Skip to content

Legal

Privacy Policy

(pursuant to articles 13-14 of EU Regulation 2016/679 — GDPR)

Casa del Monte S.r.l. · Last updated: 2026-05-20 · Version 1.0


1. Data Controller

Casa del Monte S.r.l.
Registered office: Strada Regionale Monti 3, 17031 Albenga (SV) — Italy
VAT/Tax ID: IT14410280961
Email: mail@casadelmonteresort.it
Phone: +39 0182 038071

The Data Controller has not designated a Data Protection Officer (DPO), as not required by article 37 GDPR for this type of activity.

To exercise the rights provided by GDPR or for any request regarding the processing of personal data, the data subject can write to: mail@casadelmonteresort.it.


2. Categories of personal data processed

2.1 Navigation data

During the normal operation of the website, the IT systems automatically acquire personal data whose transmission is implicit in the use of Internet protocols: IP address, browser type, operating system, pages visited, visit times, country of origin.

2.2 Data provided voluntarily

Data the user actively provides by filling in forms on the site (contact form): name, email, phone (optional), message and any further information entered.

2.3 Booking data

Booking is handled through an external provider. We do not process payment details directly: please refer to the booking provider's own privacy policy.

2.4 Data collected through cookies

The use of cookies and similar technologies is governed by the dedicated Cookie Policy.


3. Purposes & legal basis

PurposeLegal basis (art. 6 GDPR)Mandatory
Reply to inquiries via contact formLett. (b) — pre-contractual measuresRequired to receive a reply
Legal compliance (tax, accounting)Lett. (c) — legal obligationMandatory
IT security & abuse preventionLett. (f) — legitimate interestRight to object (art. 21)
Aggregated site analyticsLett. (a) — consentRevocable any time

We do not carry out direct marketing, profiling or automated decision-making (art. 22 GDPR).


4. Data recipients

  • Data processors appointed under article 28 GDPR: hosting/IT providers, consent management platform Licet, email/transactional providers.
  • Autonomous third parties when the user interacts with external embedded services (e.g. external booking engine, Google for analytics). Their processing is governed by their respective privacy policies.
  • Judicial or supervisory authorities when required by law.

The updated list of data processors is available on request at mail@casadelmonteresort.it.


5. Data transfers to third countries

Some services used by the site involve the transfer of personal data outside the European Economic Area (EEA), in particular to: United States.

Such transfers are made under the following safeguards (artt. 45-49 GDPR):

  • EU-US Data Privacy Framework (adequacy decision of the European Commission, 10 July 2023) for Google LLC and Cloudflare Inc.
  • Standard Contractual Clauses (SCC) approved by Commission Implementing Decision (EU) 2021/914 as additional safeguard.

6. Retention period

Data typeRetentionCriterion
Contact form submissions24 months from last contactBest practice
Tax and accounting data10 yearsArt. 2220 Italian Civil Code
Security logs6 monthsBalanced retention
Cookie consent logs12 monthsItalian DPA Guidelines 2021 + accountability art. 7(1)
Aggregated analyticsAnonymous, no expirationRecital 26 GDPR (anonymous data)

7. Data subject rights (artt. 15-22 GDPR)

The data subject has the right, at any time, to:

  • (art. 15) Access: obtain confirmation of processing and a copy of personal data
  • (art. 16) Rectification: correct inaccurate or incomplete data
  • (art. 17) Erasure ("right to be forgotten"): request data deletion
  • (art. 18) Restriction: restrict processing in certain circumstances
  • (art. 20) Portability: receive data in a structured, machine-readable format
  • (art. 21) Objection: object to processing based on legitimate interest
  • (art. 7.3) Withdraw consent: at any time, without affecting the lawfulness of prior processing

How to exercise: email to mail@casadelmonteresort.it.
Response time: 30 days from receipt (extendable to 60 days in complex cases).

Right to lodge a complaint

The data subject may lodge a complaint with the Italian Data Protection Authority:

  • Garante per la protezione dei dati personali, Piazza Venezia 11, 00187 Roma
  • www.garanteprivacy.it
  • protocollo@gpdp.it / protocollo@pec.gpdp.it

8. Automated decision-making

The Data Controller does not use automated decision-making or profiling that produces legal effects on the data subject or significantly affects them (art. 22 GDPR).


9. Cookies

The use of cookies and similar tracking technologies is governed in detail by the Cookie Policy, which is an integral part of this notice. You can review and change your preferences at any time via the floating button at the bottom-right of every page.


10. Updates to this policy

This privacy notice may be updated at any time to adapt to legal changes or new processing purposes. Substantial changes will be communicated to the data subject in good time.

Version 1.0 · Generated on 2026-05-20