Privacy Policy

Link to the General Data Protection Regulation no. 2016/679 (GDPR)

In compliance with Articles 13 (for data collected from the data subject) and 14 (for data not collected from the data subject) of the EU Regulation 2016/679 (GDPR), the following information is made available to Users of the website, which refers exclusively to the processing performed through said Website and not through other websites that may be visited through links from this one, for which it is suggested that they read the relevant disclosures made by the respective Data Controllers.

The purpose of the privacy policy is to provide maximum transparency regarding the information the site collects and the purposes and methods of its use.

1 – Data controller

Hotel La Bussola with registered office in Via Panoramica, 24 I – 28016 – ORTA SAN GIULIO (No) (the “Company”, “” or the “Data Controller”), as the controller of personal data of users of the website guarantees compliance with the regulations on the protection of personal data by providing the following information about the processing of data communicated or otherwise collected in the course of navigation on this site, pursuant to Art. 13 of Legislative Decree. 196/2003 and pursuant to Articles 13 and 14 of EU Regulation 2016/679 of April 27, 2016.

You can contact the Data Controller using the following contact information:
Tel: (++39) 0322 911913
Fax: (++39) 0322 911913
E- mail:

The person responsible for data processing is Patrice Tassera.

2 – Legal basis for processing

The processing of personal data is based on the right to information, fulfillment of contractual obligations or social contact, or where necessary, consent by freely and knowingly filling in the appropriate information fields in the dedicated forms.

The provision of data and thus consent to data collection and processing is optional.
The User may withhold consent, and may revoke a consent already given at any time (by clicking on the Cookie Policy link at the bottom of the page, or through the browser settings with reference to cookies). However, denying consent may result in the inability to deliver some services and the site’s browsing experience may be reduced.

3 – Purpose of processing and modalities

Processing of personal data means any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data.
The personal data of the Users of the Website will be processed in the manner and form prescribed by the GDPR, in order to carry out the Website’s own functionalities, with particular, but not exclusive, reference to the procedures described therein for data collection, contact form, possible registration/access restricted area process, newsletter subscription and the like.
The processing of data collected from the site, in addition to the purposes related, instrumental and necessary to the provision of the service, is aimed at the following purposes:

  • To follow up on specific requests made to the Owner by the User via the Website and its communication tools (contact forms, product and service information request forms, and the like);
  • Obtain and confirm reservation request and other services, and provide such service as requested
  • Possible subscription to the newsletter (where applicable) and the consequent sending of commercial communications and various information concerning the sector in which the Owner operates, with appropriate consent given by the user;
  • For other purposes ancillary or related to those above and otherwise within the scope of the Website’s activities, including Geo-location on the map;
  • To collect data and information in an aggregate and anonymous form only in order to verify the proper functioning of the site, to improve the online store (where applicable) and platform, and performance and features. None of this information is related to the physical person-User of the site, and it does not in any way allow their identification.

The data collected will be processed by means of electronic or otherwise automated, computerized and telematic tools, or by manual processing with logic strictly related to the purposes for which the personal data were collected and, in any case, in such a way as to ensure in all cases the security of the same. Data are kept for the time strictly necessary to manage the purposes for which the data are collected in compliance with applicable regulations and legal obligations.
The processing of personal data at Via Panoramica, 24 I – 28016 – ORTA SAN GIULIO (No) will be carried out exclusively by our Data Processors, and will be provided to Third Party Companies only upon specific request and requirement (see paragraph 5)

In contrast, the newsletter with promotional content (where present) is provided directly by the data controller, using MailUp, which, processing data on behalf of the data controller, is responsible for the processing. MailUp uses web beacons in order to detect the opening of a message, clicks made on hyperlinks contained within the email, from which IP address or with which type of browser the email is opened, and other similar details. The User can also easily object to further newsletter mailings by clicking on the appropriate link to withdraw consent, which is present in each email containing the newsletter. Once consent has been revoked, the Owner will send the User a message confirming that consent has been revoked.

4 – Data collected

This site collects user data in two ways.

4.1 – Data collected in an automated manner.

While browsing the Web site, a variety of information about the computer systems used by the user is normally acquired. These are for example:

  • internet protocol (IP) address;
  • browser type;
  • Internet service provider (ISP) name;
  • Date and time of visit;
  • Visitor’s source (referral) and exit web pages;
  • possibly the number of clicks and page(s) visited;
  • device data.

This data is used for statistical and analytical purposes, in aggregate form only. None of this information is related to the physical person-user of the site, and it does not in any way allow their identification. The IP address is used for security purposes only and is not cross-referenced with any other data.

4.2 – Data conferred voluntarily

The site may collect other data in case of voluntary use of services by users, such as commenting services, communication (chat, contact forms, newsletter sending), purchase (shopping cart). These are for example:

  • First and last name;
  • usernames;
  • email address;
  • Physical residence address;
  • Goods shipping address (where provided for shipping purposes);
  • social profiles;
  • geographical location.

This data is voluntarily provided by the User when requesting the service, and will be used solely for the purpose of providing the requested service.

Users exempt this site from any liability for any violations of laws. It is up to the User to verify that he or she has permissions to enter personal data of third parties or content protected by national and international regulations.

5 – Transfer of collected data to third parties

The data collected by the site is not provided to third parties, unless it is a legitimate request by a judicial authority and only in cases provided by law. The data, however, may be provided to third parties if this is necessary for the provision of a specific, or to perform security or site optimization checks.
The user expressly consents to the transfer of data in the assumptions below.

5.1 – Third-party service providers

This Website may provide some personal data to Consultants, Web Agency and Software House to perform security checks or site optimization, to judicial authorities in case of specific request, to third party companies acting on behalf of the Owner or to MailUp platform for sending newsletters.
In the case of an online payment, we provide the necessary payment information to the credit institution or payment provider we have selected as responsible for the payment process or to the payment service provider selected during the purchase process.
These providers have access only to personal data that are necessary to carry out their tasks.
The same providers may not use the same data for other purposes and are also required to process personal data in accordance with this Privacy Policy and instructions provided by the Owner, and under applicable data protection regulations.

5.2 – Business Transfers

In the event that ownership of the site or all of its assets are transferred to a third party, or in the event of a merger, joint venture, or reorganization, personal customer data will naturally be among the transferred assets.

5.3 – Protection of the company and other parties

We disclose account and other personal data only when expressly required to do so by law; to enforce or apply our General Terms and Conditions of Use and Sale and other agreements; to protect our property or rights; and for the safety of the company, our users, or others. This includes exchanging information with other companies and organizations that provide fraud prevention or credit risk reduction. Of course, this does not include selling, sharing, or otherwise disclosing personal information received from customers for commercial purposes contrary to the commitments made in this Privacy Policy.

Under no circumstances will your data be given to third parties for marketing purposes.

Your data will in no way be transferred to third countries outside the EU or international organizations, nor will it be stored on servers located in a third country.

6 – Place of processing

Data collected from the site are processed at the Data Controller’s office, and at the Web Hosting datacenter. ARUBA web hosting is located in the European Economic Area and acts in accordance with European standards.

7 – Data retention period

The data provided by the Data Subject will be retained until expressly revoked by the Data Subject, including by action on his or her browser, cleaning of cookies, express request by email or telephone to the Data Controller (see specific paragraph) or otherwise manifested.
Browsing data will be kept for the technical time necessary to fulfill the functions for which they were collected.

8 – Security Measures

The Data Controller processes visitor/user data lawfully and fairly, taking appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of data. The processing is carried out by means of computer and/or telematic tools, with organizational methods and logic strictly related to the indicated purposes.

We are committed to protecting the security of your personal information as it is submitted, using Secure Sockets Layer (SSL) software, which encrypts the information you enter.

It is important that you adopt appropriate protections against unauthorized use of your credentials to access the site.

9 – Rights of the User/Processing Interested Party.

Pursuant to European Regulation no. 679/2016 (GDPR) and Art. 7 of Legislative Decree. June 30, 2003, no. 196, the User may, in the manner and within the limits provided for by current legislation, exercise the following rights:

  • oppose in whole or in part, for legitimate reasons, the processing of personal data concerning him/her for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication;
  • Request confirmation of the existence of personal data concerning him/her (right of access);
  • Know its origin;
  • Receive intelligible communication;
  • Have information about the logic, methods and purposes of processing;
  • request the updating, rectification, integration, cancellation, transformation into anonymous form, and blocking of data processed in violation of the law, including data no longer necessary to achieve the purposes for which they were collected;
  • in cases of consent-based processing, receive at the sole cost of any support, your data provided to the data controller, in structured, machine-readable form and in a format commonly used by an electronic device;
  • The right to file a complaint with the supervisory authority (Privacy Guarantor) );
  • as well as, more generally, to exercise all the rights granted to him by the current legal provisions.

These rights may be exercised in the form and under the terms set forth in Art. 12 of the GDPR, by written notice sent to the Holder via e-mail to the address

Requests should be addressed to the Data Controller or Processor.

10 – Complaints

Each Data Subject has the right to lodge a complaint pursuant to Articles 77 et seq. of the GDPR with a supervisory authority, which for the Italian state is identified in the Garante per la protezione dei dati personali.

The forms, methods, and time limits for filing grievance actions are provided for and governed by current national legislation. The complaint is without prejudice to administrative and jurisdictional actions, which for the Italian state can be brought alternatively to the same Guarantor or to the competent Court.

11 – Profiling

Personal data provided through the forms are NOT subject to profiling.
Profiling allows the Data Controller to assess certain personal aspects of the Data Subject relating in particular to his/her preferences, interests, and tastes with reference to the products sold and the activities carried out by the Data Controller, in order to enable the Data Controller to offer the Data Subject a sales service that is more specific and targeted to his/her needs.

12 – Updates

This privacy policy is current as of May 25, 2018