Privacy Policy

pursuant to Art. 13 of EU Regulation 2016/679 (GDPR)

1. Data Controller

The Data Controller is CIASA LORENZI SRL, with registered office at Via Cantore 1, 32043 Cortina d’Ampezzo (BL), Italy, VAT No. 00811700251. For any information regarding the processing of personal data, you may contact the Data Controller at the email address: hotel@ciasalorenzi.it

2. Types of Data Collected

During navigation on the website, the following types of data are collected:

2.1 Navigation data

The computer systems and software procedures used to operate this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category includes IP addresses, domain names of computers used by users connecting to the site, the time of the request, and other parameters related to the user’s operating system and computing environment.

2.2 Cookies and tracking technologies

The website uses technical cookies necessary for proper functioning and third-party analytical cookies (Google Analytics) to analyze how users use the site. For more information, please consult our Cookie Policy.

2.3 Data provided for booking

The website uses an external booking system provided by Yanovis. When the user makes a booking, the personal data entered (name, surname, email, phone, payment data) are processed directly by Yanovis as Data Processor. For information on data processing by Yanovis, please refer to their privacy policy available on the booking platform.

3. Purposes of Processing

Personal data are processed for the following purposes:

• Ensuring the proper functioning of the website;
• Statistically analyzing the use of the site to improve its content and usability;
• Managing booking requests through the external Yanovis system;
• Fulfilling legal obligations.

4. Legal Basis for Processing

The legal basis for processing consists of: consent of the data subject for analytical cookies; legitimate interest of the Data Controller to ensure the security and functioning of the site; execution of a contract or pre-contractual measures for bookings; legal obligations for the retention of tax and accounting data.

5. Processing Methods

The processing of personal data is carried out using computer tools with logic strictly related to the purposes indicated and, in any case, in a manner that ensures the security and confidentiality of the data. Data are stored in a form that allows identification of the data subject for a period of time not exceeding that necessary for the purposes for which they were collected or subsequently processed.

6. Communication and Dissemination of Data

Personal data may be communicated to: parties providing services for the management of the information system and telecommunications networks; hosting service providers; booking system providers (Yanovis); Google, for the Google Analytics service (with anonymized IP). Data will not be disseminated.

7. Transfer of Data Outside the EU

The use of Google Analytics involves the transfer of data to servers located in the United States. Google adheres to the EU-US Data Privacy Framework, ensuring an adequate level of protection for personal data.

8. Retention Period

Navigation data are deleted immediately after processing. Data collected through analytical cookies are retained for a maximum period of 26 months. Data relating to bookings are retained for the time necessary for the execution of the contract and subsequently for the period required by tax and civil regulations.

9. Rights of the Data Subject

In accordance with Articles 15-22 of the GDPR, the data subject has the right to: access their personal data; obtain rectification or erasure thereof; obtain restriction of processing; object to processing; request data portability; withdraw consent at any time, without affecting the lawfulness of processing based on consent given before its withdrawal. To exercise their rights, the data subject may send a written request to the email address: hotel@ciasalorenzi.it The data subject also has the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).

10. Changes to the Privacy Policy

The Data Controller reserves the right to modify, update, supplement, or remove parts of this privacy policy. Users are invited to periodically consult this page to be informed of any changes. Last updated: December 2025