Privacy Policy

artt. 13-14 del UE 2016/679

We hereby inform users, pursuant to Articles 13-14 of EU Regulation 2016/679, regarding the processing of personal data carried out through this website and related third-level domains (hereinafter also referred to as “the Site” and/or “the Sites”), without extending to other websites that users may reach through referral links included therein.

The processing of personal data complies with the current legislation on personal data protection and is based on the principles of fairness, lawfulness, transparency, and data protection.

The Data Controller is:

Albergo dell’Agenzia S.r.l. with registered office at Via Fossano 21 – 12042 Pollenzo – Bra (CN)

Contact details: phone 0172 458600 email:

The disclosure is a general obligation that must be fulfilled before or at the latest at the beginning of the direct collection of personal data. In the case of personal data not collected directly from the data subject, the disclosure must be provided within a reasonable time, or at the time of communication (not registration) of the data (to third parties or to the data subject). In accordance with the General Data Protection Regulation (GDPR – Reg. (EU)2016/679), the undersigned organization, as Data Controller, informs as follows:

Sources and Categories of Personal Data

The personal data held by the undersigned organization is collected directly from data subjects. This website does not collect data belonging to special categories of data, which include data suitable to reveal racial or ethnic origin, religious, philosophical, or other beliefs, political opinions, membership in trade unions, associations, or organizations of a religious, philosophical, political, or trade union nature, health status, and sexual life.


Like others, this website stores cookies on the browser used by the concerned user for the transmission of personal information and to enhance their experience. Cookies are small text strings that websites visited by the user send to their terminal (usually the browser), where they are stored, sometimes with characteristics of long-term persistence, to be transmitted back to the same sites upon subsequent visits.

Further details as well as the possibility to modify one’s consent to the use of cookies are available by consulting the Cookie Policy of our Websites: It is clarified that during navigation, cookies may be linked to the second-level domain and therefore accessible on every third-level site or portal, without necessarily being used: in these cases, the cookie policy, if present, of the third-level site or portal shall prevail: in the absence of a cookie policy, this indicates that no cookies are used, not even those linked to the second-level domain, although accessible.

Navigation Data

During their normal operation, the computer systems and software procedures used to operate the website acquire some personal data, the transmission of which is implicit in the use of Internet communication protocols. These are pieces of information not collected to be associated with identified individuals, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters relating to the user’s operating system and computer environment. This data is used solely to obtain anonymous statistical information about the use of the site and to ensure its proper functioning and is deleted immediately after processing. The data may be used to ascertain responsibility in the event of hypothetical computer crimes against the site.This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as the requests you send to us as the site operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the padlock icon is displayed in the browser’s address bar.

If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

Profiling Data

Profiling data regarding the habits or consumption choices of the data subject are not directly acquired. However, it is possible that through links or by incorporating elements from third parties, such information may be acquired by independent or distinct entities. Please refer to the section on Third-Party Cookies for more information in this regard.

Data Provided Voluntarily by the User

The optional, explicit, and voluntary sending of emails to the addresses indicated on the Site entails the subsequent acquisition of the sender’s address, necessary to respond to the requests, as well as any other personal data included in the email. Similarly, the explicit and voluntary submission of fillable forms on the site containing data of the data subject entails processing to fulfill pre-contractual obligations or to execute the services provided with the submission of the forms. Information in the forms may include personal data such as personal information, contact details, addresses, phone numbers, accommodation structure, email addresses of the data subjects and third parties identified and identifiable with the user of the site.
The User assumes responsibility for third-party personal data obtained, published, or shared through this Site and guarantees to have the right to communicate or disseminate them, releasing the Data Controller from any liability to third parties.

Newsletter, Mailing-list

The email contacts used for sending communications from the site come from voluntary subscriptions by the recipient, which always undergo a confirmation request, as well as from information acquired in the context of selling products or services of the Data Controller or similar. This includes the sending of information, promotional communications, and material. It is emphasized that the contacts are not obtained from public subscriber lists. In case the communications are not of interest to the recipient, it is possible to avoid any further contact by clicking the appropriate link contained in each message or by writing to the contact details at the bottom, exercising the right to unsubscribe from the newsletter.

Contact Form

By filling out the contact form with their data, the user consents to their use to respond to requests for information, quotes, or any other nature of request made through the contact form. There is no interest in collecting and/or recording special or judicial data; therefore, it is advised not to provide such information when filling out the contact form. In the event that the user voluntarily communicates their personal data belonging to special categories (e.g., regarding health status), the undersigned organization will proceed with deletion unless it prejudices the processing of the data.

Purposes and Legal Basis of Data Processing

Personal data are used for the following purposes:

a) To enable navigation on the website (ref. Art. 6 para. 1 letter f) of the GDPR);
b) Optionally, to execute the service or requested performance within the normal activity carried out by the undersigned organization (ref. Art. 6 para. 1 letter b) of the GDPR);
c) For purposes related to obligations provided by laws, as well as provisions issued by authorities authorized by law (ref. Art. 6 para. 1 letter c) of the GDPR), for example, but not limited to:
Execution of administrative and/or accounting and/or tax obligations (e.g., keeping accounting records and issuing sales invoices);
d) To fulfill tasks in the public interest, such as registering guests staying at our facility;
e) For the establishment, exercise, or defense of a legal right in judicial and extrajudicial proceedings (legitimate interest) of the undersigned organization (ref. Art. 6 para. 1 letter f) of the GDPR);
f) For functional purposes, according to the legitimate interest of the Data Controller, particularly for navigation and usage logs to protect the site and the service from cyber-attacks, identify any fraudulent or malicious activities (ref. Art. 6 para. 1 letter f) of the GDPR);
g) For direct marketing purposes according to the legitimate interest of the Data Controller or the express consent of the user. In particular: for cookies, advertising IDs used to display advertisements and announcements; for email addresses for sending newsletters, information about initiatives, events, and commercial communications, promotion, sale of services, and satisfaction surveys by the Data Controller.

Consequences of Refusing to Provide Data

The provision of data collected from the data subject is optional but essential for the processing of the same for the purposes outlined in points a) and b). In the event that data subjects do not communicate their essential data and do not allow processing, it will not be possible to proceed with the provision and implementation of the proposed services and to fulfill contractual obligations undertaken, with consequent prejudice to the proper fulfillment of regulatory obligations, such as accounting, tax, and administrative obligations, etc.

Apart from what is specified for navigation data, the user is free to provide personal data for cookies and specific requests through forms, e.g., on products and/or services. Failure to provide them may result in the impossibility of obtaining what is requested. For all non-essential data, including those belonging to special categories, the provision is optional. In the absence of consent or incomplete or incorrect provision of certain data, including those belonging to special categories, the required obligations may be so incomplete as to cause prejudice in terms of penalties or loss of benefits, both due to the inability to guarantee the adequacy of the processing itself to the obligations for which it is carried out, and due to the possible failure of the processing results to match the obligations imposed by the laws to which it is addressed, with the undersigned organization being relieved of any and all responsibility for any sanctions or punitive measures.

Data Processing Methods

The processing operations related to the web services of the site are carried out using automated tools for the time strictly necessary to achieve the purposes for which they were collected; they take place on the server in Italy or the EU and are handled only by technical personnel in charge of processing, or by any persons appointed to perform maintenance and administration operations. Specific security measures are observed to prevent data loss, unlawful or incorrect use, and unauthorized access, as well as loss of confidentiality.

Data processing includes their collection, recording, organization, storage, processing, modification, deletion, and destruction, or the combination of two or more of these operations. In relation to the aforementioned purposes, the processing of personal data is carried out through manual, computerized, and telematic tools, with logic strictly related to the purposes themselves and, in any case, in a manner that ensures the security and confidentiality of personal data. Therefore, personal data will be processed in compliance with the methods indicated in Article 5 of EU Regulation 2016/679, which provides, among other things, that data be processed lawfully and fairly, collected and recorded for specific, explicit, and legitimate purposes, accurate, and if necessary updated, relevant, complete, and not excessive in relation to the purposes of the processing, in compliance with the rights and fundamental freedoms, as well as the dignity of the data subject, with particular reference to confidentiality and personal identity, through measures of protection and security. The undersigned organization has prepared and will further improve the access and data storage security system.

No automated decision-making process (e.g., profiling) is carried out.

Transfer outside the EU

Processing will mainly take place in Italy and the EU, but it may also occur in countries outside the EU and the EEA if deemed functional to the efficient fulfillment of the purposes pursued, in compliance with guarantees in favor of the data subjects.

Finally, processing that takes place in countries outside the EU and the EEA when, at the request of the data subject, connections to the site originate from such countries, is beyond the responsibility of the Data Controller.

Retention Period

Personal data will be retained, in general, for as long as the purposes of the processing remain relevant to the category of data processed. The Data Controller may be obliged to retain personal data for a longer period in compliance with a legal obligation or by order of an authority.

Categories of Recipients

The data (only essential ones) are communicated to:

Persons in charge and processors of the processing, both internal to the organization of the undersigned, and external, who carry out specific tasks and operations (administration of the site, analysis of navigation data, traffic, management of emails and forms voluntarily submitted by the user, processing of requests and orders from booking platforms, etc.);
In cases and to the subjects provided by law.

The data will not be subject to dissemination unless contrary legal provisions or prior anonymization. Except for what is specified for cookies and third-party elements, without the prior general consent of the data subject to communications to third parties, only services that do not involve such communications may be provided. In case of necessity, specific and punctual consents will be requested, and the recipients of the data will use them as independent data controllers.

In some cases (not subject to the ordinary management of this site), the Authority may request information, for the purpose of monitoring the processing of personal data. In these cases, the response is mandatory under penalty of administrative sanction.

Rights of the Data Subject

At any time, you may: exercise your rights (access, rectification, erasure, restriction, portability, objection, absence of automated decision-making processes) when provided for against the data controller, pursuant to Articles 15 to 22 of the GDPR (regulation); lodge a complaint with the Garante (; if the processing is based on consent, revoke such consent given, bearing in mind that revoking consent does not affect the lawfulness of processing based on consent before its withdrawal.

Requests should be addressed to the Data Controller via email, at the following address:

Format of the Information

This privacy notice is available for automatic consultation through any internet browsing browser. In any case, please report any difficulties encountered in viewing this notice so that alternative means can be provided if necessary.

This document will be subject to updates; it is the responsibility of the user to consult the document and its updates.