This privacy notice is provided pursuant to Regulation (EU) 2016/679 (GDPR) and the applicable Italian legislation on the protection of personal data.

1. Data Controller

The Data Controller of personal data is:

Antica Bastia Via Monte Bastia 3, 24129 Bergamo (BG), Italy

Email: amministrazione@anticabastia.it

Phone: +39 351 3848500

2. Types of Data Processed

This website collects and processes the following types of personal data:

Identification data (first and last name)

Contact details (email address, phone number)

Booking and stay-related data (check-in and check-out dates, number of guests)

Browsing data (IP address, browser type, operating system, technical data)

Data voluntarily provided by the user through contact forms, information requests, or email communications

3. Purpose of Processing

Personal data are processed for the following purposes:

Management of information requests submitted by users Management of bookings, stays, and related services

Pre- and post-stay communications (check-in details, useful information, assistance)

Compliance with contractual, fiscal, and administrative obligations

Compliance with legal obligations Improvement of website functionality and user experience

4. Legal Basis for Processing

The processing of personal data is based on the following legal grounds:

Performance of a contract or pre-contractual measures requested by the data subject

Compliance with legal obligations

Consent of the data subject, where required Legitimate interest of the Data Controller in managing and securing the website and services offered

5. Processing Methods

Personal data are processed using electronic and telematic tools, in compliance with the principles of lawfulness, fairness, transparency, and data minimization.

Appropriate technical and organizational security measures are adopted to prevent data loss, unlawful or unauthorized use, and unauthorized access.

6. Data Retention

Personal data are retained for the time necessary to:

Manage bookings and stays Comply with legal and fiscal obligations

Protect the rights of the Data Controller in the event of disputes

After these periods, data will be deleted or anonymized, unless longer retention is required by law.

7. Disclosure of Data to Third Parties

Personal data may be disclosed to third parties solely for the purposes described above, including:

IT and technical service providers

Booking management platforms and channel managers (e.g. online booking systems)

Public authorities or competent bodies, where required by law

Personal data will never be disclosed to the public.

8. Transfer of Data Outside the EU

If the use of third-party services involves the transfer of personal data to countries outside the European Union, such transfers will take place in compliance with the safeguards provided by Regulation (EU) 2016/679 (GDPR).

9. Data Subject’s Rights

The data subject has the right to:

Obtain confirmation as to whether or not personal data concerning them are being processed

Access their personal data Request rectification or deletion of personal data

Request restriction of processing or object to processing

Request data portability Withdraw consent at any time

The data subject also has the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali), pursuant to Articles 77 et seq. of Regulation (EU) 2016/679 (GDPR).

To exercise these rights, the data subject may contact the Data Controller at amministrazione@anticabastia.it .

10. Cookies

This website uses technical cookies necessary for its proper functioning and, subject to the user’s consent, third-party cookies.