Privacy Policy EN
This English version is provided for informational purposes.
In case of discrepancies, the Italian version shall prevail.
Privacy Policy – Romana Loft / MilanLoft.com
(Information pursuant to Regulation (EU) 2016/679 – GDPR)
Last updated: January 2026
This Privacy Policy describes how personal data of users and guests who visit or use the website www.milanloft.com (the “Website”) and who stay at Romana Loft are processed, in accordance with Regulation (EU) 2016/679 (“GDPR”) and applicable Italian data protection law.
1. Scope and applicable law
The processing of personal data takes place in Italy and is governed by Regulation (EU) 2016/679 (“GDPR”) and applicable Italian law, regardless of the user’s or guest’s country of origin.
2. Data Controller
The Data Controller is a natural person, owner and operator of the accommodation Romana Loft.
For any information regarding the processing of personal data, the Data Controller can be contacted at the following email address: legal@milanloft.com
3. Categories of personal data processed
a) Data provided voluntarily by the user
The Data Controller may process personal data voluntarily provided by users or guests, including:
- first and last name,
- email address,
- phone number,
- content of messages sent via contact forms, email, or booking platforms.
b) Booking and stay-related data
In the event of a booking or stay at Romana Loft, the following data may be processed:
- guests’ identification and personal details,
- identity document details,
- stay dates and accommodation information,
- data required for fiscal, administrative, and legal obligations.
c) Browsing data
During navigation of the Website, certain data may be collected automatically, including:
- IP address,
- browser type and device,
- visited pages,
- date and time of access,
- log data.
4. Purposes and legal basis of processing
Personal data are processed for the following purposes:
| Purpose | Legal basis |
|---|---|
| Responding to information requests | Pre-contractual measures |
| Managing bookings and stays | Performance of a contract |
| Fiscal, accounting, and administrative obligations | Legal obligation |
| Public security obligations | Legal obligation |
| Technical operation and Website security | Legitimate interest |
| Analytics and tracking tools | User consent |
5. Legal obligations and communication to authorities
As the operator of an accommodation facility, the Data Controller is required to communicate guests’ data to the competent authorities, in accordance with Italian law (for example via the Alloggiati Web system of the Italian State Police).
Such processing is carried out solely to comply with legal obligations.
6. Cookies and tracking technologies
This website uses cookies and similar technologies to ensure its proper functioning and, subject to user consent, to enable additional features and services.
Detailed information about the types of cookies used, their purposes, and how to manage cookie preferences is available in the Cookie Policy (www.milanloft.com/cookie-policy-ue/), which is provided in Italian and applies to all users.
The Italian version of the Cookie Policy is the legally binding version.
7. Booking platforms and third-party services
Bookings may also be made through third-party platforms (such as Booking.com, Airbnb, or similar services).
In such cases, the processing of personal data is also governed by the respective privacy policies of those platforms.
8. Processing methods and security measures
Personal data are processed using electronic and IT tools, in accordance with the principles of lawfulness, fairness, transparency, and data minimization.
Appropriate technical and organizational security measures are implemented to protect personal data against unauthorized access, loss, destruction, or unlawful disclosure.
9. Data retention
Personal data are retained:
- for the time necessary to manage the stay and related obligations,
- for the period required by tax, accounting, and public security regulations,
- or until consent is withdrawn, where applicable.
10. Data subject rights
Users and guests may exercise at any time the rights provided for in Articles 15–22 of the GDPR, including:
- the right of access,
- rectification,
- erasure,
- restriction of processing,
- objection,
- data portability,
- withdrawal of consent.
Requests may be sent to: legal@milanloft.com
Data subjects also have the right to lodge a complaint with the competent Data Protection Authority.
11. Changes to this Privacy Policy
The Data Controller reserves the right to update this Privacy Policy at any time.
Any changes will be published on this page, indicating the date of the latest update.