Grand Hotel Le ChâteauGrand HotelLe Château

Notice

Privacy Policy

This Privacy Notice describes how HEAL THE WORLD S.r.l., the entity operating Grand Hotel Le Château, collects and processes the personal data of users of grandhotellechateau.it and of the hotel's guests, in compliance with EU Regulation 2016/679 (GDPR) and Italian Legislative Decree 196/2003.

Last updated: 25 May 2026

1. Data Controller

The Data Controller is HEAL THE WORLD S.r.l., registered office at Via Licola Mare 117 — Marina di Varcaturo, 80014 Giugliano in Campania (NA), Italy, VAT 06815241218, CIN IT063034A1ILFGEPZB. For any request relating to your personal data, please write to info@grandhotellechateau.it.

2. Personal data we collect

We process the following categories of personal data: • Browsing data: IP address, browser type, operating system, pages visited, date and time of access, automatically collected for statistical and security purposes. • Data provided voluntarily: first name, last name, email address, phone number and message content when you use the contact form. • Booking data: when you book, personal and payment data are processed directly by our partner Booking.com / Beddy.io under their respective notices. • Stay data: identity document (required by law — Italian "alloggiati web"), personal details, length of stay, preferences. • Cookies: see our Cookie Policy.

3. Purposes of processing

Your data is processed for the following purposes: • Provision of the requested service (replying to messages, managing bookings, hospitality at the hotel). • Legal obligations (guest registration, invoicing, anti-money laundering). • Site security and fraud prevention. • Only with explicit consent: sending newsletters, promotional communications, statistical analysis, personalized marketing.

4. Legal basis

Processing is based on: • Performance of a contract or pre-contractual measures (art. 6.1.b GDPR) for bookings. • Legal obligation (art. 6.1.c GDPR) for guest registration and invoicing. • Legitimate interest (art. 6.1.f GDPR) for security and aggregated statistics. • Consent (art. 6.1.a GDPR) for newsletter, marketing and non-technical cookies.

5. Retention period

Data is retained only for as long as necessary for the purposes for which it was collected: • Contact form data: 24 months from the last interaction. • Booking and stay data: 10 years (tax obligations). • Newsletter data: until consent is withdrawn. • Technical logs: maximum 12 months. • Cookies: as per the durations indicated in the Cookie Policy.

6. Disclosure and dissemination

Data may be disclosed to: • Authorized staff of the Controller (front office, administration, marketing). • Suppliers acting as Data Processors: Beddy.io booking system, Netlify hosting, MongoDB Atlas database, Aruba email provider, DeepL translation service, Google reCAPTCHA anti-spam. • Competent authorities in case of legal obligations (e.g. Italian Police for guest registration). Data is not disseminated to undefined recipients.

7. Transfers outside the EU

Some suppliers (e.g. Google, Netlify) may process data in non-EU countries. In such cases, the transfer takes place under EU Commission adequacy decisions or standard contractual clauses, ensuring a level of protection equivalent to the GDPR.

8. Your rights

As a data subject, under articles 15-22 GDPR, you have the right to: • Access your personal data and obtain a copy. • Request rectification or update. • Request erasure ("right to be forgotten") where applicable. • Request restriction of processing. • Object to processing on legitimate grounds. • Obtain data portability. • Withdraw consent at any time (without affecting the lawfulness of processing before the withdrawal). To exercise your rights, write to info@grandhotellechateau.it. We will respond within 30 days.

9. Cookies

The site uses technical, preference, statistical and marketing cookies. Full details and management methods are explained in our Cookie Policy.

10. Data security

We adopt appropriate technical and organizational measures to protect your data from unauthorized access, loss, destruction or alteration: encrypted HTTPS connections, restricted and authenticated access, regular backups, anti-spam and anti-bot protections.

11. Changes to this notice

This notice may be updated at any time to reflect regulatory or organizational changes. The last update date is always shown at the top.

12. Complaints

If you believe that the processing of your data violates the GDPR, you have the right to lodge a complaint with the Italian Data Protection Authority (https://www.garanteprivacy.it) or with the supervisory authority of your country of residence.

Controller's contacts

HEAL THE WORLD S.r.l. Via Licola Mare 117 — Marina di Varcaturo, 80014 Giugliano in Campania (NA), Italy VAT 06815241218 CIN: IT063034A1ILFGEPZB Email: info@grandhotellechateau.it

Chat on WhatsApp