Privacy Policy

Last updated: 17/07/2025

1. Introduction

FDP Real Estate ("we," "our," or "us"), operator of The World Apartment, is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and protect your information when you visit our website or use our booking services.

This policy complies with the EU General Data Protection Regulation (GDPR) and other applicable privacy laws.

2. Data Controller

FDP Real Estate

Email: theworldapartment@gmail.com

Location: Florence, Italy

VAT ID: P. IVA 02735650398

3. Information We Collect

3.1 Information You Provide

  • Booking Information: Name, email address, phone number, dates of stay, number of guests
  • Communication Data: Messages, emails, and inquiries you send us
  • Payment Information: Credit card details (processed securely by third-party providers; we do not store this data)
  • Identity Verification: Government-issued ID may be requested only when required by law (e.g. anti-fraud, local regulations)

3.2 Information Collected Automatically

  • Device Information: IP address, browser type, operating system, device identifiers
  • Usage Data: Pages visited, time on site, referral sources, search terms
  • Location Data: General geographic location based on IP address
  • Cookies: As described in our Cookie Policy

4. How We Use Your Information

4.1 Legal Bases for Processing

We process your personal data based on the following lawful bases under GDPR:

  • Contract Performance: To fulfill booking agreements and provide requested services
  • Legitimate Interests: To improve services, ensure security, respond to inquiries
  • Legal Obligation: To comply with tax, hospitality, and safety regulations
  • Consent: For optional marketing and non-essential cookies (where required)

4.2 Purposes of Processing

  • Managing and processing booking reservations
  • Communicating with you about your stay
  • Processing payments securely and preventing fraud
  • Improving website performance and guest experience
  • Fulfilling legal obligations (e.g. local registration, tax)
  • Sending promotional emails or updates (only with your consent)

5. Data Sharing and Processors

We may share your information with trusted third parties who process data on our behalf:

  • Booking Platforms: e.g., Lodgify and other reservation systems
  • Payment Processors: Stripe, PayPal — all PCI-DSS compliant
  • Service Providers: Cleaning, maintenance, and guest services
  • Legal Authorities: When required by law or for legal defense
  • Business Partners: Tourism boards or local services (with your consent)

All third parties act as data processors and are bound by Data Processing Agreements (DPAs) in compliance with GDPR.

We do not sell or rent your personal data to third parties.

6. Data Retention

  • Booking Data: 7 years (legal and tax compliance)
  • Marketing Data: Until you withdraw consent or after 24 months of inactivity
  • Website Analytics: Up to 26 months
  • Communication Records: 3 years, unless required longer by law

7. Your Rights (GDPR)

You have the following rights regarding your personal data:

  • Access – Request a copy of your personal data
  • Rectification – Request correction of inaccurate or incomplete data
  • Erasure – Request deletion ("right to be forgotten")
  • Restriction – Limit how we process your data
  • Data Portability – Receive your data in a machine-readable format
  • Objection – Object to processing based on legitimate interests
  • Withdraw Consent – At any time, for marketing or cookies

To exercise any of these rights, contact us at:

📧 theworldapartment@gmail.com

Subject: Privacy Request

8. Cookies and Tracking Technologies

8.1 Types of Cookies

  • Necessary Cookies: Essential for basic functionality
  • Functional Cookies: Save your preferences
  • Analytics Cookies: Help us improve site performance
  • Marketing Cookies: Used for personalized ads and retargeting

8.2 Cookie Management

You can manage cookies via:

  • Our website's cookie consent banner
  • Your browser settings

Disabling some cookies may impact website functionality.

9. Data Security

We use appropriate technical and organizational measures to protect your data:

  • SSL/TLS encryption for data in transit
  • Secure, PCI-compliant payment gateways
  • Role-based access controls
  • Regular software updates and backups
  • Staff training on data protection

10. International Data Transfers

Your data may be transferred outside the EEA (e.g., to the U.S.) via:

  • EU-U.S. Data Privacy Framework (for certified providers)
  • Standard Contractual Clauses (SCCs)
  • European Commission adequacy decisions

We ensure that any international transfers meet GDPR standards.

11. Children's Privacy

Our services are not intended for users under the age of 16. We do not knowingly collect data from children. If you believe a child has submitted data, please contact us immediately.

12. Changes to This Privacy Policy

We may update this policy from time to time. Significant changes will be posted on our website and communicated to you via email when appropriate.

13. Contact Us

For any questions or concerns about this Privacy Policy or our data practices:

Email: theworldapartment@gmail.com

Subject Line: Privacy Policy Inquiry

Response Time: Within 30 days

14. Supervisory Authority

If you are not satisfied with our response, you may lodge a complaint with your local data protection authority.

EU residents may find theirs at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

Privacy Controls

Cookie Settings Download My Data Delete My Data Withdraw Consent Contact Privacy Officer
Back to Home View Terms of Service