Privacy Policy
Privacy Policy (EU Regulation 2016/679 - GDPR)
This policy describes the methods for processing personal data of users who book services or interact with the website Blue Test Villa, located at https://test-villa.lestis.homes ("Site").
Roles and Responsibilities in Data Processing
For the data collected on this Site and related to your booking, the legal roles are defined as follows:
| Legal Role | Entity | Primary Responsibility |
|---|---|---|
| Data Controller | Binary Chronicles (The Accommodation Facility) | Determines the purposes and means of processing (e.g., managing the booking, fiscal compliance). |
| Data Processor | Binary Chronicles N° 302220120 (Provider of the Lestis Platform) | Provides the software infrastructure and processes data exclusively on the instructions of the Controller. |
1. Identity of the Data Controller
The Data Controller of personal data is the accommodation facility whose contact and legal details are:
| Detail | Information |
|---|---|
| Legal Name or Denomination | Binary Chronicles |
| Legal Address / Headquarters | Chitaia street, N 38, Apartment 1 |
| Privacy Contacts | Contact |
2. Data Collected, Purposes, and Legal Basis
The Controller collects and processes your personal data only when necessary for the following purposes and legal bases:
| Purpose of Processing | Examples of Data Processed | Legal Basis (Art. 6 GDPR) |
|---|---|---|
| A. Contract Performance (Your Booking) | Name, surname, email, phone, stay dates, booking details. | Performance of pre-contractual measures and contractual fulfillment (Art. 6.1.b). |
| B. Legal Compliance (Tax and Public Security) | Personal details, billing data, communication of data to the Public Security Authority (where required). | Compliance with a legal obligation to which the Controller is subject (Art. 6.1.c). |
| C. Site Security and Operation | IP address, access logs, navigation data (pseudonymized). | Legitimate interest of the Controller in ensuring the security and functionality of the platform (Art. 6.1.f). |
3. Data Processor
For the technical management and storage of your booking data (Name, email, dates, etc.), the Controller uses a software and infrastructure provider that acts as a Data Processor pursuant to Art. 28 GDPR.
Identity of the Processor and Processing Policy
The Data Processor is the company Binary Chronicles (Provider of the Lestis platform), with headquarters at Chitaia street, N 38, Apartment 1 Chugureti district, Tbilisi, Georgia.
Processor's Processing Policy: For all details relating to how it guarantees data security, storage procedures, and the legal bases legitimizing Extra-EU transfer (Standard Contractual Clauses), please refer to the Privacy Policy of Binary Chronicles (Provider of the Lestis Platform) as Data Processor:
https://www.lestis.homes/privacy-policy
The hosting and database infrastructure is provided through Google Cloud Platform (GCP), whose data centers in Belgio are managed in compliance with the guarantees provided by the GDPR.
4. Payment Management and Financial Data
The Controller does not directly acquire, process, or store your sensitive payment data (e.g., complete credit card numbers). This data is managed exclusively by external payment service providers, operating as Independent Controllers:
Stripe, Inc. / Stripe Payments Europe, Ltd.: Responsible for the secure management of transactions. For Stripe's privacy policy, please consult: Stripe Privacy Policy.
At the time of payment, your financial data is transmitted in encrypted form (tokenization) directly to the external provider's servers.
5. Data Retention Period
Your personal data is stored for the time strictly necessary to achieve the purposes described above. The Controller applies the following retention criteria:
- Booking and Contract Data: Stored for the duration of the stay plus a maximum of 12 months following the check-out date, necessary for handling post-stay complaints and fulfilling short-term legal obligations.
- Fiscal/Accounting Data: Stored for the period required by law (usually 10 years in Italy/EU, according to fiscal and civil regulations).
- Log and Security Data (IP): Stored for up to 6 months.
At the end of the retention period, the data is deleted or irreversibly anonymized.
6. Recipients of the Data (Communication and Disclosure)
Your data may be communicated to the following categories of third parties:
- Companies providing IT and hosting services (Binary Chronicles).
- Banks and payment intermediaries (Stripe).
- Competent Authorities (State Police, Financial Guard, for legal obligations).
- Tax and legal consultants of the Controller.
These parties will process the data as Data Processors, Independent Controllers, or Persons Authorized to Process, depending on the case.
7. Reference to the Cookie Policy and User Rights
Consent to Processing: Acceptance of this policy, obtained via checkbox before concluding the booking, constitutes the legal basis for the processing of personal data necessary for the execution of the contractual service (Art. 6.1.b GDPR).
Cookie Policy: For all details relating to cookies (technical, analytical, or profiling), trackers, and the consent mechanism, please consult the specific Cookie Policy.
Data Subject Rights: You have the right to access your data, request its rectification, erasure (right to be forgotten), restriction of processing, data portability, and objection (Art. 15-22 GDPR).
To exercise these rights, please send a request to the Data Controller indicated in Section 1: Contact. We also remind you of the right to lodge a complaint with a supervisory authority (Privacy Guarantor) in your country of residence.
Last updated: 01/01/2026