Privacy Policy

Hotel Loveno Privacy Policy (EU REG. 2016/679)

Hotel Loveno Accommodation SAS based in Via Nazario Sauro 55, Menaggio (CO), PI 03810940134 as the data controller informs you in accordance with Article 13 EU Regulation n 2016/679 GDPR that your data will be processed in the manner and for the purposes below.

Method of processing

The holders will process the personal data you communicate on paper, computer or telematically.

Purposes of processing

To carry out business activities and/or fulfil contractual commitments undertaken with you, to fulfil administrative accounting purposes and to comply with all legal obligations arising from the contract. (Legal basis: consent and fulfilment of contractual obligations);
Retention of personal data to speed up registration procedures in the event of subsequent stays. (Legal basis: consent);
Sending commercial information and other communications relating to company activities, using electronic means of communication (Legal basis: consent).
Analysis of site performance

Types of data processed

Personal data include name, surname, residence, date and place of birth, identity document details, and credit card.
Telephone numbers and email addresses.

Data belonging to special categories, communicated by the data subject of his/her own free will, revealing racial or ethnic origin, sexual or religious orientation, state of health, etc., may be processed.

Storage and destruction

Personal data provided for the purposes set out above will be kept for 5 years, subject to the storage obligations provided for by current legislation.

Credit card data are kept by the slope programme, the external data controller, which stores the data at the data centre of Amazon Web Services Inc., in Frankfurt.

Data belonging to special categories will only be stored for the stay. This data will be deleted immediately at the end of the specified storage period.

Data for analysing the site’s performance will make sense for about a couple of years, and this is the period of usefulness and usage. Three years.

Disclosure of personal data

Your data may be processed:

By our accountant, the company that provides the insurance coverage, the companies that provide us with management and email software, the provider of the Mailchimp service used to send information and commercial communications
Internal persons („appointees“) trained in compliance with data processing regulations.

The controller may disclose your data to supervisory bodies and judicial authorities where required by law.

Data transfer

The management and storage of personal data will mostly occur on servers located within the European Union. Data will not be transferred outside the European Union except e-mails of your requests and e-mail addresses to which information and commercial communications are sent.

The handling of emails (for enquiries and bookings) is done through Google, theoretically in its European office in Dublin, but as we are a multinational company, we prefer to treat Google as a non-European supplier.

The data will be disclosed to The Rocket Science Group, LLC, based at 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA30398, USA. Appointed as the data controller as the provider of the Mailchimp service used to send the communications. Your data is stored on their servers in the USA (a non-EU country for which the European Commission has issued the so-called „adequacy decision“. regulating the cross-border transfer).

The handling of requests can also take place via whatsApp (Meta), in case of incoming requests from you. Meta is based in Menlopark, California and hosts WhatsApp. The company is currently making changes to adapt European accounts to the Digital Markets Act.

Nature of data confirmation and consequences of refusal

Mandatory purposes

Providing data to carry out business activities and/or fulfil contractual obligations is mandatory. Without it, we cannot ensure the proper management of the contract.

Non-mandatory purposes

Retention of personal data to speed up registration procedures in the event of subsequent stays.
Sending, with the use of electronic means of communication, commercial information and other communications
Analysis of site performance.

The legal basis is consent, of course this is a user choice.

Rights of the data subject

In your capacity as a data subject, you have the rights provided for in Articles 15 -21 of EU Reg. 2016/679 (right of access of the data subject, right of rectification, right to erasure, correct to restriction of processing, obligation to notify in the event of rectification or erasure of personal data or restriction of processing, right to data portability and right to object), as well as the right to complain to the Supervisory Authority.

How to exercise your rights

You may exercise your rights at any time by sending an email or registered letter to the address of the Data Controller. sara @

Privacy Policy