Privacy Policy for Delisio Stays S.R.L.S.
Effective date: Jan 2026
Last updated: Jan 2026
1. Who we are
Delisio Stays S.R.L.S. is a short-term property management agency based in Rome, Italy.
For the purposes of Regulation (EU) 2016/679, the General Data Protection Regulation, also known as the “GDPR”, the data controller is:
Delisio Stays S.R.L.S.
P.IVA: 18378191003
Registered address: Viale Angelico 54, Prati, 00195 Rome, Italy
Email: [email protected]
In this Privacy Policy, “Delisio Stays”, “we”, “us” and “our” refer to Delisio Stays S.R.L.S.
We are responsible for deciding how and why personal data is processed in connection with our website, booking enquiries, guest communications, short-term rental operations, property management activities and related services.
We have not appointed a Data Protection Officer because, based on our current activities, we are not required to do so under Article 37 GDPR. For any privacy-related request, please contact us at [email protected].
2. What personal data we collect
We may collect and process the following categories of personal data.
Identity and contact data
This may include your name, surname, email address, phone number, residential address, nationality, date and place of birth, and other contact details you provide to us.
Booking and stay data
This may include reservation details, property booked, stay dates, number of guests, check-in and check-out information, arrival time, guest preferences, special requests, messages with us, complaints, incident reports, damage reports, deposit-related information and support communications.
Guest identification and legal reporting data
For stays in Italy, we may be legally required to collect guest identification information and submit it to the competent public security authorities through the official Italian system, such as Alloggiati Web.
Where self check-in is used, we may collect ID or passport information solely for the purpose of verifying the guest and completing the required Alloggiati Web registration.
We do not retain copies of passports, ID cards or identity documents after submission to Alloggiati Web. Where ID data or images are collected for self check-in, they are deleted after the required reporting has been completed, unless retention is strictly necessary for a legal, security or dispute-related reason. Italian accommodation providers are required to communicate guest details to public security authorities, but this does not generally justify keeping copies of identity documents longer than necessary.
Payment and billing data
This may include billing details, invoice details, payment status, transaction references, cardholder name, last four digits of a payment card, payment tokens or payment processor IDs.
Payments are processed through Stripe or other secure payment providers. We do not store full payment card numbers.
Website, technical and usage data
When you visit our website, we may collect technical information such as IP address, device type, browser type, operating system, pages visited, referring website, approximate location, cookie identifiers, session information and analytics events.
Marketing and advertising data
This may include your marketing preferences, newsletter subscriptions, email engagement, advertising interactions, social media interactions and information about how you interact with our website or advertisements.
We currently use tools such as Google Analytics, Google Ads, Meta Pixel and Hotjar. We may add, remove or replace analytics, advertising, marketing or website tools from time to time, provided that we do so in accordance with applicable data protection and cookie laws.
Property owner, supplier and business contact data
If you are a property owner, landlord, supplier, contractor, agent or business partner, we may process your name, company details, contact details, property information, contract information, payment details, tax details and communications with us.
3. Where we get your data from
We may collect personal data:
directly from you when you contact us, complete a form, make a booking, provide guest information, communicate with us or stay at one of the properties we manage;
from booking platforms, online travel agencies and marketplaces, including but not limited to platforms such as Airbnb, Booking.com, Vrbo and similar services;
from our booking, property management and payment systems, including Lodgify, Stripe and similar operational providers;
from payment processors, identity verification providers, channel managers, smart-lock or access providers, guest communication tools, website analytics providers and other service providers;
from the person making a booking on your behalf, such as a family member, friend, company, travel organiser or co-guest;
from property owners, landlords, building managers, maintenance providers or neighbours where relevant to property management, guest safety, incidents, damage, access or complaints;
from public authorities, professional advisers or insurers where necessary.
Where you provide personal data about another guest, you must ensure that you have permission to do so and that the guest is aware of this Privacy Policy.
4. Why we use your data and our lawful bases
We only process personal data where we have a lawful basis under the GDPR.
4.1 To manage bookings and provide our services
We use your data to process enquiries, manage reservations, provide accommodation-related services, arrange check-in and check-out, communicate with guests, handle support requests, manage deposits, resolve issues and provide customer service.
Lawful basis: performance of a contract or steps taken before entering into a contract.
4.2 To comply with legal obligations
We may process data to comply with Italian and EU legal obligations, including guest identification and public security reporting, tourist or city tax obligations, tax records, accounting, invoicing, anti-fraud obligations and responses to lawful requests from public authorities.
Lawful basis: legal obligation.
4.3 To manage safety, security and property operations
We may process data to prevent fraud, protect guests, owners, neighbours, staff, contractors and properties, investigate incidents, enforce house rules, manage building access, handle complaints, document damage or loss, and protect our legal and business interests.
Lawful basis: legitimate interests.
Our legitimate interests include operating a safe and reliable accommodation management business, protecting property, preventing misuse, resolving disputes and ensuring compliance with house rules and booking terms.
4.4 To manage payments, invoices and accounting
We use payment and billing data to process transactions, issue invoices, manage refunds, handle chargebacks, keep accounting records and comply with tax obligations.
Lawful basis: performance of a contract, legal obligation and legitimate interests.
4.5 To improve our website and services
We may use website, technical and usage data to maintain website security, diagnose technical issues, understand how visitors use our website, improve user experience, measure performance and optimise our services.
Lawful basis: legitimate interests, and consent where required for non-essential cookies or similar technologies.
4.6 To use analytics, advertising and tracking tools
Subject to your cookie choices, we may use analytics, advertising and tracking tools to understand website usage, measure advertising performance, improve our marketing, show relevant ads and analyse user behaviour.
This may include tools such as Google Analytics, Google Ads, Meta Pixel, Hotjar and similar services.
Lawful basis: consent, where required by applicable law.
4.7 To send marketing communications
Where permitted, we may send you marketing communications about our services, properties, updates and offers.
We will rely on your consent where required by law. You can withdraw consent or unsubscribe at any time by using the unsubscribe link in our emails or by contacting us at [email protected].
Lawful basis: consent, and in limited cases legitimate interests where permitted by applicable law.
4.8 To manage property owner, supplier and business relationships
We process business contact data to manage property management agreements, supplier arrangements, owner communications, operational coordination, payments, reporting and related administration.
Lawful basis: performance of a contract, steps before entering into a contract, legal obligation and legitimate interests.
4.9 To establish, exercise or defend legal claims
We may process personal data where necessary to obtain legal advice, enforce our terms, recover debts, deal with disputes, respond to complaints, manage insurance matters or defend legal claims.
Lawful basis: legitimate interests and, where applicable, legal obligation.
5. Special categories of personal data
We do not usually seek to collect special categories of personal data, such as health data, biometric data, religious beliefs or political opinions.
However, you may voluntarily provide information that reveals special category data, for example where you tell us about accessibility needs, health-related requirements or emergency circumstances.
Where this happens, we process such data only where necessary and where permitted under the GDPR, for example with your explicit consent, to protect vital interests, or where necessary for legal claims.
Please do not provide special category data unless it is necessary for your stay or request.
6. Children and minors
Our services are not directed to children for marketing purposes.
However, children and minors may be guests at properties we manage. In those cases, we may process their personal data where necessary to manage the booking, provide the stay, comply with Italian guest reporting obligations, protect safety or comply with legal requirements.
Where required, information about minors should be provided by a parent, guardian or responsible adult.
7. Who we share your data with
We may share personal data with the following categories of recipients where necessary.
Booking platforms and online travel agencies
If you book through a third-party platform or online travel agency, that platform will process your data under its own privacy policy. These platforms usually act as independent data controllers for their own processing.
Booking and property management systems
We use booking and property management systems, including Lodgify, to manage reservations, availability, communications and property operations.
Payment providers
We use Stripe and may use other secure payment providers to process payments, refunds, deposits, chargebacks and fraud checks.
Property operations providers
We may share data with service providers involved in delivering your stay, including guest communication tools, check-in tools, smart-lock or key access providers, identity verification providers, cleaning teams, maintenance providers, laundry providers and emergency contractors.
Property owners and landlords
Where we manage a property on behalf of an owner or landlord, we may share information that is necessary for property management, booking administration, damage claims, incident handling, accounting or legal compliance.
Public authorities
We may share personal data with public authorities where required by law, including Italian public security authorities, municipal authorities for tourist or city tax purposes, tax authorities, courts, regulators or law enforcement bodies.
Website, analytics and advertising providers
Subject to your cookie choices, we may share website and technical data with providers such as Google, Meta, Hotjar and similar analytics, advertising, cookie management, hosting or marketing providers.
Professional advisers and insurers
We may share data with lawyers, accountants, consultants, auditors, insurers and other professional advisers where necessary.
Corporate transactions
If our business is sold, transferred, merged, reorganised or subject to investment or financing, personal data may be shared with potential buyers, investors, advisers or successor entities, subject to appropriate confidentiality protections.
We do not sell your personal data.
8. International transfers
We are based in Italy and primarily process data within the European Economic Area.
Some of our service providers may process personal data outside the EEA, for example where they use global cloud infrastructure or support teams in other countries.
Where personal data is transferred outside the EEA, we will ensure that appropriate safeguards are in place. These may include:
an adequacy decision adopted by the European Commission;
the European Commission’s Standard Contractual Clauses;
additional technical, contractual or organisational safeguards where required.
The European Commission has adopted Standard Contractual Clauses for certain transfers of personal data from the EEA to countries outside the EEA.
You may contact us to request more information about the safeguards used for international transfers.
9. How long we keep your data
We keep personal data only for as long as necessary for the purposes described in this Privacy Policy, including to provide services, comply with legal obligations, resolve disputes and protect our legal rights.
Typical retention periods are as follows.
Booking, stay and guest communication records
We generally retain booking records, guest communications, stay details, issue reports and related operational records for up to 10 years, where relevant to accounting, legal, contractual or dispute purposes.
Accounting, invoices and tax records
Invoices, accounting records and tax-related records are generally retained for 10 years, in line with Italian accounting record retention obligations.
Guest identification and Alloggiati Web data
Guest identification data collected for Alloggiati Web registration is kept only for as long as necessary to verify the guest, complete the required submission and support immediate operational checks.
Where ID data or copies are collected for self check-in, they are deleted after submission to Alloggiati Web, unless retention is strictly necessary for a legal, fraud prevention, security or dispute-related reason.
We do not retain copies of passports, ID cards or identity documents as a standard practice.
Payment data
Payment records, transaction references, refund records and chargeback-related data may be retained for as long as necessary for payment administration, fraud prevention, accounting, chargebacks and legal claims.
We do not store full card numbers.
Marketing data
Marketing contact data is kept until you unsubscribe, withdraw consent or object to marketing. We may retain a minimal suppression record to ensure we respect your opt-out.
Website analytics and cookies
Cookie and analytics data is retained according to the lifetimes described in our Cookie Policy or cookie banner.
Where a longer retention period is required or permitted by law, for example because of a dispute, investigation, tax audit or legal claim, we may retain relevant data for longer.
10. Cookies and similar technologies
Our website uses cookies and similar technologies. For more information, please see our Cookie Policy below.
Non-essential cookies and tracking tools are used only where permitted by applicable law and, where required, after you have given consent through our cookie banner or cookie preference tool.
You can manage your cookie preferences through our website cookie settings.
11. Your rights
Under the GDPR, you may have the following rights, subject to the conditions and limits set out in applicable law:
the right to access your personal data;
the right to correct inaccurate or incomplete data;
the right to request deletion of your data;
the right to restrict processing;
the right to data portability;
the right to object to processing based on legitimate interests;
the right to object to direct marketing at any time;
the right to withdraw consent at any time, where processing is based on consent;
the right not to be subject to a decision based solely on automated processing, including profiling, where that decision produces legal or similarly significant effects.
To exercise your rights, contact us at:
We may need to verify your identity before responding. We will respond within the time required by applicable law.
12. Complaints
You have the right to lodge a complaint with a supervisory authority if you believe that your personal data has been processed unlawfully.
In Italy, the competent authority is:
Garante per la protezione dei dati personali
Website: www.garanteprivacy.it
You may also have the right to complain to the data protection authority in the EU Member State where you live, work or where the alleged infringement occurred.
We would appreciate the opportunity to address your concern first, so please contact us at [email protected].
13. Security
We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or disclosure.
These measures may include access controls, password protection, secure systems, encryption in transit, restricted access to booking and guest systems, staff and contractor confidentiality requirements, supplier due diligence and internal procedures for handling privacy incidents.
No system is completely secure. Where required by law, we will notify affected individuals and/or the relevant supervisory authority of a personal data breach.
14. Automated decision-making
We do not make decisions about guests that produce legal or similarly significant effects based solely on automated processing.
We may use tools that assist with fraud prevention, booking management, pricing, risk assessment, identity verification, analytics or operational workflows. Where a decision may materially affect a booking or guest relationship, human review is involved where required.
15. Third-party websites and platforms
Our website may link to third-party websites, booking platforms, social media pages or payment pages.
Those third parties are responsible for their own privacy practices. We recommend that you read their privacy policies before providing personal data to them.
16. Changes to this Privacy Policy
We may update this Privacy Policy from time to time.
When we update it, we will publish the new version on our website and update the “Last updated” date.
If changes are material and you have an active booking or ongoing relationship with us, we may notify you by email or another appropriate method.
17. Contact us
For privacy questions, requests or complaints, contact:
Delisio Stays S.R.L.S.
P.IVA: 18378191003
Viale Angelico 54, Prati, 00195 Rome, Italy
Email: [email protected]