Privacy

Privacy Policy on the Processing of Personal Data Collected Through This Website
Last revised: 17/04/2026

1. Preamble and regulatory references
This notice explains how personal data collected via this website is processed, including data acquired through cookies, tracking technologies and — where applicable — contact forms, restricted areas, digital services, and electronic financial transactions. .
The notice is addressed to anyone who accesses or uses this site, describing how user personal data is collected, used, and protected, as well as the rights recognised by law.
These provisions do not apply to other websites, pages or online services accessible via external links that may be present on the site; please consult their respective privacy policies.
This information is provided in compliance with major national and international data protection regulations, including:

• Regulation (EU) 2016/679 (GDPR)
• Other applicable regulations.

2. Who manages your data and how can you contact us?
Your personal data is processed by:
Brunet Hotels s.r.l.
Via Roma 30 38054 Primiero San Martino di Castrozza (TN)
info@hotelprimiero.it
VAT number: 01647780228

For any information regarding the processing of personal data or to exercise their rights under the regulations, data subjects may contact the Data Controller.

3. On what legal bases do we process your data?
The processing of personal data collected through this site (including through cookies, similar technologies, contact forms, restricted areas, digital services and transactions, where applicable) is based on one or more of the following legal grounds:

1. Execution of a pre-contractual service or activity request from the user via the contact forms provided;
2. Fulfilment of legal, regulatory or statutory obligations;
3. Consent given of the user regarding communications of a commercial nature;

A further legal basis, the Legitimate interest of the data controller, can be used for specific purposes (e.g. ensuring IT security, preventing fraud, protecting the Holder’s rights in court).

Failure to accept or the withdrawal of consent may reduce or limit certain functionalities or personalised services.

4. What data do we collect when you visit the site?
While browsing this site, the following data may be collected, including through cookies and similar technologies such as pixel tags, web beacons, local storage, and equivalent technologies:

• Navigation and technical data information such as IP addresses, device identifiers, operating system and browser data, requested URLs, connection times, technical logs, technical preferences, usage data collected via cookies and tracking technologies (pixel tags, web beacons, local storage, and equivalent tools).

• Voluntarily provided identification details Information entered on the digital forms on the website (e.g. name, surname, email, telephone) and/or provided via email or other contact channels, used to respond to requests, provide services, offer consultations, and—with consent—for sending informational and commercial communications.

• Data communicated via social integrations and third-party platforms: data transmitted through social features (login, plugins, sharing, etc.), processed according to the rules of the respective platforms as well as according to this policy.

5. How we process your data, how we protect it, and for how long we retain it.
Personal data collected through this website is processed primarily using electronic and digital tools in accordance with the principles of lawfulness, fairness, data minimisation, integrity, and confidentiality.

Appropriate technical and organisational measures are taken to prevent unauthorised access, loss, alteration or unauthorised disclosure of data, including:

• Encrypted communications (HTTPS): The communications between your browser and the website are protected via HTTPS encryption, which prevents the interception or manipulation of data exchanged during browsing.;
• Log monitoring The system records and monitors access and activities to detect suspicious or unauthorised attempts and ensure data security.;
• Periodic backups The data is periodically copied and stored to protect it from accidental loss or technical incidents.;
• Security audits and checks Security checks and tests are regularly carried out to identify and correct any system vulnerabilities;
• Limitation of data access to authorised individuals only. Access to personal data is exclusively permitted to authorised and trained personnel, in compliance with internal security policies.

Data is stored according to the following timelines:

• Cookie preferences and consents: retained for 180 days, as per the Cookie Policy present on this website.
• Navigation and technical data kept only for as long as necessary to ensure the safety, integrity, and functionality of the site and subsequently anonymised or aggregated.
• Data collected for contractual and transactional purposes: retained for the period required by applicable laws (e.g., tax or accounting regulations).
• Data processed for marketing purposes: retained until consent is revoked or deletion is requested.
• Data entered via forms or specific requests: retained for as long as necessary to respond to or fulfill the relevant purpose.

6. Who can receive your data?
They may access the personal data collected through this website, within the limits of their respective responsibilities and purposes:

• Authorised internal subjects by the Data Controller, who are duly instructed on privacy and security matters;
• Suppliers and third parties appointed as Data Controllers (for example: technical providers, IT companies, customer support companies, consultants, payment service providers and logistics providers, where applicable);
• Business partners, third parties and affiliates, exclusively for promotional/marketing purposes if you have given specific consent or opted out where applicable;
• Providers of plugins, social networks, and external platform interaction services, who may process personal data according to their own logics as independent data controllers (in this case, please also consult the individual privacy policies of these third parties);
• Competent public authorities and supervisory bodies, within the limits imposed by law or to comply with judicial requests;

The updated list of external recipients can be made available upon request by writing to the Data Controller's contact details.

7. Where can your data be transferred?
Personal data collected via this site may be processed and transferred – according to the stated purposes – to the following countries:

• to Countries belonging to the European Economic Area (EEA), Switzerland, or other countries recognised by the competent authorities as having an “adequate” level of protection according to the law;

Updated list of “reliable” countries”:

• EU
• Switzerland

8. What are your rights regarding the data collected?
The user, in accordance with applicable regulations, has the right to:

• To obtain confirmation as to whether personal data concerning them is being processed and, if so, to obtain access to such data and related information (right of access).
• Requesting rectification, updating, or deletion of inaccurate or no longer necessary data (right to rectification and erasure).
• Request the restriction or object to the processing of data, including for promotional/profiling purposes, where provided.
• Request data portability in a structured and interoperable format (where technically feasible).
• Withdraw consent previously granted for the use of non-essential cookies and the processing of data collected through tracking technologies.
• Report any irregularities or abuses to the relevant supervisory authorities.

To exercise these rights, simply send a request to the Data Controller's contact details, who will respond within the timeframe stipulated by the applicable local regulation.

9. How is the data of minors processed?
The protection of minors represents a fundamental priority.

The services and content on this website are not intended for individuals under 18 years of age.

We do not knowingly collect personal data from minors without the verifiable consent of a parent or guardian.

If a parent or guardian believes that a minor has provided personal data without authorisation, they may request its deletion, updating, or limitation of processing by writing to the contact details provided in this notice.

How to make reports or complaints to the authorities?
If you believe that the processing of your personal data by this site does not comply with current regulations, you can lodge a complaint free of charge with the competent supervisory authorities, including:

• The Data Protection Authority of your country of citizenship or residence;
• European Data Protection Supervisor

How will we inform you about changes to this policy?
This notice is subject to periodic revision to comply with regulations or changes in the services offered via the website. Any significant changes will be communicated via this page.
Last revised: 17/04/2026