Privacy Policy


Principe Lampedusa Boutique Hotel (hereafter Principe Lampedusa) along with its partners, either direct or indirect, separate legalo entities which manage suites on it behalf (collectively “Principe Lampedusa”, “we”, “us”, “ours”) seriously considers the Privacy Policy of its users’ data. The current Privacy Policy (“Policy”) describes what information we obtain about our guests, visitors, website and App users, gift voucher buyers, subscribed users, people who contact us for information, business contacts and all other people (which hereafter will me mentioned as “guests”, “users”, “he/she” and relevant pronouns).

Data controller:
PRINCIPE DI LAMPEDUSA s.r.l. in the person of ith pro tempore Manger
Registered Office: Via Dei Quartieri 104, 90146 Palermo (PA)
Legal mail:
VAT: 06626930827

Principe Lampedusa offers a variety of Luxury products and services for leisure time, and relevant activities, as suite stays, events and meetings.

If the user gives consent to get business advertisements, we will send him/her offers, newsletters, products and services, by us and our partners, for which the user can be interested in, directly from our group, as described below, sent via e-mail and other commercial channels.
The user can modify his/her favourite commercial channels by following the link in the registration confirmation e-mail we sent after the log-in request or by following the procedure indicated in paragraph 4.

We will be glad to welcome you in our suites and premises. However, our services are now allowed to underage people and must be used by them only in presence of an adult.

We recommend to read this policy carefully. By visiting our website, using our services, or interacting with us in other ways, the user accepts his/her data treatment activity, described in this policy. Please note that any possible website links present in our website, are subject to their privacy conditions. If this policy is emended, the continuous use of our website and of our services will imply the emended policy acceptance.

If you have any questions about this policy, the user must send an e-mail to or write to Principe Lampedusa, Via dei Quartieri 104 –  90146 Palermo. Principe Lampedusa receives all the information queries during Italian office times and replies as soon as possible.

The latest verison of the Privacy Policy has been revised in August 2020.

1. What user date can we acquire?

We can acquire the following user’s data:

  • Data provided by the user.
    The user can provide with the information about him/her, even partial, filling the forms and registering to newletters or other services, making or cancelling a booking, sending an information request about one of our hospitality solutions, using our contact form, or contacting us as a Company or as a private person, via e-mail or telephone. Such these data may include: name, e-mail address, invoicing address, room preference or particular requests, phone number, information about booking deposit, sent e-mail content and any similar data. The user is not obliges to provide us with these data, but, without them we may not be able to get back to him/her and proive with requested services, content or information.  
  • Data collected during the guest’s stay. 
    Principe Lampedusa register all the justified guest’s charges and other fees for his/her room. Further dara relevant to his/her stay can also be archived, such as service requests, special preference or health requests. The specific data of the guest’s stay are registered in our computer system. Images of the user can be acquired whenever he/she is in monitored areas with CCTV.
  • User’s data acquired by Principe Lampedusa
    When the user visits our website or App, we may acquire:
    – data which do not reveal his/her identity, for example the information field the user is looking for. We use these data mainly to ensure the relevance of communications and we may link them to user’s name or e-mail;
    – technical data, such as IP used for internet connections, log-in credentials, the browser type and version, time zone setting, access date and time, the type and version browser plug-ins, the operating system, the platform and relevant information;
  • Data provided by third parties which book on behalf of the guest.
    A third part which acts on behalf of another person guarantees to be authorises by the latter to provide with his/her correct personal data. In the event of a violation of this guarantee, the representative will be responsible of all consequent loss or damage we can go through.
  • User’s data received by third parties.
    We may receive data from credit agencies, on-line travel agencies, used by the guest to make a booking or to ask for information, and from other suppliers which would inform us for invoicing reasons, if our guests used those services and third ones.

2. Cookie use policy

What are cookies?

To obtain some of the described data, on our website or App, we may use cookies, web beacon and similar technologies. A cookie is a short text file downloaded on the user’s browser and stored in his/her device. The first part cookies are sent by the visited website. The thir part cookies are sent by third parties, such as Google. For further info about cookies, please visit:

Cookies sent through Principe Lampedusa website

We use the following cookies:

  • Essential cookies. These first part cookies are essential to allow the user to surf on the website and use its functions. Without them it is impossible to provide the requested services. They are eliminated once the browser is closed.
  • Analytic cookies. These first part cookies acquire information on how our visitors use our website or App. They can recognise visitors and enumerate them to observe how they surf on our website, when they use it, and identify the regions from where they are connected.
  • Function cookies. These first part cookies allow the website ant the App to remember his/her choices (for example user’s name, language or region) and provides improved and personalised functions.
  • Data analysis. Principe Lampedusa may use third parties’ data analysis services, such as Google Analytics and others. The IP address along with other user’s data will be acquired with automated means to evaluate his/her use of the website, fill reports about the website activity, identify user’s habits and provide relevant services. These providers can store and use aggregated data coming from our users, according to their activity, to improve their products and services. For further info on how Google Analytics uses the user’s information, click here. Moreover, authentications and tracking log-ins will be used to process statistics and users.
  • Targeting or advertising cookies. These cookies allow us and our advertisers to send advertising that may be interesting for the user, for his demographic profile, and to measure the efficiency of the advertising campaign. These cookies memorise that the user visited our website , its duration, the advertising and other information contributing to the “user profile”. They are permanent cookies which remain in the user’s device up to their expiration or manual cancellation. Thus the user may see our avertisement and other websites taking part to the advertising network managed by third sellers, such as Google AdWords, BingAds, Yandex, Facebook and others.
  • Social media cookies. These cookies allow the user to easily use their social media, such as Facebook, Twitter, Instagram and others. They are permanent and remain in the user’s device up to their expiration or manual cancellation. If the user uses these functions, the plug-in and the relevant content are directly uploaded by the social media provider servers and included to the website by the user’s browser. If the user checks his/her social media during the interaction with the plug-ins of that platform on Principe Lampedusa website, the social media provider will link this information to the user’s profile. Principe Lampedusa cannot affect the personal data which the platform provider will obtain. For further info check Facebook, Twitter, Instagram and others’ privacy policy.

We can combine cookie data and other technologies with other user’s data.

Consent to cookies

Principe Lampedusa suppose that the user consents the installation of the cookies on his/her device. When the user checks Principe Lampedusa website, he/she visualises a message which asks him/her to consent cookies. To give consent, the user must click on “accept” or proceed surfing on the website. Once the consent is given, the message will no longer appear.

3. How do we use user’s data?

We can treat user’s data, according to law, in order to:

(a) reply to user, manage his/her questions, comments, complaints, requests;

(b) manning user’s bookings or cancellations, provide services, products or contents requested, send him/her service communications, is he/she decides so;

(c) provide the old or new customer with a superior quality service, included customer service before, during and after his/her stay. For this purpose we might send e-mails in order to improve our services quality;

(d) show website and App contents, such as stories, product reviews, observations and pictures, provided be the user;

(e) allow our providers and suppliers to carry out certain functions on our behalf, including our websites, Apps, and booking platform hostings, the verification and the technical and logistics or other functions;

(f) send the user personalised commercial communications, newsletters through our commercial channels and send personalised advertisements to his/her device, under user’s consent or as per law conditions;

(g) manage our activity, even financial operations, credit and debit control;

(h) guarantee the gust’s, our premises’, structures’, activity’s security, for example by monitoring the area out of the rooms with CCTV; verify the user’s identity, whenever requested; to carry out our terms and general conditions or any possible agreements made with the customer;

(i) analyse data and tendencies, according to user’s activity, comments or other, to improve our website, products and services to guarantee the efficiency of our efforts;

(j) comply with law requests. Principe Lampedusa must register all data to respect financial obligations and information of guests’ data, as per domestic laws (i.e. passports or other ID document number), name of all guests (including kids and partners) and convey them to the Authorities.

The Principe Lampedusa personal data treatment legal basis, for what explained above, normally includes:

  • the necessary treatment to perform an agreement, i.e. the website or booking conditions, between Principe Lampedusa and the guest, and the treatment for what indicated in paragraphs (a), (b), (c) and (d);
  • the necessary treatment for our or third parts legitimate interests, such as the treatment specified in paragraphs (e), (f), (h), (i), (j), which is carried out according to our legitimate interests to guarantee a correct and efficient managing of our Company, except where the consent for the treatment as mentioned above, according to applicable law, is required;
  • the user’s consent, for example for the treatment for purposes as in paragrapgh (f);
  • the necessary treatment to carry out a legal obligation, for which Principe Lampedusa are obliged, such as the treatment for the purposes as in paragraph (j);
  • and other time by time applicable basis.

4. User’s right to explicit refusal

In the event the user wants Principe Lampedusa to stop marketing communication, he/she can use the link “delete subscription to our marketing communications” or modify the App settings. Principe Lampedusa receives this information during Italian working times and replies whenever possible.

In the event the user wants to delete his/her consent to cookies, he/she or third parts can accept or block cookies by modifying the browser settings. If he/she chooses to block the cookies, the use of the interactive functions of website, the contents and the services of Principe Lampedusa may be affected.

For further info about cookies types that can be installed on the user’s device and about the refusal options please enter DAA intruments here, Your Online Choices here or NAI here. It is also possible to refuse Google Analystics here. In some cases, when the user chooses to delete, a new cookies is installed (refusal cookie), that communicates to the third part provider to interrupt the user’s browser data collection and prevents the reception of advertisements.

5. User’s data disclosure

We may disclose user’s data, according to law, to third parts, for purposes enlisted as follows:

  • our branches, affiliates, subsidiaries or associated offices through access to our systems, such as property management system or others;
  • hotels and suites which Principe Lampedusa manage for third proprietors. Principe Lampedusa may share these data with third proprietors whenever necessary for booking purposes or according to law. And it can share health and safety data and preference data in order to improve the guest’s experience. Please note that when a structure or service management ceases all data will be kept, in order to fulfil legal obligations;
  • the public, whenever the user has published data in our blogs, forums and community groups;
  • our external suppliers and service suppliers, consultants, our partners in customer relationship management or marketing and communication management;
  • on-line travel agencies, used by the customer for bookings or information;
  • legal people, either temporary or permanent, as collaborators;
  • public authorities, if requested by law;
  • and any other third parts, prior user’s consent.

6. Abroad transfer of user’s data

Principe Lampedusa may transfer the user’s data outside the Country where they have been collected (including countries where either hotel building is in progress or already working) for the purposes mentioned above and to third parts. Principe Lampedusa core business systems, including property management systems, are located in the European Economic Area. The user who is in the European Economic Area can contact Principe Lampedusa to receive a copy of the adopted meausres to protect his/her personal data or download it directly from the EDPB website (European Data Protection Board).

7. User’s data security

Principe Lampedusa work to protect user’s data. Unfortunately the data security can be compromised by non-authorised use, by hardware or software failures, by events out of control or other factors, but we will do our best to respect our obligation to adopt technical measures which ensure a high level of personal data security to prevent risks and violations. We store user’s data in a secure place annd authorised personnel only have access. When the user logs-in to make or amend a booking, his/her interaction with Principe Lampedusa is protected by interceptions by cryptography technologies, according to the used browser. The credit card data, if sent by booking portals, provided by third parts, are transmitted and stored in an encrypted format and it will be a portal task to charge for the payment or the deposit for the future stays. As per credit card dataused to book rooms through our website, they will be transmitted follwing a partial sending with double channel transmission (some credit card numbers will be sent via e-mail or fax and some others by WhatsApp, Telegram or sms) and stored in an encrypted way in the invoice and accounting programme, then the paper part will be immediately shredded.

It is important to know that e-mail communications are not secure! It is an intrinsic risk and we recommend not to insert reserved information when using e-mails. Principe Lampedusa never uses reserved information, while replying to e-mails, for user’s security.

8. How long are the user’s data stored for?

The personal data will be stored for the time needed for the purposes mentioned above or according to applicable law. The user who is in the European Economic Area can contact us to get more detalis on our storing periods, according to his/her personal data. By virtue of a legitimate and lawful interest, Principe Lampedusa may store user’s personal data in an anonym form no longer referable, for statistics purposes and with no temporal limits.

9. Underage people data

We will ask the parents and tutors  their underage relatives’ data, such as name, age, in order to recognise all our customers. When underage people use services, such as WiFi, they will receive relevant info. Underage people may also be caught by CCTV circuit. We have legitimate interest to treat these data, as explained in paragraph 3.

10. User’s rights

If the user is interested in how his/her personal data are treated, he/sh can ecercise their rights by sending us an e-mail request to

  • Subject access request (SAR). The person concerned can request a written copy of his/her personal data. If possible, we will allow our users to access to their data.
  • The compliance with SAR is subject to limitations and exemptions and to respect of other people rights. In each request you must specify you are presenting a SAR. Where applicable, we may ask the person concerned to show an ID and to make a payment. Principe Lampedusa will commit to reply within a month or according to law.
  • Rectification right. The people concerned may ask the amendment of their personal data, which may be incorrect or incomplete.
  • Consent withdraw right. The people concerned may withdraw their consent to the treatment of their personal data made by us, according to their previous content. This withdrawal does not affect the legitimacy of the treatment based on the previous consent. The user who withdraws his/her consent may not be able to use some services in which his/her personal data treatment is necessary.
  • Oppositiont treatment right, including profiling. We will respect all the valid opposition requests, unless there is a prevalent and cogent legal basis to continue our treatment, or any orher legitimate reason by which we can refuse the request. We wil fulfil all the valid opposition requests, according to commercial communications. Principe Lampedusa will reply every other request within 72 hours. 7 days may be necessary to cancel the user’s profile from all Principe Lampedusa systems.
  • Rights relevant to automated decisions on behalf of the user. No decisions based on automated treatment exclusively are made.
  • Restriction. The people concerned can ask for restrictions of their personal data treatment in various circumstances. We will respect such a request, unless there is a legal reason not to do it, such as a legal obligation to proceed to the treatment of the user’s personal data in a determined way.
  • Cancellation right. The person cooncerned can ask for the cancellation of his/her personal data, which Principe Lampedusa will do, unless legal obstacles occur. For instance, a legitimate and prevalent reason may exist for which Principe Lampedusa has to keep the user’s personal data, or if the storing of these data can be essential for the compliance with legal obligations by Principe Lampedusa.
  • Right of data portability. In certain circumstances, the people concerned may ask the person in charge of the treatment to provide them with a copy of their personal data in a structured format, electronic and commonly used, and transfer them to other simila or equal providers. As far as this is applicable to our services, we will respect such that request. Please note that the transfer to other providers does not imply data cancellation.
  • Complaint file right c/o a supervisory authority. We suggest the people concerned to contact us whether they have questions or complaints about our way to treat their personal data. However, every person has the right to contact the relevant European supervisory authority. To visualise a list of the supervisory authorities, please click here.