Logo Hotel Villa Levi
Book now
Book now
Phone-alt Envelope Whatsapp Map-marker-alt
Phone-alt Envelope Whatsapp Map-marker-alt

Privacy policy

Privacy Policy for the Processing of Personal Data – GDPR

H.V.L. S.R.L.,
registered office Via Paolo Giovio, 30 – Milan,
(hereinafter the “Controller”), as the controller of personal data,

informs you pursuant to Art. 13 of Legislative Decree 30 June 2003 n. 196 (Privacy Code) and Art. 13 of EU Regulation 2016/679 (GDPR) that your data will be processed via the website www.villalevi.it according to the methods and purposes indicated below.

1. Subject of the Processing

The subject of the processing concerns personally identifiable and contact data (for example but not limited to: name, surname, address, phone, email, tax data) – hereinafter “personal data” or “data” – voluntarily provided by the user on the occasion of:

  • filling out contact forms on the site
  • requests for information or quotes
  • reservations or availability requests
  • subscription to the newsletter
  • participation in events or initiatives promoted by the Controller
  • requests for assistance or general communications

2. Purposes of the Processing

Personal data are processed for the following purposes:

A) Without the explicit consent of the data subject
(art. 6 lett. b), c) and f) GDPR), for:

  • management and maintenance of the website
  • responding to information requests, quotes, and contacts
  • management of bookings and hotel services
  • fulfillment of contractual and pre-contractual obligations
  • compliance with legal, fiscal, and administrative obligations
  • prevention of fraud or misuse of the site
  • exercise of the Controller’s rights in court

B) Only with the explicit consent of the data subject
(art. 6 lett. a) and art. 7 GDPR), for:

  • sending informational and promotional newsletters
  • commercial communications and direct marketing
  • invitations to events or initiatives promoted by the Controller
  • opinion and satisfaction surveys

3. Methods of Processing

The processing of personal data is carried out using paper, computer, and telematic tools, according to logics strictly related to the purposes indicated and in compliance with the security measures provided by the GDPR.

Data are stored on servers located in the European Union and/or by providers duly appointed as Data Processors.

Data will be retained:

  • for 10 years from the end of the contractual relationship for service purposes
  • for 2 years from collection for marketing purposes, unless consent is revoked

4. Data Security

The Controller adopts appropriate technical and organizational measures to ensure the security, integrity, and confidentiality of personal data, including:

  • HTTPS protocols
  • protection systems against unauthorized access
  • backup and control procedures

5. Access to Data

Data may be accessible:

  • to employees and collaborators of the Controller, authorized to process
  • to IT, hosting, email, and newsletter service providers
  • to companies providing technical assistance, tax, or legal consultancy services
  • to banks and payment service providers

These entities act as Data Processors or independent controllers, according to current legislation.

6. Communication and Disclosure of Data

Personal data will not be disclosed.
The Controller may communicate data to judicial authorities or public bodies only in cases provided for by law.

The site may use anonymous tracking tools for statistical and marketing purposes (e.g., remarketing), without directly identifying the user.

7. Data Transfer

Personal data are processed and stored mainly within the European Union.
Any transfers outside the EU will comply with Articles 44 and following of the GDPR.

8. Optional or Mandatory Nature of Data Provision

Providing data for the purposes listed in point 2.A is mandatory.
Failure to provide data prevents the requested services from being provided.

Providing data for the purposes listed in point 2.B is optional and can be revoked at any time.

9. Rights of the Data Subject

The data subject may exercise the rights under Articles 15-22 GDPR, including:

  • access to data
  • correction or updating
  • deletion (right to be forgotten)
  • restriction of processing
  • data portability
  • objection to processing
  • complaint to the Data Protection Authority

10. How to Exercise Rights

Rights can be exercised at any time by sending:

  • a registered letter with return receipt to:
    H.V.L. S.R.L.
    Via Paolo Giovio, 30
    Milan

or

or

11. Minors

The site is not intended for minors under 18.
The Controller does not intentionally collect personal data of minors.

12. Data Controller

H.V.L. S.R.L.
Via Paolo Giovio, 30
Milan

Tel. 0184 666020
Email: direttore@villalevi.it
PEC: hvl@legalmail.it

13. Changes to this Policy

This policy may be subject to changes and updates.
Users are invited to consult it periodically.

Villa Levi
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.