Privacy Policy.

 I. INFORMATION REGARDING THE WEBSITE'S PRIVACY POLICY

This privacy policy describes how the Chalet Gufo website handles the processing of users’ personal data, in accordance with Article 13 of Regulation (EU) 2016/679 (GDPR).

II - DATA CONTROLLER

Data Controller: Stanislav Lozhkin
Address: Strada de Sora Pozza 6, 38036
Email: chaletgufo.fassa@gmail.com

III - DATA PROCESSED

The personal data processed may include:

  • Data voluntarily provided by the data subject: first name, last name, email address, phone number, details regarding the stay (dates, preferences), and any notes provided in the booking or contact forms.

  • Payment information: Processed exclusively through the payment provider Stripe. Chalet Gufo does not store full credit card details when payments are made via Stripe in hosted/checkout mode.

  • Browsing data and cookies: IP address, session data, pages visited, and other technical data collected automatically through cookies and similar technologies.

IV - PURPOSES AND LEGAL BASIS OF THE PROCESSING

Personal data is processed for the following purposes and on the following legal grounds:

  • Handling of requests and pre-contractual communications: performance of pre-contractual measures or legitimate interest.

  • Reservation management and fulfillment of the accommodation contract: performance of the contract (Art. 6(1)(b) GDPR).

  • Processing payments and invoicing via Stripe: performance of the contract / legal obligation.

  • Tax and public safety requirements (reporting of guest information): a legal obligation.

  • Analytics and service improvement: legitimate interest or consent where required for the tools used.

V - GUEST PASS SOUTH TYROL / ALTO ADIGE

Upon completion of the accommodation contract, the guest’s personal data may be transmitted to the Central Guest Card Coordination Office for the issuance of the Südtirol Alto Adige Guest Pass, in accordance with current provincial regulations. Detailed information is available at suedtirol-guestpass.info. The legal basis for this transmission is the performance of the accommodation contract.

VI - PROCESSING METHODS AND RETENTION

Data processing is carried out using manual, computerized, and electronic means, with appropriate technical and organizational measures in place to ensure confidentiality and security (e.g., HTTPS/SSL protocols, access controls, backups). Estimated retention periods:

  • Reservation data and tax records: up to 10 years for tax purposes.

  • Contact information (requests/inquiries): 2 years, unless otherwise required.

  • Analytics cookies: 6–24 months, depending on the service.

VII - PARTIES TO WHOM THE DATA MAY BE DISCLOSED

The data may be disclosed to:

  • Smoobu (booking engine) for managing reservations;

  • Stripe for payment processing;

  • Technical and hosting providers (e.g., Squarespace or any third-party providers), email providers, professional advisors (e.g., tax advisors), and relevant public authorities when required by law.
    These parties act, as applicable, as data processors or independent data controllers in accordance with the terms of their respective contracts.

VIII - Transfers Outside the EU

Some third-party services (e.g., Stripe, Google, Meta) may involve data transfers to countries outside the European Union. Such transfers take place only if supported by appropriate safeguards (e.g., Standard Contractual Clauses, adequacy decision) or the provider’s policies. For more details, please contact the data controller.

IX - COOKIES AND SIMILAR TECHNOLOGIES

This site uses:

  • Technical cookies necessary for the website to function (do not require consent).

  • Third-party cookies for analytics and advertising (e.g., Google Analytics, Meta Pixel) and cookies related to booking/payment services (Smoobu, Stripe). The use of non-essential cookies is subject to consent where required by applicable law. Users can manage their cookie preferences through their browser settings or through the cookie management tool available on the website.

X - RIGHTS OF THE DATA SUBJECT

Pursuant to Articles 15–22 of the GDPR, the data subject has the right to:

  • to obtain confirmation as to whether or not personal data concerning him or her is being processed and to access such data;

  • to have the data corrected, supplemented, or deleted;

  • request the restriction of processing;

  • object to the processing on legitimate grounds;

  • obtain data portability;

  • You may withdraw your consent at any time, without affecting the lawfulness of processing based on consent prior to withdrawal.
    To exercise your rights, please send a request to the following email address: chaletgufo.fassa@gmail.com. You may also file a complaint with the Italian Data Protection Authority.

XI - DATA PROTECTION OFFICER (DPO)

No DPO has been appointed, as such an appointment is required only in the cases specified in Article 37 of the GDPR. For any matters related to data protection, please contact the data controller at the email address provided above.

XII - SAFETY

The data controller implements appropriate technical and organizational measures to mitigate the risks of unauthorized access, loss, alteration, or disclosure of data, including encrypted connections (HTTPS), access controls, and regular updates and backups.

XIII - CHANGES TO THIS PRIVACY POLICY

This policy may be updated from time to time. Any changes will be posted on the website along with the date of the update.

Last updated: May 29, 2026