PRIVACY Planhotel Hospitality group

Hôtel exclusive de luxe resort à


Information on Art. 13 of the Italian law. n. 196/2003 and on Art. 13 of The General Data Protection Regulation (GDPR) (EU) 2016/679 the processing of personal data of users who visit the Website

The Website (herein known as the Site) is owned by Planhotel SA (Vat. N. CHE108689256, via Cantonale n. 3, 6900 Lugano (CH), tel. 0041 919113333, email This Privacy Policy has been formulated to provide information of our practices regarding the collection, use and disclosure of personal data. Please read this information before using or sending information to the Site.

We inform that, pursuant to Art. 13 of the Italian law. n. 196/2003 and pursuant to Art. 13 of The General Data Protection Regulation (GDPR) (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, all personal data provided will be processed in compliance with the regulations referred to and with all binding obligations of confidentiality.

All contents of this Site are owned and / or controlled by Planhotel SA and are protected by International Copyright laws.

The company may occasionally update this policy and therefore recommends that Users visit this page regularly to be informed of any changes.

1.Controller of the processing of data.

The Controller of processing of personal data is PLANHOTEL SA (Vat. N. CHE108689256, via Cantonale n. 3, 6900 Lugano (CH), tel. 0041 919113333, email (hereinafter called the Owner or the Controller).

2.Data and Personal Data.

The Holder processes personal data, identifying (for example, name, surname, company name, address, telephone, e-mail, bank and payment details – hereinafter, Personal Data or even Data) that you have communicated on conclusion of contracts for the services provided by the Owner.

The data you provide will be used for marketing and / or promotional purposes only with your specific consent. In any case, it is specified that any refusal to provide consent to the processing of data for promotional and marketing purposes does not affect the provision of services or use of the Site.

3.Types of data processed.

Planhotel SA, in its capacity as owner of the site, informs you that personal data will be processed as specified below in order to guarantee a correct and efficient use of the services offered by the Site. Specifically, the data processed is:

Navigation data

During normal operation, the computer systems and software procedures for running this site collect some personal data and the transmission is implicit with the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through the processing and association with other data held by third parties, identify users. This data includes IP addresses or domain names of computers used by users who connect to the site, the URI (Uniform Resource Identifier) of requested resources, time of request, the method used to submit the request to the server, the size of the file obtained in the reply, the numerical code indicating the status of the response from the server (successful, error, etc..) and other parameters relative to the operating system and computer environment.

Data provided voluntarily by the user.

According to decree of June 30, 2003 n. 196 (Code regarding the protection of personal data), we inform you that the personal data you voluntarily make available to Planhotel SA will be processed in accordance with current legislation on the protection of personal data and, in any case, following the principles of confidentiality with which Planhotel SA manages all its activities and only for the purposes indicated in this statement.

In particular, the site collects data about your reservation, such as personal details, email address, home address, phone number, payment data, the name of the guests who travel with you and your preferences related to the stay.

4.Purpose of data collection

The personal information you make available are used as follow:

  1. without your express consent (Article 24 letter a), b), c) of the Italian Privacy Code and art. 6 lett. b), e) GDPR), for the following Service Purposes:

– to conclude of the contracts for the services of the Owner;

– to fulfil all pre-contractual, contractual and tax obligations deriving from relations with you;

– to fulfil the obligations established by law, by a regulation, by community legislation or by an order of the Authority;

– to exercise the rights of the owner, for example the right to defense before the Court;

– allow the user to use the Site.

  1. with your specific and distinct consent (articles 23 and 130 of the Italian Privacy Code and article 7 of the GDPR), for the following Marketing Purposes:

– to send via e-mail, mail and / or sms and / or telephone contacts, newsletters, commercial communications and / or advertising material on products or services offered by the Owner and recognition of the degree of satisfaction on the quality of services;

– send via e-mail, mail and / or sms and / or telephone contacts commercial and / or promotional communications of third parties (for example, business partners, insurance companies, etc.).

For the purposes referred to in Article 4B, the provision of consent is optional and does not affect the use of the website nor the services provided by Planhotel SA. Furthermore, with reference to the purpose of direct marketing, the recipient has the right, at any time and free of charge, to oppose such processing pursuant to art. 21 GDPR.

If the recipient opposes to processing for direct marketing purposes, all Data are no longer processed for these purposes.

5.Processing methods.

Personal data is processed using suitable hard copy, electronic and / or telematics devices, with the specific purpose mentioned above and to ensure the security and confidentiality of the data. Strict security measures are in place to prevent the loss of data, illegal or incorrect use and unauthorized access.

Personal data undergoing processing shall be: (i) processed lawfully and fairly; (Ii) collected and recorded for the purposes mentioned in the previous paragraph; (Iii) accurate and, where necessary, updated; (Iv) kept in a form that permits identification of the subject for no longer than is necessary for collecting and processing the data.

The Data Controller will process personal data for the time necessary to fulfil the aforementioned purposes and in any case for no more than 10 years from the termination of the contract.

6.Access to data.

Your data may be made accessible for the purposes mentioned above:

– to employees and collaborators of the Data Controller in Italy and abroad, in their capacity as persons in charge and / or internal managers of the processing and / or system administrators;

– to third-party companies or other subjects (as an indication, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.) who carry out outsourced activities on behalf of the Owner, in their capacity as external managers of treatment. The list of external processors is kept at the company headquarters and can be consulted on specific request.

The list of persons in charge of processing personal data is available from the company.

7.Right of access by the data subject

Pursuant to art. 15 GDPR, the data subject shall have the right to obtain from the Controller confirmation as to whether or not Personal Data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

  1. the purposes of the processing;
  2. the categories of personal data concerned;
  3. the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular
  4. recipients in third countries or international organisations;
  5. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  6. the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  7. the right to lodge a complaint with a supervisory authority;
  8. where the personal data are not collected from the data subject, any available information as to their source;
  9. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.

The right to obtain a copy referred to in this article shall not adversely affect the rights and freedoms of others.

8.Data communication.

Without the express consent (pursuant to Article 24 letter a), b), d) Italian Privacy Code and art. 6 lett. b) and c) GDPR), the Data Controller may communicate your data for the purposes referred to in art. 4.A) to Authorities, Judicial Authorities, to insurance companies for the provision of insurance services, as well as to those subjects to whom the communication is mandatory by law for the accomplishment of said purposes. These subjects will process the data in their capacity as independent data controllers

9.Data transfer.

Personal data are stored on servers located in Italy. In any case, it is understood that the Data Controller, if necessary, will have the right to move the servers even outside the EU. In this case, the Data Controller hereby ensures that the transfer of non-EU data will take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission.

10.Providing data and consequences of refusal.

Providing your data is optional. However, refusing and / or providing incorrect and / or incomplete information may result in the inability to use the Site and the services offered.

11.6. Links to other web sites.

This Site may contain links or references to other websites. Please be aware that we do not control other websites and that, in any case, this Privacy Policy does not apply to those websites. We invite you to read the privacy policy of every website visited.


You have the rights set forth in art. 7 of the Privacy Code and art. 15 and ss. GDPR and precisely the right of:

i.         obtain confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communication in an intelligible form;

ii.         obtain the indication:

a) of the origin of personal data;

b) of the purposes and methods of the processing;

c) of the logic applied in case of treatment carried out with the aid of electronic instruments;

d) of the identification details of the owner, the managers and the designated representative pursuant to art. 5, paragraph 2 of the Privacy Code and art. 3, paragraph 1, GDPR;

e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it in their capacity as designated representative in the territory of the State, managers or agents;

iii.         obtain the:

a) updating, rectification or, when interested, modification of Personal Data;

b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;

c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case where such fulfilment is it proves impossible or involves a use of means manifestly disproportionate to the protected right

iv.         Right to object:

a) The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, including profiling based on those provisions. In this case, the Controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

b) Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

Where applicable, it also has the rights referred to in Articles 16-21 GDPR (Right of rectification, right to be forgotten, right of limitation of treatment, right to data portability, right of opposition), as well as the right of complaint to the Guarantor Authority.

8. Communications, suggestions and complaints.

For any communication, suggestions or complaints regarding this Privacy Policy as well as to exercise the rights under Art. 7 of Italian Leg. June 30, 2003 n. 196 and art. 15 GDPR, please contact us at the following E-mail address:

9. Cookie consent.

For more information regarding the methods and aims of the use of cookies installed by the site, click here .