top of page

DATA PROTECTION REGULATIONS

Privacy Notice (Holiday Home Website) – Article 13 of Regulation (EU) 2016/679

  1. Controller and contact details Controller: Philipp Colleselli, Hartwigweg 6, 39042 Brixen (BZ), Tax Code CLLPLP72D01A952H.
    Contact details: lavoliereliving@gmail.comphilipp.colleselli@pec.it.
    Data Protection Officer: not appointed.

For any privacy-related request or for the exercise of data subject rights, you may contact the Controller at: lavoliereliving@gmail.com (or certified email: philipp.colleselli@pec.it).

  1. Categories of personal data processed

  • Browsing data: IP addresses, device identifiers, log data, timestamps, requested URLs, user-agent data, and other information required for the security of the website and the delivery of its pages.

  • Data entered in forms (contact/booking): first name, surname, email address, telephone number, stay dates, number of guests, and any requests or preferences communicated by the user.

  • Data relating to online bookings and payments: transaction data and information concerning the payment method used. Full card details are processed exclusively by the payment service provider and not by the Controller.

  • Data processed for marketing and profiling purposes: preferences, interactions with the website, and interactions with campaigns or advertisements collected through cookies or similar technologies subject to prior consent.

  • Data collected through cookies and other trackers: please refer to the Cookie Policy.

  1. Purposes of processing, legal bases, and retention periods

  • Website navigation, provision, and security: the Controller’s legitimate interest and the necessity to provide the service; technical log data are retained for 7 to 30 days, without prejudice to any further retention required for the establishment, exercise, or defence of legal claims.

  • Handling requests for information or quotations: performance of pre-contractual measures taken at the data subject’s request; retention for up to 24 months from the last relevant contact.

  • Management of bookings, stays, and related obligations (including administrative, accounting, tax, and public security obligations): performance of the contract and compliance with legal obligations; administrative and accounting records are retained for up to 10 years; guest registration records are retained in accordance with the applicable public security rules.

  • Online payments and fraud prevention: performance of the contract, the Controller’s legitimate interest in preventing fraud, and compliance with legal obligations; retention takes place in accordance with applicable civil and tax law and the policies of the payment service provider.

  • Website analytics: consent for non-anonymised analytics cookies; where analytics cookies are subject to anonymisation measures that preclude identification, they may be treated as technical cookies where permitted by law; the usual retention period ranges from 14 to 26 months depending on the tool used.

  • Marketing and profiling: sending or displaying personalised promotional content and carrying out remarketing activities subject to prior consent collected through the banner or consent management platform; profiling data are retained for up to 12 months and marketing data until consent is withdrawn or, in any event, for up to 24 months from the last relevant interaction.

  1. Provision of data

  • The provision of data is necessary in order to respond to requests, manage bookings, and comply with legal obligations; failing this, the requested services cannot be provided.

  • The provision of data for analytics, marketing, and profiling purposes is optional; refusal to provide consent will not affect the essential functionality of the website or the stay.

  1. Recipients and categories of recipients Personal data may, in particular, be disclosed to the following categories of recipients:

  • IT, hosting, and website maintenance service providers: Wix.com Ltd. (website platform and analytics/booking tools), and email service providers.

  • Any booking engine and channel manager integrated into the Wix website; payment service providers (for example, Wix Payments, Stripe, or PayPal, depending on the payment method selected); and banking institutions.

  • Tax and accounting advisers; public authorities for the fulfilment of legal obligations; and legal advisers in the event of disputes. Such parties act either as independent controllers or, where they process personal data on behalf of the Controller, as processors pursuant to Article 28 GDPR under specific contractual arrangements. An updated list of processors is available upon request.

  1. Transfers of personal data outside the European Economic Area To the best of the Controller’s knowledge, no transfers of personal data to countries outside the EEA are currently envisaged. Should such transfers become necessary in the future for technical or organisational reasons relating to service providers, they will take place in compliance with Chapter V GDPR on the basis of an adequacy decision or, in the absence thereof, appropriate safeguards (for example, standard contractual clauses).

  2. Rights of data subjects Data subjects may, at any time, exercise their rights of access, rectification, erasure, restriction of processing, data portability, and objection to processing, as well as withdraw any consent previously given, without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal. Data subjects also have the right to lodge a complaint with the competent supervisory authority (www.garanteprivacy.it).

  3. Data security Appropriate technical and organisational measures are implemented to prevent the destruction, loss, alteration, unauthorised disclosure of, or unauthorised access to, personal data.

  4. Minors The services offered through the website are not intended for minors under the age of 14. If the Controller becomes aware that personal data relating to a minor have been collected without an appropriate legal basis, such data will be deleted without undue delay.

  5. Updates This Privacy Notice may be amended or updated from time to time. The version published on this page, together with its latest update date, shall prevail.

Last updated: 26 May 2026
Contacts for exercising data protection rights: lavoliereliving@gmail.com – certified email: philipp.colleselli@pec.it

bottom of page