Privacy Policy
pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR)
This Privacy Policy applies to the website edelweiss-hotel.it and the services offered by Hotel Edelweiss.
1. Data Controller
| Name | Hotel Edelweiss |
| Address | Via dei Narcisi 1B – 37010 Brenzone sul Garda (VR), Italy |
| VAT number (P.IVA) | IT01872290232 |
| Phone | +39 045 628 9060 |
| info@edelweiss-hotel.it | |
| National Accommodation ID (CIN) | IT023014A1UQJTGAZH |
2. Data Protection Officer (DPO)
The appointment of a Data Protection Officer is not mandatory for our organisation under Article 37 GDPR. For any privacy-related enquiry, please contact the Data Controller at the details above.
3. Categories of personal data processed
3.1 Browsing data (collected automatically)
Our servers automatically collect certain data transmitted by your browser: IP address, browser type, operating system, referring URL, and time and date of your visit. This data is not linked to identifiable individuals and is used solely for operating and securing the website.
3.2 Data you provide voluntarily
When you contact us by email or phone, we process the data you provide (name, email address, phone number, message content) in order to respond to your enquiry.
3.3 Booking data
When booking a stay via our external booking platform (secure-reservation.cloud), personal data such as name, date of birth, nationality, address, payment details and identity document details may be processed. That platform acts as an independent data controller; please also refer to its own privacy policy.
3.4 Check-in data (legal obligation)
Under Italian law (Art. 109 T.U.L.P.S.), hotels are required to report guests' personal details to the local public security authority within 24 hours of arrival. Data collected includes: name, surname, date and place of birth, nationality, and identity document type and number.
4. Purposes and legal basis for processing
| Purpose | Legal basis (Art. 6 GDPR) | Retention period |
|---|---|---|
| Website operation and IT security | Legitimate interest (Art. 6(1)(f)) | Up to 30 days |
| Responding to enquiries | Pre-contractual measures (Art. 6(1)(b)) | 12 months |
| Booking and stay management | Contract performance (Art. 6(1)(b)) | 10 years (tax obligations) |
| Reporting to public security authorities | Legal obligation (Art. 6(1)(c)) | As required by law |
| Tax and accounting obligations | Legal obligation (Art. 6(1)(c)) | 10 years (Italian Civil Code) |
| Strictly necessary cookies | Legitimate interest (Art. 6(1)(f)) – no consent required | See Cookie Policy |
| Analytics and profiling cookies (if consented to) | Consent (Art. 6(1)(a)) | See Cookie Policy |
5. Recipients of personal data
Your personal data may be shared with the following categories of recipients:
- Public security authorities (Questura / Police), as required by Italian law;
- Tax authorities (Italian Revenue Agency – Agenzia delle Entrate);
- External service providers (accountant, lawyer, IT providers) appointed as data processors under Art. 28 GDPR;
- Booking platform (secure-reservation.cloud), acting as independent data controller;
- Google LLC, via the Google Maps integration (see Cookie Policy).
We do not sell or share your data with third parties for marketing purposes.
6. International data transfers
Some services we use (such as Google LLC and Meta Platforms Ireland Ltd) transfer data to the United States. Such transfers are carried out in compliance with the safeguards required by GDPR (standard contractual clauses under Art. 46 GDPR, or the EU–US Data Privacy Framework where applicable). You may request information about the specific safeguards in place by contacting us.
7. Your rights as a data subject
Under the GDPR, you have the following rights:
- Access (Art. 15): obtain confirmation of whether your data is being processed and receive a copy;
- Rectification (Art. 16): have inaccurate data corrected or incomplete data completed;
- Erasure / "right to be forgotten" (Art. 17): have your data deleted, unless we are legally required to retain it;
- Restriction (Art. 18): request that processing be restricted in certain circumstances;
- Data portability (Art. 20): receive your data in a structured, machine-readable format where processing is based on consent or contract;
- Objection (Art. 21): object to processing based on legitimate interest;
- Withdrawal of consent (Art. 7(3)): withdraw consent at any time without affecting the lawfulness of prior processing;
- Right to lodge a complaint (Art. 77): with the Italian supervisory authority (Garante per la protezione dei dati personali, garanteprivacy.it) or the supervisory authority of your country of residence within the EU.
To exercise your rights, contact us at: info@edelweiss-hotel.it or write to Hotel Edelweiss, Via dei Narcisi 1B, 37010 Brenzone sul Garda (VR), Italy. We will respond within 30 days.
8. Security
We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. The website uses an encrypted connection (HTTPS/TLS).
9. Minors
This website is not directed at children under the age of 16. We do not knowingly collect personal data from minors. If we become aware that data of a minor has been submitted without parental consent, we will delete it immediately.
10. Cookies
For detailed information on the cookies used on this website, their purposes and how to manage or withdraw your consent, please read our Cookie Policy.
11. Changes to this Privacy Policy
We reserve the right to update this Privacy Policy at any time, including in response to legal changes or changes to our services. We recommend checking this page periodically. Significant changes will be notified via a notice on the website.