top of page

Privacy Policy

We hereby inform users, pursuant to articles 13-14 of EU Reg. 2016/679, regarding the processing of personal data carried out through this website (hereinafter also referred to as "the website") without extending to other websites that may be reached by the user via reference links inserted inside.

The processing of personal data takes place in compliance with current legislation on the protection of personal data and is based on principles of correctness, lawfulness, transparency and data protection.

The data controller is: Hotel Relais Montemarino, with headquarters in Via Alba 66, Borgomale (CN) , cap 12050; The contact details are: tel. +39 0173 529521; e-mail


The information is a general obligation that must be fulfilled before or at the latest when starting the direct collection of personal data. In the case of personal data not collected directly from the data subjects, the information must be provided within a reasonable time, or at the time of communication (not registration) of the data (to third parties or to the data subjects). In accordance with the General Regulations for the Protection of Personal Data of Individuals (GDPR - Reg. (EU) 2016/679), the undersigned organization, as Data Controller, informs of the following.

Sources and categories of personal data

The personal data held by the undersigned organization is collected directly from the data subjects. This website does not collect data belonging to special categories of personal data, to revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation shall be prohibited.


Like others, this website saves cookies on the browser used by the user concerned for the transmission of personal information and to enhance the experience. In fact, cookies are small text strings that the websites visited by the user send to his terminal (usually to the browser), where they are stored, sometimes even with features of wide temporal persistence, to be then retransmitted to the same websites to the next visit.

Further details as well as the possibility of modifying your consent to the use of cookies are available by consulting the Cookie Policy of the website.


Web browsing data

The computer systems and the software used to operate the website acquire, during their normal operation, some personal data whose transmission is implicit in the use of the Internet communication protocols. This is information that cannot be associated with data subjects, but which by their very nature could, through processing and association with data held by third parties, allow to identify users. This category of data includes IP addresses or domain names of computers used by users connecting to the website, the address in the Uniform Resource Identifier (URI) notation of the requested resources, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters related to the operating system and the user's computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the website and to check its correct operation and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer and cyber-crimes against the website.

This website uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the website operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar.

If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.


Profiling data

Profiling data on the consumer's habits or consumption choices are not directly acquired. It is however possible that through links or embedding elements of third parties, such information is acquired from autonomous or separate subjects. See the section of third-party cookies in this disclaimer.


Data provided voluntarily by the user

The optional, explicit and voluntary sending of e-mails to the addresses indicated on the website entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the e-mail. Even the explicit and voluntary sending of the forms that can be filled in on the website containing the data of the data subject involves processing to comply with the pre-contractual obligations or the performance of the services provided by sending the forms. Such information in the forms may concern personal data, contact details, telephone numbers, email addresses of the data subjects and identified and identifiable third parties with the user of the website.

Where necessary, specific summary information will be progressively reported or displayed on the pages of the website for particular services on request.

The User assumes responsibility for third party personal data obtained, published or shared through this Site and warrants that he/she has the right to communicate or disseminate it, releasing the Owner from any liability to third parties.


Purpose and Lawfulness of data processing

Personal data are used:

  1. to allow navigation on the website (ref. art.6 co.1 letter f) of the GDPR);

  2. b) possibly to perform the service or provision requested as part of the normal activity carried out by the undersigned organization (ref. art.6 co.1 letter b) of the GDPR).

Furthermore, all personal data can be processed:

c)     for purposes related to obligations established by law, as well as by provisions issued by authorities legitimated by the law (ref. art. 6 co. 1 letter c) of the GDPR), by way of non-exhaustive example:

- execution of administrative and/or accounting and/or fiscal obligations, connected to the provision of e-commerce services and/or to the purchase contract concluded (e.g.: keeping accounting records and issuing the invoice sales);

d)     for the assessment, exercise or defense of a right in court and out of court (legitimate interest) of the undersigned organization (ref. art. 6 co. 1 letter f) of the GDPR);

e)     for functional purposes, according to the legitimate interest of the Data Controller in particular; for navigation and usage logs to protect the website and the service from cyber-attacks, identify any malicious or fraudulent activity (ref. art. 6 co. 1 letter f) of the GDPR).


Consequences of refusal to provide data

The provision of data collected from the data subjects is optional but essential for the purpose of data processing them for the purposes in letters a) and b). In the event that the data subjects do not communicate their indispensable data and do not allow the data processing, it will not be possible to proceed with the completion and implementation of the services offered and to follow up on the contractual obligations undertaken, with consequent prejudice to the correct fulfillment of regulatory obligations, such as e.g. accounting, fiscal and administrative ones, etc.

Apart from that specified for navigation data, the user is free to provide personal data for cookies and specific requests through forms, e.g. on products and/or services. Failure to provide such data may make it impossible to obtain what has been requested. For all non-essential data, including those belonging to special categories, the provision is optional. In the absence of consent or incomplete or incorrect provision of certain data, including those belonging to special categories, the required fulfilments could be so incomplete as to cause damage or in terms of penalties or loss of benefits, both due to the impossibility of guaranteeing the adequacy of the data processing itself to the obligations for which it is performed, and for the possible mismatch of the results of the data processing itself to the obligations imposed by the laws to which it is addressed, intending exempt the undersigned organization from any and all responsibility for any sanctions or afflictive measures.


Data processing methods

The data processing connected to the web services of the website are processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected; they take place at the server in Italy or the EU and are only handled by technical personnel in charge of data processing, or by persons in charge of maintenance and administration operations. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access and loss of confidentiality.


By data processing we mean their collection, registration, organization, conservation, processing, modification, cancellation and destruction or the combination of two or more of these operations. In relation to the aforementioned purposes, the processing of personal data takes place using manual, IT and telematic tools, with logic strictly related to the purposes themselves and, in any case, in order to guarantee the security and confidentiality of personal data will therefore be processed in compliance with the methods indicated in the art. 5 EU Reg. 2016/679, which provides, among other things, that the data are processed lawfully and correctly, collected and recorded for specific, explicit and legitimate, exact, and if necessary updated, pertinent, complete and not excessive with respect to the purposes of the processing, in compliance with fundamental rights and freedoms, as well as the dignity of the data subjects with particular reference to confidentiality and personal identity, through protection and security measures. The undersigned organization has prepared and will further improve the access security and data retention system.

An automated decision-making process (e.g. profiling) is not carried out.


Extra-EU transfer of personal data

The data processing will take place mainly in Italy and the EU, but could also take place in non-EU and non-EEA countries if deemed functional to the efficient fulfillment of the purposes pursued in compliance with the guarantees in favor of the data subjects.

Finally, the treatment that takes place in non-EU and non-EEA countries when, at the request of the interested party, the connections to the website come from these countries, is outside the responsibility of the Data Controller.


Personal data retention policy

Personal data will be kept, in general, as long as the purposes of the data processing persist according to the category of data processed. The Data Controller may be obliged to keep personal data for a longer period in compliance with a legal obligation or by order of an authority.


Categories of subjects to whom the data may be communicated

The personal data (only the indispensable ones) are communicated:

  • to subjects authorized to process personal data and Data Processors, both internal to the organization and external, who perform specific tasks and operations (website administration, analysis of navigation and traffic data, management of e-mails and forms sent voluntarily by the user, etc.);

  • in the cases and to the subjects foreseen by the law.

The personal data will not be disclosed unless otherwise provided by law or subject to anonymisation. Without prejudice to what is specified for cookies and third-party elements, without the prior general consent of the data subjects to communications to third parties, it will be possible to start only services that do not provide for such communications. If necessary, specific and punctual consent will be requested and the subjects who will receive the data will use them as independent data controllers.

In some cases (not subject to the ordinary management of this website) the Authority may request news and information, for the purpose of controlling the data processing of personal data. In these cases, the answer is mandatory under penalty of an administrative fine.


Rights of the data subject

At any time you can: exercise your rights (access, rectification, cancellation, limitation, portability, opposition, absence of automated decision-making processes) when provided to the Data Controller, pursuant to art. from 15 to 22 of the GDPR (; propose a claim to the Control Authority (; if the data processing is based on consent, revoke the consent given, taking into account that the withdrawal of consent does not affect the lawfulness of the data processing based on consent before revocation.

Requests should be addressed to the Data Controller by e-mail, at the address:


Disclosure format

This privacy statement can be consulted automatically via any Internet browser.

In any case, please report the difficulties encountered in viewing this information in order to be able, if necessary, to provide for it with alternative means.

This document will be subject to updates; It is the user's responsibility to consult the document and its updates.

bottom of page