Privacy Policy

Last updated: November 2025

1. Data Controller

This website is operated by Devid Demetz, Larciunei 46, 39048 Selva di Val Gardena (BZ), Italy. Email: [email protected]. We are responsible for the processing of your personal data in accordance with the EU General Data Protection Regulation (GDPR) and Italian privacy laws.

2. Overview

We take the protection of your personal data seriously. We only collect data that is technically necessary to operate this website or for which you have given explicit consent. This policy explains what data we collect, why we collect it, and your rights regarding your data.

3. Hosting & Server Logs (Cloudflare)

Our website is hosted on Cloudflare Pages. When you visit our site, Cloudflare automatically collects technical information including your IP address, browser type, operating system, referrer URL, and access times for security and performance purposes. This processing is based on our legitimate interest in ensuring website security and preventing abuse (Art. 6(1)(f) GDPR). Cloudflare acts as our data processor under a Data Processing Agreement. Data is stored on servers in the EU. Server logs are automatically deleted after 30 days. For more information, see Cloudflare's privacy policy at https://www.cloudflare.com/privacypolicy/

4. Analytics (Google Analytics 4)

We use Google Analytics 4 (GA4), a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. GA4 uses cookies (specifically _ga and _gid) to analyze how visitors use our website. The information generated includes your anonymized IP address, pages visited, time spent on pages, and browser information. Your IP address is anonymized before being stored, meaning the last octet is removed (e.g., 192.168.1.XXX). This data processing only occurs if you have clicked "Accept All" or enabled "Analytics" in our cookie consent banner. Your consent is the legal basis for this processing (Art. 6(1)(a) GDPR). You can withdraw your consent at any time by clicking "Change Cookie Settings" on our Cookie Policy page. Data is retained by Google Analytics for 14 months, after which it is automatically deleted. Google may transfer data to the United States under the EU-US Data Privacy Framework. For more information, see Google's privacy policy at https://policies.google.com/privacy

5. Affiliate Links (Booking.com & Skiset)

This website contains affiliate links to Booking.com and Skiset. When you click these links, the respective provider may set tracking cookies on your device to attribute bookings and assign commissions to us. We do not transfer your personal data to these providers ourselves. The providers act as independent data controllers. Please refer to their respective privacy policies: Booking.com (https://www.booking.com/content/privacy.html) and Skiset. These cookies are set by third parties and are subject to their own consent mechanisms.

6. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy. Server logs: 30 days (automatic deletion). Cookie consent preferences: 6 months. Analytics data: 14 months (handled by Google). If you request deletion of your data, we will comply within 30 days unless legal obligations require us to retain certain information.

7. Your Rights Under GDPR

You have the following rights regarding your personal data: Right of access (Art. 15 GDPR) - Request a copy of the data we hold about you. Right to rectification (Art. 16 GDPR) - Correct inaccurate data. Right to erasure (Art. 17 GDPR) - Request deletion of your data ("right to be forgotten"). Right to restriction (Art. 18 GDPR) - Limit how we use your data. Right to data portability (Art. 20 GDPR) - Receive your data in a structured format. Right to object (Art. 21 GDPR) - Object to processing based on legitimate interests (e.g., server logs). Right to withdraw consent (Art. 7(3) GDPR) - Withdraw consent for Analytics at any time. To exercise these rights, contact us at [email protected]. We will respond within one month.

8. Right to Lodge a Complaint

If you believe we have violated your data protection rights, you have the right to lodge a complaint with the Italian data protection authority (Garante per la protezione dei dati personali) at https://www.gpdp.it/ or your local supervisory authority.

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including HTTPS encryption for all connections, secure hosting infrastructure, and regular security updates. However, no method of transmission over the internet is 100% secure.

10. International Data Transfers

Some of our service providers (Google Analytics) may transfer data outside the European Economic Area (EEA). These transfers are protected by appropriate safeguards such as the EU-US Data Privacy Framework or Standard Contractual Clauses approved by the European Commission.

11. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

12. Children's Privacy

Our website is not directed at children under 16. We do not knowingly collect data from children.

13. Changes to This Policy

We may update this privacy policy from time to time. The current version is always available at this URL. Significant changes will be indicated by updating the 'Last updated' date at the top of this page.

Questions about your data?

Contact us at [email protected]