CasaFido
Privacy policy
Last revision: 27/05/2026 — version 1
Initial GDPR version with draft notice for legal review.
1. Data controller
The controller of personal data is the operator of CasaFido, whose identification details and contact information are published on the site (contact / legal notice section). For privacy requests, use the channels indicated on the portal.
2. Scope
This notice describes processing of personal data through the CasaFido site and related services (registration, member area, listings, reports, moderation, technical communications) in accordance with EU Regulation 2016/679 (GDPR) and applicable national law.
3. Categories of data
- Registration and account: name, email, password (stored encrypted), preferences (e.g. language).
- Profile and content: text and images in listings, facility pages, comments, contact messages, Q&A where available.
- Moderation and security: reports, intervention logs, suspension/ban reasons (limited to what is necessary), optional IP hashes for anti-spam.
- Legal acceptance: terms/privacy version accepted, date/time, IP at acceptance.
- Technical data: system logs, cookies, session identifiers (see cookie policy).
4. Purposes, legal basis, and whether data are required
| Purpose | Legal basis (Art. 6 GDPR) | Required? |
|---|---|---|
| Account creation, authentication | Contract / pre-contractual steps (lit. b) | Yes |
| Listings and portal features | Contract (lit. b) | Yes |
| Moderation, reports, security, abuse prevention | Legitimate interest (lit. f) / legal obligation (lit. c) where applicable | Necessary for safe service |
| Legal compliance and authority requests | Legal obligation (lit. c) | Yes |
| Notices of material changes to terms/privacy | Legal obligation / legitimate interest | As required |
| Non-essential / marketing cookies (if enabled later) | Consent (lit. a) | Optional |
5. Recipients and processors
Data may be processed by authorised staff and technical providers (hosting, email, backup) acting as processors or sub-processors under Art. 28 GDPR agreements. We do not sell personal data.
6. Transfers outside the EEA
If any provider is located outside the European Economic Area, transfers will rely on adequacy decisions, standard contractual clauses, or other safeguards under Arts. 44-49 GDPR as set out in relevant agreements.
7. Retention
- Active account: for the duration of the relationship.
- Published content: until removed by the user or administration, subject to legal retention.
- Moderation logs and reports: as long as needed to operate the service and defend claims (typically up to 24 months unless disputes require longer).
- Legal consents: as required to prove acceptance and comply with law.
8. Your rights
You have the right of access, rectification, erasure, restriction, portability (where applicable), objection (where applicable), withdrawal of consent (without affecting prior lawful processing), and to lodge a complaint with your supervisory authority (in Italy: Garante per la protezione dei dati personali — www.garanteprivacy.it).
Contact the controller using the details published on the site.
9. Children
The service is not intended for anyone under 18. If we learn that a minor’s data were collected without a valid basis, we will delete them.
10. Security
We implement appropriate technical and organisational measures (access control, password hashing, backups, moderation procedures) to protect data against unauthorised access, loss, or alteration.
11. Changes to this notice
We may update this notice. The published version shows date and revision number. For material changes we may inform registered users and, where necessary, request renewed acknowledgement or consent.
Notice — draft for legal review (privacy)
This privacy policy is an informational draft. It describes planned CasaFido processing in line with the GDPR and applicable national law, but controller details (name, address, VAT/tax ID, PEC, DPO if any) must be completed and verified.
This is not legal advice. Qualified counsel must confirm legal bases, retention periods, transfers outside the EEA, third-party cookie disclosures, and consent banner wording.
Checklist for counsel:
- completeness of Arts. 13-14 GDPR (purposes, bases, rights, supervisory authority complaint);
- records of processing and processor agreements;
- alignment with terms, moderation, reports, and versioned acceptances;
- DPIA where required for high-risk processing.
To be validated by a lawyer before production use.
Draft for information only — have a lawyer review before production use.