Host ComoHost Como
Privacy Notice

Privacy Policy

Last updated: May 5, 2026

This notice describes how the personal data of users who visit the website hostcomo.com (hereinafter, the "Site") and request the co-hosting and short-term rental management services offered through this platform on Lake Como is processed. The document is drafted pursuant to articles 13 and 14 of EU Regulation 2016/679 (hereinafter, the "GDPR") and Italian Legislative Decree 196/2003 as amended by Legislative Decree 101/2018.

1. Data controller

The personal data controller is Angelo Talarico, a natural person operating the Site in Como, Italy. For any request relating to personal data protection you may write to info@hostcomo.com. No Data Protection Officer (DPO) has been appointed under art. 37 GDPR as the mandatory conditions set out in that provision do not apply.

2. Categories of data collected

Through the contact form on the Site we directly collect name, email address, phone number and any message written by the user. For users who access the reserved client area for managed property owners we also process the authenticated account data via NextAuth and the Google OAuth identity provider (name, email, unique identifier).

We also automatically collect the technical session and routing cookies necessary for the operation of the Site, described in detail in the Cookie Policy. We currently use no analytics, profiling or marketing cookies.

3. Categories of data subjects

The data processed through the Site relate to three distinct categories of data subjects, with their own purposes and retention periods for each category:

  • Site visitors — users browsing public pages without submitting forms or authenticating. The data processed is limited to the technical session and routing cookies necessary for the operation of the Site, described in the Cookie Policy.
  • Prospective owners (leads) — users who submit a consultation request via the contact form. The processed data is what is voluntarily provided in the form (name, email, phone, property address, any existing listing links) and any written message.
  • Client owners (management in progress) — owners who have signed a co-hosting agreement and access the reserved client area. The processed data includes identifying data of the owner, Google OAuth credentials, cadastral and contractual data of the managed property, financial statements and operational reports.

The data of end guests who book the managed properties is not processed directly by Host Como through the Site: such data is collected and processed by the booking channels (Airbnb, Booking.com, Expedia and similar) under their respective notices, and is shared with us within the limits necessary for the operational management of the stay (check-in, alloggiati communications, regulatory obligations such as Alloggiati Web and tourist tax).

4. Purposes of processing

The data collected is processed to follow up on consultation requests submitted through the Site, manage access to the reserved dashboard for managed owners, and maintain the operational communications connected to the co-hosting service. Contact data may also be used to send service communications regarding bookings, periodic reports and any contractual updates.

5. Legal basis

Processing of contact data collected via the consultation request form is based on art. 6.1.b GDPR, as it is necessary to perform pre-contractual measures taken at the request of the data subject. Processing of account data of managed owners is based on the co-hosting agreement signed separately. Any marketing communications will be based on the data subject's explicit consent (art. 6.1.a GDPR), revocable at any time.

Processing of technical cookies is based on the legitimate interest of the controller in providing a functional and secure service (art. 6.1.f GDPR), as set out in the guidelines of the Italian Data Protection Authority of 10 June 2021.

6. Data recipients

The data collected may be disclosed to the following providers, all acting as data processors under art. 28 GDPR, with data processing agreements compliant with European regulation:

  • Vercel Inc. — provider of Site hosting, with primary datacenters in the European Union (Frankfurt).
  • Google LLC — limited to the authentication of client area users via OAuth.
  • Resend Inc. — provider of the transactional email service used to deliver to the controller the messages sent through the contact form. Resend is based on Amazon Web Services infrastructure in the EU region (Ireland), is SOC 2 Type II certified and does not read the content of the emails except for technical delivery aspects (DKIM signing, bounce handling, send-metadata logs).
  • IONOS SE — email service provider for the hostcomo.com domain (datacenters in Germany), handles the forwarding of messages addressed to info@hostcomo.com to the mailboxes of the Site operators.

7. Transfers outside the EU

Within the limits necessary to provide the service, data may be transferred to the United States of America to the infrastructure of Vercel, Google and Resend. Such transfers are governed by the Standard Contractual Clauses approved by the European Commission and by the Data Privacy Framework (DPF) certification, which ensure an adequate level of protection under art. 45 GDPR. The data handled by IONOS remains within the territory of the European Union.

8. Retention period

Data collected through the contact form is retained for twenty-four months from the last useful contact, unless an earlier deletion request is submitted by the data subject. Account data of managed owners is retained for the entire duration of the contractual relationship and up to one year after its termination, except for legal obligations imposing longer retention periods.

9. Data subject rights

At any time the data subject may exercise the rights set out in articles 15 to 22 GDPR: right of access, rectification, erasure, restriction of processing, data portability, objection to processing and the right not to be subject to automated decisions. Requests may be sent to info@hostcomo.com and will be handled within one month of receipt, extendable by two months for particularly complex requests.

10. Complaint to the supervisory authority

A data subject who considers that the processing of their personal data is in violation of GDPR has the right to file a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali), based at Piazza Venezia 11, 00187 Rome, or online via www.garanteprivacy.it.

11. Amendments to the notice

This notice may be updated in case of regulatory changes or new data processing methods. The most recent version will always be available on this page indicating the date of the last update shown at the top of the document.