PRIVACY POLICY
(pursuant to EU Regulation 2016/679 – GDPR)

This policy describes the management methods of the Hi Luino website with regard to the processing of personal data of users who visit it and/or use the available services (e.g., contact form).

1. Data Controller

Hi Luino
Headquarters: P.zza G. Marconi, 24 – 21016 Luino (VA), Italy
CIN: IT012092A1B9H6GEE

2. Types of data processed
Browsing data (e.g., IP address, URI of requested resources, time of request, parameters relating to the operating system and IT environment).
Data provided voluntarily by the user via the contact form: name, surname, email address, telephone number, and message content.
Data collected through cookies and third-party tools (see Cookie Policy).
3. Purpose of processing
Respond to requests for information sent via forms or other contact information.
Manage pre-contractual requests (e.g., availability, quotes, information about stays).
Statistical analysis and website traffic measurement (with prior consent where required).
Third-party features and integrations (e.g., Google review widgets) (with prior consent where required).
Marketing and remarketing activities via Meta platforms (with prior consent).
Security, abuse prevention, and technical management of the website.
4. Legal basis for processing
User consent (Article 6.1.a GDPR) for non-necessary cookies and marketing/analytics activities where applicable.
Implementation of pre-contractual measures or a contract (Article 6.1.b GDPR) to respond to user requests.
Legitimate interest of the Data Controller (Article 6.1.f GDPR) for the security and operation of the website.
Legal obligation (Article 6.1.c GDPR) if and when applicable.
5. Processing Methods and Security Measures

The data is processed using IT and electronic tools, using methods strictly related to the purposes indicated above and with appropriate security measures to reduce the risk of loss, misuse, or unauthorized access.

6. Data Recipients

The data will not be disclosed. It may be disclosed to external parties acting as technical/organizational providers (e.g., hosting, maintenance, analytics/marketing services), who may be appointed as Data Processors pursuant to Art. 28 of the GDPR.

7. Data Transfer to Non-EU Countries

Some tools used on the site (e.g., Google, Meta) may involve data transfers to countries outside the European Economic Area. In such cases, the transfer is based on the guarantees provided by law (e.g., adequacy decisions and/or standard contractual clauses and supplementary measures, if applicable).

8. Retention Period
Form requests: for the time necessary to process the request and subsequently for a period consistent with organizational needs and/or protection of rights (subject to further legal obligations).
Browsing data: according to the site’s technical and security timeframes.
Cookies: as indicated in the Cookie Policy and/or consent management panel.
9. Rights of the Data Subject

The user may exercise the rights provided for in Articles 15-22 of the GDPR, including: access, rectification, erasure, restriction, objection, portability, and withdrawal of consent (without prejudice to the lawfulness of processing based on consent before its withdrawal).

You may also lodge a complaint with the Italian Data Protection Authority.

10. Cookies and Third-Party Tools

For detailed information on cookies and how to manage your preferences, please consult the site’s Cookie Policy.

11. Updates

This policy may be subject to updates. Changes will be published on this page.