Privacy Policy

Privacy Policy and Cookie Policy

Hotel Roduna, represented by its management, with registered office at Vill 19, 39037 Rodeneck (BZ), Italy, is committed to protecting your privacy. This privacy policy is based on the European Data Protection Regulation (GDPR) and informs you how we process, store and protect your personal data.

By using this website, you agree that we process your data in accordance with this privacy policy. This policy applies to all visitors who are at least 16 years old.

1. The Data Controller

The party responsible for data processing is:

For questions about personal data processing or to exercise your rights, please contact us using the information above.

2. Types of Personal Data Processed

Automatically Collected Data (Navigation Data)

When using our website, we automatically collect technical data such as IP addresses, browser types, visit duration and pages visited. This data is used to improve website functionality and for troubleshooting, and is automatically deleted after a short time. This processing is based on our legitimate interest (Art. 6 (1) f GDPR).

Data You Provide to Us

When you use our inquiry or booking form, we collect your personal data such as name, email address, phone number, travel dates and other information to process your inquiry. The legal basis is Art. 6 (1) b GDPR (contract fulfillment). Providing this data is optional but necessary to process your inquiry.

Newsletter Registration

When registering for our newsletter, you provide us with your email address and preferred language. This data is used to send you hotel information and offers. You can unsubscribe at any time. The legal basis is Art. 6 (1) a GDPR (consent).

3. Hosting, Domain, CDN and Data Processors

We use the following service providers who may process data on our behalf (Art. 28 GDPR):

• Vercel (Hosting)
  340 S Lemon Ave #4133, Walnut, CA 91789, USA
• Cloudflare (Domain/DNS, CDN and Security Functions)
  San Francisco, USA
• Formspree (Form Backend / Processing of Form Submissions)
  USA
• CCM19 (Consent Management / Cookie Banner)
  Germany

Where required, data processing agreements are concluded with these providers. This ensures that your data is protected with the same care as by us.

4. Cookies, Consent and Cookie Settings (CCM19)

We use CCM19 as a consent management platform to obtain, store and manage consent for cookies/tracking.

Legal Basis:

• Technically necessary cookies: Art. 6 (1) f GDPR
• Analytics/Marketing/Tracking cookies: Art. 6 (1) a GDPR (consent)

You can change or revoke your choice at any time via Cookie Settings.

5. Tracking, Analytics and Advertising (Only with Consent)

If you consent in the cookie banner, we use the following technologies:

• Google Tag Manager (Tag integration/control)
• Google Analytics 4 (Reach measurement, usage analysis)
• Meta Pixel & Meta Conversions API (CAPI) (Conversion measurement, campaign optimization)
• Microsoft Advertising (Conversion tracking / Campaign measurement)
• TikTok Pixel & TikTok Conversions/Events API (CAPI) (Conversion measurement, campaign optimization)

Legal Basis:

Art. 6 (1) a GDPR (consent). Without consent, these tools remain disabled.

6. Data Transfers to Third Countries

By using providers with international infrastructure (e.g., Cloudflare, Google, Meta, Microsoft, TikTok, Formspree), data may be transferred to countries outside the EU/EEA (particularly the USA).

Where required, such transfers are based on appropriate guarantees (e.g., standard contractual clauses) and additional safeguards in accordance with Articles 44 et seq. GDPR.

7. Data Retention

We store personal data only as long as necessary for the purposes:

• Server/Security Data: Typically up to 14 days (or longer if security incidents occur)
• Contact Requests: Until completion of processing, then typically up to 12 months, unless legal obligations require longer storage
• Consent Evidence (CMP): As long as necessary to prove consent
• Inquiry and Booking Data: Stored as long as necessary for contract fulfillment and in accordance with legal retention requirements (typically 3-6 years)

8. Your Rights (Art. 15–21 GDPR)

You have the following rights in particular:

• Right to Information: What data do we store about you?
• Right to Rectification: Correction of incorrect data
• Right to Erasure: Deletion of your data (if legally permissible)
• Right to Restrict Processing
• Right to Data Portability: Your data in structured format
• Right to Object: Against processing based on legitimate interests
• Right to Withdraw Consent: At any time via cookie settings

9. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection authority. In Italy, the responsible authority is typically:

10. Purposes of Data Processing

• Answering inquiries and booking requests
• Providing requested services (e.g., hotel reservation)
• Fulfilling legal and tax obligations
• Newsletter distribution (with your consent)
• Improvement and optimization of our website
• Security and protection against abuse
• Marketing and communication about offers (only with consent)

11. Data Sharing with Third Parties

Your personal data will only be shared with the following categories of third parties:

• Data Processors: Partners who assist us in providing our services (e.g., hosting providers, email service providers, booking systems). These are contractually obligated to comply with GDPR
• Authorities: If legally required
• Employees: Only to the extent necessary for their work and under confidentiality obligations

We do not share your data with third parties for marketing purposes without your consent.

12. Data Security

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, loss or misuse. These include encryption, secure servers and access control measures. However, despite these measures, we cannot guarantee absolute security – all online data transmission carries risks.

13. South Tyrol Alto Adige Guest Pass

a. Terms and Conditions

Upon completion of the accommodation contract, the Südtirol Alto Adige Guest Pass (hereafter Guest Pass) will be issued to the guest, which according to the decision of the South Tyrolean regional government No. 732/2022, is valid for the entire duration of their stay as well as from 0:00 on the day of arrival until 24:00 on the day of departure.

The Guest Pass includes the use of all public transport within the "südtirolmobil" network area as well as additional services, which vary depending on the tourism organization. Detailed information can be found at: suedtirol-guestpass.info

The sole entity carrying the Guest Pass in South Tyrol is the Mobilitätskonsortium, appointed as the unified coordination point in accordance with the above decision of the South Tyrolean regional government by the Provincial Association of Tourism Organizations of South Tyrol (LTS) on November 16, 2022. The details of the additional services associated with the Guest Pass and the conditions of use of the Guest Pass are communicated by the third party responsible for issuing and managing the Guest Pass. Detailed information is available at: suedtirol-guestpass.info

b. Data Protection Notice Regarding Guest Pass

Purpose:

The personal data provided will be transmitted to the single coordinating body of the Guest Pass in order to enable the creation and use of the Guest Pass and to provide the associated services.

Recipient:

In connection with the issue of the Guest Pass, your data will be transmitted to the Mobilitätskonsortium, VAT Nr. 02735170215, which acts as the cardholder and unified coordinating body and assumes the role of autonomous data controller in processing the transferred data. For further information regarding the processing to which the data will be subjected, you can send an email to privacy@moko.bz.it.

Legal Basis:

The legal basis for processing is Art. 6 (1) (b) of the GDPR.

14. External Links and Third-Party Sites

This website may contain links to external websites. We are not responsible for the data protection practices of these websites. We recommend that you read their privacy policies before submitting your data.