Protecting Your Personal Data at Villa Angelino: GDPR from Click to Check‑Out

Your holiday should feel effortless—and that includes trusting how your information is handled. Protecting your personal data at Villa Angelino isn’t an afterthought; it’s built into every step of your journey, from the first click on our website to check‑out and beyond. Guided by the GDPR, we apply clear principles of lawfulness and fairness, secure technologies such as SSL encryption, and transparent processes so you always know what happens to your data and why.

In this guide, you’ll learn who is responsible for your data, how specific services (like contact forms, gift vouchers, and the complimentary Guest Pass) are processed, what web tools we use, how long we retain information, with whom data may be shared, and exactly how to exercise your rights.

Who is responsible for your data

• Data Controller (Owner of the Treatment): Nima Demetz GmbH, Str. Petlin 35, I–39046 Ortisei Val Gardena (BZ), VAT no. IT00859260218
  Tel +39 0471 796145 | Fax +39 0471 796644 | E‑Mail: info@villa-angelino.com | Internet: www.villa-angelino.com

We process personal data in accordance with EU Regulation 2016/679 (GDPR), following principles of lawfulness, fairness, and purpose limitation.

From click to check‑out: how your data is processed

Our processing activities are designed to provide services you request, fulfil legal and contractual obligations, safeguard payments, improve site performance, and carry out permitted marketing activities. Below is a clear overview of what happens at key touchpoints.

Website browsing and secure connection

• What we collect for technical operation: browser type/version, operating system, referrer page, pages visited on our site, date/time of access, IP address, and similar diagnostic data. These are stored as server log files to ensure system security and a smooth user experience.
  • Legal basis: Article 6 GDPR.

• SSL encryption: All personal data entered on our website is protected by Secure Socket Layer (SSL). Look for the padlock icon in your browser; by clicking it, you can verify that the SSL certificate is valid and up‑to‑date.

• Cookies: We use cookies to improve navigation. You can delete cookies at any time or block them in your browser settings. If you block cookies, some website functions may be limited.

Contact forms and direct enquiries

• Mandatory fields: Fields marked with an asterisk are required to process your request. If required fields are left blank, we may be unable to provide the requested service.
• Consent via submission: Sending the form constitutes implicit acceptance of the data processing needed to handle your enquiry.
• Retention: Data sent via the contact form are stored only as long as necessary to process your request.

Bookings and core contractual activities

• EU/EEC processing for agreed activities: All agreed contractual activities are processed within EU or EEC countries. Any transfer to a country outside this area would require your explicit approval and will only occur if full GDPR protection conditions are met.

• Tip for planning: If you’re comparing options like our Best Price Guarantee or adding extras, the same GDPR protections apply to the personal data you provide while we handle your enquiry or reservation.

Gift vouchers (ADDITIVE+ Vouchers)

• System used: ADDITIVE s.n.c., 39011 Lana (BZ), Italy.
• Where your data is stored: All voucher purchase and customer data are processed and stored in the EU.
• Why we process it: To fulfil the contract or carry out pre‑contractual measures. Without this data we cannot complete your voucher purchase.
• Data sharing for this purpose: Credit card data may be transmitted to the payment provider; relevant data may be shared with our tax accountant to fulfil tax obligations.
• Legal basis: Art. 6(1)(a) GDPR (consent) and/or Art. 6(1)(b) GDPR (contract performance).

Complimentary Guest Pass

• Purpose: To create and enable the use of the Guest Pass and provide associated services.
• Recipient and role: Mobilitätskonsortium, VAT Nr. 02735170215, acts as the cardholder and autonomous data controller for the data required to issue the pass.
• Legal basis: Art. 6(1)(b) GDPR (contract performance).

• Contact for details about this processing: privacy@moko.bz.it.

• Tip while you plan travel: We provide the South Tyrol MobilCard to each guest for unlimited public transport; issuing benefits like this requires only essential personal data and follows GDPR rules as described above.

Web services we use—and your choices

Google Analytics (statistics)

• What it does: Helps us understand website usage so we can improve performance and content.
• Mode: Used in IP‑masking mode for anonymised statistics.
• Data transfer: Information (including IP address) may be transmitted to servers in the USA for processing.
• Your opt‑out options:
  1) Disable Analytics via your Google Ads Settings; and/or
  2) Install Google’s official browser add‑on: https://tools.google.com/dlpage/gaoptout?hl=gb.

Further information on conditions of use and data protection is available from Google’s privacy pages.

Google Fonts (Web Fonts)

• Purpose: To display text consistently and beautifully across devices.
• How it works: Your browser retrieves fonts from Google’s servers; in doing so, Google receives information that your IP address accessed our website.
• Legal basis: Legitimate interest under Art. 6(1)(f) GDPR to ensure a clean and visually enjoyable navigation experience.
• More info: https://developers.google.com/fonts/faq and https://www.google.com/policies/privacy/.
• Note: Google also processes data in the USA and adheres to the EU‑US Privacy Shield norms.

How long we keep your data (retention periods)

We define specific conservation periods according to purpose:

1. Product/activity enquiries: Stored only for the time strictly necessary to process your request.
2. Website navigation data: Retained for the period needed to fulfil your navigation request and maintain system efficiency.
3. Internal operations (e.g., invoices, admin, tax): Processed and stored in line with legal requirements for those purposes.
4. Disputes/litigation: Stored as long as strictly necessary to pursue or defend claims and never beyond applicable prescription limits.

When we share data—and how we safeguard it

Collaboration with third parties

• We require suppliers and service partners to uphold privacy and security standards contractually equivalent to ours.
• Within technical integrations, email addresses we provide may be encrypted (e.g., hashed) so that third parties cannot derive the original addresses.
• If servers or a supplier’s premises are outside the EEC, we ensure appropriate safety standards for any necessary transfers.

Disclosure in specific cases

In principle, personal data are not forwarded. Where necessary, data may be disclosed to:

• Subcontractors for technical checks and analysis, payments, identification and addressing services, analysis services, or credit insurance companies.
• Public administrations or authorities, where required by law.
• Credit institutions for handling credits/debits and for financial reasons.
• Professional advisors or bodies (e.g., legal, administrative, fiscal consultants, courts, chambers of commerce) when relevant to our service activities.

Your GDPR rights—and how to exercise them

You can exercise your rights yourself or via an authorised representative by sending a written request (with acknowledgement of receipt) or an email to the Data Controller (contact details above). You have the right to:

• Receive confirmation whether your personal data are being processed.
• Access information about processing, including purposes, categories of data, recipients (especially outside the EEC or international organisations), data retention periods, the right to lodge a complaint, data sources (if not collected from you), and whether automated decision‑making/profiling is involved.
• Rectification of inaccurate personal data without undue delay.
• Erasure of personal data where conditions apply (e.g., data no longer necessary; consent withdrawn; unlawful processing; legal obligation to erase; successful objection).
• Restriction of processing in cases such as contested accuracy, unlawful processing with request for restriction, data needed for legal claims, or pending verification of overriding legitimate grounds.
• Data portability, receiving your data in a structured, machine‑readable format and transmitting it to another controller; where technically feasible, you may request direct transmission controller‑to‑controller.
• Object at any time to processing based on reasons relating to your particular situation; this also applies to profiling. If you object, we will stop processing unless we demonstrate compelling legitimate grounds.
• Not be subject to automated decisions, including profiling, that produce legal or similarly significant effects, except where necessary for a contract, authorised by law, or based on your explicit consent, with safeguards in place.
• Withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
• Receive a copy of the personal data we hold, provided in line with applicable regulations.
• Lodge a complaint with the competent data protection authority and/or seek judicial remedy.

Note: In specific cases, we may retain certain information for legal purposes (e.g., suspected fraud or breach of general terms).

Practical takeaways to stay in control

• Check the padlock: Before entering details, look for the SSL padlock in your browser and click it to verify the certificate.
• Decide on cookies: Use your browser settings to delete or block cookies if you prefer; remember some site features may then be limited.
• Tune your analytics privacy: Use the Google Ads Settings to disable Analytics and/or install the official opt‑out add‑on at https://tools.google.com/dlpage/gaoptout?hl=gb.
• Be precise in requests: When emailing info@villa-angelino.com to exercise GDPR rights, state which right you’re invoking (e.g., access, rectification, objection) and include enough detail to identify your records securely.
• Guest Pass queries: For pass‑specific processing, you can contact privacy@moko.bz.it (Mobilitätskonsortium, autonomous data controller for Guest Pass data).
• Vouchers with confidence: ADDITIVE+ voucher purchases are processed and stored in the EU; payment details go only to the payment provider as needed for the transaction.

Quick answers (for featured snippets)

• Are agreed contractual activities processed outside the EU/EEC? No. They are processed within EU or EEC countries. Any transfer elsewhere would require your explicit approval and only under full GDPR conditions.
• Is the website secure? Yes. All personal data entered on our site are protected by SSL encryption; the padlock icon confirms a protected connection.
• Who receives my data for the Guest Pass? Mobilitätskonsortium (VAT Nr. 02735170215), which is the cardholder and an autonomous data controller for this purpose (legal basis: Art. 6(1)(b) GDPR).
• How can I opt out of Google Analytics? Disable it via your Google Ads Settings and/or install Google’s browser add‑on: https://tools.google.com/dlpage/gaoptout?hl=gb.

Conclusion

Protecting your personal data at Villa Angelino means clear purposes, minimal and secure processing, defined retention periods, and easy ways to exercise your rights. From SSL‑secured forms and EU‑based voucher handling to transparent Guest Pass processing and analytics opt‑outs, every step is designed to keep you informed and in control.

Have questions or wish to exercise a right? Contact Nima Demetz GmbH at info@villa-angelino.com or call +39 0471 796145. If you’re planning your stay, explore options like our Best Price Guarantee, Gift Vouchers, and the included South Tyrol MobilCard—and enjoy peace of mind knowing your data is handled with care.