Information on data processing pursuant to EU Regulation No. 679/2016
In accordance with EU Regulation No. 679/2016 (hereinafter referred to as the GDPR), and with regard to the personal data it will receive, Ciastel regarding the nature, scope, and purpose of its data processing.
The data controller is Ciastel, represented by its legal representative [please provide name], with registered office at Str. Ras-Costa 6, 39030 San Vigilio di Enneberg (BZ), Italy.
Contact information: Email ciastel, Phone +39 379 293 1226.
The data controller can be contacted by mail at Ciastel, Str. Ras-Costa 6, 39030 San Vigilio di Enneberg (BZ), Italy, or by email at ciastel.
We process the personal data of customers, guests, prospective customers, suppliers, and business partners, as well as data from individuals who voluntarily provide their personal information to our company in person, by phone, via email, through a contact form, via booking and reservation services, or through our website.
In particular, we process basic personal data such as name, address, email address, phone number, booking and reservation details, stay details, billing and payment information, communication content, and technical access data, to the extent that such data is necessary for the purposes listed below.
Data is processed exclusively for the following purposes:
a. Compliance with the obligations set forth in applicable regulations and laws, including those relating to tax, accounting, and reporting requirements;
b. Fulfillment of contractual and pre-contractual obligations toward the data subjects, in particular processing inquiries, preparing quotes, and handling bookings, reservations, and stays;
c. Carrying out activities related to our company’s business operations, such as compiling internal statistics, preparing financial statements, maintaining customer and supplier accounts, and managing accounts receivable and accounts payable;
d. Preparing quotes and communicating with guests, prospective customers, suppliers, and business partners;
e. Sending newsletters, circulars, or promotional communications, provided that consent has been obtained or there is another legal basis for doing so;
f. Compiling internal statistics, ensuring the technical operation of the website, improving our online services, and managing cookie and privacy settings.
Data processing is carried out in accordance with legal requirements and is based on the following legal grounds pursuant to Articles 6 and 7 of the GDPR: Data processing is carried out to fulfill the agreed-upon services, to implement contractual measures and respond to inquiries, to comply with legal obligations and protect legitimate interests, as well as on the basis of the consent of the data subjects.
Specifically, the processing is based in particular on Article 6(1)(a) of the GDPR in cases of consent, Article 6(1)(b) of the GDPR in cases of contract performance or pre-contractual measures, Article 6(1)(c) of the GDPR in cases of legal obligations, and Article 6(1)(f) of the GDPR in cases of legitimate interests.
Data processing may be carried out with or without the use of electronic means, but in any case by automated means, and includes the collection, storage, organization, retention, retrieval, processing in the strict sense, modification, selection, extraction, comparison, use, interconnection, blocking, transmission, erasure, and archiving of data.
Data processing is carried out both by the data controller and by processors and third parties whom the data controller has commissioned to process the data for the purposes specified in Section 3, or in cases where this is required by law. The data controller has ensured that processors and third parties also process personal data in accordance with the GDPR.
If necessary, the data may be disclosed to domestic and/or foreign individuals and/or legal entities, provided that such disclosure is necessary for the performance of the activities and for the purposes set forth in Section 3. However, personal data is not generally disclosed.
Specifically, data processing is carried out in the following ways:
When users contact Ciastel the contact form, email, phone, or social media, their information is processed for the purpose of handling and resolving their inquiry. This information may be stored in a customer relationship management system or a similar inquiry management system.
Requests will be deleted as soon as they are no longer needed, unless retaining the data is necessary to comply with legal obligations.
For bookings, availability inquiries, and reservations, the data provided by the data subject is processed for the purpose of handling the inquiry, preparing a quote, carrying out pre-contractual measures, and fulfilling the contract.
The website may include or link to external booking and reservation services, in particular Slope for apartment bookings, as well as reservation or restaurant widgets. When such services are used, the data entered there is transmitted to the respective provider and processed in accordance with that provider’s privacy policy.
If this website or the booking process offers the option to subscribe to a newsletter or promotional communications, by signing up, the user agrees to receive emails and other electronic notifications containing information and promotional content.
In doing so, the time of registration and confirmation, the IP address, and the necessary personal registration data may be stored. You can unsubscribe from or revoke your subscription to the newsletter by clicking the unsubscribe link included in the respective message or by sending an email to ciastel. From that point on, the relevant personal data will be deleted, unless its retention is necessary to comply with legal obligations.
This website is created and operated using Webflow. The provider is Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA. When you visit the website, technical access data—including, in particular, your IP address, browser information, device information, the date and time of access, and the pages you visit—may be processed by Webflow or its infrastructure.
This data is processed for the purposes of technical provision, security, and delivery of the website. For more information, please see Webflow’s Privacy Policy: https://webflow.com/legal/privacy.
When you visit this website, technically necessary cookies and similar technologies may be used. In addition, other services—in particular analytics, marketing, or media services—may only be loaded with the prior consent of the user.
This website uses a consent management system to manage user consent. The settings selected by the user are stored so that they can be applied during future visits. For documentation purposes, information regarding consent—including, in particular, the consent ID, the time of consent, the selected categories, and the domain—may be processed and transmitted to a consent logging service.
The user may withdraw or modify their consent at any time with future effect via the cookie settings.
Google Maps may be embedded on this website to Ciastel location. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Maps will not load until the user consents to the relevant category for external media or actively shares the map. When the map loads, personal data—including, in particular, IP addresses, location data, browser and device information, and usage data—may be transmitted to Google. For more information, please see Google’s Privacy Policy: https://policies.google.com/privacy.
This website uses Weglot to provide multilingual content and language switching. The provider is Weglot SAS, 138 rue Pierre Joigneaux, 92270 Bois-Colombes, France.
When using the language feature, technical data such as IP address, browser information, language settings, visited URLs, and website content may be processed. This processing is used to display and manage translations. For more information, please see Weglot’s Privacy Policy: https://www.weglot.com/privacy.
This website may embed content from Instagram or social media feeds via external services, specifically Curator.io. This content will not be loaded until the user consents to the relevant category for external media.
When loading external content, personal data such as IP address, browser information, device information, the page accessed, and usage data may be transmitted to the respective provider. If the user is logged in to Instagram or another platform, that platform may associate the relevant data with the user’s account. Further information can be found in the privacy policies of the respective providers, in particular Instagram at https://privacycenter.instagram.com/policy/ and Curator.io at https://curator.io/privacy-policy.
This website may use Marker.io to collect feedback, document errors, and improve the website. When this service is enabled, technical information such as browser data, operating system, screen size, URL, IP address, timestamps, and content voluntarily submitted by the user may be processed.
The service is loaded into the corresponding category only after consent is given. For more information, please see Marker.io’s Privacy Policy: https://marker.io/privacy.
Ciastel an online presence on social media networks and platforms to communicate with customers, prospective customers, and users who are active there and to inform them about its services. When accessing these networks, the privacy policies of the respective operators apply.
For the technical delivery and design of the website, technical libraries and content may be loaded via external content delivery networks, for example for graphics, animations, date fields, or other website features. In doing so, technical access data such as IP addresses, browser information, and pages visited may be transmitted to the respective provider.
The data is processed for the purpose of providing and optimizing the website. If consent is required, the data will be processed only after such consent has been obtained.
In order to identify market trends and the needs of our contractual partners and users, we analyze the available data on business transactions, inquiries, contracts, and bookings. In doing so, we process inventory data, communication data, contract data, payment data, usage data, and metadata from contractual partners, prospective customers, customers, and visitors to our online platform.
These analyses are used to improve user-friendliness, optimize our services, and enhance operational efficiency, and are not disclosed to third parties unless required by law, with consent, or on another legal basis.
The disclosure of personal data is essential for fulfilling the purposes set forth in Section 3, to the extent that such data is necessary for processing inquiries, preparing quotes, making bookings and reservations, fulfilling contractual obligations, or complying with legal requirements.
If the individuals concerned refuse to provide the necessary data, the purposes set forth in Section 3 cannot be fulfilled, either in whole or in part.
Providing data for non-essential cookies, external media, and analytics and marketing services is optional. Refusing to do so will not affect the basic functionality of the website, but may result in certain features or content not being displayed.
Unless otherwise expressly stated in this Privacy Policy, the processed data will be deleted as soon as it is no longer needed for the purposes specified in Section 3 and there are no longer any legal retention requirements.
If deletion is not possible for legal reasons, data processing will be restricted; in other words, the data will be blocked and not used for any other purposes.
In general, personal data is retained only for as long as is necessary to process the relevant inquiry, fulfill the contractual relationship, comply with legal obligations, or protect legitimate interests. Accounting, billing, and tax-related data is retained in accordance with statutory retention periods.
The GDPR allows data subjects to exercise specific rights:
a. The right to obtain from the controller information regarding the personal data in question, as well as the right to have such data rectified, erased, or restricted, and the right to object to the processing;
b. The right to receive one’s own data from the data controller in a structured and commonly used format, where possible, also for the purpose of transferring the data to another controller;
c. The right to withdraw consent to data processing at any time, provided that the lawfulness of the processing is based on the data subject’s consent, and without affecting the lawfulness of processing carried out on the basis of consent prior to withdrawal;
d. The right to file a complaint with the data protection supervisory authority.
In Italy, the competent supervisory authority is the Garante per la protezione dei dati personali, Piazza Venezia 11, 00187 Rome, Italy, https://www.garanteprivacy.it.
These rights may be exercised by sending a written notice to Ciastel, Str. Ras-Costa 6, 39030 San Vigilio di Marebbe (BZ), Italy, or by email to ciastel.
As of April 2026
