Privacy Policy

This Privacy Policy is intended to explain how your personal data are processed through this website (hereinafter the “Site”), as required by Article 13 of Regulation (EU) 2016/679 on the protection of personal data (hereinafter “GDPR”).

A. Identity and contact details of the Data Controller

The Data Controller of your data is Da Vittorio S.r.l., represented by its legal representative pro-tempore, with registered office in Brusaporto (BG), Via Cantalupa 17, Tax Code and VAT No. 03237670165 (hereinafter “Company” or “Controller”), with the following contact details:

• phone: +39-035.681024
• email: This email address is being protected from spambots. You need JavaScript enabled to view it.

B. Data Protection Officer

The Company has not appointed a Data Protection Officer (DPO).

C. Purpose of processing and legal basis

The processing of your personal data by Da Vittorio S.r.l. may take place based on:

• a) your consent (for example, when you contact us through our on-line contact form or when you subscribe to our newsletter);
• b) a contract (if you book a stay at our Locanda);
• c) a legal obligation (when our Company is required to comply with specific legal requirements related to the services provided);

D. Categories of data processed

Depending on the services you request, through the Site we may process the following categories of personal data concerning you:

• identification data: first name, last name;
• contact data: email address, phone number

During the registration of your booking at our Locanda, Da Vittorio S.r.l. may also process the following additional categories of personal data for the administrative management of your stay:

• identification data: age, date of birth, identity card, passport;
• contact data: physical address;
• financial data: credit card number or other identifiers related to electronic payments.

The processing of the above data is based on principles of fairness, lawfulness, transparency and protection of your confidentiality and rights.

E. Protection of your data and possible recipients

Your personal data will be processed exclusively by our staff, specifically authorized and trained to process such data and, in any case, under the responsibility of the Data Controller and exclusively for the purposes for which your data were collected.
Da Vittorio S.r.l. adopts appropriate technical and organizational measures in accordance with the GDPR to ensure the security of your personal data, protecting them against loss, theft and/or misuse, as well as unauthorized access, disclosure, alteration and/or destruction, whether intentional or accidental.
Your personal data are stored at our Company and will not be disclosed or transmitted to third parties, except:

• a) for data related to tax obligations for which our Company relies on an external firm or professional, as well as cloud platforms for electronic invoicing;
• b) for copies of contact data stored with an external provider/server (services of backup, mailing and CRM) to safeguard their integrity or for better management;
• c) for your best and most comfortable experience during your stay, Da Vittorio S.r.l. also uses the following services and providers, which may process some of your personal data:
  - properly secured Wi-Fi service for each room;
  - GDPR-compliant providers for storing your stay data;
  - third-party cloud platforms for managing your bookings at Locanda Cavour, as well as for managing room access codes;
• d) for mandatory communications required by law to Public Security Authorities responsible for receiving accommodation data at our Locanda.

Da Vittorio S.r.l. ensures and guarantees that the above-mentioned providers offer, in any case, the same guarantees of security and reliability in data processing as ensured by our Company.
However, Da Vittorio S.r.l. may be required, in certain cases, to transmit your personal data, in whole or in part, to third parties due to legal obligations, judicial proceedings of any kind and/or requests from public authorities.

F. Transfer of data to third countries

Da Vittorio S.r.l. does not transfer your data outside the European Union to third countries or to International Organizations.

G. Data retention period

Your personal data are retained only for the time strictly necessary to achieve the purposes for which they were collected and, in any case, for a period not exceeding the statutory limitation period.
In some cases, Da Vittorio S.r.l. may retain your data even after this period, to the extent strictly necessary and essential for issuing certifications and/or documents that may be requested by private individuals or public bodies or to allow our Company to exercise and/or defend a right in court.

H. Profiling

Da Vittorio S.r.l. does not use automated processes aimed at profiling.

I. Newsletter

By subscribing to our mailing list, you may receive the periodic newsletter of Da Vittorio S.r.l.
Our company will send communications of an informational or commercial nature (such as company activities, invitations to events or promotions, etc.) to the email address you provided during registration (either directly at our premises in Brusaporto, or via on-line request and/or telephone and/or electronic means or during events).

Our newsletter is managed through a cloud service provided by an external supplier that ensures compliance with GDPR regulations. The newsletter service can be unsubscribed at any time by requesting the removal of your name and address by writing to This email address is being protected from spambots. You need JavaScript enabled to view it..

L. Data subject rights

With reference to your personal data, you may exercise, using the contact details indicated above (“Section A” of this notice), the following rights:

1. right of access to personal data; right to obtain rectification or erasure of the same or restriction of processing concerning them (Articles 15 - 18 GDPR);
2. right to object to processing pursuant to Article 21 GDPR;
3. right to data portability, limited to data in electronic format, within the limits set by Article 20 GDPR.

With regard to data for which the legal basis of processing is your consent, you have the right to withdraw such consent at any time, without affecting the lawfulness of processing carried out by the Controller based on the consent provided before withdrawal.

M. Complaint

We also inform you that you have the right, where the conditions are met, to lodge a complaint with the competent supervisory authority, as identified by Articles 3, 55 and 56 GDPR.
For further details and more information, please visit the official website of the Data Protection Authority at the following address: www.gdpd.it.

P. Communications and provision of data

Finally, we inform you that the provision of your personal data may constitute a legal and/or contractual obligation and, in any case, a necessary requirement for the conclusion and execution of the commitments undertaken by our Company.
In such cases, failure to provide the data may result in the impossibility for our Company to fulfill your requests.

Q. Cookie

For further information on how our website uses your browsing data, please also read our cookie policy.

10/04/2026

The Data Controller reserves the right to amend this privacy policy depending on changes to the website or the introduction of new services or functionalities.