Data Privacy Demystified at HotelKastelruth.com: Your Rights and Our Retention Schedules

Data privacy should be clear and actionable—not complicated. At HotelKastelruth.com, we take Data Privacy seriously so you can enjoy our services with confidence. This guide explains what personal data we process, how long we keep it, which tools we use to operate and improve our website, and—most importantly—your rights to access, correct, block, delete, or move your information.

You’ll also find straightforward answers for quick reference and practical steps you can take today. If you want to explore related topics more deeply, look for opportunities to navigate to our Privacy Policy, FAQ, or Guest Pass information from this article.

Who processes your data and how to contact us

The Owner of the Treatment of personal data on this website is:

• Nima Demetz GmbH, Plattenstraße 9, 39040 Kastelruth (BZ), Südtirol, Italy
• VAT no. IT 00859260218
• Tel: +39 0471 706 308
• E-mail: info@hotelkastelruth.com
• Internet: www.hotelkastelruth.com

What we collect and why

We process personal data to provide and improve our services, communicate with you, and ensure the secure, reliable operation of our website. This includes:

• Data you provide (for example, via our contact form) so we can answer your queries and follow up when needed.
• Technical data collected automatically when you visit our site (e.g., browser type, operating system, referrer URL, hostname, time of request, and IP address). These server log files help us keep the site stable and secure.
• Cookies and analytics data that help us understand usage patterns and optimize content and performance.

Where applicable, processing is based on legitimate interest or your consent, as outlined below.

Your rights—clear and simple

You are in control of your personal data. You can exercise these rights at any time by contacting us using the details above.

Right to information and access

• Request confirmation whether we process your data.
• Obtain free information about the purposes, categories of data, recipients (including any outside the EEA), retention periods, potential automated decision-making (including profiling), and, if applicable, safeguards for international transfers.

Right to rectification

• Ask us to promptly correct any inaccurate or incomplete personal data.

Right to erasure ("right to be forgotten")

• Request deletion when, for example, data are no longer necessary, you withdraw consent (where consent was the basis), you successfully object to processing, processing was unlawful, deletion is required by law, or data were collected from a minor under applicable rules.

Right to restriction of processing

• Request that we limit processing if you contest accuracy, processing is unlawful and you prefer restriction over deletion, we no longer need data but you require them for legal claims, or you have objected and verification of our legitimate grounds is pending.

Right to data portability

• Receive personal data you provided in a structured, machine-readable format and, where technically feasible, request direct transmission to another controller.

Right to object

• Object at any time to processing based on reasons related to your particular situation, including profiling. We will stop processing unless we demonstrate compelling legitimate grounds that do not override your interests, rights, and freedoms, or the processing is necessary for legal claims.

Right to withdraw consent

• Withdraw consent at any time with effect for the future wherever processing relies on your consent.

Automated decisions and profiling

• Object to automated decision-making, including profiling, where it produces legal or similarly significant effects, unless necessary for a contract with appropriate safeguards and your explicit consent.

Opposition to unsolicited advertising

• We expressly prohibit use of our published contact data for unsolicited promotional communications and reserve the right to take legal action against spam.

How we keep your data secure

• SSL/TLS encryption protects the transmission of confidential content between your browser and our site. You can recognize this by “https://” and the lock icon in your browser.

How website data is collected and used

Data you provide: contact form and newsletter

• Contact form: We process the data you enter to answer your question and any follow-up. Processing is based on your consent (Art. 6(1)(a) DSGVO). We retain these data only as long as necessary to fulfill your request and applicable obligations, or until you revoke consent.
• Newsletter (Brevo): We use Brevo (Sendinblue GmbH) to organize and analyze newsletter distribution. If you subscribe, your data are stored on Brevo servers in the EU. Opening a newsletter triggers a web beacon that connects to Brevo servers in the United States for statistical analysis (e.g., opens and link clicks). Processing is based on consent (Art. 6(1)(a) DSGVO). You can unsubscribe at any time; data processed before your request may still be processed lawfully.

Data collected automatically: server log files

• Our provider automatically collects and stores server log data (browser type/version, OS, referrer, hostname, time, IP). These are not combined with other data. The basis is Art. 6(1)(f) DSGVO.

Cookies, analytics, and performance tools

• Cookies and analytics: We use cookies and analytics to understand how visitors use the site and to improve functionality. Analyses are typically anonymous, and you can object or limit tracking, for example by adjusting browser settings or not using certain tools.
• Google Analytics: We use Google Analytics under Art. 6(1)(f) DSGVO to analyze usage and optimize our website and advertising. IP anonymization is activated: within the EU/EEA your IP is shortened before transfer to the US; only in exceptional cases is the full IP sent and shortened there. The IP transmitted by your browser is not merged with other Google data.

Plugins and tools we use to operate the site

• Google Maps (Art. 6(1)(f) DSGVO): Displays location information. Your IP address may be transmitted to and stored on Google servers in the USA.
• Google Web Fonts (Art. 6(1)(f) DSGVO): Ensures consistent, attractive typography. Accessing our pages may let Google know your IP requested the font.
• YouTube (Art. 6(1)(f) DSGVO): We may embed videos. Visiting a page with a YouTube plugin informs YouTube which page you accessed; if you are logged into your YouTube account, this may be associated with your profile unless you log out.

Special case: Guest Pass

• For the Guest Pass, personal data are transmitted to the Mobilitätskonsortium (VAT Nr. 02735170215), which acts as cardholder and unified coordinating body and assumes the role of autonomous data controller. Legal basis: Art. 6(1)(b) GDPR (performance of a contract). For information about this processing, contact: privacy@moko.bz.it.

Our data retention schedules

We apply defined retention periods based on the purpose of processing:

1. Answering your questions about products and activities: kept for the time strictly necessary to process your request.
2. Managing activities connected with website navigation: kept for the time strictly necessary to satisfy your requests.
3. Internal management and operations (e.g., invoice retention, administration, tax data): kept for periods aligned with legal requirements for those specific purposes.
4. Handling disputes and litigation: kept for the time strictly necessary to pursue such matters, and in any case not beyond applicable prescription limits.

Additionally, for the contact form, data are retained until you request deletion, revoke consent, or the purpose no longer pertains, subject to mandatory retention obligations.

Where processing happens and who may receive data

• Processing primarily takes place within our working structures in the EU/EEA. Any transfer of contracted services outside the EU/EEA occurs only with appropriate safeguards and, where applicable, your approval under GDPR provisions on international transfers.
• Personal data are not forwarded as a rule. Where necessary, data may be disclosed to:
  • Subcontractors for technical checks and analysis, payments, identification, addressing services, analytics services, or credit insurance companies
  • Public administration or authorities where required by law
  • Credit institutions for handling credits/debits and related financial operations
  • Professional advisors and bodies (e.g., legal, administrative, fiscal consultants, courts, chambers of commerce) where necessary to provide our services

Featured answers you might be searching for

• How can I access or get a copy of my data? Contact us at info@hotelkastelruth.com or write to Nima Demetz GmbH, Plattenstraße 9, 39040 Kastelruth (BZ), Südtirol, Italy.
• Can I correct, block, or delete my data? Yes. You can request rectification, restriction, or erasure; we will comply where legal grounds apply.
• How do I withdraw consent? Send an informal email to info@hotelkastelruth.com. Processing prior to withdrawal remains lawful.
• Is my data encrypted in transit? Yes, we use SSL/TLS. Look for “https://” and the lock icon.
• Which analytics do you use? Google Analytics with IP anonymization, based on Art. 6(1)(f) DSGVO.
• Do you use third-party tools? Yes—Google Maps, Google Web Fonts, YouTube, and Brevo for newsletters, each used to improve functionality and presentation.
• How long do you keep my data? Only as long as necessary for the purpose (see retention schedule above) or as required by law.
• Can I object to tracking? Yes. You can object to analytics or limit tracking via your browser settings or by not using certain tools.

Practical takeaways to stay in control

• Review your consent choices and update them whenever your preferences change.
• Use your access and deletion rights if you want to see, correct, restrict, or remove your data.
• Manage cookies and tracking in your browser settings to reduce analytics data collection.
• For newsletters, unsubscribe any time using the link provided in each message.
• When using the contact form, share only information necessary to handle your request.
• Keep your devices and browsers updated to benefit from the latest security protections.

Conclusion

Your privacy is a core part of our service experience. With clear rights, defined retention schedules, encryption, and transparent use of tools, we aim to make Data Privacy at HotelKastelruth.com straightforward and trustworthy.

Have a question or want to exercise your rights? Contact us:

• Tel: +39 0471 706 308
• E-mail: info@hotelkastelruth.com
• Address: Nima Demetz GmbH, Plattenstraße 9, 39040 Kastelruth (BZ), Südtirol, Italy

For more details, navigate to our Privacy Policy and FAQ from this page.