PRIVACY POLICY

 

 

PRIVACY POLICY
Digital platform winbooking.com
Pursuant to Article 13 of Regulation (EU) 2016/679 (“GDPR”)

This policy describes how personal data are processed through the digital platform winbooking.com managed by: WINBOOKING.COM S.r.l., with registered office in Via Valpolicella n. 24/A – 37124 Verona (VR) – Italy (hereinafter “WinBooking” or the “Data Controller”).

1. DATA SUBJECT CATEGORIES

The winbooking.com platform involves different categories of subjects:

  1. End users (guests) making bookings
  2. Registered accommodation facilities
  3. Event organizers
  4. Intermediaries (entities acting between Organizers and accommodation facilities)
  5. Website visitors

The processing methods vary depending on the role involved.

2. DATA PROCESSED

The following categories of data may be processed:

  • Identification data (name, surname, company name)
  • Contact details (email, telephone)
  • Administrative and tax data
  • Booking-related data
  • Navigation data and technical logs
  • Data relating to the use of the platform
  • IP address and derived geolocation data

WinBooking does not process special categories of data pursuant to Article 9 GDPR.

3. PROCESSING OF USER DATA (GUESTS)

3.1. Roles of the parties
For bookings made through the platform:

  • The Event Organizer acts as Data Controller for purposes related to the management of the event.
  • The Accommodation Facility acts as Data Controller for purposes related to providing the hospitality service.
  • The Intermediary acts as Data Processor in order to facilitate/organize, based on partial data provided by the Organizer, the relationship between the Organizer and the Accommodation Facility.
  • WinBooking acts as Data Processor for the technical management of bookings.

WinBooking may also act as an independent Data Controller for specific purposes indicated in section 6.

3.2. Purpose of processing (Users)

User data are processed for:

  • technical management of the booking
  • sending service communications
  • administrative and accounting management
  • technical support
  • fraud prevention

Legal basis:

  • performance of a contract
  • legal obligations
  • legitimate interest

4. PROCESSING OF DATA OF ACCOMMODATION FACILITIES, INTERMEDIARIES AND ORGANIZERS

WinBooking processes the data of Facilities and Organizers as:

  • Independent Data Controller, for:
    • management of the contractual relationship
    • billing
    • tax compliance
    • access management
    • IT security
  • Data Controller for data intelligence purposes (see section 6)

Legal basis:

  • performance of a contract
  • legal obligations
  • legitimate interest in the development of the platform

5. NAVIGATION DATA

Information systems automatically collect:

  • IP addresses
  • access logs
  • device and browser information
  • statistical usage data

Such data are used for:

  • security
  • maintenance
  • aggregate analysis

For cookies, please refer to the Cookie Policy.

6. DATA INTELLIGENCE AND MARKET ANALYSIS

WinBooking develops and manages a digital infrastructure aimed at analyzing booking flows and generating market metrics.

For this purpose, WinBooking may process data as an independent Data Controller for:

  • aggregate statistical analysis
  • development of industry benchmarks
  • processing of predictive models
  • service improvement
  • algorithmic development

Data processing is carried out in:

  • aggregated form
  • anonymized form
  • pseudonymized form

Such processing does not allow the direct identification of individual users, Facilities or Organizers, unless explicit consent is provided or required by law.

Aggregated data may also be used after the termination of the contractual relationship.

7. COMMUNICATIONS RELATED TO SIMILAR EVENTS

Subject to the data subject’s consent or applicable legitimate interest, WinBooking may send communications relating to events similar or related to those for which a booking has been made.

You may object at any time.

8. DATA RETENTION

Data are retained:

  • for the duration of the contractual relationship
  • for the statutory periods required by tax and civil law
  • for marketing purposes: maximum 24 months
  • for profiling purposes: maximum 36 months
  • for statistical purposes: in anonymized form

9. DATA RECIPIENTS

Data may be communicated to:

  • authorized employees and collaborators
  • IT service providers
  • hosting providers
  • tax and legal consultants
  • competent authorities

Data are not disclosed.

10. TRANSFER OUTSIDE THE EU

Data are not transferred outside the European Economic Area.

Any transfers will take place in compliance with Articles 44 et seq. GDPR.

11. RIGHTS OF THE DATA SUBJECT

The data subject may exercise the rights provided for in Articles 15–22 GDPR:

  • access
  • rectification
  • erasure
  • restriction
  • data portability
  • objection
  • withdrawal of consent

A complaint may be lodged with the Italian Data Protection Authority.

12. DATA CONTROLLER

WINBOOKING.COM S.r.l.
Via Valpolicella 24/A – 37124 Verona (VR)
PEC: winbooking@lamiapec.it

13. CHANGES TO THIS PRIVACY POLICY

This policy may be subject to changes or updates, including due to regulatory developments or functional updates of the winbooking.com platform.

In the event of significant changes, appropriate notice will be provided through the website or by communication to registered users.

The updated version of the policy is always available at:

www.winbooking.com/it/privacy.

Verona, 23/02/2026
WinBooking.com Srl
Enrico Ghinato