Can I still use my property?

Yes. You can block dates for personal use; we coordinate cleaning before and after.

Who handles check-ins?

We manage keys or smart locks and provide full guest support.

When do I get payouts?

Payouts are transferred after each completed stay with transparent reporting.

Privacy Policy

Last updated: April 20, 2026 | Effective date: April 20, 2026 Website: www.serenistay.it

1. Introduction

SereniStay ("we," "us," or "our") is committed to protecting and respecting your privacy. This Privacy Policy describes how we collect, use, store, share, and protect your personal data when you visit our website www.serenistay.it (the "Website") and use our services.

This policy is designed to comply with the EU General Data Protection Regulation (GDPR – Regulation (EU) 2016/679), the Swiss Federal Act on Data Protection (FADP/nDSG, as revised effective September 1, 2023), applicable Italian data protection laws (Legislative Decree 196/2003, as amended), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), and other applicable US state privacy laws.

Please read this Privacy Policy carefully. By accessing or using our Website, you acknowledge that you have read and understood this policy. This policy should be read together with our Cookie Policy and Terms and Conditions.

2. Data Controller

The data controller responsible for your personal data is:

SereniStay Address: [Insert registered business address] Email: pietro.borrelli@serenistay.it Website: www.serenistay.it

For all data protection matters, you may contact us at pietro.borrelli@serenistay.it.

3. Personal Data We Collect

We collect and process the following categories of personal data:

3.1 Data You Provide Directly

When you submit our contact form, you provide us with:

Identity data
First name, surnameT o identify you and personalise our communication

Contact data
Email address, phone number To respond to your enquiry and communicate with you

3.2 Data Collected Automatically

When you visit our Website, certain data is collected automatically through cookies and similar technologies (see our Cookie Policy for full details):

Technical data
IP address (anonymised), browser type and version, operating system, device type, screen resolution, language preferences

Usage data
Pages visited, time spent on pages, click paths, referring URLs, date and time of access

Advertising data
Google Ads click identifiers, conversion data, audience segments

3.3 Data We Do Not Collect

We do not knowingly collect any special categories of personal data (also known as sensitive personal data) as defined by Article 9 of the GDPR, including data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning a person's sex life or sexual orientation.

4. Legal Basis for Processing (EEA and Switzerland)

Under the GDPR and the Swiss FADP, we must have a valid legal basis for processing your personal data. The legal bases we rely on are:

Art. 6(1)(b) Responding to contact form enquiries: Performance of a contract or pre-contractual measures – Processing is necessary to take steps at your request prior to entering into a contract, or to perform a contract with you

Art. 6(1)(f) Responding to contact form enquiries (alternative basis)
Legitimate interest – We have a legitimate business interest in responding to enquiries from potential customers. This interest is balanced against your rights and does not override them.

Art. 6(1)(a) Website analytics (Google Analytics)
Consent – We process analytics data only after you provide explicit consent via our cookie banner

Art. 6(1)(a) Advertising tracking (Google Ads)
Consent – We process advertising data only after you provide explicit consent via our cookie banner

Art. 6(1)(f) Website security and functionality
Legitimate interest – We have a legitimate interest in ensuring the security and proper functioning of our Website

Art. 6(1)(c) Legal compliance
Legal obligation – Processing may be necessary to comply with applicable laws.

5. How We Use Your Personal Data

We use your personal data for the following purposes:

To respond to your enquiries: When you submit the contact form, we use your name, email address, and phone number to contact you regarding your enquiry.
To improve our Website: We use analytics data to understand how visitors interact with our Website, identify issues, and improve user experience.
To measure advertising effectiveness: We use Google Ads conversion tracking to measure the performance of our advertising campaigns and to understand how users who clicked on our ads interact with the Website.
To ensure security: We use technical data to protect the Website from security threats, prevent fraud, and ensure technical functionality.
To comply with legal obligations: We may process your data when required to comply with applicable laws, regulations, or legal proceedings.

7. International Data Transfers

Your personal data may be transferred to, stored in, and processed in countries outside the European Economic Area (EEA) and Switzerland, in particular the United States (for Google services). When such transfers occur, we ensure an adequate level of data protection through one or more of the following mechanisms:

Adequacy decisions: The European Commission has issued adequacy decisions recognising the EU-U.S. Data Privacy Framework as providing adequate protection for personal data transferred to certified U.S. organisations.
Standard Contractual Clauses (SCCs): We use the European Commission's approved Standard Contractual Clauses for transfers to countries without an adequacy decision.
Swiss adequacy mechanisms: For transfers from Switzerland, we rely on the Swiss-U.S. Data Privacy Framework and/or the Swiss Federal Data Protection and Information Commissioner's approved contractual clauses.

You may request a copy of the safeguards we have in place by contacting us at pietro.borrelli@serenistay.it.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specific retention periods are:

Contact form data (name, surname, email, phone number) 24 months from submission, or until the enquiry is resolved, whichever is later

To manage the enquiry and any follow-up communication

Analytics data (Google Analytics)14 months (configured in Google Analytics settings) To enable meaningful analysis of Website usage trends

Google Ads conversion data

90 days (cookie duration); campaign data as per Google's retention settings
To measure advertising campaign effectivenessServer logs (technical data)90 days

Security monitoring and troubleshootingCookie consent records36 months
To demonstrate compliance with consent requirements under the GDPR and ePrivacy Directive

When data is no longer required, it is securely deleted or anonymised so that it can no longer be associated with you.

9. Your Rights Under the GDPR and Swiss FADP

If you are located in the European Economic Area (EEA) or Switzerland, you have the following rights regarding your personal data:

Right of access (Art. 15 GDPR)You have the right to request a copy of the personal data we hold about you and information about how it is processed.
Right to rectification (Art. 16 GDPR)You have the right to request correction of inaccurate personal data or completion of incomplete data.
Right to erasure ("right to be forgotten") (Art. 17 GDPR)You have the right to request deletion of your personal data where there is no compelling reason for its continued processing.
Right to restriction of processing (Art. 18 GDPR)You have the right to request that we restrict processing of your personal data in certain circumstances.
Right to data portability (Art. 20 GDPR)You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.
Right to object (Art. 21 GDPR)You have the right to object to processing based on legitimate interests or for direct marketing purposes at any time.
Right to withdraw consent (Art. 7(3) GDPR)Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.
Right not to be subject to automated decision-making (Art. 22 GDPR)You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects.

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on individuals.

9.1 How to Exercise Your Rights

To exercise any of the above rights, please contact us at pietro.borrelli@serenistay.it. We will respond to your request within one month of receipt. In complex cases, this period may be extended by a further two months, in which case we will inform you of the extension and the reasons for the delay.

We may need to verify your identity before processing your request. There is generally no fee for exercising your rights, unless requests are manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request.

9.2 Right to Lodge a Complaint

If you believe that our processing of your personal data infringes applicable data protection law, you have the right to lodge a complaint with a supervisory authority. For Italy, the relevant authority is:

Garante per la protezione dei dati personali Website: www.garanteprivacy.it Email: garante@gpdp.it

For Switzerland, the relevant authority is:

Federal Data Protection and Information Commissioner (FDPIC) Website: www.edoeb.admin.ch

10. Your Rights Under US State Privacy Laws

If you are a resident of California, Virginia, Colorado, Connecticut, or another US state with a comprehensive consumer privacy law, you may have the following rights:

10.1 California Residents (CCPA/CPRA)

Right to knowYou have the right to know what personal information we collect, use, disclose, and sell or share, and the purposes for which it is used.

Right to deleteYou have the right to request deletion of your personal information, subject to certain exceptions.

Right to correctYou have the right to request correction of inaccurate personal information.

Right to opt-out of sale or sharingYou have the right to opt out of the sale of your personal information or the sharing of your personal information for cross-context behavioural advertising.

Right to limit use of sensitive personal informationYou have the right to limit the use and disclosure of sensitive personal information to what is necessary. We do not collect sensitive personal information as defined under the CCPA/CPRA.

Right to non-discriminationWe will not discriminate against you for exercising any of your privacy rights.

Notice Regarding Sale/Sharing: We do not "sell" personal information as defined by the CCPA. However, our use of Google Ads and Google Analytics may constitute "sharing" of personal information for cross-context behavioural advertising purposes under the CPRA. You may opt out of this sharing through our cookie consent mechanism or by sending a Global Privacy Control (GPC) signal via your browser.

10.2 Categories of Personal Information (CCPA Disclosure)

In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA:

10.2 Categories of Personal Information (CCPA Disclosure)

In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA:

IdentifiersName, email address, phone number, IP address
Directly from you (contact form); automatically (Website visit)Responding to enquiries; Website analyticsInternet or other electronic network activity

Browsing history on our Website, search history, interactions with our Website
Automatically (cookies and analytics)Website improvement; advertising measurement
Geolocation data
Approximate location based on IP addressAutomatically (Website visit)
Website analytics and content localisation

We do not collect sensitive personal information as defined under the CCPA/CPRA.

10.3 Virginia, Colorado, and Connecticut Residents

If you are a resident of Virginia, Colorado, or Connecticut, you have rights similar to those described for California residents, including the rights to access, correct, delete, data portability, and opt-out of targeted advertising, sale of personal data, and profiling. You also have the right to appeal our decision regarding a consumer rights request by contacting us at pietro.borrelli@serenistay.it.

10.4 How to Exercise Your US Privacy Rights

To exercise your rights, you or your authorised agent may submit a verifiable consumer request by emailing us at pietro.borrelli@serenistay.it. We will verify your identity before fulfilling your request and will respond within 45 days (or 30 days for Virginia, Colorado, and Connecticut). Extensions may apply in complex cases, and we will notify you accordingly.

11. Children's Privacy

Our Website is not directed to children under the age of 16, and we do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without appropriate parental consent, we will take steps to delete that data promptly. If you believe that a child under 16 has provided us with personal data, please contact us at pietro.borrelli@serenistay.it.

12. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include, but are not limited to:

Encryption of data in transit using TLS/SSL (HTTPS);
Regular security assessments and updates;
Access controls limiting data access to authorised personnel only;
Secure storage of personal data with appropriate access restrictions;
CSRF protection on our contact form.

While we take reasonable measures to protect your data, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security, but we continuously work to improve our security practices.

13. Links to Third-Party Websites

Our Website may contain links to third-party websites that are not operated or controlled by SereniStay. This Privacy Policy does not apply to those websites. We encourage you to review the privacy policies of any third-party websites you visit. We are not responsible for the content, privacy practices, or data processing activities of third-party websites.

14. Do Not Track and Global Privacy Control

Our Website does not currently respond to "Do Not Track" (DNT) browser signals. However, we honour Global Privacy Control (GPC) signals as valid opt-out requests for the sale or sharing of personal information under applicable US state privacy laws.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page and, where required by law, notify you by email or through a prominent notice on our Website before the changes take effect.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us at:

SereniStay
Email: pietro.borrelli@serenistay.it
Website: www.serenistay.it