.1 Purposes of use

We use Personal Information to:

Fulfil and manage your stay – confirm bookings, collect payments, send check-in codes, register guests with the Police Portal (TULPS).

Communicate with you – booking confirmations, pre-arrival tips, support replies, last-minute alerts (WhatsApp/SMS) and post-stay surveys.

Send service & marketing messages – newsletter or promotional offers only if you have opted-in; you can unsubscribe anytime.

Personalise content & advertising – remember language, show relevant rates, run remarketing campaigns on Google/Facebook (after cookie consent).

Run analytics & improve the site – aggregate statistics (page speed, conversion rate) to enhance UX and prevent fraud.

Ensure safety & compliance – CCTV, access-log monitoring, incident reporting, legal archiving, anti-money-laundering checks.

6.2 Trusted third-party processors

We may transfer Personal Information—under data-processing agreements and, where required, Standard Contractual Clauses—to:

Service Example provider Purpose Location*

Booking engine / PMS Guesty Inc. (EU datacentre) Host reservation data, generate invoices EU/EEA

Payment gateway Stripe / GuestyPay Tokenise & charge cards (PCI-DSS) EU / USA (SCC)

Email & SMS Mailgun, Twilio Transactional e-mails, OTP codes EU / USA (SCC)

Cloud hosting & backup AWS Frankfurt Secure infrastructure, encrypted backups EU

Analytics Google Analytics 4 (IP masked) Site performance, traffic insights EU / USA (SCC)

Marketing & retargeting (only with consent) Meta Pixel, Google Ads Measure campaigns, show personalised ads EU / USA (SCC)

Professional advisors Accountant, law firm Fiscal compliance, legal defence Italy

*Transfers outside the EEA rely on an adequacy decision or SCC + supplementary safeguards (encryption, minimisation).

6.3 Legal disclosures

We may disclose data when we believe in good faith that it is necessary to:

comply with a law, court order or competent authority;

enforce our Terms & Conditions or investigate potential violations;

detect, prevent or address fraud, security or technical issues;

protect the rights, property or safety of Quinto Piano, our guests or the public;

establish, exercise or defend legal claims.

User Rights

8. Your Rights under GDPR

You may exercise the following rights at any time:

Right What it means

Access Obtain confirmation that we process your data and receive a copy plus supplementary information.

Portability Receive the data you provided us in a structured, commonly-used, machine-readable format and transmit it to another controller.

Rectification Ask us to correct or complete inaccurate or incomplete personal data.

Erasure (“right to be forgotten”) Request deletion of your personal data where the law allows (e.g., no overriding legal obligation to retain it).

Objection Object to processing carried out on the basis of our legitimate interest or for direct-marketing purposes.

Restriction Ask us to suspend processing if you contest accuracy, legality or need for the data.

Complaint Lodge a complaint with the Italian Data-Protection Authority (Garante per la Protezione dei Dati Personali).

These rights are not absolute; we may refuse or defer a request where retention is required by fiscal, public-security or other legal obligations, or where our legitimate interests clearly override yours (Art. 12-23 GDPR).

9. How to exercise your rights

Send a written request to our Data-Protection contact:

Data-Protection Officer (DPO)

Quinto Piano SRLS

Via di Porta Pertusa 4

00165 Rome – Italy

E-mail: privacy@quintopiano.it

PEC: quintopiano@pec.it

Tel: +39 06 5526 0696

We will acknowledge receipt within 7 days and provide a substantive response within 30 days (extendable by 60 days for complex cases, as permitted by Art. 12 GDPR). If you are not satisfied, you may lodge a complaint with the Garante or with the supervisory authority in the EU country where you reside.

Retention

We will retain your personal information for as long as necessary to provide our services, and as necessary to comply with our legal obligations, resolve disputes, and enforce our policies. Retention periods will be determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time. Under applicable regulations, we will keep records containing client personal data, account opening documents, communications and anything else as required by applicable laws and regulations. 

We may rectify, replenish or remove incomplete or inaccurate information, at any time and at our own discretion.

Cookies

We and our trusted partners use cookies and other technologies in our related services, including when you visit our Site or access our services. 

A "cookie" is a small piece of information that a website assign to your device while you are viewing a website. Cookies are very helpful and can be used for various different purposes. These purposes include allowing you to navigate between pages efficiently, enable automatic activation of certain features, remembering your preferences and making the interaction between you and our Services quicker and easier. Cookies are also used to help ensure that the advertisements you see are relevant to you and your interests and to compile statistical data on your use of our Services. 

The Site uses the following types of cookies:

a. 'session cookies' which are stored only temporarily during a browsing session in order to allow normal use of the system and are deleted from your device when the browser is closed; 

b. 'persistent cookies ' which are read only by the Site, saved on your computer for a fixed period and are not deleted when the browser is closed. Such cookies are used where we need to know who you are for repeat visits, for example to allow us to store your preferences for the next sign-in; 

c. 'third party cookies' which are set by other online services who run content on the page you are viewing, for example by third party analytics companies who monitor and analyze our web access.

Cookies do not contain any information that personally identifies you, but Personal Information that we store about you may be linked, by us, to the information stored in and obtained from cookies. You may remove the cookies by following the instructions of your device preferences; however, if you choose to disable cookies, some features of our Site may not operate properly and your online experience may be limited.

We also use a tool called “Google Analytics” to collect information about your use of the Site. Google Analytics collects information such as how often users access the Site, what pages they visit when they do so, etc. We use the information we get from Google Analytics only to improve our Site and services. Google Analytics collects the IP address assigned to you on the date you visit sites, rather than your name or other identifying information. We do not combine the information collected through the use of Google Analytics with personally identifiable information. Google’s ability to use and share information collected by Google Analytics about your visits to this Site is restricted by the Google Analytics Terms of Use and the Google Privacy Policy.

Third party collection of information

Our policy only addresses the use and disclosure of information we collect from you. To the extent you disclose your information to other parties or sites throughout the internet, different rules may apply to their use or disclosure of the information you disclose to them. Accordingly, we encourage you to read the terms and conditions and privacy policy of each third party that you choose to disclose information to. 

This Privacy Policy does not apply to the practices of companies that we do not own or control, or to individuals whom we do not employ or manage, including any of the third parties which we may disclose information as set forth in this Privacy Policy. 

How do we safeguard your information?

We apply multiple, industry-standard safeguards to keep the Site and your information secure:

Encryption in transit and at rest – TLS 1.3 on every page; AES-256 server-side encryption for databases and backups.

PCI-DSS–compliant payments – card data are tokenised by our gateway (Stripe / GuestyPay) and never stored in clear text on Quinto Piano servers.

Role-based access control – staff accounts use strong passwords + MFA; access is limited to the minimum required for their duties.

Hardening & monitoring – firewalls, daily vulnerability scans, real-time intrusion detection, automatic OS security patches.

CCTV & physical security – EU Tier III datacentres with 24/7 guarded access; on-site guest data kept in locked cabinets.

Vendor due-diligence – all third-party processors sign Data-Processing Agreements and must meet GDPR-level security (ISO 27001, SOC 2 or equivalent).

Incident response plan – any personal-data breach is logged, contained and notified to the Italian DPA and affected users within 72 hours (Art. 33–34 GDPR).

Despite these measures, no system is impenetrable. We therefore cannot guarantee absolute security and disclaim liability for unauthorised access arising from factors beyond our reasonable control. If you believe your interaction with us is no longer secure, please contact security@quintopiano.it immediately.

Transfer of data outside the EEA 

Please note that some data recipients may be located outside the EEA. In such cases we will transfer your data only to such countries as approved by the European Commission as providing adequate level of data protection, or enter into legal agreements ensuring an adequate level of data protection.

Advertisements

We sometimes use third-party advertising technologies—such as Google Ads / Floodlight, Meta Pixel and TikTok Ads—to show you personalised offers for QuintoPiano on other websites and social networks.

These platforms place their own marketing cookies or tracking pixels in your browser only after you give consent in our cookie banner.

Opt-out options

Platform or framework How to turn off personalised ads

Google Ads / YouTube https://adssettings.google.com

Facebook / Instagram https://www.facebook.com/adpreferences/advertisers

TikTok In the app: Settings → Privacy → Ads → Off

NAI (US multi-network) http://optout.networkadvertising.org/#!/

DAA (US) http://optout.aboutads.info/#!/

EDAA (EU YourOnlineChoices) https://www.youronlinechoices.eu/

You can also revisit our Cookie Dashboard at the bottom of every page to withdraw consent for “Marketing Cookies”; doing so will stop new tracking cookies and deactivate existing tags on our site.

Disabling personalised ads does not mean you will stop seeing ads altogether—it simply means the adverts you see will not be tailored to your browsing behaviour on our Site.

Marketing

We may use your Personal Information, such as your name, email address, telephone number, etc. ourselves or by using our third party subcontractors for the purpose of providing you with promotional materials, concerning our services, which we believe may interest you. 

Out of respect to your right to privacy we provide you within such marketing materials with means to decline receiving further marketing offers from us. If you unsubscribe we will remove your email address or telephone number from our marketing distribution lists. 

Please note that even if you have unsubscribed from receiving marketing emails from us, we may send you other types of important e-mail communications without offering you the opportunity to opt out of receiving them. These may include customer service announcements or administrative notices.

Corporate transaction

We may share information in the event of a corporate transaction (e.g. sale of a substantial part of our business, merger, consolidation or asset sale). In the event of the above, the transferee or acquiring company will assume the rights and obligations as described in this Privacy Policy.

Minors

We recognise the importance of protecting children’s privacy, especially online. This Site and our services are not directed to minors (under 18 years of age). We do not knowingly collect or solicit Personal Information from anyone under 18.

If we learn that we have inadvertently gathered such data, we will delete it as soon as reasonably practicable.

Parents or legal guardians who believe that a minor has provided us with Personal Information without their consent should contact us immediately at privacy@quintopiano.it so we can investigate and remove the data.

Updates or amendments to this Privacy Policy

We reserve the right to periodically amend or revise the Privacy Policy; material changes will be effective immediately upon the display of the revised Privacy policy. The last revision will be reflected in the "Last modified" section. Your continued use of the Platform, following the notification of such amendments on our website, constitutes your acknowledgment and consent of such amendments to the Privacy Policy and your agreement to be bound by the terms of such amendments.

How to contact us

If you have questions about this Site or about how we handle your personal data, please write or call:

Data Protection Office

Quinto Piano SRLS 

Via di Porta Pertusa 4 

00165 Rome – Italy

E-mail: privacy@quintopiano.it 

PEC: quintopiano@pec.it 

Tel: +39 06 5526 0696

VAT / Companies Register No.: 17872211002 – REA RM 1747637