Privacy Policy
Last updated: April 2026
Introduction
Amalfi Experience ("we", "us", "our") operates the platform at amalfiexperience.thevincenzolambiase.com. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our services, in accordance with the EU General Data Protection Regulation (GDPR) and Italian data protection law (D.Lgs. 196/2003 as amended by D.Lgs. 101/2018).
Data We Collect
We collect the following personal data when you use our platform:
- Full name
- Email address
- Phone number (optional)
- Payment information (processed securely via Stripe โ we never store card details)
- Booking details (dates, preferences, guest count)
- Usage data (pages visited, device type, browser โ collected only with your consent)
How We Use Your Data
- Processing and managing bookings for properties and experiences
- Sending booking confirmations, pre-arrival information, and review requests
- Improving our platform and services (only with consent)
- Complying with legal and fiscal obligations
Cookies
Our website uses cookies to function properly and to improve your experience:
- Essential cookies: Required for authentication, security, and basic functionality. These cannot be disabled.
- Preference cookies: Remember your settings like language and theme. Active by default.
- Analytics cookies: Help us understand how visitors use the site. Only activated with your consent.
Data Sharing
We share your data only with: property hosts and experience partners (only the information necessary to fulfill your booking), Stripe (payment processing), and Resend (email delivery). We do not sell your data to third parties. All processors comply with GDPR requirements.
Your Rights (GDPR Art. 15-22)
Under the GDPR, you have the following rights regarding your personal data:
- Right of access โ request a copy of all data we hold about you
- Right to rectification โ correct inaccurate data
- Right to erasure โ request deletion of your data ("right to be forgotten")
- Right to data portability โ receive your data in a structured, machine-readable format
- Right to object โ object to processing based on legitimate interest
Data Retention
We retain your personal data for as long as necessary to fulfill the purposes described above. Booking data is retained for 10 years as required by Italian fiscal law. Account data is deleted within 30 days of account closure. You can request earlier deletion by contacting us.
Security
We protect your data using encryption in transit (HTTPS/TLS), secure password hashing (bcrypt), JWT-based authentication, and strict access controls. Payment data is handled exclusively by Stripe, a PCI DSS Level 1 certified processor.
Contact & Data Protection
For any questions about your data or to exercise your rights, contact us at: