Privacy Notice

1) Roles and responsibilities

Controllers: verified hospitality operators who enter/consult reports. HostGuard (DIGITIVE – VAT IT04318100981, Via della Valle 16, 25080 Manerba del Garda, Italy – info@hostguard.it) acts solely as external Data Processor (Art. 28 GDPR).

2) Data categories

• Identification/contact data provided by Controllers (name, phone, email).
• Booking/stay details (dates, property area), platform reference.
• Behavioural notes and evidence attached to reports by Controllers.
• Technical/navigation data (IP, logs, cookies — see Cookie Policy).

3) Purposes and legal bases

Data is processed exclusively so Controllers can:

• Insert, store and consult guest reports securely.
• Prevent fraud, abuse and damages in hospitality operations.

Legal bases (by Controllers): Art. 6(1)(f) GDPR – legitimate interest; and, where applicable, Art. 6(1)(b) – pre-contract/contract. HostGuard, as Processor, acts under Controllers’ instructions and never uses data for its own marketing or profiling.

4) Data sharing

HostGuard does not disclose data for its own purposes. Access is limited to:

• The Controller who inserted the data and other verified Controllers according to visibility settings.
• Technical providers strictly necessary to run the platform, appointed as sub-processors.
• Authorities where required by law.

5) Hosting and data location

HostGuard runs on cloud infrastructure with data centers in the EU. Deployment is configured in a European region (e.g., Frankfurt). Application data and static/media files are stored in the EU or in countries deemed adequate by the European Commission.

6) International transfers (outside the EEA)

Where services involve transfers outside the EEA, Controllers ensure Chapter V GDPR compliance (EU SCCs and, where needed, additional safeguards). Data is minimized and access is restricted to what is strictly necessary.

7) Retention periods

• Account/registration data: for the life of the account, then up to 10 years for legal/accounting purposes.
• Contact/helpdesk requests: up to 24 months after closure.
• Marketing/newsletter (if any): until consent is withdrawn.
• Technical logs: as required for security and by applicable laws.

8) Special categories & minors

Controllers should avoid entering special categories of data (Art. 9 GDPR) or data concerning minors unless strictly necessary and lawful. HostGuard does not intentionally process such data for its own purposes.

9) Security measures

Measures include HTTPS/TLS, access controls (least-privilege), logging/monitoring, regular updates and backups, and pseudonymization/minimization where applicable.

10) Data breach handling

In case of a personal data breach, HostGuard promptly informs Controllers and supports Arts. 33–34 GDPR compliance.

11) Mandatory or optional data

Mandatory fields are needed to process requests/create accounts; missing them may prevent service delivery. Optional fields can be omitted without consequences.

12) Data subjects’ rights

Requests under Arts. 15–22 GDPR should be addressed to the relevant Controller. For platform matters you can contact HostGuard at info@hostguard.it. You may also lodge a complaint with the Supervisory Authority: www.garanteprivacy.it.

13) Cookies & analytics

Technical cookies are used for essential functions. Analytics/marketing tools, if enabled, operate according to your consent choices. See Cookie Policy.

14) Privacy contacts

Controllers: contact details provided in your interactions. HostGuard (Processor): info@hostguard.it.

15) Updates to this notice

We may update this Notice. Material changes will be communicated on this page or by email where possible.