Book now
info@villasorriso.com
Book now

book directly and save

Modify / Delete Reservation
Recover your booking
X
Reservation code
Email
ENTER THE DATES OF YOUR STAY
villa_sorriso_vista_hotel

Privacy Policy

HOTEL VILLA SORRISO
INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA
pursuant to Article 13 of EU Regulation 2016/679 (GDPR)
Website: www.villasorriso.com

In compliance with the provisions of EU Regulation 2016/679 (hereinafter "GDPR"), Hotel Villa Sorriso provides the following information regarding the processing of personal data of users who visit the website and/or use the hotel services.

This information notice is provided pursuant to Article 13 GDPR and refers to data collected through the website, contact forms, online bookings, email, as well as during check-in and during the stay at the facility.


1. DATA CONTROLLER
The Data Controller is:

Hotel Villa Sorriso
Company SAAMJ SRL
Via Bafile X acc. al mare no. 13
30016 Jesolo (VE)
VAT No. / Tax Code: 04351000270
E-mail: info@vllasorriso.com
Tel.: 0421380654


2. TYPES OF DATA PROCESSED
2.1 Navigation data
The computer systems responsible for the operation of the website automatically acquire certain information whose transmission is implicit in the use of Internet protocols:

IP address of the user’s device
Browser type and operating system parameters
Internet Service Provider (ISP) name
Date, time and duration of the visit
Referring and exit web pages
Pages visited and number of clicks

Such data are used solely for the purpose of obtaining anonymous statistical information on the use of the site and to ensure its correct functioning. The data may be used to ascertain liability in case of computer crimes.0


2.2 Data voluntarily provided by the user
Filling in contact forms, subscribing to the newsletter, making online bookings or sending emails to the indicated addresses involves the collection of the following data:

Personal data: name, surname, date of birth, nationality;
Contact data: email address, telephone number, postal address;
Booking-related data: stay dates, room type, number of guests, special requests;
Payment data: credit/debit card details, securely processed through PCI DSS certified payment gateways;
Identity document data: document number and type, place and date of issue (collected at check-in to comply with legal obligations);
Any special needs: dietary preferences, allergies or intolerances, accessibility requirements — processed as special categories of data pursuant to Article 9 GDPR, only with explicit consent.


2.3 Data collected during the stay
Pursuant to Article 109 of Royal Decree 18 June 1931, No. 773 (Consolidated Law on Public Security — T.U.L.P.S.) and subsequent amendments, the hotel is required to collect and transmit to the Police Headquarters of Venice the personal details of all guests via the State Police telematic portal "Alloggiati Web", within 24 hours of arrival (or within 6 hours for stays not exceeding 24 hours). The data transmitted include:

Full personal details: name, surname, gender, date and place of birth, nationality, citizenship;
Type and number of identity document;
Date of arrival and intended length of stay.


2.4 ISTAT tourist flows — Veneto Region
Pursuant to Article 13, paragraph 5, of Veneto Regional Law 11/2013, the hotel is required to periodically communicate aggregated statistical data on tourist flows (arrivals and overnight stays by origin) to the Veneto Region via the ROSS1000 regional portal. Such data are transmitted in aggregated and anonymised form; they do not involve the disclosure of personally identifiable data of individual guests to third parties.


3. PURPOSES AND LEGAL BASES OF PROCESSING
Personal data are processed for the following purposes, each with its legal basis pursuant to Article 6 GDPR:

Management of bookings and contractual relationship – Art. 6(1)(b) GDPR (performance of a contract):
Processing and confirmation of bookings, provision of requested hotel services, check-in and check-out management, invoicing.

Compliance with legal obligations – Art. 6(1)(c) GDPR:
Transmission of guest data to the Police Headquarters (Art. 109 T.U.L.P.S. and Ministerial Decree 7 January 2013), tax and accounting obligations (Art. 2220 Civil Code, Presidential Decree 633/1972, Presidential Decree 600/1973), communication of tourist flows to the Veneto Region (Art. 13 Law 11/2013), application of tourist tax.

Marketing and promotional communications – Art. 6(1)(a) GDPR (consent, prior and specific):
Sending newsletters, promotional offers, information about events, post-stay feedback and review requests. Consent is optional, may be withdrawn at any time, without prejudice to the lawfulness of prior processing. Withdrawal does not affect the provision of hotel services.

Security and video surveillance – Art. 6(1)(f) GDPR (legitimate interest of the Controller in protecting the safety of guests, employees and property):
Common areas of the hotel (reception, entrances, parking area, pool areas) are subject to video surveillance. Images are stored for a maximum of 48 hours through automatic deletion, in accordance with the guidelines of the Italian Data Protection Authority (Video Surveillance FAQ, General Provision 8 April 2010, doc. web 1712680, and EDPB Guidelines 3/2019). Longer retention periods, in any case not exceeding 7 days, may be applied only in the presence of specific and documented security needs. In areas accessed by employees, the installation of systems is subject to the guarantees provided by Article 4 of Law 20 May 1970, No. 300 (Workers’ Statute). Appropriate signage, indicating the Data Controller, Data Processor and retention period, is displayed near the cameras.

Customer support and complaint management – Art. 6(1)(b) GDPR (contract performance) and (f) (legitimate interest):
Handling of assistance requests and reports, protection of contractual rights.


4. COOKIES AND TRACKING TECHNOLOGIES
The website uses cookies and similar technologies. The applicable legislation includes Directive 2002/58/EC (e-Privacy), as implemented in Italian law, and the guidelines of the Italian Data Protection Authority on cookies (Provision of 8 May 2014 and subsequent updates).

Technical cookies (strictly necessary): Essential for proper website functioning and navigation. They do not require user consent.
Analytical cookies: Used to collect aggregated information on website usage (e.g. Google Analytics with anonymised IP). They require user consent.
Profiling and marketing cookies: Used to provide personalised content and advertisements based on user preferences. They require explicit consent.

For more information and to manage preferences, the Cookie Policy is available on the hotel website.


5. PROCESSING METHODS AND SECURITY MEASURES
Processing is carried out using electronic and/or paper-based tools, with organisational and logical measures appropriate to the stated purposes. Data are processed by specifically authorised and trained personnel, in compliance with principles of minimisation and proportionality.

The Controller adopts appropriate technical and organisational measures pursuant to Article 32 GDPR, including: encryption of sensitive data, access control, periodic backups and security system updates. In the event of a personal data breach involving a risk to individuals’ rights and freedoms, the Controller will notify the supervisory authority within 72 hours and, where applicable, the data subjects, pursuant to Articles 33–34 GDPR.


6. DATA RECIPIENTS
Personal data may be disclosed, strictly within the limits necessary for the indicated purposes, to the following categories of recipients:

Police Headquarters of Venice, for legal obligations under Article 109 T.U.L.P.S.
Veneto Region (ROSS1000 portal), for statistical flow reporting under Article 13(5) Regional Law 11/2013
Municipality of Jesolo, for tourist tax collection
Banks and PCI DSS certified payment service providers, for payment processing
Online booking agencies (OTA) (e.g. Booking.com, Expedia etc.), within their respective agreements; OTAs act as independent data controllers for the data they collect
Tour operators and travel agencies
IT service providers, hotel management platforms (PMS) and channel management systems, appointed as Data Processors pursuant to Article 28 GDPR
Tax, legal and labour consultancy firms
Email marketing service providers (e.g. Mailchimp), only with prior consent of the data subject and adequate contractual safeguards
Judicial or administrative authorities, upon request and within legal limits

Processors appointed pursuant to Article 28 GDPR are bound by specific agreements. The updated list of Data Processors is available upon request at the hotel.


7. TRANSFER OF DATA TO THIRD COUNTRIES
Personal data are mainly processed within the European Economic Area (EEA). Some services used by the hotel (OTA platforms, digital marketing tools) may involve transfers to third countries. In such cases, transfers take place in compliance with Articles 44–49 GDPR, in particular through adequacy decisions of the European Commission or Standard Contractual Clauses (SCC). The Controller provides information on safeguards upon request.


8. RETENTION PERIODS
Personal data are stored for the time strictly necessary to achieve the purposes for which they were collected, in compliance with legal limitation periods and the principle of storage limitation (Article 5(1)(e) GDPR). Specific periods per category are as follows:

Booking and stay data (accounting and taxation):
10 years from the last registration, pursuant to Article 2220 Civil Code and Presidential Decree 633/1972.

Data communicated to the Police:
Digital receipts generated by the Alloggiati Web portal must be retained for 5 years. Any copies of guest data must be deleted once the transmission receipt is obtained, in accordance with Data Protection Authority guidelines (doc. web 1138725).

Video surveillance images:
Maximum 48 hours, with automatic overwriting (General Provision 8 April 2010). Longer periods — not exceeding 7 days — only if specifically justified and documented.

Marketing data:
Until consent is withdrawn. If no withdrawal occurs and no further interaction takes place, data will be deleted within 24 months from the last interaction.

Navigation data (system logs):
Up to 12 months from collection, unless required for investigation of cybercrimes.

Information requests and contacts:
24 months from receipt of the request.

ISTAT tourist flows — Veneto Region:
Data are transmitted in aggregated and anonymous form; no personal data retention applies.


9. NATURE OF PROVISION AND CONSEQUENCES OF REFUSAL
Provision of data marked as mandatory in booking forms, or required by law at check-in (Article 109 T.U.L.P.S.), is necessary to comply with legal obligations or to perform the accommodation contract. Failure to provide such data will make it impossible to proceed with booking or check-in.

Provision of data for marketing purposes (newsletter, promotional offers) is entirely optional. Refusal or withdrawal of consent has no impact on the use of hotel services.


10. DATA SUBJECT RIGHTS
Pursuant to Articles 15–22 GDPR, you have the right to:

Access (Art. 15): obtain confirmation of processing and receive a copy
Rectification (Art. 16): correct inaccurate or incomplete data
Erasure / “right to be forgotten” (Art. 17): obtain deletion of data where applicable
Restriction (Art. 18): obtain restriction of processing where applicable
Portability (Art. 20): receive data in a structured, commonly used and machine-readable format and transmit them to another controller
Objection (Arts. 21–22): object to processing based on your situation, including profiling and automated decision-making

Without prejudice to any other administrative or judicial remedy, if you believe that the processing of your data violates Regulation (EU) 2016/679, you may lodge a complaint with the Italian Data Protection Authority.

Requests may be sent to:
E-mail: info@villasorriso.com
Post: Hotel Villa Sorriso - Via Bafile X acc. al mare no. 13, 30016 Jesolo (VE)

The Controller will respond within 30 days of receipt (Art. 12 GDPR). In case of complexity or a high number of requests, this period may be extended by an additional 60 days with prior notice.

Where data portability is requested, the Controller will provide your personal data in a structured, commonly used and machine-readable format, subject to paragraphs 3 and 4 of Article 20 GDPR.


11. RECORD OF PROCESSING ACTIVITIES
Hotel Villa Sorriso maintains a Record of Processing Activities pursuant to Article 30 GDPR, containing information on purposes, categories of data, recipients, transfers to third countries and retention periods. The Register is available for inspection by the supervisory authority upon request.


12. UPDATES TO THIS INFORMATION NOTICE
The Controller reserves the right to modify, update or supplement this information notice at any time, including due to regulatory changes or changes in supervisory authority practice. Updated versions will be published on the hotel website with the revision date. In the event of substantial changes affecting data processed based on consent, the data subject will be informed and new consent may be requested.

Accessibility
close
Accessibility Information

Together with our selected providers, we are committed to ensuring that our services are accessible to people with disabilities. We devote significant resources to ensure that our website and room booking pages are easier to use and more accessible for individuals with disabilities, based on the strong belief that everyone has the right to live with dignity, equality, comfort, and independence.

Along with our partners, we continuously strive to improve the accessibility of our website and the pages for booking rooms and/or purchasing additional products and services related to the stay. We firmly believe it is our collective moral obligation to allow seamless, accessible, and unhindered use, even for those of us with disabilities.

In our ongoing efforts to improve and consistently address accessibility issues, we regularly scan all web pages using accessibility scanners provided by third-party commercial partners to identify and fix any potential accessibility barriers on our site. Despite our efforts to make all our web pages and content fully accessible, some content may not yet have been fully adapted to the strictest accessibility standards. This may be due to not having yet found or implemented the most appropriate technological solution.

Compliance Status

This website and the room booking pages are partially compliant with the technical standard for websites and mobile applications UNI CEI EN 301549, and with the “AA” accessibility level required by the Web Content Accessibility Guidelines (WCAG) 2.1.
In particular, the compliance level of this website is constantly monitored through the tools provided by:
https://mauve.isti.cnr.it/
https://pagespeed.web.dev/

Non-accessible Content

Despite our efforts to ensure the accessibility of the website and booking pages, we are aware of some limitations we are working to resolve. Below is a description of the known limitations. Please contact us if you encounter an issue not listed below.

  • Image text alternatives: Some images do not have meaningful text alternatives for users.
  • Reading order: Due to the modular structure of some pages, the reading order of elements may not match their visual order.
  • Focus contrast: In some cases, when elements receive focus, there may be insufficient contrast between text color and background.
  • Keyboard operability: Some components cannot be operated using only a keyboard.
  • Animated content: Some pages contain animated content that cannot be paused or hidden.
  • Focus visibility: In some pages, the element with active focus is not visually identifiable.
  • Language accessibility: Some elements display text or accessible names only in certain languages.
  • Assistive technology: Assistive technologies may not always correctly announce messages.

Last Updated

This page on accessibility was last updated on June 25, 2025.