Cookie Policy

Cookies are small text files placed on your device by the websites you visit. They keep you signed in, remember your preferences, secure transactions, help a site’s operator understand how it is used and (where you have consented) deliver or measure marketing. This Cookie Policy explains how Sassi Villas Ltd (the “Platform”, “we”, “us” or “our”) uses cookies and similar technologies on sassivillas.com and on any subdomain, application or other digital service we operate. It should be read with our Privacy Policy. Our use of these technologies is governed in the United Kingdom by regulation 6 of the Privacy and Electronic Communications (EC Directive) Regulations 2003 (“PECR”) and the UK GDPR, and in the European Economic Area by Article 5(3) of the ePrivacy Directive (Directive 2002/58/EC) as transposed in each member state, alongside the EU GDPR. Under these rules, deploying cookies and similar technologies that are not strictly necessary for a service you have requested needs your prior, freely given, specific, informed and unambiguous consent. We obtain that consent through a cookie-consent interface shown on your first visit and re-accessible from the footer of every page.

We organise cookies and similar technologies into four functional categories, following ICO and European Data Protection Board guidance: strictly necessary (Essential), performance and analytics, marketing and advertising, and functional. Strictly necessary cookies are deployed because they are needed for the Services you have requested and are exempt from the consent requirement; all other categories are deployed only with your prior consent. The categories operate independently in our consent-management interface, so you can grant or withhold consent for each separately and change your selection at any time, with no effect on the others. Refusing non-essential categories does not stop you using the Services or making a Booking. We do not use “consent walls” or “dark patterns” that condition use of the Services on accepting non-essential cookies. A complete inventory of the individual cookies in each category, including provider, purpose and duration, is available through the “Cookie Settings” link in the footer.

Strictly necessary cookies are required for the technical operation of the Services and the functions you have actively requested; without them, core features such as authentication, booking, payment and security cannot be provided. Typical examples include: session cookies that maintain the booking flow as you move between pages; authentication cookies that keep you signed in; cross-site-request-forgery (CSRF) tokens; load-balancer affinity cookies for consistent routing during a session; cookies set by Stripe to operate the payment iframe and prevent fraud; cookies set by our consent-management provider to remember your choices; and cookies that store accessibility preferences such as font size and reduced-motion. These are deployed under the regulation 6(4) PECR “strictly necessary” exception and need no consent, processing only the data needed for the stated purpose. Most are session cookies that expire when you close your browser; a few persist for a fixed period (typically up to 12 months for the consent-record cookie) so we need not re-ask on every visit.

Performance and analytics cookies let us count visits and traffic sources so we can measure and improve the Services: which pages are most and least popular, how visitors move around, the journey from first visit to confirmed Booking, usability and accessibility issues, rendering errors and slow components, and how new features are received. We use first-party analytics where possible and configure third-party tools to minimise personal data, through IP truncation, disabling cross-site tracking, suppressing advertising features and using region-appropriate data residency. Providers we may use include Google Analytics (with IP anonymisation and EU-region hosting where available), Vercel Analytics or Plausible. These cookies are deployed only with your prior consent, and you can withdraw it at any time through “Cookie Settings” in the footer. If you do not consent, the tools are not loaded; analytics are then limited to aggregated, anonymised request-level data processed under our legitimate interest in the security and stability of the Services (Article 6(1)(f)), with IP truncation and short retention.

Marketing and advertising cookies are deployed by us, our advertising partners or social-media platforms whose pixels are embedded in the Services, to measure campaign effectiveness, cap how often you see a particular advertisement, deliver more relevant content and build or augment audiences for re-engagement. Providers we may use include Meta (Facebook and Instagram), Google Ads, LinkedIn Ads, Microsoft Advertising, Pinterest and TikTok; many process personal data for their own purposes as independent or joint controllers under their own privacy notices. We deploy these cookies only on your prior, explicit, opt-in consent, presented as a clearly distinguishable option rather than bundled with other categories, in line with ICO guidance. You can withdraw consent at any time through “Cookie Settings” in the footer, and you can also use the advertising-preferences tools operated by the relevant platforms (Your Online Choices, the Network Advertising Initiative opt-out, or platform settings such as Meta’s Ad Preferences).

Functional cookies remember choices you have made and provide enhanced, personalised features: your preferred language and currency, your most recent search filters, your shortlist of favourite properties between sessions, whether you prefer a map or list view, accessibility settings such as reduced-motion or higher contrast, and the state of multi-step forms in the owner dashboard. They are useful but not strictly necessary, so we deploy them only with your consent. You can decline them and still use the Services, though the experience will be less personalised and some preferences (for example, language and currency) may need to be re-applied on each visit. Functional cookies are first-party by default and typically persist for between thirty (30) days and twelve (12) months, depending on purpose; the exact duration of each is shown in the “Cookie Settings” inventory.

Some features are provided through third-party services that may set their own cookies, subject to your consent where required. The principal third parties include: Stripe Technology Europe, Limited, for the payment iframe, fraud-prevention and Stripe Radar; Google LLC, for Google Maps, Google Fonts (where cookies are involved; we self-host where possible), Google Analytics (where consented) and Google reCAPTCHA (classified as strictly necessary, configured to minimise data); Meta Platforms Ireland Limited, for the Meta pixel (where consented) and embedded Instagram content; video providers such as YouTube or Vimeo for embedded property videos; consent-management providers such as OneTrust or Cookiebot; and identity-verification and KYC providers for Owner onboarding. Cookies set by these third parties are governed by their own privacy and cookie policies, which we encourage you to read before consenting. We review our integrations regularly and update the “Cookie Settings” inventory accordingly.

Besides cookies, we use other client-side storage and tracking technologies that are treated identically under PECR and the ePrivacy Directive: HTML5 local and session storage; IndexedDB; cache storage and service-worker registrations; web beacons and tracking pixels in emails and on pages; software-development kits (SDKs) in any mobile application; and device-fingerprinting where used. For consent, we treat them exactly like cookies: those strictly necessary for the Services are deployed without consent, and the rest only with your prior consent. Common uses on sassivillas.com are caching property data and images for faster loading, preserving a partially completed booking form, synchronising your shortlist across tabs within a session, and storing accessibility and UI preferences. You can clear local storage, session storage and IndexedDB through your browser’s settings or developer tools, or by signing out and following any account-deletion process.

Cookies and similar technologies are either session or persistent. Session cookies last only for your browsing session and are deleted when you close your browser; they are used mainly for authentication, the booking flow and security tokens. Persistent cookies remain after the browser closes and expire at the end of a fixed period set when they are created. Typical durations we apply are:

You can delete persistent cookies at any time through your browser settings, and we will re-prompt on your next visit. Where consent has been refused for a category, we will not deploy cookies in it until you actively grant consent.

“Do Not Track” (DNT) is an HTTP-header preference some browsers can set; there is no agreed specification for it. Where we detect a DNT signal, we treat it as an indication that you have not consented to non-essential cookies and similar technologies and do not deploy them unless and until you affirmatively consent through our cookie-consent interface. We also recognise the Global Privacy Control (GPC) signal, which is more clearly defined and increasingly recognised by data-protection authorities, and treat it as a withdrawal of, or absence of, consent to non-essential cookies under PECR and the ePrivacy Directive. Where you have used our interface to consent to a particular category, that explicit selection takes precedence over the DNT or GPC signal until you withdraw it.

You can manage your cookie preferences at any time, free of charge. The simplest way is the “Cookie Settings” link in the footer of every page, which opens our consent interface and lets you enable or disable each non-essential category individually, taking effect immediately. You can also manage cookies at the browser level: every major browser (Chrome, Firefox, Safari, Edge, Brave, Opera, Vivaldi) provides privacy or security controls to accept, block or delete cookies, with the steps varying by browser and version (the publisher’s help pages give the most accurate guidance). On mobile, operating-system controls such as Apple’s App Tracking Transparency provide further control. To opt out of Google Analytics, you can install its Opt-out Browser Add-on; to manage advertising cookies more broadly, use Your Online Choices or the Network Advertising Initiative opt-out. Preference changes apply prospectively; they do not delete cookies already set, though our interface will instruct your browser to delete cookies in any category for which consent has been withdrawn.

We may update this Cookie Policy to reflect changes in the cookies and similar technologies we use, our service providers, our analytics and marketing tools, applicable law or regulatory guidance. For material changes, including a new category of non-essential cookie, a new third-party provider, or a change in an existing cookie’s duration or purpose, we will re-prompt you for consent through our consent interface before they take effect for you. Non-material changes, such as correcting typographical errors, clarifying language without altering a right or obligation, or updating cross-references, may be made without prior notice. The “Last Updated” date above reflects the most recent revision. Any question about our use of cookies, or about this Cookie Policy, can be sent to support@sassivillas.com.