SECOND FLOOR
FIRST FLOOR
GROUND FLOOR
Cookie Policy | Villa Roffa Lario
Book your Stay‎

Cookie Policy

This policy (hereinafter, “Policy” or “Cookie Policy”) governs the processing of your personal data while browsing the website https://villa-roffa-lario.nl, and especially through the use of cookies.

Villa Roffa Lario with registered legal address in Menaggio (CO), Italy
Tel: +31 104770805
Email: info@villa-roffa-lario.nl

(hereinafter also “the Owner”), in accordance with the rules on the protection of personal data, in particular, the EU Regulation 2016/679 (hereinafter, “GDPR”), through the site you are browsing (hereinafter, the “Site”).

1. Identity and contact details of the data controller

The data controller is Villa Roffa Lario. Since it is a company established in the Italian territory, no representative has been appointed.

2. Contact details of the data protection officer

The Owner has not appointed a Data Protection Officer (“DPO”) pursuant to Article 37 GDPR.

3. Method of treatment

Cookies

  • Cookies are small text strings that the Site you visit sends to your browser, which stores them to transmit them back to the Site upon your next visit.
  • Cookies allow the Site to collect information about your browsing experience, and may be stored permanently on your computer and have a variable lifetime (persistent cookies), or they may not be stored persistently on your device and be automatically deleted when you close your browser (session cookies).
  • Cookies may be installed by the site you are visiting or they may be installed by other websites that provide various services to that site (third-party cookies).

Please note that restricting or blocking the use of cookies on our website may affect its functionality or operation and may prevent the use of certain services.

We use cookies and other technologies to:

  • understand which of our FAQs are most popular and show you relevant content related to our Services;
  • remember your choices, such as your language preferences, and otherwise personalize our Services for you;
  • understand the difference between mobile and desktop users of our Web-based Services, or understand the popularity and effectiveness of some of our Web pages.

3.1 Technical cookies

Necessary to use the features and services of our website. Necessary cookies help make a website usable by allowing basic functions such as page navigation and access to secure areas of the site. 

If you block these cookies, we cannot guarantee access to associated services or site performance during your visit.

Cookie

Provider

Purpose

Duration

fs-cc

Stores the user’s cookie consent status for the current domain.

180 days

_GRECAPTCHA

Google

Google reCAPTCHA is a SPAM protection service provided by Google Inc. that analyzes traffic on this Website, potentially containing Users’ Personal Data, in order to filter it from portions of traffic, messages and content recognized as SPAM.

Session

3.2 Analytical cookies

They help us understand how you use our website. Cookies in this category are for statistical purposes, such as the total number of visitors to the website and each of its pages for each particular time slot. We use this information to improve our website and provide a better user experience. 

Analytical cookies are also used to support testing of website layout and functionality.

Cookie

Provider

Purpose

Duration

_ga

Google

Used to distinguish users.

2 years

_ga_<container-id>

Google

Used to maintain session state.

2 years

_clck

Microsoft

It retains the user ID and Clarity preferences, unique to that site, attributed to the same user ID.

30 days

_clsk

Microsoft

Links multiple page views by a user into a single Clarity session record.

30 days

CLID

Microsoft

Identifies the first time Clarity saw this user on a site using Clarity.

30 days

ANONCHK

Microsoft

Indicates whether MUID is transferred to ANID, a cookie used for advertising. Clarity does not use ANID and so this value is always set to 0.

30 days

MR

Microsoft

Indicates whether to update the MUID.

30 days

MUID

Microsoft

Identifies the unique web browsers that visit Microsoft sites. These cookies are used for advertising, site analytics, and other operational purposes.

30 days

SM

Microsoft

Used to synchronize MUID between Microsoft domains.

30 days

3.3 Preference cookies

Preference cookies allow our website to remember user choices, such as customizations made to site pages during a visit.

4. Delete and disable cookies

You can configure your browser to prevent the processing of cookies, or delete them immediately after browsing. Below, we list how to disable and delete cookies with the major browsers:

5. Data you voluntarily provide

You have the right and freedom to provide data by sending e-mails to the addresses indicated on the Site, which the Controller may acquire for the purposes indicated from time to time. In addition to the email address necessary to respond to you, any other personal data contained in the relevant communication will be processed. The data thus collected will be stored and processed solely for the purpose of keeping correspondence, without using it for any other purpose.

6. Purpose, legal basis of processing, optionality of consent and consequences of non-consent

  • Personal data processed while browsing the site: the disclosure of personal data is a contractual obligation, without which the properly functioning website’s own services could not be made available.
  • Personal data processed with technical cookies: disclosure of personal data is a contractual obligation, without which properly functioning websites could not be made available.
  • Personal data processed with profiling cookies: the provision of personal data is purely optional. In case of non-disclosure of data, it will be impossible for the Controller to make available to you personalized services through profiling. The legal basis for the processing is your consent, given in accordance with current legislation.
  • Personal data voluntarily provided by email: the provision of personal data is purely optional. In case of non-disclosure of data, it will not be possible for the Controller to respond to your requests. The legal basis for processing is the legitimate interest of the Data Controller, as Data Controller, to respond to requests.
  • You will be able to express consent to the processing of personal data with non-technical cookies by clicking on a specific box presented within a banner.

7. Automated decision-making and profiling

If you consent to processing with profiling cookies to enjoy personalized services, your personal data may be subject to automated decision-making, with a specific algorithm deciding which communications best fit your profile or which might be of interest to you. The intended consequences of this processing are the sending of highly profiled commercial communications, sending discounts, and sending invitations to events deemed to be of interest.

In accordance with Article 22 GDPR, you have the right to:

  • obtain human intervention in the decision-making process by the Owner;
  • express your opinion;
  • obtain an explanation of the decision achieved by the Controller;
  • challenge the decision itself.

8. Source from which personal data originate and categories of data

The Data Controller will only process personal data provided by you in accordance with the Cookie Policy, collected through the Site or by sending you an email. The Controller will not process data from publicly available sources. The Controller will not process special personal data referred to in Article 9 of the GDPR.

9. Recipients and possible categories of recipients of personal data

They may receive your personal information:

  • companies offering hosting services;
  • the companies offering information society services;
  • communication society service providers.

10. Transfer of data

The Data Controller intends to transfer your personal data to entities established in a country outside the European Union or an international organization. Such entities could be represented, by way of example, by:

  • communications companies that perform communications activities on behalf of the Controller;
  • companies that offer hosting services;
  • the companies that offer information society services;
  • the service providers of the communications company.

The transfer of personal data to such entities, if established in a third country, or to an international organization, is made in the presence of an adequacy decision of the European Commission, which has verified how the third country, the territory or one or more specific sectors within the third country, or the international organization in question ensure an adequate level of protection of your rights. In the absence of such decisions, if deemed appropriate, the Data Controller reserves the right to enter into specific and separate agreements obligating such entities to take appropriate security measures, including organizational measures, designed to provide appropriate safeguards with respect to your rights.

Google Inc. in particular is contractually bound to ensure appropriate protection of the rights of the data subject. The data may thus be transferred to the following countries: United States of America.

To obtain a copy of such data or the place where it has been made available, simply send a corresponding request to the Data Controller, at the addresses above.

11. Period of data retention

  • The Data Controller will retain your personal data processed with technical cookies in order to enable you to properly use the Site for a period not exceeding 12 (twelve) months from the date of individual collection, in accordance with Section 2.1 of the Cookie Policy;
  • The Data Controller will retain your personal data processed to make available personalized services through statistical cookies, marketing cookies and profiling cookies for a period not exceeding 24 (twenty-four) months commencing from the date of the individual collection, in accordance with what is indicated in points 3.2, 3.3. and 3.4 of the Cookie Policy;
  • The Data Controller will retain your personal data provided voluntarily and processed to respond to your requests for a period of time strictly necessary to achieve this purpose and, in any case, not exceeding 24 (twenty-four) months from the date of the individual collection.

The Holder reserves the right, in any case, to ask you to renew your consent to the processing and/or to verify the consents you have already expressed.

12. Right of opposition

As a “data subject,” you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you pursuant to Article 6(1)(e) or (f) of the GDPR, including profiling on the basis of these provisions.  

The Controller shall refrain from further processing your personal data, unless the Controller itself demonstrates the existence of compelling legitimate grounds for processing that override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.  

Where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data about you carried out for such purposes, including profiling insofar as it is related to such direct marketing.

If you object to processing for direct marketing purposes, your personal data are no longer processed for such purposes.

You may object to the processing of your personal data for direct marketing purposes even in part, for example by objecting only to the sending of promotional communications carried out by automated and/or digital means, or to the sending of paper communications and/or the receipt of telephone communications.

Where your personal data are processed for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) of the GDPR, you have the right, on grounds relating to your particular situation, to object to the processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out in the public interest.

13. Other rights

The Holder would also like to inform you of the existence of your following rights:

  • Right of access: you have the right to obtain confirmation from the Data Controller whether or not personal data concerning you is being processed. If so, you have the right to access your personal data and specific information, in accordance with Article 15 of the GDPR;
  • Right of rectification: you have the right to obtain from the Controller the rectification of inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to obtain the integration of incomplete personal data, including by providing a supplementary declaration, in accordance with Article 16 of the GDPR;
  • Right to erasure: you have the right to obtain from the Data Controller the erasure of personal data concerning you without undue delay. The Data Controller has an obligation to erase personal data without undue delay if there are grounds listed in Article 17 of the GDPR;
  • Right to restriction of processing: you have the right to obtain from the Controller the restriction of processing, if there are grounds listed in Article 18 of the GDPR;
  • Right to data portability: you have the right to receive in a structured, commonly used and machine-readable format, personal data concerning you provided to the Data Controller, such as the right to transmit such data to another data controller without hindrance from the Data Controller, in the cases and under the conditions specified by Article 20 of the GDPR;
  • Right to object to commercial communications: you have the right to object at any time, free of charge, to receiving commercial communications from the Holder;
  • Right to lodge a complaint with the Data Protection Authority: you have the right to lodge a complaint with the Data Protection Authority, to complain about a violation of data protection regulations, in accordance with Article 77 of the GDPR.

14. How to exercise your rights

You may exercise the rights set forth in the Cookie Policy by addressing instances directly to the Owner at info@villa-roffa-lario.nl.

You may lodge a complaint with the Data Protection Authority in the manner provided on the official website, addressing it to the contact details available at https://www.garanteprivacy.it/home/footer/contatti.

15. Accessibility

The Cookie Policy can be accessed at http://villa-roffa-lario.nl/cookie-policy. If you expressly request it, the Owner may provide the information orally, subject to proof of your identity, with a telephone request directed to +31 104770805.

16. Changes

The Owner may change the Cookie Policy, including to comply with national and/or European Union legislation or technological innovations. Any new versions of the Cookie Policy will be posted on the Site. We encourage you to check the Cookie Policy periodically. Any changes will still be communicated to you through a pop-up on the Site or different modalities and/or computer tools. If The Data Controller substantially modifies the Cookie Policy, providing for new processing purposes and/or categories of personal data processed or changing the third parties, The Data Controller itself will inform you, requesting the necessary consents, by means of a special banner. If it is impossible for The Controller to verify that cookies have been stored on your device, on your next visit to the Site, for example in the event of deletion of the cookies installed, The Controller itself will inform you, requesting the necessary consents, by means of a specific banner. If at least 6 (six) months had elapsed since the previous presentation of the banner on the Site, the Data Controller itself will inform you, requesting the necessary consents, by means of a special banner.