Privacy & Cookies Policy

PRIVACY POLICY

Pursuant to EU Regulation 2016/679 (GDPR)

Last updated: January 2026

1. INTRODUCTION

This Privacy Policy describes how SORRENTO LUXURY S.R.L (hereinafter referred to as “the Company”, “we”, “us” or “our”) collects, uses, and protects the personal data of users (hereinafter “User” or “you”) who visit and use the website https://www.sorrentoluxury.net/ (hereinafter “the Website”).

We are committed to protecting your privacy and handling your personal data in accordance with the EU General Data Protection Regulation (GDPR) 2016/679 and applicable Italian legislation.

2. DATA CONTROLLER

The Data Controller is:

SORRENTO LUXURY S.R.L

Registered office: V.le E. Caruso, 14/A – 80067 Sorrento (NA), Italy

VAT Number: IT 07452061216

Share Capital: € 60,000.00 fully paid

Phone: +39 393 00 25 002

Email: info@sorrentoluxury.it

3. LEGAL BASIS FOR DATA PROCESSING

The processing of your personal data is based on the following legal grounds:

  • Contractual necessity: to provide the services you request (booking boat tours, excursions, payments)
  • Legal obligation: to comply with tax, accounting, and legal requirements
  • Legitimate interest: to improve our services, prevent fraud, and ensure website security
  • Your consent: for marketing communications and optional services (you can withdraw consent at any time)

4. TYPES OF PERSONAL DATA COLLECTED

4.1 Navigation Data (Automatically Collected)

When you visit our Website, our systems automatically collect certain technical information, including:

  • IP address
  • Browser type and version
  • Operating system
  • Date and time of access
  • Pages visited and resources requested (URI/URL)
  • Referring website
  • Device information (computer, tablet, mobile phone)

This data is collected through server logs and is necessary for the proper functioning and security of the Website. It is retained for a maximum of 7 days for technical purposes and may be retained longer only if required by law or for security investigations.

4.2 Data Provided by You (WooCommerce E-commerce)

When you use our booking and e-commerce services, we collect the following personal data:

  • First and last name
  • Email address
  • Phone number
  • Billing address
  • Order details (services booked, dates, preferences)
  • Payment information (processed securely through our payment providers)
  • Any additional information you provide in forms or communications (special requests, dietary requirements, etc.)

This data is necessary to process your bookings, issue invoices, provide customer support, and fulfill contractual obligations.

4.3 Contact Form Data (Bitrix24 CRM)

When you submit inquiries through our contact forms, the information is processed through our Bitrix24 CRM system and may include:

  • Name and contact details
  • Subject of inquiry
  • Message content
  • Timestamp and communication history

This data is used to respond to your inquiries, provide information about our services, and maintain a record of customer communications.

5. PURPOSES OF DATA PROCESSING

We process your personal data for the following purposes:

5.1 Essential Services (No Consent Required)

  • Processing and managing bookings and orders
  • Payment processing and financial transactions
  • Issuing invoices and receipts
  • Providing customer support and responding to inquiries
  • Managing user accounts and authentication
  • Compliance with legal and regulatory obligations (tax, accounting)
  • Website security, fraud prevention, and technical maintenance
  • Website analytics and performance monitoring (anonymized where possible)

5.2 Marketing Communications (Requires Consent)

  • Sending promotional emails, newsletters, and special offers (via Bitrix24 CRM)
  • Personalized marketing communications based on your preferences

You can withdraw your consent to marketing communications at any time by clicking the unsubscribe link in our emails or contacting us directly.

6. DATA RECIPIENTS AND THIRD PARTIES

Your personal data may be shared with the following categories of recipients, who process data on our behalf as Data Processors (pursuant to Article 28 GDPR) or as independent Data Controllers:

6.1 Essential Service Providers (Data Processors)

  • Hosting provider: Aruba S.p.A. (Italy) – provides website hosting and server infrastructure
  • Payment processors: Nexi, PayPal, Apple Pay, Google Pay – process payment transactions securely. These providers operate as independent Data Controllers and have their own privacy policies
  • CRM provider: Bitrix24 – manages customer communications and marketing emails
  • Analytics provider: Google Analytics – provides website analytics and visitor statistics
  • Technical consultants and IT support providers

6.2 Legal and Professional Advisors

  • Lawyers, accountants, auditors, and tax advisors
  • Public authorities and regulatory bodies (when required by law)

All third-party service providers are carefully selected and contractually bound to protect your data in accordance with GDPR requirements. We ensure that appropriate data processing agreements are in place.

7. INTERNATIONAL DATA TRANSFERS

Some of our service providers may transfer your data outside the European Economic Area (EEA):

  • Google Analytics: may transfer data to the United States. Google LLC complies with the EU-US Data Privacy Framework and has implemented appropriate safeguards (Standard Contractual Clauses).
  • Bitrix24: may store data on servers located outside the EEA. Bitrix24 has implemented appropriate security measures and Standard Contractual Clauses to protect your data.
  • PayPal, Apple Pay, Google Pay: may process transactions internationally. These providers comply with applicable data protection regulations and use appropriate safeguards.

All international transfers are conducted in compliance with GDPR requirements (Article 44-49), ensuring adequate protection of your personal data through Standard Contractual Clauses, adequacy decisions, or other approved mechanisms.

8. DATA RETENTION PERIOD

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Navigation data (server logs): 7 days (unless longer retention is required for security investigations)
  • Customer account data: for the duration of the contractual relationship and up to 10 years after termination (as required by Italian tax and accounting regulations)
  • Booking and transaction data: 10 years from the date of the transaction (as required by Italian tax law)
  • Invoices and financial documents: 10 years (legal obligation)
  • Marketing communications data: until you withdraw your consent or request deletion, up to a maximum of 24 months of inactivity
  • Contact form inquiries: 24 months from the last communication
  • Legal disputes: for the duration of the dispute and applicable statute of limitations

After the retention period expires, your personal data will be permanently deleted or anonymized, unless longer retention is required by law.

9. YOUR RIGHTS UNDER GDPR

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Article 15): request confirmation of whether we process your data and obtain a copy
  • Right to rectification (Article 16): request correction of inaccurate or incomplete data
  • Right to erasure / “right to be forgotten” (Article 17): request deletion of your data when it is no longer necessary or you withdraw consent
  • Right to restriction of processing (Article 18): request limitation of data processing in certain circumstances
  • Right to data portability (Article 20): receive your data in a structured, machine-readable format
  • Right to object (Article 21): object to processing based on legitimate interests or for direct marketing purposes
  • Right to withdraw consent (Article 7): withdraw consent at any time (without affecting the lawfulness of previous processing)
  • Right to lodge a complaint (Article 77): file a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali)

How to Exercise Your Rights

To exercise any of these rights, please contact us:

  • By email: info@sorrentoluxury.it
  • By mail: SORRENTO LUXURY S.R.L, V.le E. Caruso, 14/A, 80067 Sorrento (NA), Italy
  • By phone: +39 393 00 25 002

We will respond to your request within 30 days. In complex cases, we may extend this period by an additional 60 days, and we will inform you of any such extension.

10. DATA SECURITY

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, loss, destruction, alteration, or disclosure. These measures include:

  • SSL/TLS encryption for data transmission
  • Secure hosting infrastructure (Aruba)
  • Regular security updates and patches
  • Access controls and authentication mechanisms
  • Regular backups and disaster recovery procedures
  • Staff training on data protection and security
  • Payment card data is processed by PCI DSS compliant payment providers (never stored on our servers)

Despite our best efforts, no method of electronic transmission or storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.

11. AUTOMATED DECISION-MAKING AND PROFILING

We do not use automated decision-making processes or profiling that produce legal effects or similarly significantly affect you (Article 22 GDPR).

We may use analytics tools (such as Google Analytics) to understand website usage patterns, but these do not involve automated individual decision-making.

12. CHILDREN’S PRIVACY

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If you are under 18, please do not provide any personal data on our Website. If we become aware that we have collected data from a minor without parental consent, we will take steps to delete such information.

13. CHANGES TO THIS PRIVACY POLICY

We reserve the right to update this Privacy Policy at any time to reflect changes in our practices, legal requirements, or for other operational, legal, or regulatory reasons. The updated version will be posted on this page with a revised “Last updated” date.

We encourage you to review this Privacy Policy periodically. If we make material changes, we may notify you by email or through a prominent notice on our Website.

14. CONTACT INFORMATION

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

SORRENTO LUXURY S.R.L

Data Protection Officer / Data Controller

V.le E. Caruso, 14/A

80067 Sorrento (NA), Italy

Phone: +39 393 00 25 002

Email: info@sorrentoluxury.it

15. SUPERVISORY AUTHORITY

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Italian Data Protection Authority:

Garante per la Protezione dei Dati Personali

Piazza Venezia, 11

00186 Roma, Italy

Phone: +39 06 696771

Website: www.garanteprivacy.it

 

 

This Privacy Policy is effective as of January 2026

and complies with EU Regulation 2016/679 (GDPR) and Italian Legislative Decree 196/2003