Villa Castagnola
Grand Hotel Lugano
Aufenthalt buchen


Statement regarding the processing of personal data and use of the website

Dear Guest,

Our mission is to provide the Customer with an experience that can meet and exceed his expectations. This is not only reflected in our traditional hospitality and hotel services, but also in the attention we pay to the processing of our guests' personal data.

In order to offer you our services we need to know some of your personal data. The information you provide us with is valuable and for this reason it is collected, processed, transmitted, stored and kept by appropriate technological and organisational means and in compliance with applicable regulations; in particular, the Federal Data Protection Law (LPD) and European Regulation no. 2016/679 (in English "General Data Protection Regulation" - "GDPR").

This statement is intended to provide you with all necessary information in accordance with the above mentioned regulations:

A. About us 
B. What data we collect and why
C. Consent
D. What are your rights
E. Security measures (how we protect your data)
F. Duration of data retention
G. Transmission of your data to third parties
H. Transmission of your data abroad
I. Cookies, social media analysis and tracking systems and plug-ins, external links
L. Minors
M. General provisions
N. Contact Information
O. Data Protection Officer
P. Amendments to this statement.

A. About us

Albergo Villa Castagnola SA, a public limited company under Swiss law, UID: CHE-103.655.250, with registered office in Viale Castagnola 31 in Lugano (also called hereafter the Hotel) is responsible for the management of hospitality, including web presence. With regard to the processing of data that, also through this site, are collected, the Hotel acts as owner. The processing is carried out in compliance with the applicable federal regulations, as well as the GDPR.


B. What Data we Collect and Why

  • In order to be able to provide our services we need some personal data of our customers and users of our website.

    Some of this data is automatically transmitted by the device with which you consult our website. Insofar as you wish to prevent this automatic transmission, you must access your browser settings and deactivate the transmission of personal data.

    Further data is required when you request an offer or wish to make a room reservation. This information is required in part to provide the service you require and in part to enable us to offer you a tailor-made service in accordance with your wishes. Some data is also stored in consideration of the tax and police obligations to which we are subject and to ensure the correct fulfilment of the contract.

    Finally, there are data necessary to allow us to maintain contact with you after your departure. In this way we will be able to update you about our activity and our offers (marketing).

    In particular, the data processed are as follows:

    - Data collected when accessing our website, acquired through our servers:
    o Date and time of access;
    o IP number of your computer;
    o Browser in use on your device;
    o Country of origin of the connection to our server, as well as information about the language, screen, etc.;
    o Operating system of your computer;
    o Information about your Internet service provider.

    - Data you provide us with regarding your request for contact for offers and/or reservations, including:

    o First and last name (*);
    o Address;
    o Your e-mail address (*);
    o Telephone number (*);
    o Fax number;
    o Language of correspondence;
    o Nationality (in case of reservation*);
    o Credit card details (in case of reservation*);
    o Date of birth (in case of reservation*);
    o Preferences / intolerances / food allergies (optional);
    o Name and age of children, if guests of the Hotel (optional for underage children);
    o Preferred sports, activities and hobbies (optional);
    o Any special services; e.g. limousine service, etc. (optional).

    * Mandatory information, regardless of the type of request made.

    - Data you provide us with when subscribing to the newsletter, which are used for informative and promotional communications by the hotel, including:


    o first and last name;
    o Language of correspondence;
    o E-mail address.


C. Consent

The law defines consent in the following terms: "any manifestation freely expressed, specific, informed and unequivocal will of the data subject, by which the data subject expresses his or her consent, by means of a declaration or unequivocal positive action, that the personal data concerning him or her be processed".

Consent must always be explicitly expressed if it concerns particularly sensitive personal data, such as information relating to your religion, ethnic origin, political position, etc.. In the unlikely event that the Hotel should request such information, we will need your explicit consent.

For less sensitive data, consent may also be given with any manifestation of free will, e.g. for conclusive acts, or the data in question is indispensable to enable us to provide our services. In this case, your request to obtain a service from the hotel will imply that you agree that the hotel may use your data to provide the requested service.

Other data are instead intended for our marketing communication activities and explicitly collected for this purpose. Of course you may not give your consent for the processing of your data for this purpose and you may always revoke it if you have already given it.

Our check-in staff is at your disposal for any and all doubts you may have regarding the processing of your data. For any further requests please refer to point D below.

D. Your Rights

In relation to the processing of your personal data, you have the right to obtain confirmation as to whether or not personal data concerning you is being processed and, in relation to such data, you may exercise the following rights (to the extent that this is provided for by applicable law):

- access to your personal data and information on the purposes of the processing, the categories of personal data in question, the recipients to whom the data may be disclosed, the duration of the processing (where possible) and any consequences of processing based on profiling
- updating, correction or, if the data is incomplete, integration of your personal data;
- deletion of your personal data, if:
o your data are no longer necessary for the purposes for which they were collected or processed;
o you have revoked your consent, or you object to the processing;
o your data are processed unlawfully, or must be deleted in order to comply with a legal obligation;
- limitation of processing, if:
o your data are not accurate, or are processed unlawfully, or you have objected to the processing;
o although the Hotel no longer needs them for processing, they are necessary for the Hotel to enforce your rights legally.

In order to best support its customers, the Hotel has a Data Protection Officer (hereinafter referred to as DPO), in the person of Mr. Siro Migliavacca, who you can contact if you need further information or requests regarding your rights. For the contact details of the DPO please refer to point O.

We would like to point out that, in compliance with tax and police obligations, the Hotel is obliged to retain a part of your personal data; see also the chapter under "Duration of data retention".

In accordance with the applicable regulations, you have the right to lodge a complaint with a supervisory authority (in Switzerland the Federal Data Protection and Transparency Commissioner and in other European countries the authorities designated by the applicable national law).


E. Security Measures (how we protect your data)

The Hotel implements, through appropriate technical and organizational measures, the protection of your personal data against unauthorized processing and / or loss of the same. The technical systems are maintained taking into account - in an appropriate manner - the constant technological development.

In order to avoid unauthorized processing or loss of data, we recommend our Guests to always use up-to-date computer systems and not to share sensitive information such as credit card numbers, user names or passwords with third parties.

The Hotel, in order to guarantee not only the absolute discretion of the services offered to its guests, but also a confidential management of personal data, has further strengthened the company's policies, so that your personal data is accessible only to the staff who need it to offer the services you requested.

F. Duration of Data Retention

The Customer's personal data is processed and stored in principle for as long as it is necessary for the provision of the services requested by the Customer (contractual basis) or in compliance with legal obligations (legal basis). In particular, the data is stored for the entire duration of the contractual relationship, for accounting and legal purposes (e.g. in case of legal proceedings initiated or suffered by the Hotel). In any case, to the extent that the legitimate interest of the Hotel in the retention of the data lapses, the data will be anonymised or deleted.

G. Transmission of your Data to Third Parties

In order to be able to provide its services, the Hotel must, under certain circumstances, provide access to your data to third parties (outsourcing). This is particularly in the context of website management, as well as for sending newsletters, or for profiling and marketing purposes. In any case, any transmissions will only take place to the extent that you have given your consent (see point C above) and/or to the extent that this is provided for and/or in accordance with applicable law. In any case, the Hotel's partners contractually undertake to the Hotel and its guests to guarantee you the same safety standards as those offered by the Hotel.

H. Transmission of your Data Abroad

In some circumstances, in order to be able to provide its services, the Hotel must provide access to your data to third parties (outsourcing) abroad, to the extent that processing in accordance with this declaration is necessary. Third parties are also obliged to respect your personal data. Insofar as these third parties are located in countries where the level of protection does not correspond to Swiss or European standards, we are committed to ensuring the adequate protection of your data by concluding specific binding contracts or other legal measures. In this case, you have the right to request the DPO of our hotel to consult the contracts and binding agreements implemented for the protection of your personal data. For reasons of confidentiality, it is only possible to consult extracts relating to data protection and not other parts of the contracts in question.

I. Cookies, social media analysis and tracking systems and plug-ins, external links

1. Cookies are small data packets, a sort of identification card, which your device exchanges with our server while browsing our site. The information collected in this way allows in particular to make navigation more pleasant and effective. Cookies are automatically saved on your device via the browser that you use to surf the net and allow, among other things, to keep track of your choices and settings, so that each subsequent access will be made more effective. Each browser allows you to set the management of cookies, and even prevent their transmission. You may, among other things, delete cookies in part or in full, be notified whenever a system asks for the exchange of cookies, etc.. Please be aware that without the use of cookies your browsing experience may be partially impaired and some services may not work partially or totally.

In particular, our website uses the following types of cookies:
Necessary Cookies" (so-called technical cookies): these are necessary to allow the User to navigate the Site and use its functions. In particular, they enable functions without which it would not be possible to fully use the Site, since their presence enables basic functions such as page navigation and access to protected areas of the Site. 
"Cookies Preferences" (so-called function cookies): cookies for preferences allow the Site to remember the choices made by the User (for example, the language or geographical area in which he or she is located) and repeat them on subsequent accesses, so as to provide better and more personalised services (for example, they can be used to offer content similar to that previously requested by the User). 
Statistical Cookies" (so-called analytics): statistical cookies are used to monitor the performance of the Site, for example to know the number of pages visited or the number of users who have viewed a specific section. The analysis of these cookies generates anonymous and aggregate statistical data without any reference to the identity of the Site surfers. They are also useful for evaluating any changes and improvements to be made to the Site. 
"Marketing Cookies" (so-called profiling cookies): marketing cookies are used to send advertising messages and provide services in line with the preferences expressed by the User. In particular, they are used to offer advertising and services potentially close to the interests expressed by the User, as well as for the creation of individual profiles on the respective tastes, preferences and consumption choices, as detected while browsing the Site or by comparing the activities carried out by the User through his/her browser. They are used, for example, to limit the administration of a given advertisement, or to deduce the effectiveness of a campaign from the frequency of display of the relevant advertisement.


2. Our website is equipped with tracking systems which allow collecting the information necessary for its management and implementation. Here too, cookies are used along with tracking systems offered by third parties as:
Google Analytics by Google Inc.
- Cloudflare by Cloudflare Inc.
- by Google Inc.

3. In order to allow our Guests to choose whether and how to keep in touch with our Hotel, communication also occurs through the most popular social media. In this regard, our website is equipped with systems, called plug-ins, which allow the user to enable a connection with the social medium selected. Only then, hence at the Guest’s express request, can the exchange of the data necessary for the use of the social medium take place.

4. Our website offers links to external websites of interest or useful for the provision of our services. The Hotel does not monitor such websites all the time, so you are invited to read the relevant statements on the protection of personal data before you start browsing them. The Hotel accepts no responsibility for the contents or for the enforcement of the Hotel’s personal data protection rules. At any rate, the Hotel does not provide any personal data to the administrators of such websites, unless expressly requested otherwise.

L. Minors

Unless the data of minors (to be understood in accordance with applicable regulations) is transmitted to us by the respective holders of parental authority (parents, guardians, etc.), our Hotel does not collect such data. However, as we do not systematically collect any personal data, except as provided for in this document and applicable regulations, we are not able to identify, for example, the age of visitors to our website. If you believe that a child in your custody has provided us with personal data without your consent, please let us know without delay to prevent the child from receiving, for example, our promotions.

M. General Provisions

All material on our website, as well as its technology, is copyrighted and cannot therefore be used without the express consent of the Hotel or its assignees. Information of any kind on our website (in particular prices, reservations, online calculations) is not binding for the Hotel (except for these legal notices). In particular, we cannot guarantee that this information is always fully up-to-date. We reserve the right to change or update the information on this website at any time and without prior notice. This also applies to any improvements and/or changes to the products or programs described on this site.

2. Our hotel is not liable for any malfunctions of the Internet, damage caused by third parties, imports of data of any kind (viruses, "Trojan horses" etc.) or links from or to other websites. We have no control over the content and form of external web pages.

3. Although our hotel takes all appropriate and necessary measures for the proper functioning of the IT infrastructure, we cannot guarantee the faultless functioning of hardware and software.

4. We would like to point out that, in any case, despite the care taken in the publication of our website, it may contain technical inaccuracies or typographical errors.

5. Under no circumstances shall our Hotel be liable to you or to third parties for damages of any kind, direct, indirect, special or consecutive damages of any kind, deriving from the use of this website or of another website linked to it. Also excluded is any liability for loss of profit, interruption of operation, loss of programs or other data in your computer systems. This also applies even if we have been expressly advised of the possibility of such damage.

6. Please note that the transmission of communications, documents and other information by e-mail is considered less reliable, secure and confidential than by letter or fax. We use modern identification technology against viruses and spam. However, we recommend the use of appropriate and up-to-date protection systems (e.g. virus scanner) and do not accept any liability for any damages resulting from e-mails or losses thereof. We reserve the right to reject e-mails with potentially dangerous attachments.


NContact Information

For any need and/or question relating to the collection and processing of personal data, as well as for the exercise of your rights, you may contact us:
- by writing to: Albergo Villa Castagnola, Viale Castagnola 31, 6906 Lugano, Switzerland
- by writing to the email address: [email protected]
- by calling the number: +41 (0) 91 973 25 55

O. Data Protection Officer

The D.P.O. of Albergo Villa Castagnola is:

Talleri Law
Contact Person: Rocco Talleri
Via Cattedrale 4
6901 Lugano

Email: [email protected]


P. Amendments to this statement

The Hotel reserves the right to update this declaration in order to ensure adequate protection in accordance with current law. For this reason, particularly in the event of significant legislative or jurisprudential changes, this declaration may be updated and/or modified.


If there are any doubts on your part regarding the scope of this declaration please do not hesitate to contact us.

Version: October 2021