EU General Data Protection Regulation

Dear Sir or Madam,

This privacy policy is intended to inform users of this website, in accordance with the EU General Data Protection Regulation (GDPR), about the nature, scope and purpose of the collection and use of personal data by the website operator

The Günther Schmidhammer family,
Tel. +39 3283047894
E-Mail: info@chaletresort-innerluferhof.com 
Chalet Resort Innerluferhof,
Luferweg 5, 39010 Riffian near Merano, South Tyrol, Italy. 

We take the protection of your personal data very seriously and treat your personal data confidentially and in accordance with the applicable legal provisions.

1. In accordance with Article 13 of the European General Data Protection Regulation, we process the following data:

• Your master data (first name, surname, address, telephone number, email address, date of birth, place of birth, language, etc.)
• Your data contained in travel documents and identity documents
• Your payment details, including debit cards, credit cards and bank cards
• The length of stay you have requested, as well as any personal preferences relating to your stay that you have disclosed to us

2. We hereby inform you that Chalet Resort Innerluferhof, Luferweg 5, 39010 Riffian, South Tyrol | Italy, in accordance with Article 13 of the European General Data Protection Regulation, stores and processes the personal data collected from you for the following purposes and, where necessary and required by law, transfers it to third parties (e.g. public authorities, tourism associations):

• to public administrations and authorities, where required by law or contract (e.g. documentation rights and obligations under accounting, tax and customs law, contract law, registration requirements, or legal disputes)
• to fulfil our pre-contractual and contractual obligations towards you
• for our legitimate interests, in the field of direct marketing, confirmations and the protection of our own legal interests
• to all those natural and/or legal, public and/or private persons (legal, administrative and tax consultancy firms, courts, chambers of commerce, etc.) where such disclosure proves necessary or expedient for the performance of our activities, and in the manner and for the purposes specified above.

The duration of data retention is determined by the duration of our business relationship, the consents you have given, and the statutory retention requirements and legal obligations applicable to us.

3. Data processing is carried out in the following ways: manually and by computer

4. The provision of your data is voluntary/mandatory (if mandatory, please state the reason).
Should you refuse to provide personal details, travel document details and bank details, we will be unable to fulfil our contractual obligations and accommodate you at our establishment. We do not use profiling or automated decision-making.

5. We store and process the data for the purpose of providing our services and, where necessary and required by law, transfer it to third-party recipients (e.g. public authorities, tourist board).

6. The data controller is: Günther Schmidhammer.

7. The data controller is: Günther Schmidhammer.

Access data on our website

The website operator or hosting provider collects data regarding visits to the site and stores this as ‘server log files’. The following data is logged:

• Website visited
• Time of access
• Amount of data transferred in bytes
• Source/link from which you accessed the site
• Browser used
• Operating system used
• IP address of the internet service provider

The data collected is used solely for statistical analysis and to improve our website. However, the website operator reserves the right to review the server log files retrospectively should there be concrete indications of unlawful use.

South Tyrol Alto Adige Guest Pass

• Purpose: The personal data provided will be sent to the Guest Pass central coordination office to enable the creation and use of the Guest Pass and to provide the associated services.
• Recipients In connection with the issue of the Guest Pass, your data will be transferred to the Mobility Consortium, VAT No. 02735170215, which, as the Guest Pass issuer and central coordination office, acts as the independent data controller for the processing of the data provided. For further information on the processing to which the data is subject, you may send an email to privacy.bz.it.
• Legal basis The legal basis for the processing is Article 6(1)(b) of the GDPR.

Cookies

This website uses cookies. These are small text files that are stored on your device. Your browser accesses these files. The use of cookies improves the user-friendliness and security of this website.
Most browsers offer the option to disable cookies.
You can find information and instructions on how to block and delete cookies here.
The following website provides information on how usage-based online advertising works, as well as further information about cookies and how they function. You will also find helpful explanations of the steps you can take to protect your privacy online. www.youronlinechoices.com

Handling of contact details & forms

If you contact us via any of the contact options provided (enquiry form, email, telephone, guestbook, newsletter subscription), personal data (such as your name, address or email address) will be stored. This is necessary so that we can access this information when processing and responding to your enquiry.
If you send us enquiries via the contact form on our website, the details you provide in the form, including the contact details you enter there, will be stored for a period of two months for the purpose of processing the enquiry and in case of any follow-up questions.
Should a booking or contract result from an enquiry made via our form, we are required to retain your data for at least 10 years in accordance with Article 2220 of the Italian Civil Code. Only those fields in the forms that are strictly necessary for using the service and transmitting the information are marked as mandatory. We will not pass on the data you provide to third parties without your express consent, unless required by law.

SSL encryption (HTTPS protocol)

To provide the best possible protection for the data you submit, we use SSL encryption. You can recognise such encrypted connections by the prefix ‘https://’ in the page link in your browser’s address bar. Unencrypted pages are indicated by ‘http://’.
All data that you transmit to this website – for example, when making enquiries or logging in – cannot be read by third parties thanks to SSL encryption.

Handling of comments and entries in the guestbook

If you leave an entry or comment on this website, personal data such as your IP address, email address and name will be stored. This is for the security of the website operator: If your text violates applicable law, we wish to be able to trace your identity.

Integration of third-party services and content

We would like to point out that this website may incorporate third-party content (including booking widgets from Booking Südtirol, videos from YouTube/Vimeo, maps from Google Maps, Google Analytics and other providers). A prerequisite for the use of these services is that the providers of this content (referred to as “third-party providers”) receive the user’s IP address. The reason for this is that without the IP address, content cannot be sent to the user’s browser and the content cannot therefore be displayed. Unfortunately, we have no control over whether and to what extent third-party providers store your IP address. Should we be made aware of this, we will inform users.

Google Analytics

This website uses the ‘Google Analytics’ service, provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), to analyse how users use the website. The service uses ‘cookies’ – text files that are stored on your device. The information collected by the cookies is usually sent to a Google server in the USA and stored there.
IP anonymisation is in use on this website. Users’ IP addresses are truncated within the member states of the EU and the European Economic Area. This truncation removes the personal reference from your IP address. Under the data processing agreement concluded between the website operators and Google Inc., the latter uses the information collected to analyse website usage and activity and to provide services related to internet usage.
You have the option to prevent cookies from being stored on your device by adjusting the relevant settings in your browser. We cannot guarantee that you will be able to access all functions of this website without restrictions if your browser does not accept cookies.
You can also use a browser plugin to prevent the information collected by cookies (including your IP address) from being sent to Google Inc. and used by Google Inc. The following link will take you to the relevant plugin: https://tools.google.com/dlpage/gaoptout?hl=de
Alternatively, by clicking on the following link, you can prevent Google Analytics from collecting data about you on this website: Opt-Out Google Analytics
By clicking on the link above, you will download an ‘opt-out cookie’. Your browser must therefore generally allow the storage of cookies for this to work. If you regularly delete your cookies, you will need to click on the link again each time you visit this website.
You can find further information on data usage by Google Inc. here: https://support.google.com/analytics/answer/6004245?hl=de

Google Maps

This website uses Google Maps/Google Earth, operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, for the purpose of displaying maps and creating route directions to our premises.
By using this service, the user consents to the processing of data collected about them by Google, its representatives or third-party providers. The full terms of use can be found on the provider’s (Google’s) website.
Terms of Use: https://policies.google.com/terms?hl=de
Privacy Policy: https://policies.google.com/privacy?hl=de

Script Libraries & Google Web Fonts

To ensure that our content is displayed correctly and in a visually appealing manner across all browsers, this website uses Google Web Fonts and script libraries (including jQuery).
When you visit the site, the use of Google Web Fonts involves accessing an external Google server in the USA; this means that Google is, in theory, made aware of your use of the site. Please refer to the pages of the provider “Google” for further information regarding data protection.
The privacy policy of the library operator Google can be found here:  https://www.google.com/policies/privacy/
Accessing script libraries also automatically triggers a connection to the library operator. In doing so, it is theoretically possible – although currently unclear whether, and if so, for what purposes – that the operators of such libraries collect data.

User rights: access, rectification and erasure

1. The data subject has the right to obtain, free of charge, information as to whether personal data is held. They have the right to have this data communicated to them in an intelligible form.
2. The data subject has the right to obtain information regarding:
a) the origin of the personal data;
b) the purpose and methods of processing;
c) the system used, where the data are processed electronically;
d) the main details identifying the data controller, the data processors and the representative designated in accordance with Article 5(2);
e) the persons or categories of persons to whom the personal data may be disclosed or who may become aware of it in their capacity as designated representatives within the national territory, as data controllers or as data processors.
3. The data subject has the right to
a) request that the data be updated, rectified or, where appropriate, supplemented;
b) request that data processed unlawfully be erased, anonymised or blocked; this also applies to data whose retention is not necessary for the purposes for which it was collected or subsequently processed;
c) to receive confirmation that the operations specified in points (a) and (b), including their content, have been communicated to those to whom the data have been transmitted or disclosed, unless this proves impossible or involves a disproportionate effort in relation to the right being protected.
d) individuals have the right to erasure, provided this is not precluded by a statutory retention obligation on our part. Upon exercising your right of withdrawal, all your data will be irrevocably deleted, provided that no overriding legal provisions are infringed.
4. The data subject has the right to object, in whole or in part,
a) to the processing of personal data concerning them on legitimate grounds, even if such data is relevant to the purpose for which it was collected;
b) to object to the processing of personal data concerning them, where such processing is carried out for the purposes of sending advertising material or direct marketing, for market or opinion research, or for commercial information.

Further information

For further information regarding your rights as a data subject, please contact us at info@chaletresort-innerluferhof.com . We will be happy to assist you. The supervisory authority responsible for handling complaints is the ‘Garante per la protezione dei dati personali’: Piazza di Monte Citorio n. 121 00186 ROMA, Telephone: (+39) 06.696771, Email.  garante@gpdp.it.
Consent to receive information via email or post.