Dear Customer,

in accordance with current legislation about the protection of personal data (EU Regulation No. 679 of 2016), we wish to inform you that the processing of your personal data is carried out correctly and transparently, for lawful purposes and protecting your privacy and your rights.

The treatments are carried out by us and by our internal staff, also with the aid of information technology, for the following purposes:

  1. to acquire and confirm your booking and all services. Since these are necessary treatments for the definition of the contractual agreement and for its subsequent implementation, its consent is not required, except in the case where particular categories of personal data are awarded. In case the guest refuse to provide personal data, we will not be able to confirm the booking or provide the requested services. The treatment holds on his departure, but some of his personal data may or must continue to be processed for the purpose and with the method indicated in the following points;
  2. to fulfill the obligation set forth in the „Consolidated Law on Public Security Laws“ (article 109 RD 18.6.1931 No. 773) which requires us to communicate to the Police Headquarters, for purpose of public security, the personal information accommodated according to methods established by the Ministry of the Interior (Decree of 7 January 2013). The provision of personal data is mandatory and does not require its consent, and in case of refusal to provide it we will not be able to host it in our facility. Personal data collected for this purpose are not stored by us, unless you provide us with consent to storage as provided for in point 4;
  3. to comply with current administrative, accounting and legal obligation. For these purposes, the processing is carried out without the need to acquire your consent. Personal data may be disclosed to third parties such as the Financial Administration or other companies or public bodies only in compliance with legal obligations, consultants who perform administrative, accounting and tax obligations related to the contractual relationship, credit institutions and insurance for the provision of functional services to the contractual relationship and credit recovery agencies, companies and law firms for the protection of contractual rights. In case of refusal to provide the personal data necessary for the above-mentioned obligations, we will not be able to provide the requested services. Personal data collected for these purposes are kept by us for the time provided by the respective regulations (10 years, and even more in the case of tax assessments);
  4. to speed up the registration procedures in case of subsequent stays at our facility. For this purpose, after obtaining your revocable consent at any time, your personal data will be kept for a maximum period of 24 months and will be used when you will be our guest again for the purposes referred to the previous points;
  5. to perform the function of receiving messages and telephone calls addressed to during her stay. For this purpose, your consent is required. You can withdraw your consent at any time. The treatment will cease at its departure anyway;
  6. to send them, by mail, telephone, e-mail, text message or messaging app, our promotional messages and updates on rates and offers. For this purpose, after obtaining your consent, your personal data will be kept for a maximum period of 24 months and will not be disclosed to third parties. You can withdraw your consent at any time;
  7. for purposes of people protection, property and company assets through a video surveillance system of some areas of the structure, identifiable by the presence of appropriate signs. For this treatment, your consent is not required, as it pursues our legitimate interest in protecting people and property with respect to possible aggressions, thefts, robberies, damage, acts of vandalism and purposes of fire prevention and job security. The recorded images are deleted after 24 hours, except holidays or other cases of closure of the exercise, and in any case not more than a week. They are not the object of communication to third parties, except in cases where it is necessary to join a specific investigation request by the judicial or police justice.

We also wish to inform you that the EU Regulation no. 679 of 2016 recognizes certain rights, including the right of access and rectification, or cancellation or restriction or opposition to processing, in addition to the right to the portability of personal data (Articles 15 to 22 of EU Regulation No. 679 of 2016). It can also make a complaint with the supervisory authority, in accordance to the procedures established by current legislation.

For any further information, and to assert the rights recognized by the EU Regulation n. 679 of 2016, you can contact:

 Data controller

Gestal srl, via Brembo 3 – 20139 – Milan (Mi)

Tel. 0342.902700 – email:



The website uses cookies. The cookie is a small text file that is registered by your browser and allows you to store data on web pages and browser sessions. The Data Controller Gestal s.r.l. Via Milano, 44 ​​- 23032 Bormio (SO) Valtellina VAT number 11325810155, uses some „first party cookies“ – generated and used by the website – and also „third party cookies“ – generated on our website by third parties. Cookies allow us to memorize every element of your booking as soon as you enter the site and show the most suitable content according to the options you select and based on your browsing. Cookies support us in understanding which approach to adopt on our site, in order to make your navigation more efficient. Cookies are able to store only text content, always anonymous and usually encrypted. The data controller will never memorize any personal information in a cookie.


Cookies are small text files generated by the websites you visit, which maintain session data that could be used later on the site. The data allows the site to keep your information between the pages and also to analyze the way in which you interact with the site.
Cookies are secure – they can only store the information that is entered by the browser, related to access in the browser itself or that is included in the requested page. They can not be turned into codes and can not be used to access your computer. If a website encrypts the information in the cookie, only the website can read the information.
There are two different types of cookies: Session and Persistent. They are used for different reasons and contain different information.
Session Cookies contain the information that is used in your current browser session. These cookies are automatically deleted when you close the browser. Nothing is stored on your computer after the time of use of the site.
Persistent cookies are used to maintain the information that is used in the period between access to the website. This data allows sites to recognize that you are already known customers or visitors and adapt accordingly. „Persistent“ cookies have a duration that is set by the website and can vary from a few minutes to several years.


Cookies are used by the site to preserve your session, as you move on the site, keeping track of the details of your browsing and if you have entered the system with a certain procedure. They are used to display relevant items in your navigation.
Analytical cookies, of our Google partners allow us to track the customer’s interaction with the site. This allows us to have a valuable tool to improve the site, the products and the services we offer.


All web browsers allow you to limit the activity of cookies or disable cookies through browser options. The actions to be taken are different for each browser. You can find the instructions under the help menu of your browser. Through your browser you can also view cookies that are on your computer, delete some or delete them all.
Cookies are simply text files, so you can simply open them and read the contents. The data contained in them is often encrypted or has a numerical key corresponding to a web session, so that often they make no sense except for the website that wrote it.
If you disable cookies, the website may not be able to activate some features necessary to create a registration. Disabling cookies is also inactivated monitoring your progress on the site, but the analytical code will not be blocked by recognizing your visit.


The session cookies records includes the data used by the web server with which the server is processing your session and your authentication status (against our database). Persistent cookies that are created by the website are used by our Google technology partner. They recognize traffic to the site relative to recurring customers rather than new customers. The information is recorded and could be used for advertising campaigns relevant to your interests. Deleting these cookies will have no effect on your interaction or the functionality of the website


Gestal S.r.l. is a Google partner for web analysis and advertising. The data in cookies inform Google which pages, products and services you have visited and allow them to find appropriate advertising. Google uses both persistent and session cookies. Cookies do not store personal data. Deleting or disabling these cookies does not limit the functionality of the site.