Status: 14 January 2026
1) Data controller
Luis Walcher
Street Eisenkellerweg 16b, 39100 Bolzano/Gries, Italy
Email: urbanhof.bozen@yahoo.de
Phone.: +39 339 3930983
2) Scope, legal basis, legal framework (Italy)
This privacy policy provides information about the processing of personal data:
– when visiting this website (including contact form, Google Maps, social media links),
– when using the ‘Roter Hahn’ booking/enquiry widget,
– as well as in the context of booking, accommodation and billing (guest data).
The General Data Protection Regulation (GDPR) and the applicable Italian data protection regulations apply.
The legal bases (depending on the case) are in particular:
– Art. 6(1)(b) GDPR (contract/pre-contractual measures, e.g. booking enquiry)
– Art. 6(1)(c) GDPR (legal obligation, e.g. registration/retention obligations)
– Art. 6(1)(f) GDPR (legitimate interests, e.g. secure operation of the website)
– Art. 6(1)(a) GDPR (consent, e.g. for loading external content such as maps/widgets, if controlled by consent)
3) Website visit: server log files / hosting
When you visit the website, data that your browser transmits to the server (known as server log files) is processed for technical reasons, e.g.:
– IP address, date and time,
– page/file accessed,
– referrer URL,
– browser type and operating system,
– status codes and amount of data transferred.
The purpose is the technical provision, stability and security of the website (e.g. error analysis, defence against attacks).
The legal basis is Article 6(1)(f) GDPR.
Hosting provider: Aruba (Aruba S.p.A., Italy).
Storage period: Log data is only stored for as long as is necessary for operation and security, and is then deleted or anonymised.
4) Contact (contact form, email, telephone)
If you contact us via the contact form, email or telephone, we will process the data you provide (e.g. name, email address, telephone number, message/request).
Purpose: Processing of the enquiry and communication.
Legal basis:
– Art. 6(1)(b) GDPR, if the enquiry relates to a contract or pre-contractual measures,
– otherwise Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries).
Storage period: until the request has been processed; beyond that, only if there are legal retention obligations.
Note regarding email (Yahoo): When communicating via the email address provided, the content and metadata of the communication may also be processed by the email service provider for technical reasons.
5) Cookies, consent and external content
This website may use cookies and similar technologies.
– Technically necessary cookies are required for the operation and security of the website.
– Depending on the technical implementation, consent may be required for non-essential cookies and/or the loading of external content (e.g. maps, booking widget).
If a cookie/consent banner is used, you can make your selection there and revoke your consent at any time with effect for the future (via the cookie settings).
6) Google Maps (maps)
Google Maps may be integrated into this website to display locations.
When displaying the map, data (in particular IP address and, if applicable, device/browser information) may be transmitted to Google; cookies may also be set.
Legal basis: generally consent (Art. 6(1)(a) GDPR), provided that Google Maps is only loaded after consent has been given; otherwise Art. 6(1)(f) GDPR only if integration is technically necessary (standard case: consent).
Note on third-country transfers: It cannot be ruled out that data may also be processed outside the EEA. Google specifies appropriate safeguards for certain cases (e.g. standard contractual clauses).
7) Social media links (Instagram, Facebook)
The website contains links to Instagram and Facebook.
As long as you do not click on these links, no data is usually transferred to the platforms simply by linking to them.
When you click on them, you leave this website; from then on, processing is carried out in accordance with the data protection regulations of the respective platform.
Note on third-country transfers: When using Meta services, processing may also take place outside the EEA; Meta uses standard contractual clauses, among other things, for this purpose.
8) ‘Roter Hahn’ booking/enquiry widget
A booking/enquiry widget from ‘Roter Hahn’ is integrated into this website.
When loading/using the widget, technical data (e.g. IP address, device/browser information) may be transmitted to ‘Roter Hahn’.
If you submit an enquiry/booking in the widget, the data you enter will be processed for the purpose of handling the enquiry.
Legal basis:
– for sending a booking/enquiry: Art. 6(1)(b) GDPR (pre-contractual measures),
– for loading external content/technologies: depending on implementation, Art. 6(1)(a) GDPR (consent).
Further information on data processing by Roter Hahn can be found in their privacy policy.
9) Guest data / accommodation (Art. 13 GDPR information for guests)
This information applies to all guests and prospective bookers.
9.1) What data do we process?
In the context of enquiries, bookings and stays, we process the following data in particular, as necessary:
– Master data: first name, surname, address, telephone number, email address, language and other information relevant to the booking
– Data from travel documents/ID cards (where necessary, e.g. for registration purposes)
– Payment/billing data (e.g. bank/card details, payment status; depending on the payment method)
– Stay data (travel period, duration, number of persons)
– Requests/preferences communicated by the guest, insofar as they are relevant for the provision of services
9.2) Purposes of processing
The data is processed for:
– Processing enquiries and bookings
– Providing accommodation services, communicating with guests
– Billing, accounting, tax obligations
– Fulfilment of legal obligations, in particular notifications to the competent authorities
9.3) Legal basis
Processing is carried out in particular on the basis of:
– Art. 6 para. 1 lit. b GDPR (contract/pre-contractual measures)
– Art. 6 para. 1 lit. c GDPR (legal obligations, e.g. reporting obligations, retention obligations)
– Art. 6 para. 1 lit. f DSGVO (berechtigte Interessen, z. B. Durchsetzung/Abwehr von Rechtsansprüchen, Sicherheit)
– Art. 6 Abs. 1 lit. a GDPR (consent), insofar as we obtain consent for specific purposes
9.4) Legal reporting requirements (public safety)
In Italy, accommodation providers/lodgings are required to report to the competent police/Questura (transmission of data on guests within the legal deadlines, usually within 24 hours; for stays of less than 24 hours, within 6 hours if necessary).
9.5) Recipients / Disclosure
Where necessary, data will be transferred to:
– public authorities (e.g. within the scope of statutory reporting obligations)
– tax advisors/authorities within the scope of tax obligations
– payment service providers/banks (depending on the payment method)
– IT/hosting service providers (technical operation)
– ‘Roter Hahn’ (when using the booking widget) in accordance with their privacy policy
9.6) Obligation to provide data
If you do not provide the necessary master data, information required for accommodation, and legally required identification/registration data, a booking/accommodation or the fulfilment of the contract cannot be made or cannot be made in full.
9.7) No automated decisions/profiling
We do not use automated decisions in individual cases, including profiling.
10) Storage period
We only store personal data for as long as is necessary for the respective purposes.
Beyond this, we only store data insofar as statutory retention periods or documentation obligations exist (e.g. retention under tax and commercial law) or for as long as this is necessary to assert, exercise or defend legal claims.
11) Third country transfers
In the case of purely website/guest relationships, we generally process data within the EU/EEA.
Due to the integration of external content/services (in particular Google Maps and social media platforms; possibly email service providers), processing outside the EEA cannot be ruled out.
Where necessary, providers rely on appropriate safeguards (e.g. standard contractual clauses).
12) Your rights
Under the GDPR, you have the right to:
– Information (Art. 15 GDPR)
– Correction (Art. 16 GDPR)
– Deletion (Art. 17 GDPR)
– Restriction of processing (Art. 18 GDPR)
– Data portability (Art. 20 GDPR)
– Objection (Art. 21 GDPR)
– Withdrawal of consent (Art. 7(3) GDPR) with effect for the future
Note: A revocation only affects processing based on consent. We may/must continue to process or store data that we require due to legal obligations or for the fulfilment of contracts.
13) Right to lodge a complaint with the supervisory authority (Italy)
You have the right to lodge a complaint with a data protection supervisory authority.
The competent authority in Italy is:
Garante per la protezione dei dati personali
Piazza Venezia 11, 00187 Rome, Italy
Phone: +39 06 696771 – Fax +39 06 69677.3785 – E-Mail: protocollo@gpdp.it
14) Changes
We reserve the right to amend this privacy policy if the website, services used or legal requirements change.