Privacy Policy


This privacy notice shalillustrate how this Website is managed with regard to any processing activities of the personal data of its users, as well as the processing procedures of any data sent by the data subject to the Data Controller through this Website.

In compliance with the provisions of sections 13 (with regard to any data collected at the data subject) and 14 (with regard to any data not collected at the data subject), of EU Regulation 2016/679 (GDPR), we hereby provide to the Users of this Website the following information, exclusively concerning the processing activities performed through this Website and not through other websites visited through any links shown thereon (if any); with regard to these websites, our users are invited to read the relevant privacy policies provided by the relevant data controllers.

This Website, as well as any services offered (if any) therein, shall be used solely by persons at least 18 years old. The Data Controller shall not, therefore, collect any data of any persons who are less than 18 years old. At request of the users, the Data Controller shall promptly delete any and all personal data unintentionally collected.

1. Data Controller

Hotel La Grotta Srl, with registered office in Via Soraporta,  38039 Vigo di Fassa (TN), VAT no. 01580130225 (hereinafter, also, La Grotta Family Hotel or the “Data Controller”), in its capacity as data controller of any personal data of the users of the website (hereinafter, the “Users”), hereinafter sets forth the privacy notice pursuant to the provisions of section 13 of Legislative Decree No. 196/2003 (hereinafter, the “Italian Privacy Code”) and of section 13 of EU Regulation 2016/679 of April 27th, 2016 (hereinafter, “GDPR”; the Italian Privacy Code and GDPR shall be jointly defined as the “Applicable Laws”).

The Data Controller reserves the right to appoint, as Data Processor for any personal data managed for any technical assistance, maintenance, technical management and similar purposes, with regard to this Website, a web agency or a consultant, whose details may be subsequently requested to the above mentioned addresses. The Data Controller and Data Processor shall process the Users’ data also through the persons in charge thereof, specifically entrusted within their organizations and acting based on written or oral instructions on how to properly process any personal data.

You may contact the Data Protection Officer (DPO) by sending an email to: [email protected]

2. Source and Categories of the Processed Data

  • Browsing Data
  • Cookies (please see our Cookie Policy)
  • Any data willingly provided by the users, including:
    • Common data (identification data, personal details, invoicing and similar data)
    • Only exceptionally, special data (section 9, GDPR)
    • Only exceptionally, criminal data (section 10, GDPR)

Sources: browsing, other websites and similar sources; the user; public sources.

Firstly, we may process browsing data as well as cookies.

We are entitled to process also any data willingly provided by the user, e.g. through contact forms or communications sent via e-mail; such data may include common personal data (identification data, personal details, invoicing and similar data), and, exceptionally, special data, pursuant to the provisions of section 9, GDPR, or criminal data, pursuant to the provisions of section 10, GDPR, only to the extent such processing activities are required in light of the request of information received by us.

The data may derive from automatic or public sources, or be willingly provided by the relevant data subjects. For instance, such data may derive from the user’s browsing activities, providing certain information concerning previous browsing activities of other websites, including, but not limited to, cookies and similar technologies. Such data may also be willingly provided by the user or by certain entities connected to him/her. Other data may be obtained from public sources, including, but not limited to, those processed within the scope of researches and arising from analysis, public databases and similar sources.

3. Data Processing Purposes

The personal data of this Website Users, as described above, shall be processed in the modalities and forms set forth by GDPR to perform the functionalities of the Website, including, but not limited to, any procedures described herein to collect any data, contact forms, reserved area access/registration procedure (if any), subscription to newsletters, etc.

In particular, any personal data provided to the Data Controller shall be processed for the following purposes:

  • To fulfil any requests specifically submitted by the User to the Data Controller through this Website and its communication tools (contact forms, information request forms, etc);
  • To subscribe to our newsletters and, consequently, receive commercial communication and various information concerning the Data Controller industry, provided that the user grants his/her consent thereto;
  • To communicate certain information concerning the services rendered by the Data Controller, replying to a request of information made by email or completing the relevant contact forms, or through any other communication tools;
  • For any purposes accessory or connected to those listed above and anyhow included in the activities of the Website;
  • To process any email address data, provided by the data subject within the scope of the sale of any products, or the provision of any services, also for the purpose of sending, without further consent, any communications on any subsequent direct sale of products or provisions of services similar to those subject matter of the above mentioned sale of products or provision of services; the data subject shall be entitled, in any event, to express his/her denial and object to such processing activities, either initially or subsequently, easily and free of charge, by following the instruction written in each subsequent communication;
  • To enter into and manage an agreement concerning any consultancy, services or professional training activities, including any legal, tax and contractual fulfilments however connected thereto.

Any data provided shall be generically processed also following their being automatically collected during the user’s browsing activities, only for Website access control and assessment purpose. This shall apply also to any technical cookies, i.e. any session, function or analytics cookies having the requirements specified by the Data Protection Authority. In particular, the analytics cookies are created and used directly by the Website. In any event, with regard to such analytics cookies, the Website has complied with the clarification of the Data Protection Authority and provided the anonymization of any IP addresses and the amendment to data processing; the collection and use of such browsing data (without prejudice of the anonymization of the IP addresses) shall allow the monitoring of the Website operations and the enhancement of its services, in order to offer a better browsing experience to the User. For further information, please see the relevant cookies policy.

Data Collected through the Email Platform

In order to ensure a complete information, please be informed that La Grotta Family Hotel shall send its email communications by a complying platform which, using statistic tracking systems, allows us to know if a message is read, how many times the hyperlinks contained in the emails are clicked on, from which IP address and through which kind of browser the emails are opened, and similar details. Such data are collected to enhance the use of this platform, and are an integral part of the functionalities of the email sending system.

The User may also easily object to our further sending any newsletters, also by clicking the relevant consent withdrawal link in the emails to which the newsletters are attached. Once the User has withdrawn his/her consent, the Data Controller shall send to the User a message confirming that his/her withdrawal has been successfully made.

4. Legal Base of Data Processing

Any personal data processing is based on the information rights, on the fulfilment of contractual obligations or on mere social contacts between the parties, or, should the consent of the data subject be required, on the free and deliberate completion of any information fields in the relevant forms.

5. Legitimate Interest of the Data Controller

The personal data shall be processed also based on a legitimate interest of the Data Controller, including its exercising its rights within the scope of the information society, the performance of its contractual obligations and any direct marketing operations.

6. Obligation to Provide any Data

The browsing data to be provided by the Users, for the above listed purposes, shall depend on the privacy level setting abled or disabled by the User through his/her browser. In certain cases, the data disablement may affect the possibility to browse this Website. The provision of certain browsing data and/or the use of technical cookies may be required, with regard to certain areas of this Website, to ensure the proper functioning thereof.

Your providing certain of your data shall anyway be required in light of the same structure of this Website and of its procedures.  The request of any other data, the provision of which is not mandatory, shall occur provided that the User checks an approval box. The User shall be free to provide, at his/her discretion, any other data, based on the kind of information he/she intends to provide to the Website.

7. Personal Data Recipients (if any)

The User’s data may be communicated to any controlling, controlled or affiliated companies of the Data Controller, as well as to any consultants or third parties, operating also in the name and on behalf of the Data Controller, to perform any activities connected to the purposes listed in this privacy notice, either inside and outside the European Union (provided, in case of entities outside the UE, that they are located in a country which is a party of the Privacy Shield protocol).

Any browsing or similar data (for which we hereby refer to the provisions above), as well as any profiling cookies, also of any third parties (please see the Cookies Policy in this Website), shall be communicated to the respective third parties interested thereto, unless such third parties process such data as Data Controllers.

8. Storage Period

Any data provided by the data subject shall be stored until express withdrawal of his/her consent, made also by operating on his/her browser, cookies removal, request expressly or otherwise made.

Any browsing data shall be stored for the period of time technically required to perform the functions for which they have been collected.

9. Data Subject Rights

Each data subject shall have the right to access, rectify, delete (erase), limit, be informed in case of rectification, deletion (erasure) or limitation, portability, object and not be subject to any automated, individual decision, including any profiling activity, pursuant to the provisions of sections 15 to 22, GDPR. Such rights may be exercised in the modalities and according to the terms set forth by section 12, GDPR, by written communication to be sent to the Data Controller via e-mail to: [email protected]

The Data Controller shall properly reply to such request as soon as possible, and, anyway, within one month of its receipt. Pursuant to the provisions of section 15 seq., GDPR, the user shall be entitled to ask in any time access to his/her data.

10. Right of the User to Withdraw his/her Consent

The User shall be entitled to withdraw his/her consent in any time by sending an express communication to the Data Controller’s registered office or via email to: [email protected]

11. Complaints

Each data subject shall be entitled to file a complaint pursuant to the provisions of section 77 seq., GDPR, to the competent data protection authority; the competent data protection authority in the Italian Republic is the Garante per la protezione dei dati personali.

The forms, modalities and terms to file a complaint are set forth and regulated by the applicable national laws. Such complaint shall be without prejudice of any legal actions and administrative procedures, which, in the Italian Republic, shall be commenced either before the Court having jurisdiction thereon or the Garante per la protezione dei dati personali.

12. Profiling

Any personal data provided through the forms herein may be subject to profiling activities.

Such profiling activities shall allow the Data Controller to evaluate certain personal aspects of the data subjects, with specific regard to their  preferences, interests, choices, in light of any products sold and activities performed by the Data Controller, so that the Data Controller may offer to the data subjects more specific and targeted services.


What Are Cookies?

Cookies are text files containing information that are stored on your computer or on your mobile device each time you visit a site online through a browser. At each consecutive visit the browser sends these cookies to website that originated them or other sites. Cookies allow sites to remember information  in order to guarantee fast and easy navigation like the choice of  languages or recognition of access to the site after the first visit.

There are two main types of cookies: session cookies and persistent cookies. Session cookies are temporary, they improve the user experience on the site and are deleted from your computer automatically when you close your browser. Persistent cookies are stored on your computer unless you delete them or until they reach their expiration date.

Cookies On Our Site

This website can be navigated without the use of cookies by users. We use technical cookies, used to provide better service and browsing experience of this site.

This site uses Google Analytics to collect information about the use of users of its website. Google Analytics generates statistical and other information through cookies, which are stored on users’ computers. We use the data related to our website for reports about the way the site is used and to improve its usability, functionality, interface and communication.

Google’s privacy policy is available at:

In particular, the information generated by the cookie about your use of the website are managed from Google’s servers in the United States. Google may also transfer this information to third parties unless required by law or where such third parties process the information on Google’s behalf.

Google will not associate your IP address with any other data held by Google.

Cookies for Marketing / Remarketing Third Parties

Through the placement of cookies, browsing on this site can activate Remarketing/Display Ads on Google or third party sites that refer to this site.

These cookies are used by third parties in order to present advertising banners  of Hotel La Grotta on sites other than his own. While browsing this site, these cookies can be used to show products that may interesting or similar to those already watched, based on your browsing history. The use of these cookies does not involve the processing of personal data, but allows the connection to your computer or other devices and track the stored data: these cookies connect to the browser installed on your computer or other devices used during navigation on our site.

The user’s navigation history, recorded by cookies, helps the activation of ads Remarketing.

For more information on Google’s Remarketing you can visit this page

Users can disable the storage of google cookies from your browser by following the instructions on these pages:

By using this website, you consent to the processing of your data by Google in the manner and for the purposes set out above.

We suggest you to consult regulary these link to the pivacy policies of other third parties. These policies can change frequently.

Cookies Management

If you’d prefer that Google Analytics does not use the data collected in any way you can:

By using this website, you consent to the processing of your data by Google in the manner and for the purposes set out above.