Privacy Policy

Who We Are

This Privacy Policy explains how Kristiania Pure Nature Hotel & Spa ("we", "us", "our"), as the data controller, processes your personal data when you visit our website or contact us through the enquiry form. We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR) and Italian data-protection law.

Data controller: Kristiania Pure Nature Hotel & Spa, via S. Antonio, 18, 38024 Cogolo di Pejo, Val di Sole - Trentino, IT.

Contact: info@hotelkristiania.it

Personal Data We Collect

We collect only the personal data you provide to us when you submit an enquiry, together with limited technical data that is necessary to operate the website securely.

Data you provide via the enquiry form:

  • Salutation, first name and last name
  • Email address
  • Phone number (country prefix and number)
  • Preferred travel dates (arrival and departure)
  • Number of adults and children, and children's ages (collected so we can suggest appropriately sized rooms)
  • Selected room and offer, if any
  • Country and language preference
  • Your free-text message
  • Whether you opt in to our newsletter

Marketing-attribution data:

If you reach the website via a marketing campaign, your browser may pass campaign parameters (e.g. utm_source, utm_medium, utm_campaign, gclid, fbclid, gad_source). When you submit the enquiry form these parameters are forwarded with your message so we can understand which campaigns are useful.

Technical data collected automatically:

Our hosting provider records standard request information (IP address, user-agent, timestamps) in server logs for security, abuse-prevention and performance monitoring. We also use a hidden anti-spam field (a honeypot) and a short-lived form token to filter automated submissions.

We do not knowingly collect personal data from children. The booking-flow fields about children (ages, counts) are entered by the adult making the enquiry on the child's behalf and are used solely to provide an accurate quotation.

How We Use Your Data and Legal Bases

We process your data only where we have a lawful basis under Article 6(1) GDPR. The processing operations are:

Handling your enquiry and preparing a quotation

We use the data you submit through the enquiry form to reply to you, prepare an offer and, if you choose to book, to perform the resulting contract. Legal basis: Article 6(1)(b) GDPR (steps taken at your request prior to entering into a contract, and performance of that contract).

Newsletter (only if you opt in)

If you tick the newsletter checkbox we will send you occasional updates about offers and news. You can withdraw your consent at any time by emailing us — withdrawal does not affect the lawfulness of processing before withdrawal. Legal basis: Article 6(1)(a) GDPR (consent).

Language preference

We store your chosen language in a first-party preference cookie (NEXT_LOCALE) so the site loads in the correct language on your next visit. Legal basis: Article 6(1)(f) GDPR (our legitimate interest in providing a usable, accessible website).

Site analytics

We use Vercel's first-party, cookieless analytics to measure aggregated traffic and performance. No cookies are set, no cross-site identifiers are used, and individual visitors are not tracked. Legal basis: Article 6(1)(f) GDPR (legitimate interest in operating and improving the website).

Security and abuse prevention

Server logs, the honeypot field and CSRF/form-token checks let us defend the site against spam and abuse. Legal basis: Article 6(1)(f) GDPR (legitimate interest in protecting our systems and your data).

Marketing-campaign attribution

Where present, we forward the campaign parameters you arrived with (UTM tags, gclid, fbclid, gad_source) together with your enquiry, so we can understand which campaigns deliver real interest. We do not combine this with cross-site advertising profiles. Legal basis: Article 6(1)(f) GDPR (legitimate interest in measuring marketing effectiveness).

Who We Share Data With

We do not sell your personal data and we do not share it with advertisers. We do rely on a small number of carefully selected service providers (processors under Article 28 GDPR) to operate the website and deliver our replies to you:

Alpin Ads (alpinads.com)

Alpin Ads operates this website on our behalf. When you submit the enquiry form, your submission is forwarded to Alpin Ads infrastructure — specifically its "Quote Request" service and its "Mail Hook" backup/logging service — so that we receive your message reliably even if a downstream provider has an outage. For transparency: if delivery of your enquiry to us fails, an automated failure notification (containing your name, email and travel dates) is sent to an Alpin Ads support address so the issue can be diagnosed and your message recovered.

Resend

We use Resend (Resend, Inc.) to deliver the enquiry email to our inbox and to send you the confirmation email that acknowledges your enquiry.

Vercel

The website is hosted by Vercel Inc., which also provides the first-party, cookieless analytics described above and stores standard request logs.

All of these providers act on documented instructions and are bound by appropriate data-processing agreements. We may also disclose data where required by law or to defend legal claims.

Data Retention

We keep your personal data only for as long as is necessary for the purpose for which it was collected:

  • Enquiry data: retained while we handle your enquiry and for a reasonable follow-up period afterwards (typically up to 24 months), unless a booking results — in which case statutory hospitality and tax retention periods apply.
  • Newsletter contact data: retained until you withdraw consent or unsubscribe.
  • Booking-flow session storage: cleared when you close your browser.
  • Language-preference cookie (NEXT_LOCALE): up to one year, or until you clear it.
  • Server and security logs: short retention periods set by our hosting provider, typically a few weeks.

International Transfers

Some of our service providers (in particular Resend and Vercel) may process personal data outside the European Economic Area, including in the United States. Where they do so, transfers are protected by appropriate safeguards under Article 46 GDPR — most commonly the European Commission's Standard Contractual Clauses (SCCs) — and, where applicable, supplementary measures. You can request a copy of the safeguards by contacting us.

Your Rights Under GDPR

Subject to the conditions set out in the GDPR, you have the right to:

  • Access the personal data we hold about you (Article 15)
  • Have inaccurate data corrected (Article 16)
  • Have your data erased where the legal conditions are met (Article 17)
  • Restrict our processing of your data (Article 18)
  • Receive your data in a portable format (Article 20)
  • Object to processing based on our legitimate interests, including direct marketing (Article 21)
  • Withdraw your consent at any time, where processing is based on consent (Article 7(3)) — withdrawal does not affect the lawfulness of processing carried out before you withdrew

To exercise any of these rights, please email us at info@hotelkristiania.it. We will respond within one month, as required by Article 12(3) GDPR.

You also have the right to lodge a complaint with a supervisory authority — for example, in Italy, the Garante per la protezione dei dati personali — if you believe our processing of your personal data infringes the GDPR.

Contact Information

If you have any questions about this Privacy Policy or how we process your personal data, please email us at info@hotelkristiania.it.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the services we use or the law. When we do, we will revise the "Last Updated" date shown at the top of this page and, where the changes are material, take additional steps to notify you. We encourage you to review this page periodically.