PRIVACY POLICY (English) – Trulli Monte Papa

Last updated: [13/02/2026]

1) Data Controller (who we are)

The Data Controller is MONTE PAPA SOCIETÀ AGRICOLA A RESPONSABILITÀ LIMITATA, registered office in Ceglie Messapica (BR), Località Monte Papa, 72013, Italy, VAT/Tax Code 02227530744, certified email (PEC): montepapa@pec.it. MONTEPAPA_VISURA11042024
For privacy requests you can contact us at montepapa@pec.it (or [your standard email address]).

2) Scope of this notice

This Privacy Policy explains how we collect and use personal data when you visit trullimontepapa.com (the “Website”) and when you contact us about our accommodation and services.

3) Personal data we collect

Depending on how you use the Website, we may collect:

a) Browsing and technical data
Technical data needed to operate and secure the Website (e.g., IP address, log files, device/browser information, date/time of access, pages visited).

b) Enquiries and communications
When you contact us via forms (e.g., “Make an enquiry”), email, phone or other channels: name, email address, phone number, message content, requested dates, number of guests, and any other information you choose to provide.

c) Booking and stay-related data (if applicable)
If you book a stay or request services, we may process information necessary to manage the booking and provide the service (e.g., guest details, booking details, billing/invoicing details) and any data required by applicable legal obligations.

4) Purposes and legal bases

We process personal data for the following purposes:

  1. To respond to enquiries and provide information/quotes
    Legal basis: taking steps at your request prior to entering into a contract and/or performance of a contract.

  2. To manage bookings and provide requested services (if applicable)
    Legal basis: performance of a contract and/or pre-contractual measures.

  3. To comply with legal obligations (if applicable)
    For example, accounting/tax requirements and other obligations related to our activity.
    Legal basis: compliance with a legal obligation.

  4. Website security and prevention of abuse/fraud; protection of our rights
    Legal basis: our legitimate interests in keeping the Website secure and protecting our business.

  5. Marketing communications (only if you explicitly opt in)
    We do not send marketing communications unless you have provided your consent (e.g., by requesting updates). You can withdraw consent at any time.
    Legal basis: consent.

5) Cookies and similar technologies

The Website may use strictly necessary/technical cookies required for its operation and security. For more information, please see our Cookie Policy.

6) Recipients of data (who we share data with)

We may share your data only when necessary and for the purposes described above, with:

  • Squarespace (Website platform and hosting provider, including form handling and technical delivery of the Website);

  • email/communication providers used to receive and manage messages ([if you want, name the provider]);

  • IT and technical support providers (maintenance and security);

  • professional advisors (e.g., accountant, legal counsel) when necessary;

  • public authorities where required by law.

Such parties may act as processors (processing data on our behalf) or as independent controllers, depending on the service.

7) International data transfers

Using providers such as Squarespace may involve processing personal data outside the European Economic Area (EEA). Where required, transfers are carried out using appropriate safeguards (e.g., Standard Contractual Clauses) in accordance with applicable data protection law.

8) Data retention

We keep personal data only for as long as needed for the purposes described:

  • enquiries/communications: typically up to [12/24 months] after the enquiry is closed, unless further contact is requested;

  • bookings and related administrative/fiscal records (if applicable): for the time required by applicable law;

  • technical logs: for limited periods appropriate for security and operational needs.

9) Your rights

Under the GDPR, you have the right to request: access, rectification, erasure, restriction, portability, and to object to processing. Where processing is based on consent, you may withdraw consent at any time.

To exercise your rights, contact us at montepapa@pec.it. MONTEPAPA_VISURA11042024
You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali).

10) Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or unlawful processing.

11) Children

The Website and our services are not intended for children under [16/18]. If you believe a minor has provided us with personal data, please contact us.

12) Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The most recent version will always be published on this page, with the “Last updated” date.