Data protection - tgesa ROMANA in Savognin

tgesa ROMANA Savognin – Restaurant & Vacation Rentalstgesa ROMANA Savognin – Restaurant & Vacation Rentalstgesa ROMANA Savognin – Restaurant & Vacation Rentals

This website collects personal data from its users.

Types of data collected

The personal data processed by this application, either independently or through third parties, includes: Usage data; Trackers; Data transmitted during the use of the service; First name; Last name; Gender; Phone number; physical address; Email; Company name; Country; various types of data.

Complete details regarding each type of personal data processed are provided in the dedicated sections of this privacy policy or through specific explanatory texts displayed prior to data collection.
Personal data may be voluntarily provided by the user or, in the case of usage data, automatically collected when using this application.
Unless otherwise specified, the provision of all data requested by this application is mandatory. If the user refuses to provide the data, this may result in this application being unable to provide its services to the user. In cases where this application expressly indicates that the provision of personal data is voluntary, users are free to choose not to provide such data without any consequences for the availability or functionality of the service.

Users who are uncertain about which personal data is mandatory can contact the provider.

Any use of cookies – or other tracking tools – by this application or third-party service providers used by this application serves the purpose of providing the service requested by the user and any other purposes described in this document and in the cookie policy.

Users are responsible for any personal data of third parties obtained through this application.

Type and location of data processing

Processing methods

The provider processes user data in a proper manner and takes appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of data.
Data processing is carried out using computers or IT-based systems, following organizational procedures and methods specifically tailored to the stated purposes. In addition to the controller, in some cases, the data may be accessible to certain types of persons in charge, involved with the operation of this application (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as data processors by the owner. The updated list of these parties may be requested from the provider at any time.

Location

The data is processed at the provider's headquarters and in any other places where the parties involved in the data processing are located.

Depending on the user's location, data transfers may involve transferring the user's data to a country other than their own. To find out more about the location of processing of transferred data, users can check the section containing details about the processing of personal data.

Retention period

Unless otherwise specified in this document, personal data shall be processed and stored for as long as required by the purpose they have been collected for and may be retained for longer due to applicable legal obligation(s) or based on the users’ consent.

Purposes of processing

The provider collects personal data relating to the user in order to provide the service, comply with its legal obligations, respond to enforcement requests, protect its rights and interests (or those of users or third parties), and detect any malicious or fraudulent activity. In addition, data is collected for the following purposes: Displaying content from external platforms, tag management, interaction with live chat platforms, platform services and hosting, analytics, managing contacts and sending messages, managing landing and invitation pages, interaction with data collection platforms and other third parties, and contacting the user.

Users can find further detailed information about such processing purposes and about the specific personal data used for each purpose in the “Detailed information on the processing of personal data” section of this document.

Detailed information on the processing of personal data

Personal data is collected for the following purposes, using the following services:

Analytics

The services contained in this section enable the provider to monitor and analyze traffic and can be used to keep track of user behavior.

Google Analytics

Google Analytics is a web analysis service provided by Google LLC or by Google Ireland Limited, depending on how the provider manages the data processing (“Google”). Google utilizes the data collected to track and examine the use of this application, to prepare reports on its activities and share them with other Google services.
Google may use the data collected to contextualize and personalize the ads of its own advertising network.

Personal data processed: Usage data; Tracker.

Place of processing: United States – Privacy Policy; Ireland – Privacy Policy.

Displaying content from external platforms

This type of service allows users to view content hosted on external platforms directly from this application and interact with them.

This type of service might still collect web traffic data for the pages where the service is installed, even when users do not use it.

Google Fonts

Google Fonts is a font visualization service provided by Google LLC or Google Ireland Limited, depending on how the provider manages data processing, which allows this application to embed corresponding content on its pages.

Personal data processed: Usage data; various types of data as described in the service's privacy policy.

Place of processing: United States – Privacy Policy; Ireland – Privacy Policy.

Platform services and hosting

These services are for the purpose of hosting and operating key components of the application for this application, so that this application can be offered from a unified platform. Such platforms provide the provider with a whole range of tools - for example, analysis and comment functions, user and database management, e-commerce and payment processing - which include the processing of personal data.
Some of these services operate with geographically distributed servers, so it is difficult to determine the location where the personal data is stored.

Webflow (Webflow, Inc.)

Webflow is a platform provided by Webflow, Inc. that allows the owner to build, host, and operate this application. Webflow is highly customizable and can host websites with content ranging from simple blogs to complex e-commerce platforms.

Webflow, Inc. is a company certified under the Swiss-U.S. Data Privacy Framework.

Personal data processed: Usage data, Tracker, various types of data as described in the service's privacy policy.

Place of processing: United States – Privacy Policy.

Tag Management

These types of service help the provider to manage the tags or scripts required for this application centrally.
As a result, the user's data flows through these services and may be stored.

Google Tag Manager

Google Tag Manager is a tag management service provided by Google LLC or Google Ireland Limited, depending on how the provider manages data processing.

Personal data processed: Usage data, Tracker.

Place of processing: United States – Privacy Policy; Ireland – Privacy Policy.

Managing contacts and sending messages

This type of service allows you to manage a database of email contacts, phone numbers, or any other contact information to communicate with the user.

The services can also collect data about when the message was read by the user and when the user interacts with incoming messages, such as by clicking on links contained therein.

E-mail

By sending an email with their data, users authorize this application to use their information to respond to requests for information, offers, or other requests specified in the email header.

Personal data processed: Email, gender, first name, last name, company name, phone number, various types of data.

Cookies

Cookies are small text files that are stored on your computer by websites you visit. Websites use cookies to enable users to navigate efficiently and to help perform certain functions. Cookies that are necessary for the proper functioning of the website may also be set without your consent. All other cookies must be approved before they can be set in the browser.

  • Strictly necessary cookies: Strictly necessary cookies enable essential core functions of the website such as user login and account management. The website cannot be used properly without strictly necessary cookies.
  • Performance cookies: Performance cookies collect information about how visitors use a website, e.g. analysis cookies. These cookies cannot be used to directly identify a specific visitor.
  • Targeting cookies: Targeting cookies are used to identify visitors between different websites, e.g. content partners, banner networks. These cookies can be used by companies to create a profile of visitor interests or to display relevant ads on other websites.
  • Functional cookies: Functional cookies are used to store visitor information on the website, e.g. language, time zone, extended content.
  • Unclassified cookies: Unclassified cookies are cookies that do not belong to any of the other categories or are in the process of being classified.

You can change your consent to the use of cookies below.

[Cookies]

More information for users

Legal bases of processing

The provider may only process personal data of users if one of the following applies:

  • Users have given their consent for one or more specific purposes. Note: In some jurisdictions, the provider may be allowed to process personal data until the user objects to such processing ("opt-out"), without having to rely on consent or any other of the following legal bases. However, this does not apply if the processing of personal data is subject to European data protection law;
  • the data collection is necessary for the performance of a contract with the user and/or for pre-contractual measures arising therefrom;
  • the processing is necessary for compliance with a legal obligation to which the provider is subject;
  • the processing is related to a task carried out in the public interest or in the exercise of official authority vested in the provider;
  • the processing is necessary to protect the legitimate interests of the provider or a third party.

In any case, the provider will gladly provide information on the specific legal basis on which the processing is based, in particular on whether the provision of personal data is a legal or contractual obligation or a prerequisite for the conclusion of a contract.

More information about the retention period

Unless otherwise specified in this document, personal data shall be processed and stored for as long as required by the purpose they have been collected for and may be retained for longer due to applicable legal obligation(s) or based on the users’ consent.

Therefore:

  • Personal data collected for the purpose of fulfilling a contract between the provider and the user will be stored until the contract has been fully fulfilled.
  • Personal data collected to protect the legitimate interests of the provider will be retained for as long as is necessary to fulfill those purposes. Users can obtain further information about the legitimate interests pursued by the provider in the relevant sections of this document or by contacting the provider.

In addition, the provider may be permitted to store personal data for a longer period if the user has consented to such processing, as long as the consent is not withdrawn. Furthermore, the provider may be obliged to retain personal data for a longer period if this is necessary to fulfill a legal obligation or on the order of an authority.

Once the retention period expires, personal data will be deleted. Therefore, the right of access, the right to erasure, the right to rectification and the right to data portability cannot be asserted after the retention period has expired.

The rights of users

Users may exercise certain rights with regard to their data processed by the provider.

In particular, users have the right to do the following to the extent permitted by law:

  • Withdraw their consent at any time. If the user has previously consented to the processing of personal data, they may withdraw their consent at any time.
  • Object to the processing of their data. The user has the right to object to the processing of their data if the processing is based on a legal basis other than consent.
  • Obtain information regarding their data. The user has the right to know whether the data is being processed by the provider, to obtain information about individual aspects of the processing and to obtain a copy of the data.
  • Review and rectify your data. Users have the right to verify the accuracy of their data and request its update or correction.
  • Request restriction of the processing of your data. Users have the right to restrict the processing of their data. In this case, the provider will process the data for no purpose other than storage.
  • Request deletion or other removal of personal data. Users have the right to request the provider to delete their data.
  • Receive your data and have it transferred to another controller. The user has the right to receive their data in a structured, commonly used and machine-readable format and, if technically possible, to have it transmitted to another controller without hindrance.
  • File a complaint. Users have the right to lodge a complaint with the competent supervisory authority.

Users also have the right to be informed about the legal basis for the transfer of data abroad or to an international organisation governed by international law or founded by two or more countries, such as the UN, and about the security measures taken by the provider to protect their data.

Details on the right to object to processing

If personal data is processed in the public interest, in the exercise of an official authority vested in the provider or to safeguard the legitimate interests of the provider, the user may object to such processing by stating a reason relating to their particular situation.

Users are informed that they can object to the processing of personal data for direct marketing purposes at any time free of charge and without giving reasons. If the user objects to processing for direct marketing purposes, the personal data will no longer be processed for these purposes. Users can refer to the relevant sections of this document to determine whether the provider processes personal data for direct marketing purposes.

How rights can be exercised

All requests to exercise user rights can be directed to the provider using the contact details provided in this document. Requests can be made free of charge and will be answered by the provider as soon as possible, at the latest within one month, and the users will be provided with the legally required information. The provider shall notify any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, if any, unless this proves impossible or involves disproportionate effort. The provider shall inform the user about those recipients if the user requests it.

Further information about the collection and processing of data

Legal action

The user's personal data may be processed by the provider for the purposes of law enforcement within or in preparation of legal proceedings arising from the improper use of this application or the related services.
The user declares to be aware that the provider may be required to disclose personal data to the authorities.

Further information about the user's personal data

In addition to the information contained in this privacy policy, this application may, upon request, provide the user with additional contextual information relating to specific services or to the collection and processing of personal data.

System logs and maintenance

This application and third-party services may collect files that record interaction with this application (system logs) or use other personal data (e.g. IP address) for these purposes for operational and maintenance purposes.

Information not contained in this privacy policy

Further information about the collection or processing of personal data may be requested from the provider at any time using the contact details provided.

Changes to this privacy policy

The provider reserves the right to make changes to this privacy policy at any time by informing users on this page and, if possible, via this application and/or - to the extent technically and legally feasible - by sending a notification to users via the contact details available to the provider. Users are therefore advised to visit this page regularly and, in particular, to check the date of the last change indicated at the bottom of the page.

If changes affect data use based on the user's consent, the provider will obtain new consent, where required.

Definitions and legal notices

Personal data (or data)

Any information which, directly or in combination with other information, identifies or can identify a natural person.

Usage Data

Information that this Application (or third-party services that this Application uses) automatically collects, e.g., the IP addresses or domain names of the computers used by Users who use this Application, the URI addresses (Uniform Resource Identifier), the time of the request, the method used to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and operating system used by the User, the various time details per visit (e.g., how much time was spent on each page of the Application) and information about the path followed within an Application, in particular the sequence of pages visited, and other information about the operating system of the device and/or the User's IT environment.

User

The individual using this Application who, unless otherwise specified, corresponds to the Data Subject.

Data Subject

The natural person to whom the personal data refers.

Data Processor (or Data Processing Manager)

Natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller, as described in this privacy policy.

Data Controller (or Provider, also sometimes Owner)

The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, including the security measures concerning the operation and use of this Application. Unless otherwise specified, the Data Controller is the natural or legal person through which this Application is offered.

This Application

The hardware or software tool by which the User's personal data is collected and processed.

Service

The service provided by this Application as described in the relative terms (if available) and on this site/application.

European Union (or EU)

Unless otherwise specified, all references in this document to the European Union include all current member states of the European Union and the European Economic Area (EEA).

Cookie

Cookies are Trackers consisting of small sets of data stored in the User's browser.

Tracker

Tracker indicates any technology – e.g. Cookies, unique identifiers, web beacons, embedded scripts, e-tags and fingerprinting – that enables the tracking of Users, for example by accessing or storing information on the User’s device.

Legal Notice

This privacy policy applies solely to this Application, unless stated otherwise in this document.

Last update: July 21, 2025