Information provided pursuant to Reg.EU 2016/679 (GDPR), Art.13 and to Italian D.Lgs.196/2003 (modified by D.lgs. 101/18)



The Data Subjects are informed of the following general profiles, valid for all areas of treatment:

  • all the data of the subjects with whom we interface are treated in a lawful, correct and transparent manner, in compliance with the general principles set out in Art.5 of the GDPR;
  • specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access, pursuant to Article 32 of the GDPR.


References  and rights of the Data Subjects:

The Data Controller is Garden Hotel (in the person of its pro-tempore legal representative) who can be contacted for any request regarding privacy or to exercise the rights listed below, at the addresses on the site itself.




Navigation Data

The information systems and software procedures relied upon to operate this web site acquire personal data as part of their standard functioning; the transmission of such data is an inherent feature of Internet communication protocols. Such information is not collected in order to relate it to identified data subjects, however it might allow user identification after being processed and matched with data held by third parties. This data category includes IP addresses and/or the domain names of the computers used by any user connecting with this web site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of such requests, the method used for submitting a given request to the server, returned file size, a numerical code relating to server response status (successfully performed, error, etc.), and other parameters related to the user’s operating system and computer environment.


Purposes and lawfulness of processing

(GDPR-Art.13, c.1, lett.c)

These data are only used to extract anonymous statistical information on website use as well as to check its functioning. The data might be used to establish liability in case computer crimes are committed against the website (Controller legitimate interest).
Scope ofcommunication

(GDPR-Art.13, c.1, lett.e,f)

The data may only be processed by internal personnel, duly authorized and instructed in the processing (GDPR-Art.29) or by the Processor of the web platform (appointed Data Processor, Art.28 GDPR) and will not be disclosed to other parties, disseminated or transferred to non-EU countries. Only in the case of an investigation they can be made available to the competent authorities.
Data retention

(GDPR-Art.13, c.2, lett.a)

Data are usually kept for short periods of time, with the exception of any extensions connected to investigations.
Data provision

(GDPR-Art.13, c.2, lett.f)

The data are not provided by the data subject but automatically acquired by the site’s technological systems.



Cookies are brief fragments of texts (letters and/or numbers) that allow the web server to memorize on the client browser information to be reused in the course of the same visit to the site (session cookies) or subsequently, also after days (persistent cookies). The cookies are memories, according to the user’s preferences, by the single browser on the specific device used (computer, tablet, smartphone). Similar technologies like for example, web beacons, transparent GIFs and all the types of local storage introduced with HTML5, can be used to gather information on the user’s behavior and the use of the services. After this circular letter we shall refer to the cookies and all the similar technologies by using only the term “cookie.”




Currently, the site only carries anonymous technical cookies to keep track of the user’s preferred language.


The site may contain links to third-party sites and third-party cookies (such as Facebook, Instagram, TikTok; Youtube) for more information, we invite you to view the privacy policy of any linked sites.


Management of preferences via banner and dedicated button

Considering that the site only carries anonymous technical cookies to keep track of the user’s preferred language, it is not necessary to use a banner to manage preferences.


Management of the preferences through the main navigation browsers The user may declare whether or not he accepts the cookies by using the settings of his own browser (note that as a default, almost all the web browsers are set to automatically accept the cookies). The settings may be modified and defined in a specific way for the various web sitesand applications. Furthermore the best browser allows different settings to be defined for the “proprietor” cookies and for those of “third parties.” Usually the configuration of the cookies is done by the menus, “Preferences,” “Instruments” or “Options.” Here below is a list of links to the guides for the management of cookies of the main browsers:


Internet Explorer:


Internet Explorer [mobile version]:






Safari [versione mobile]:








Further information

  • (for more information on the cookie technology and their functions)
  • (allows users to oppose the installation of the main profiling cookies)
  • (set of main norm interventions on matters by the Italian Supervisory Authorities)




Specific services

The website may contain data collection forms designed to guarantee the user any services / features (eg: request information, registrations, work with us, etc.). In particular, by clicking on “Contacts” it will be possible to request to be contacted, but only after entering all the data required and indispensable for this purpose (name, email, message).


Purpose and legal basis of the processing

(GDPR-Art.13, comma 1, lett.c)

The identification and contact data necessary to respond to the requests of the data subjects could be requested. The submission of the request is subject to specific, free and informed consent (GDPR-Art.6, comma1, lett.a).
Scope of communication

(GDPR-Art.13, paragraph 1, lett.e, f)

The data are processed exclusively by authorized and trained personnel (GDPR-Art.29) or by any persons responsible for maintaining the web platform or providing of the service (appointed in this case external managers). The data will not be disclosed or transferred to non-EU countries.
Data retention period

(GDPR-Art.13, paragraph 2, letter a)

Data are kept for times compatible with the purpose of the collection.
Data provision

(GDPR-Art.13, comma 2, lett.f)

The provision of data related to the mandatory fields is necessary to obtain an answer, while the optional fields are aimed at providing the staff with other useful elements to facilitate contact.



Data provided voluntarily by users

Sending e-mail messages to the addresses mentioned on this website, which is done on the basis of a freely chosen, explicit, and voluntary option, entails acquisition of the sender’s address, which is necessary in order to reply to any request, as well as of such additional personal data as is contained in the message(s). The sender who gives his  curriculum to submit his job application remains the only responsible for the relevance and accuracy of the data sent. It should be noted that any curriculum without the data processing consent will be immediately deleted.




It should be noted that this information may be subject to periodic review, also in relation to the relevant legislation and jurisprudence. In any case, the interested party is invited to periodically consult the present policy.