In the following chapters you will find information about how your personal data are treated. Your data may be collected during your navigation on our website or as a consequence of the services that we provide you. In order to take advantage of all the services offered by our website, it is necessary for us to collect and treat your personal data. The treatment of your personal data may consist in collecting, organising, storing, analysing, interpreting, modifying, selecting, comparing, using, connecting, blocking, communicating, cancelling and destructing data. The treatment of your personal data follows the principles of lawfulness and correctness, in compliance with the current law and EU Regulation 2016/679 of the European Parliament and Council. With this privacy notice, we like to inform you about the data we collect, why the collection is necessary, and also of your rights in connection with the treatment of your data.
Owner of the Treatment
The Owner of the Treatment of your personal data on this website site is Hotel Sonnalp with legal offices at Obereggen 28, I-39050 Obereggen / Dolomiti, South Tyrol , Italy, VAT ID IT00754470219.
For more information, please contact us using the following addresses:
Tel.: +39 0471 615 842
Purposes of the treatment
We treat your data for the following purposes:
Type of treatment
Your personal data are treated manually, but also electronically, mainly through the use of automated processes, depending on the objectives. In this case, we specifically use databases and computerised platforms that may be managed by both us and third parties. Each type of treatment guarantees the respect and the confidentiality of the data treated. We store such data and general information in the database and in the servers as logfiles. In order to provide you with a unique navigation experience, we need to collect some technical data that are necessary for the correct operation of the website:
The legal basis for this type of treatment is article 6 of the GDPR. By accessing the website, computerised systems and management software automatically and indirectly collect and/or manage this number of data and information.
At first, the collection of these data in anonymous format is static. However, later on the data are treated to ensure a high level of protection and safety for any data that we collect.
Period of data conservation
In compliance with current laws, the owner of the treatment has defined different periods of data conservation depending on their usage:
Should you decide to contact us using the contact form on our website, you will be asked to enter some personal data. This enables us to process your query. This is also the reason why the corresponding fields of the contact form are marked with an asterisk, or in any another way, as mandatory fields. The entering of personal or sensitive data other than those marked as mandatory will be at your discretion. Failure to enter, even in part, the mandatory information marked with an asterisk or similar character may result in the impossibility for us to answer your requests or deliver the requested services. The forwarding of requests using the contact form constitutes your implicit acceptance of the treatment of your personal data. The data that you transmit are treated and stored for a period of time strictly necessary for the processing of your request.
Profiling is any type of automated personal data processing activity that consists in using the information to assess, analyse and predict certain aspects of a natural person. For this type of marketing activities we signed agreements with third parties.
Collaboration with third parties
When we work with our suppliers and use third-party services, we make sure that they are contractually obliged to apply the same privacy/safety standards that we apply, and that such standards are also followed. Such third parties, who act as owners of the treatment of the personal data, guarantee that the data received are not stored and used for purposes other than the contractually agreed. Within the framework of these technical agreements, the mail addresses made available to them are encrypted using technologies such as “hashing”, so that any other parties are unable to obtain the original addresses.
It may happen that we need to transfer your data to third parties in Non-European Countries (EEC). The EEC (European Economic Area) consists of the countries of the European Union, plus Switzerland, Iceland, Lichtenstein and Norway. These countries guarantee the same safety standards for the treatment of personal data. This transfer of the data may be necessary if the servers (meaning the physical locations where the data are stored) or if the premises of our suppliers are in countries outside the EEC area. Should we be forced to transfer your data to a country outside the European Economic Area (EEC), it is our responsibility to ensure that they are treated with appropriate safety standards.
Disclosure of your data
In principle, the personal data are not forwarded. Only in some specific cases, personal data may be disclosed to the following suppliers:
The affected person’s rights may be exercised by the same, and/or by a named person, by sending a written request with acknowledgement of receipt or e-mail to the owner of the treatment, Mr. David Weissensteiner, at the operational address of the company Hotel Sonnalp, Obereggen 28, I-39050 Obereggen / Dolomiti, South Tyrol , Italy. The affected person has the right to obtain a copy of the data in our possession, which will be made available in accordance with the terms of current regulations.
In specific cases, we do reserve the right to store some information for legal purposes (for example in case of suspected fraud, or breach of the general terms and conditions). Should you believe that your rights have been violated, you can contact the relevant data protection authorities or take legal action.
Below we are summarizing the rights of an affected person:
Place of the data treatment
The treatment of the personal data that you have transmitted is mainly happening within our working structures, in the departments where the individual responsible for such treatment is located. The agreed contractual activities will only take place in an EU or EEC country.
Any transfers, in part or in full, of the contracted services to a different country shall be subjected to the approval of the customer, and can only take place if the data guarantee and safety conditions do agree with art. 44 and subsequent of the GDPR.
For further information, please contact us at the addresses indicated in the “Copyright” section.
This website uses Google Analytics, a Google Inc. (“Google”) advertising efficiency analysis service. Google Analytics uses so-called “cookies”, small text files that are stored on the visitor’s computers and allow assessing the use of the website. The information (including the user’s IP address) is collected through cookies and sent to a server in the USA, where it is stored. Google then uses this information to analyse the navigation of our website, create reports of the activities on the website and provide different services. In some cases, Google may also transfer the information to third parties, for example if required by law or to other companies that process data on its behalf. Your IP address can under no circumstances be used by Google for purposes other than those indicated above. By visiting the website users agree to the treatment of their own personal data by Google for the above purposes. The installation of cookies on your computer may be prevented by adjusting your browser settings accordingly. However, in this case you need to be aware that the disabling of cookies could limit the quality of your navigation through the website, or your use of the same. To prevent Google from collecting and processing data as explained above, you need to download and install the fllowing plugin: https://tools.google.com/dlpage/gaoptout?hl=gb. Further information on the conditions of use and the Google Analytics data protection policy is available at the following link: https://www.google.com/analytics/terms/gb.html or https://support.google.com/analytics/answer/6004245?hl=gb. The website uses Google Analytics in IP-Masking mode, to ensure that IP addresses are collected in an anonymous format. It is important to point out that we use Google Analytics to evaluate and analyse AdWords data for statistical purposes, and also Double-Click-Cookie. Should you not be happy with this activity, you can disable it by visiting https://adssettings.google.com/?hl=gb.
Use of Google AdWords, Google Tag Manager and Remarketing
Anyone visiting our website should be aware that the Facebook Remarketing Tag has been reintroduced. With this type of tag, when visiting this website, the user is automatically resent to the Facebook servers. In specific, the Facebook servers receive information on the website navigation and will use it for managing your profile. Further information on the data collection and policy is available at the following link: https://www.facebook.com/about/privacy/. As an alternative, it is also possible to disable Remarketing by Facebook by visiting the following link: https://www.facebook.com/settings/.
We use the Hotjar Ltd advertisement analysis service. By using these technologies, we get to know how visitors behave on the website, for example by scrolling down. We know which sections users visit and how many times they click on the single section. This tool also enables us to obtain opinions directly from website users. This information helps us rendering the navigation faster and more enjoyable.
By using this tool, we pay special attention to the treatment of personal data. We learn which section is clicked the most, the mouse movements on the website, how many times the website is scrolled down, the size and characteristics of the screen used for the navigation, the type of navigation tool (PC, laptop, mobile device, …), the browser, the country of the visitor and the selected language. To prevent the usage of Hotjar, simply install a so-called “Do Not Track-Header”. If you visit our website using several different browsers, make sure to install a “Do Not Track-Header” on each browser. For more information visit the following link: https://www.hotjar.com/opt-out . For the privacy notice visit the following link: https://www.hotjar.com/privacy.
This website uses Web Fonts to ensure the correct display of the graphic content made available by Google. When loading our website, your browser also loads the necessary fonts in the Cache area of the browser itself, so that graphic content is displayed correctly.
In order to do so, the browser needs to connect to the Google server, which will then receive the information that your IP address has loaded our website. The use of Web Fonts by Google ensures a clean and visually enjoyable navigation experience. This represents a legitimate interest also according art. 6, paragraph 1, letter f) of the GDPR. Further information on the use of Web Fonts is available at the following link: https://developers.google.com/fonts/faq , or can be found in the privacy notice of Google itself at https://www.google.com/policies/privacy/.
We treat personal data collected on the website using computerised processes. Personal data are protected by Secure Socket Layer (SSL) encryption. This technology protects the user from the risk of unintentional disclosure of personal data when using an unprotected connection.
The user is notified when accessing a protected connection by a padlock icon. By clicking the padlock icon, the user can then make sure that the SSL certificate is valid and up to date.
Website visitors may purchase vouchers. The data you transmit are only used to fulfil our contractual obligations. Failure to enter the information marked as mandatory will make it impossible for us to fulfil the contract. The data obtained are only forwarded to the payment service providers for debiting the amount and to our tax consultant to be compliant with tax obligations.
Links to other websites
This website contains links to other sites that are not owned or controlled by us.
Please be aware that we are not responsible for the privacy practices of other sites.
This website uses Google Maps owned by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Using Google Maps simplifies locating the places of your interest.
To use Google Maps, it is necessary to save your IP address. This information is transferred to the Google servers located in the USA. We do not have any impact on Google’s data treatment.
The data treatment is regulated by art. 6 (1) (f) GDPR.
We like to keep you up-to-date. And for delivering always the latest news we use a social wall. On our social wall you’ll find the latest posts coming from our social media platforms. The content does automatically appear on our website. For all the content published on our social media channels we refer to the provider’s privacy policies.
This website uses a Borlabs Cookie, which sets a technically necessary cookie (borlabs-cookie) to store your cookie preferences. Borlabs Cookie does not collect any personal data.
The borlabs-cookie cookie stores the consent you have given when you entered the website. If you wish to revoke these consents, simply delete the cookie from your browser. If you re-enter/reload the website, you will be asked again for your cookie consent.
ADDITIVE+ LANDINGPAGE – Online Marketing and Landing Pages
Beside our website we do also operate optimized landing pages for means of hotel online marketing. To process your request, reservation, order, activation, registration or the transmission of other contact forms on our website as well as to save and store your data we use cloud services, CRM systems and software provided by ADDITIVE Srl, 39011 Lana (BZ), Italy (“ADDITIVE”), our partner in the field of hotel digital marketing. The adequate level of data protection is based on data processing agreements with the respective company.
Our landing pages use Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics enables website operators to analyse the user behavior of the visitors. The information about the user behavior is transmitted to and stored by Google on its servers.
Your IP address is collected but immediately anonymised (for example by deleting the last 8 bits). As a result the geolocation data is less accurate.
You can prevent the data collection connected to your use of our online services through cookies and the processing of this data by Google, by installing the browser-plugin available at the following link:
ADDITIVE has an insight into data gathered through Google Analytics. This data will be used only to analyse the use of our websites and to evaluate our marketing and distribution strategies.
Our website and landing pages also use functions provided by ADDITIVE for the multi-channel monitoring of the use of our websites as well as marketing and distribution strategies like landing pages, newsletter and social media presence. Information about your visits and submitted forms on our websites are also transmitted to ADDITIVE in order to evaluate and optimize our marketing and sales measures.
The data processing takes place in accordance with the requirements of art. 6 para. 1 lit f (legitimate interests) of the GDPR.
Our objective in accordance with the GDPR (legitimate interests) is the improvement of our products and services and our web presence through the analysis of the use of our website as well as marketing and distribution strategies.
Our website and our landing pages also use remarketing functions provided by Google Inc. (“Google”) and by Meta Platforms Inc. (“Meta”). Therefore, Meta and Google will know that you have visited our website. This way visitors of our website and of our landing pages will find ads adapted to their interests on Google’s advertising platforms and on the social media platforms Facebook and Instagram.
The data processing takes place in accordance with the requirements of art. 6 para. 1 lit a (consent) of the GDPR.
On our website you have the possibility to subscribe to our newsletter. For the subscription we need your email address and your consent to receive our newsletter through ADDITIVE, our provider for hotel e mail marketing. To provide you with relevant information we also gather and process voluntary information concerning interests, name, date of birth and country/region of origin in our hotel newsletter tool.
After signing up for our newsletter you will receive an email containing a link to confirm the subscription.
Your subscription can be cancelled any time by clicking on the cancellation link in the respective newsletter.
To process your subscriptions and to send our newsletters we use software provided by ADDITIVE Srl, 39011 Lana (BZ), Italy (“ADDITIVE”). Through the use of these services and systems your data will be processed and stored, at least in part, also outside of the EU or the EEC. The adequate level of data protection is based on data processing agreements.
On our website you have the possibility to buy vouchers by using the integrated voucher software. To process your purchase and to save and store your data we use software provided by ADDITIVE Srl, 39011 Lana (BZ), Italy (“ADDITIVE”) in the context of voucher marketing. Through the use of these services and systems your data will be processed and stored in the EU.
The data you provide is required to fulfil the contract or to carry out pre-contractual measures. Without this data we cannot conclude a contract with you. The data will not be transferred to an outside third party, except for your credit card data which will be transferred to the payment provider and to our tax accountant to fulfil our tax obligations.
The data processing takes place in accordance with the requirements of art. 6 para. 1 lit a (consent) and/or lit b (processing necessary for the performance of a contract) of the GDPR.
ADDITIVE+ MARKETING AUTOMATION – Direct Marketing
In order to increase customer loyalty and to sell our services and additional services we use hotel online marketing software provided by ADDITIVE Srl, 39011 Lana (BZ), Italy (“ADDITIVE”) within the field of hotel marketing automation.
Therefore your data, which we gather and process in connection with your request, reservation, order, activation, registration or the transmission of other contact forms on our website, will be analysed and used to provide you with automatically generated offers for our services and additional services. Through the use of these services and systems your data will be processed and stored, at least in part, also outside of the EU or the EEC. The adequate level of data protection is based on data processing agreements.
You can deny the use of your data for this purpose anytime by clicking on the “unsubscribe” link in the respective message.
The data processing takes place in accordance with the requirements of art. 6 para. 1 lit f (legitimate interests) of the GDPR.
Our objective in accordance with the GDPR (legitimate interests) is the prevention of competitive disadvantages, the increase in brand awareness and the maximisation of our economic success through an optimal use of the acquired contacts.