Privacy Policy

Last updated: 28 Aug 2025

1) Who we are

Controller: mondig di Anja Sersch – “Caselumpix” project
Address: Via Vincenzo Sperati 8, 03010 Serrone (FR), Italy – VAT (P.IVA) 03233510605
Privacy contact: info@caselumpix.it 

Caselumpix is an information platform publishing real-estate listings; it does not broker or conclude transactions on the platform. Contacts occur directly between Providers and Interested Parties.

2) Legal framework

Processing follows the EU GDPR (lawful bases, transparency, data subject rights) and ePrivacy rules on cookies/trackers, including the Italian DPA’s 2021 cookie guidelines.

3) Data we process

• Account data: name, email, password hash, phone.
• Billing: business details, tax/VAT data, invoice IDs, amounts, payment status.
• Listing content: property details, location/address (if provided), images, asking prices, contact preferences.
• Communications: enquiries and support messages.
• Technical/Usage: IP address, logs, device identifiers, cookie/consent settings.
• Cookies/trackers: strictly necessary cookies; non-essential categories only with consent.

4) Purposes & lawful bases (Art. 6 GDPR)

• Registration & account management: contract/pre-contract (Art. 6(1)(b)).
• Publishing listings & safety: contract (b) and legitimate interests (f) for security/anti-abuse, per EDPB guidance.
• Invoicing & compliance: legal obligation (c); retention of accounting records 10 years (Italian Civil Code Art. 2220).
• Operational emails: contract (b) or legitimate interests (f).
• Direct marketing: consent (a) or legitimate interests within legal limits (opt-out available).
• Analytics/marketing cookies: consent (a) under ePrivacy/DPA guidance.

5) Cookies

We use a consent banner with equally prominent accept/reject options for non-essential categories and a Preference Center to change choices any time. Scrolling is not treated as valid consent.

6) Children

In Italy, for information society services, valid consent can be given from age 14; below that age, consent must be given by the holder of parental responsibility (Art. 2-quinquies of the Italian Privacy Code). Our service is not directed to children under 14.

7) Recipients & international transfers

• Processors: hosting, security, email, ticketing, accounting/billing.
• Authorities: where required by law.
• Transfers outside the EEA (e.g., U.S.): we rely on the EU-U.S. Data Privacy Framework (DPF) where the provider is certified, or on Standard Contractual Clauses (SCCs) with supplementary measures.

8) Retention

• Accounts/listings: for the relationship term and up to 24 months of inactivity, unless longer is required by law or for disputes.
• Invoices/tax data: 10 years (Italian Civil Code Art. 2220).
• Security logs: up to 12 months, longer if an incident occurs.

9) Your rights (GDPR)

Access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. To exercise rights, contact privacy@caselumpix.it. You may lodge a complaint with the Italian Data Protection Authority (Garante), Piazza Venezia 11, 00187 Rome (contact).

10) U.S. residents

California residents have rights under CCPA/CPRA (know/access, correct, delete, opt-out of “sale”/“sharing” for targeted ads, limit sensitive data use, non-discrimination). Where applicable, we provide a “Do Not Sell or Share My Personal Information” link and honor state-specific rights (e.g., Virginia, Colorado) including an appeals process.

11) Security

Appropriate technical and organizational measures (TLS, access controls, minimization, backups).

12) Changes

We will post updates here with a new “Last updated” date.
 

Cookie Policy

Last updated: 28 Aug 2025

1) What are cookies?

Cookies are small text files placed on your device by websites you visit. They allow a website to recognize your device and remember certain information.

2) Types of cookies

• Strictly necessary cookies – required for operation, login, and security. No consent required.
• Preference cookies – store settings (e.g., language). Consent required.
• Analytics cookies – measure traffic and usage. If not fully anonymized, require consent.
• Marketing/Tracking cookies – create user profiles and enable personalized ads. Require explicit consent.

3) Legal basis

Under GDPR and the ePrivacy Directive, non-essential cookies require your consent. Necessary cookies rely on our legitimate interest in providing a functional service (Art. 6(1)(f) GDPR).

4) Consent management

We use a cookie banner and a Preference Center allowing you to:

• accept or reject all non-essential categories with equal prominence,
• adjust your preferences at any time,
• withdraw consent with future effect.

5) Third-party cookies

When we use third-party services (e.g., analytics, social media, ads), those providers may set cookies. The up-to-date list is shown in the Preference Center.

6) International transfers

If providers are located in the U.S. or outside the EEA, we rely on EU-U.S. Data Privacy Framework certification or on SCCs with safeguards.

7) Retention

Cookies can be session-based (deleted when you close the browser) or persistent (stored until expiry or manual removal).

8) Your rights

You may exercise your rights under GDPR (access, deletion, restriction, withdrawal of consent) at any time by contacting privacy@caselumpix.it. For California residents, CCPA/CPRA rights also apply, including the right to opt out of “sale or sharing” of personal information via the “Do Not Sell or Share My Personal Information” link if applicable.