Privacy Policy

Information notice on the processing of personal data (pursuant to Art. 13 of EU Regulation 2016/679)

Data Subjects: Website visitors and users.

This privacy policy describes the methods for processing the personal data of users who consult the Hotel La Villa website, accessible at: https://www.ivrealavilla.com

This policy does not apply to other sites, pages, or online services accessible via hypertext links published on the site but referring to external resources.

1. Data Controller

The Data Controller is: SGS S.r.l., Via Torino 334, Ivrea (TO). Email to exercise your rights: info@ivrealavilla.com

2. Types of Data Processed and Purposes of Processing

a) Navigation Data

The computer systems responsible for the operation of this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.

This category includes: IP addresses, domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of requested resources, time of the request, method used to submit the request to the server, size of the file obtained in response, numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the user’s operating system and IT environment.

  • Purposes of processing:
    • To obtain anonymous statistical information on site usage (most visited pages, number of visitors, etc.).
    • To monitor the correct functioning of the site.
    • To ascertain responsibility in case of hypothetical cybercrimes against the site.
  • Legal basis: Legitimate interest of the Controller (Art. 6, par. 1, let. f) to keep the website functional and secure.
  • Retention period: Data is deleted immediately after anonymous processing, except for use in crime investigations (for the duration required by the Authorities).

b) Data Voluntarily Provided by the User

The optional, explicit, and voluntary sending of messages to our contact addresses, or the filling out of information/booking request forms, involves the acquisition of the sender’s contact data (name, surname, email, telephone number, etc.) and all personal data included in the communications, necessary to respond to requests or provide the service.

  • Purposes of processing: To manage and respond to user requests, provide information, and process booking or contact requests.
  • Legal basis: Performance of pre-contractual measures taken at the request of the data subject (Art. 6, par. 1, let. b).
  • Retention period: Data is kept for the time necessary to process the request and, subsequently, for the period required to protect the Controller’s interests from any potential disputes (e.g., 2 years).

3. Legal Basis for Processing

Personal data is processed only when one of the following conditions exists (Art. 6 GDPR):

  • Consent: For specific purposes (e.g., newsletter subscription), where required.
  • Performance of a contract or pre-contractual measures: To manage your contact or booking requests.
  • Legal obligation: To comply with obligations provided by law (e.g., retention of tax documents).
  • Legitimate interest: To ensure site security and improve our services (as described in point 2a).

4. Place of Processing and Data Recipients

Processing related to the web services of this site takes place in Italy and is managed by our internal staff specifically authorized for this purpose. Data may be processed by third parties, designated as Data Processors (Art. 28 GDPR), who provide services instrumental to the purposes indicated above. Specifically, we utilize:

  • Area38, for web platform maintenance and hosting services.

Data will not be disseminated to third parties

5. Transfer of Data Abroad

The management of the site and related services primarily takes place within the Italian territory. Any use of services with servers located outside the European Union (e.g., USA) occurs only toward countries that guarantee an adequate level of protection (European Commission adequacy decisions) or in compliance with appropriate safeguards, such as the adoption of Standard Contractual Clauses approved by the European Commission.

6. Cookies

This site uses technical and session cookies to ensure correct and secure navigation. For more information, please consult our Cookie Policy: https://www.ivrealavilla.com/cookie-policy/

7. Rights of the Data Subject

At any time, you may exercise the rights provided by the GDPR (Articles 15-22) against the Controller, including:

  • Access: Obtain confirmation as to whether or not data processing is occurring and receive information about it.
  • Rectification: Request the correction of inaccurate data or the completion of incomplete data.
  • Erasure (Right to be forgotten): Obtain the deletion of data if legal grounds exist.
  • Restriction: Obtain the restriction of processing in certain cases.
  • Portability: Receive data in a structured, commonly used, and machine-readable format, or request its transfer to another controller (if technically feasible).
  • Objection: Object to processing based on legitimate interest, unless the Controller demonstrates compelling legitimate grounds.

To exercise your rights, you may contact the Controller at the email address: info@ivrealavilla.com

8. Right to Lodge a Complaint

You have the right to lodge a complaint with the supervisory authority of the Member State where you habitually reside, work, or where the alleged infringement occurred. In Italy, the authority is the Garante per la protezione dei dati personali (www.garanteprivacy.it).

9. Updates

This information notice may be subject to changes and updates. Please consult this page periodically to stay informed of any changes.

Ivrea, 23/02/2026