Privacy and Cookie Policy

Last updated June 1, 2025

Hotel Royal ***S by Watschinger Astrid, located at Hocheckstraße 6, IT-39030 Sexten (hereinafter Hotel Royal) always strives to protect the online privacy of its users. This document has been prepared in accordance with Art. 13 of EU Regulation 2016/679 (hereinafter referred to as "Regulation") so that you can get to know and understand our Privacy Policy and how your personal information is handled when using our website, and to expressly and consciously provide your consent to the processing of your personal data, if necessary (valid only for persons aged at least 16 years). The information and data provided by you or otherwise acquired by us during the use of our services on the website (hereinafter referred to as "Services") are processed in accordance with the provisions of the Regulation and the confidentiality obligations that affect the activities of the Controller.

The information and data provided by you or collected during the use of our website and services (hereinafter "Services") are processed in accordance with the provisions of the Regulation and the confidentiality obligations that govern the activities of the Controller.

The Data Controller

The person responsible for the processing carried out on the website is Hotel Royal ***S of Watschinger Astrid as determined above (hereinafter referred to as "Controller").

For information about the processing of personal data by the Controller, including the list of processors who are commissioned to process the data, please write to the following address: info@hotel-royal.it

Personal Data

The personal data that are subject to processing In the context of your use of the website, the Controller processes personal data that are suitable for identifying you directly or indirectly. Such data include, for example, name, identification number, online identifier, postal address, e-mail address, telephone number (landline and/or mobile), as well as other characteristics of your physical, physiological, psychological, economic, cultural, or social identity (hereinafter "personal data").

The personal data processed within the framework of the website include in particular:

a. Navigation data

The computer systems and software procedures used to operate the website collect certain personal data during their normal operation, which is automatically transmitted through the communication protocols of the Internet. This information is not collected to identify you as a data subject, but could, through processing and association with data held by third parties, allow identification.

This data includes, among others:

IP addresses or domain names of the devices used by users to access the website,
URI addresses (Uniform Resource Identifier) of the requested resources,
Time of the request,
Method used to submit the request to the server,
Size of the response file received,
Server status code (e.g., success, error),
Operating system and computer environment used.

This data is used exclusively to generate anonymous statistical information on the use of the website, to check its correct functioning, and to identify anomalies or misuse. It is deleted immediately after processing. In exceptional cases, this data may be used to ascertain responsibility in the event of hypothetical crimes against the website or third parties. Apart from these cases, the collected data is deleted after a short period.

b. Special categories of personal data

If you use the website to apply (e.g., via a contact form or email), personal data may be transmitted that falls under the special categories defined in Art. 9 of the Regulation. This includes data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health data, or data concerning sexual life or sexual orientation.

Please only transmit such sensitive data if absolutely necessary. If you do transmit special categories of personal data without providing explicit consent for their processing, the Controller assumes no liability. In such cases, the processing is considered lawful as the data is deemed to have been made public by the data subject in accordance with Art. 9(2)(e) of the Regulation.

We point out that we may also review publicly accessible professional social profiles (e.g., LinkedIn) to support the selection process.

c. Data voluntarily provided by the data subject

If you provide personal data of third parties in the context of using certain services on the website (e.g., request, contact, or reservation forms), we process this data in accordance with applicable data protection laws. In such cases, you, as the transmitting person, are responsible for the lawfulness of the data processing.

You agree to indemnify us against any claims, damages, or liabilities arising from the unlawful processing of the data you provide.

If you provide personal data of third parties, you guarantee that this is based on a legal basis in accordance with Art. 6 of the Regulation and that the processing of this information is lawful.

d. Cookies and other tracking technologies

General information about cookies Cookies are small text files that a website stores on your device through the browser to store certain information for a limited time. There are different types of cookies that serve different purposes:

Essential cookies: These are necessary for the website to function properly (e.g., navigation or shopping cart cookies).
Analytics cookies: They collect statistical information, such as the number of visitors or the origin of website traffic.
Functional cookies: These store user-defined settings such as language or filter options to improve the user experience.
Profiling cookies: These collect preferences and user behavior to create personalized advertising messages. These cookies often come from third parties that enable targeted advertising.

Consent requirement for cookies Cookies that are not necessary for the basic function of the website may only be set with your active consent. You also have the right to withdraw your consent at any time.

When visiting the website, a banner will be displayed informing you about the use of cookies. This offers you the following options:

Consent to all cookies, Selection of individual cookie categories, or Approval of each individual cookie separately.

The cookie management tool (CMP) stores your settings and applies them on your next visit. Through the tool, you can withdraw your consent or adjust your preferences at any time.

Blocking cookies through browser settings

Firefox:

Click on the menu and go to Settings.
Go to the Privacy tab.
In the "History" section, select "Use custom settings for history" from the drop-down menu.
In the now appearing options, uncheck "Accept cookies".
Click the "OK" button.
Detailed information can be found at: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

Google Chrome

Click on the menu and go to Settings.
Scroll down and click on "Advanced".
In the "Privacy and security" section, click on "Content settings".
In the "Cookies" section, select "Block all cookies".
Click the "Done" button.
Detailed information can be found at: https://support.google.com/chrome/answer/95647?hl=en

Microsoft Edge

Open the "Settings and more" menu and go to "Settings".
Click on "Privacy, search, and services".
Under "Clear browsing data", click on "Choose what to clear".
Select "Cookies and other site data" and click "Clear now".
Detailed information can be found at: https://support.microsoft.com/en-us/microsoft-edge/manage-cookies-and-site-data-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09

Safari

Go to the "Preferences" menu and click on "Privacy".
In the "Cookies and website data" section, select "Block all cookies".
Detailed information can be found at: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac

Purpose of processing

The processing of your personal data is carried out, where necessary, with your explicit consent and serves the following purposes:

Provision of the services you requested
Responding to customer service inquiries, information requests, or reservations.
Analysis of submitted resumes and contacting applicants.
Compliance with all legal, accounting, and tax requirements.
With your explicit and specific consent, the provided data may be processed for the purpose of sending promotional and marketing communications, including: sending newsletters, conducting market research surveys, sending communications via automated systems (SMS, MMS, email, push notifications) and non-automated systems (mail, call centers).

The legal basis for processing your data for marketing purposes is Art. 6(1)(a) of the Regulation. Consent to the processing of your data for direct marketing purposes is voluntary and does not affect your ability to use the services offered. If you do not provide your consent, you will not suffer any disadvantages.

Legal basis and mandatory or optional nature of processing

The legal basis for processing personal data for the purposes mentioned in Section 3 (a-b-c) is Art. 6(1)(b) of the Regulation (performance of a contract), as the data processing is necessary for the provision of the services or for responding to the data subject's requests. The provision of personal data for these purposes is optional, but failure to do so would make it impossible to activate the services provided by the website, process requests, or evaluate resumes. With particular reference to the purpose 3.c and the related analysis of professional social profiles freely accessible on the Internet, as mentioned in Section 2.b, the legal basis for processing the data is Art. 6(1)(f) of the Regulation, i.e., the legitimate interest of the Controller in assessing potential risks to the suitability of the applicant for the specific open position.

The purpose mentioned in Section 3.d represents a lawful processing of personal data in accordance with Art. 6(1)(c) of the Regulation (compliance with a legal obligation). Once the personal data has been provided, the processing is indeed necessary to fulfill a legal obligation to which the Controller is subject.

The legal basis for processing for the purposes mentioned in Section 3.e is Art. 6(1)(a) of the Regulation (user consent). The Controller may, without your consent, carry out processing for the same purposes, involving the direct sending of promotional material or direct sales or the conduct of market research or commercial communications relating to products or services of the Controller (excluding soft spam), which are similar to those purchased, using email addresses and postal addresses in accordance with and within the limits allowed by Art. 130(4) of the Privacy Code and the provisions of the Data Protection Authority dated June 19, 2008. The legal basis for processing your data for this purpose is Art. 6(1)(f) of the Regulation (legitimate interest). This processing also includes messages containing text, voice, video, sound, or images sent via an electronic communications network and which may be stored on the network, on a computer, or on the recipient's device. This includes SMS, MMS, and functionally equivalent applications and techniques.

Recipients of personal data

Your personal data may be disclosed for the purposes mentioned in Section 3 to:

Entities typically acting as data processors, i.e.: i) individuals, companies, or professional firms providing assistance and advice to the Controller in accounting, administrative, legal, tax, financial, debt collection, marketing, and communication matters regarding the provision of services; ii) entities with whom collaboration is necessary for the provision of services (e.g., hosting providers); iii) entities responsible for carrying out technical maintenance activities (including maintenance of network equipment and electronic communication networks) (collectively referred to as "Recipients");

Entities, bodies, or authorities to whom your personal data must be disclosed by law or by order of the authorities; Individuals authorized by the Controller to process personal data necessary for carrying out activities related to the provision of services or for the other purposes mentioned in Section 3, who have committed to confidentiality or have an appropriate legal obligation of confidentiality (e.g., employees of the Controller).

Transfer of personal data

Some of your personal data may be transferred to recipients located outside the European Economic Area. The Controller ensures that the processing of your personal data by these recipients is carried out in accordance with the Regulation. Transfers may indeed be based on an adequacy decision, on the standard contractual clauses approved by the European Commission, or on another suitable legal basis. Further information can be obtained from the Controller at the following address: info@hotel-royal.it.

Storage of personal data

Personal data processed for the purposes mentioned in Section 3(a-b) will be retained for as long as necessary to achieve these purposes. Since the data processing is carried out for the provision of services, the Controller will in any case process the personal data until the time provided for by Italian legislation to protect interests (Art. 2946 et seq. of the Civil Code). With regard to resumes submitted via the website or by email in accordance with Section 3.c, personal data will be retained for a period deemed appropriate for the purpose for which the data was collected, notwithstanding the possibility for the Controller to contact the applicant shortly before the expiration of the specified period to request an extension of this retention period.

Personal data processed for the purposes mentioned in Section 3.d will be retained until the time provided for by the specific obligation or applicable law.

Personal data processed for the purposes mentioned in Section 3.e will be retained until the withdrawal of consent by the data subject or, if such withdrawal does not occur, for a specific maximum period deemed appropriate.

Further information on the retention period of data and the criteria for determining this period can be obtained from the Controller at the following address: info@hotel-royal.it.

Data Protection Officer

In accordance with applicable legislation and the principle of accountability, the Controller has decided to appoint a Data Protection Officer (DPO). The DPO can be contacted via email at info@hotel-royal.it for information on the processing of personal data by Alpinfluence vGmbH.

Rights of data subjects

Pursuant to Articles 15 et seq. of the Regulation, you have the right to request information about your personal data from the Controller at any time, to request its rectification or deletion, or to object to its processing. You have the right to request the restriction of processing in the cases provided for in Art. 18 of the Regulation and to receive the data concerning you in a structured, commonly used, and machine-readable format in the cases provided for in Art. 20 of the Regulation.

Any request should be addressed in writing to the Controller at the following address: info@hotel-royal.it.

You have the right to lodge a complaint with the competent supervisory authority (Data Protection Authority) pursuant to Art. 77 of the Regulation if you believe that the processing of your personal data violates applicable law.

Changes

This privacy policy is effective as of March 11, 2021, and was last updated on April 23, 2021. The Controller reserves the right to change or update the content, in whole or in part, also due to changes in applicable legislation. Therefore, the Controller encourages you to regularly visit this section to stay informed about the latest and most up-to-date version of this privacy policy.

Privacy and Cookie Policy