- Our offers
- Culinary delights
- Cinthia Thermal SPA
- Conference Rooms
- Activities and services
- How to find us
- Green energy
We recognize the importance of our users’ privacy and we commit ourself to respecting it. We keep all the information that you share with us confidential, complying with the European Data Protection Laws (GDPR).
This note is to describe how we collect your personal data when you use our website and how we use them, in addition to the options that users have with respect to data collection and use.
We collect both the information that you voluntarily enter in our system and the information that we receive implicitly when you use our services and functionalities.
The information that we receive when you use our services are mainly non-personal data that are generally provided by Web browser and server, such as browser type, preferred language, reference web site and date/hour of each visit. We collect these non-personal information in order to undestand better how consumers use our services and, if possible, to improve their experience (according to our legitimate interests as for art 6(1) lit. DSGVO).
Purpose of data processing
We process personal data to manage the relation with our customers.
In order to provide requested offers, we need to save your name, title, address, e-mail address, mail address and telephone number.
When you send us a request for booking or you book a room, we save your data as well as data about the other guests in the reservation request. We use your personal data in order to meet the requirements of the bookings you made. For example we may send you useful information about your approaching stay or ask you to express your opinion about your experience.
If necessary, we may use your data to keep you updated with future offers or contact you in case you have signed up to our waiting list.
If you have signed up to our mailing list, we will use your data to send you a periodic newsletter.
For security reasons, we file the server requests sent from your web browser. For meeting your requirements more efficiently while you are in contact with us through our online chat, we register your online status on our web platform.
For your data security
In compliance with art. 32 of the GDPR, considering the current knowledge, the implementation costs, the nature, the object, the context, the processing purpose, the various degrees of risk probability for the rights and the liberty of physical persons, we have put in place adequate technical and organisational measures that can guarantee an adequate level of security, taking into account the risks originating in particular from the destruction, the loss, the disclosure of your personal data or unauthorized access to them.
These technical measures include the encrypted transmission of data between the browser and our servers, the ability to guarantee the privacy, the integrity, the data availability monitoring physical access to data as well as the unauthorized access, disclosure, modification or destruction.
Moreover, we have put in place procedures that can respond to risks about data security and guarantee protection of the above-mentioned rights and data cancellation.
We are already considering account data protection through the development or selection of hardware, software and procedures whose purpose is to protect data.
In compliance with applicable laws, we will do everything in our power to make sure that all persons responsible for data processing comply with security laws to protect the data they supervise.
When providing your personal data you will allow the transmission (and processing) to countries outside the European Union, for the purposes mentioned in this note.
We would like to remind you that you are also responsible for protecting your data on this platform and we recommend that you don’t disclose any unnecessary information and don’t provide third parties with your access data (the link to your personal area). Data transmission within public communication means (for example by e-mail) are likely to result in a high risk of security gap. Therefore, in case third parties do have access, we cannot guarantee a full data protection.
Cooperation with processors and third parties
In compliance with the law, if personal or corporate details are transmitted or disclosed to third parties or made accessible to third parties, consent to the processing is necessary and you must accept the consent (for example in case your data are transmitted to providers of payment services, as described in the art. 6, par 1 of GDPR). Data processing is also allowed for complying with the law or in case it aims at satisying legitimate interests (webhosting etc).
In case we decide to appoint an external supervisor for data processing we will put in place suitable legal precautions according to the art. 28 of GDPR.
Integration of service and contents of third parties:
Google Analytics, Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USAContenuto YouTube, proprietario: Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA.Google Maps, Eigentümer: Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA.Social network Facebook: Facebook Inc., Menlo Park, California, USASocial network Google Plus: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USASocial network Instagram, proprietario: Facebook Inc., Menlo Park, California, USASocial network Twitter, Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, IrlandaPortale di viaggi HolidayCheck, HolidayCheck Online Reisebüro, Bahnweg 8, CH-8598 BottighofenPortale di viaggi Tripadvisor, TripAdvisor LLC, 400 1st Avenue, Needham, MA 02494 USABooking engine Booking.com, Booking.com B.V., Herengracht 597, 1017 CE Amsterdam, NiederlandePiattaforma di vendita interattiva ReGuest, Zeppelin Technology, Via Kuperion 34, 39012 Merano, Italia
Right of information, cancellation and block
With the exception of applicable laws, according to the Art. 15 of GDPR you have the right to obtain the access to memorized personal data, to know their origin, the recipients to whom the data have been or will be disclosed , the purpose of data collection as well as the right to modify or cancel these dates (art. 16 and 17 of GDPR). For further information about personal data, do not hesitate to contact us anytime using the below-mentioned contacts.
Your request for access might result into a commision to cover our costs. Moreover, we are required to verify your identity before processing your request
Data archiving and cancellation
The data we process are cancelled or their processing is restricted according to art. 17 an d18 of the GDPR. With the exception of what is declared in these guidelines about protection of privacy, memorized data are cancelled as soon as they are no longer relevant for their purpose and cancellation does not conflict with archiving requirements provided by the law.
Unless data are cancelled because they are required for other legitimate purposes, their processing will be restricted. That means that data are blocked and are not processed for other purposes. This applies for data that must be stored for commercial or fiscal purposes.
If you have questions, comments or information inquiries about these guidelines about protection of privacy you can send an e-mail to the address email@example.com ot call 0039 81/984242