Privacy Policy | Christiano Property Management

← Back to Home

Your privacy matters to us. This policy explains what data we collect, why we collect it, and how you can exercise your rights under the General Data Protection Regulation (GDPR).

1. Who We Are

Data Controller: Christiano Property Management Ltd., The Fives A7, Triq Charles Sciberras, St Julian's, Malta.
Email: info@christianopropertymanagement.com
Tel: +356 7979 0202

2. Data We Collect

2.1 Booking & Reservation Data

Full name, email address, phone number
Check-in/check-out dates, number of guests
Special requests and communications
Payment confirmation (we do not store card details — handled by Stripe)

2.2 Website Usage Data

IP address, browser type, operating system
Pages visited, time spent, referral source
Device identifiers and cookie data

2.3 Communication Data

Emails, WhatsApp messages, or phone calls with our team
Contact form submissions and enquiries

2.4 Property Owner Data (if applicable)

Property details, ownership documents, bank details (for payouts)
Communications regarding property management

3. How We Use Your Data

We process your personal data for the following purposes and on the following legal bases:

Contract performance: Processing bookings, managing payments, sending confirmation emails
Legal obligation: Tax records, regulatory compliance, fraud prevention
Legitimate interests: Website analytics, security monitoring, service improvement
Consent: Marketing communications (only when you've opted in)

4. Third-Party Processors

We share data with trusted third parties only as necessary:

Stripe (US/EU): Payment processing — stripe.com/privacy
Guesty (US/EU): Booking management software — guesty.com/privacy-policy
Resend (US): Transactional email delivery
Vercel (US/EU): Website hosting and infrastructure

All third parties are bound by data processing agreements and comply with GDPR. Transfers outside the EEA are covered by Standard Contractual Clauses (SCCs).

5. Data Retention

Booking data: Retained for 7 years (Maltese tax law requirements)
Contact enquiries: Deleted after 2 years if no booking is made
Website analytics: Aggregated, anonymised data retained indefinitely
Marketing consent: Until you withdraw consent

6. Your Rights Under GDPR

As a data subject, you have the following rights:

Access

Request a copy of all personal data we hold about you.

Rectification

Correct any inaccurate or incomplete data.

Erasure

Request deletion of your data (subject to legal obligations).

Restriction

Restrict how we process your data in certain circumstances.

Portability

Receive your data in a structured, machine-readable format.

Object

Object to processing based on legitimate interests or marketing.

To exercise any of these rights, email info@christianopropertymanagement.com. We will respond within 30 days. You also have the right to lodge a complaint with the Office of the Information and Data Protection Commissioner (IDPC) at idpc.org.mt.

7. Cookies

We use cookies to improve your browsing experience. See our Cookie Policy for full details.

8. Security

We implement industry-standard security measures including TLS encryption, AES-256 token storage, and regular security audits. However, no internet transmission is 100% secure and we cannot guarantee absolute security.

9. Children's Privacy

Our Platform is not directed at children under 18. We do not knowingly collect personal data from minors.

10. Changes to This Policy

We may update this Policy from time to time. The "Last updated" date reflects the most recent version. Significant changes will be communicated by email.