Villa Castagnola
Grand Hotel Lugano
Book now

Privacy policy

Disclaimer

  • All information (in particular, prices, bookings, online calculations) is given without obligation. We cannot guarantee that such data are always fully up to date in every case. We reserve the right to amend or update information on this site at any time and without prior announcement. This likewise applies to improvements and/or modifications to the products or programs described on this site.
  • Similarly, our business accepts no liability for failures of Internet performance, damage caused by third parties, imported data of all kinds (viruses, worms, Trojan horses) and for links from and to other web sites. We have no control over the content and form of external websites.
  • We cannot guarantee the perfect working of hardware and software.
  • We wish to call your attention to the fact that this site may contain technical inaccuracies or typographic errors.
  • In no case will our business be liable to you or to any third parties for any direct, indirect, special or other consequential damage resulting from the use of this or of a linked website. All liability for loss of profit, interruption of operation, loss of programs or other data in your information systems is also excluded. This likewise applies if specific reference is made to the possibility of such damage.
  • Cookies are data elements which a web site may send to your browser to facilitate your work with database-assisted systems. However, you do have the possibility of setting your browser in such a way that it informs you if you receive a cookie. You can therefore decide for yourself whether or not to accept it.
  • The transmission of communications, documents and other information by e-mail is regarded as less dependable, secure and confidential than its transmission by letter or fax. We use modern detection technologies to eliminate viruses and spam. However, we also advise you to use virus scanners and decline all liability for damage caused by e-mails or losses thereof. We reserve the right to reject e-mails with potentially hazardous attached data files.

Data protection

Statement on the Treatment of Personal Data and the Use of our Website

Dear Guest,
Our mission is to ensure that our Guests’ experience meets and exceeds their expectations (that your experience meets and exceeds your expectations). This is not only reflected in high quality reception and traditional hotel services, but also in the care we put into the treatment of our Guests’ personal data. Whatever the reason for your visit, our Guests’ satisfaction is essential for us. However, in order to be able to offer our services, we need to know some of your personal data. Since the information you will provide is valuable, it is treated and kept in compliance with the applicable laws as well as making use of the most suitable technological means and organisational resources. Your data are collected, processed, transmitted and kept in accordance with the requirements of the relevant laws and regulations in force. To ensure that the level of the relevant standards equals the quality of the other services offered by our hotel, all our Guests’ data are treated in compliance with the Federal Data Protection Act (LPD) and in pursuance of EU official Regulation no. 2016/679 (General Data Protection Regulation, hereinafter “GDPR”).

This statement is aimed at providing you with all the necessary information in accordance with the above regulations, namely:

A. About us
B. Which Data we Collect and Why
C. Consent
D. Your Rights
E. Security Measures (how we protect your data)
F. Duration of Data Retention
G. Transmission of your Data to Third Parties
H. Transmission of your Data Abroad
I. Cookies, Analysis and Tracking Systems, Social-media Plug-ins, External Links
L. Minors
M. General Provisions
N. Amendments to this Statement

A. About us
Albergo Villa Castagnola SA, a joint-stock company governed by the Swiss Law, UID (identification number): CHE‑103.655.250, with its registered office at Viale Castagnola in Lugano (CH-6900), hereinafter referred to as the Hotel, is responsible, amongst other things, for the management of the Hotel, including its presence on the Web. In such capacity, the Hotel thus acts as the data controller in respect of the data collected, including data collected through this website. The data are collected in compliance with the relevant Federal laws and regulations as well as the GDPR.

B. Which Data we Collect and Why
In order to provide our services, we need to collect some personal data from our Guests and from the users of our website. A part of these data are transmitted directly by the device you use to visit our website. To the extent that you wish to stop the automatic transmission of data, please access the settings of your browser, or of your device, and disable the transmission of personal data. Other data are required when you make an enquiry with us or make a reservation for a room. A part of this information is absolutely necessary in order for us to be able to provide you with the service you request, while a part is necessary in order to allow us to offer you a tailored service in line with your wishes. Some data are then kept to fulfil our tax obligations and obligations towards the police and to ensure the proper performance of the contract. Finally, some data are required in order to enable us to keep in touch with our Guests after their leave our hotel, so as to keep you informed about our activity and offers (marketing).

1. Data collected when you access our website, acquired through our servers

  • Access date and time;
  • IP number of your computer
  • Browser being used in your device;
  • Country from which connection to our server originates, as well as information about the language, the screen etc.;
  • Operating system of your computer;
  • Information about your internet service provider;

2. Data to be supplied by you about your enquiry about offers and/or reservations, including:

  • Name and surname;
  • Address
  • E-mail address
  • Phone number
  • Fax number
  • Correspondence language;
  • Nationality (in case of reservation)
  • Credit card details (in case of reservation)
  • Date of birth (in case of reservation);
  • Food preferences / intolerances / allergies (optional)
  • Name and age of any children if they are included in the reservation (optional in the case of children under age)
  • Favourite sport, activities and hobbies (optional)
  • Any special services requested (e.g. limousine etc., optional)

3. Data to be supplied by you for communications to be sent by the hotel, including:

  • Name and surname;
  • Correspondence language;
  • E-mail address

C. Consent
The GDPR defines the term “consent” as follows: “‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”.
The LPD will specify, in the future, that “consent is only valid if it is given freely and unequivocally after the person concerned has been duly informed. The processing of sensitive personal data requiring special protection and profiling are subject to express consent”.
Consent must always be explicitly stated in the case of very sensitive personal data, such, for example, information about your religion, your ethnic origin, your political position etc. In the unlikely event that the Hotel needs this kind of information, we shall therefore need your explicit consent.
As regards less sensitive data, consent may also be given by means of any freely given indication of willingness, as in the case of acts implying an intent, or it may be assumed when the data under consideration are essential in order for us to provide our services. In this case, your request to obtain services from the Hotel will imply your consent to the use of your personal data by the Hotel for the provision of the service requested.
Other data are intended to be used for our marketing communication activity and are expressly collected for this purpose. Of course you do not have to consent to your data being processed for this purpose and, if you have given your consent, you can withdraw it at any time. Our check-in staff is available to address all and any concerns you may have about the treatment of your personal data. Please refer to para. IV below for any further questions.

D. Your Rights
You are entitled to request that your data:

  • be updated, corrected or (if they are incomplete) supplemented
  • deleted, if
    • your data are no longer necessary to pursue the aim for which they were collected or drawn;
    • You have withdrawn your consent or you object to the treatment of your data;
    • Your data have been treated unlawfully or they have to be deleted to fulfil a legal obligation;
    • beonly partially processed if:
      • Your data are not correct or have been treated unlawfully or you have objected to their treatment;
      • Despite the fact that the Hotel no longer needs them for the purpose of processing them, the data are necessary in order for the Hotel to legally enforce your rights;
      • be transferred to another holder (“right of transfer”), if treatment is based on consent and is performed using automated means.

Please note that in compliance with our tax obligations and police requirements, the Hotel is bound to keep a part of your personal data – see paragraph “Duration of data retention” below. In pursuance of the applicable laws and regulations, you are entitled to file a complaint with a supervisory authority (in Switzerland, the Federal Data Protection and Information Commissioner and, in the other countries, the competent authorities designated by the national legislation in force).

E. Security Measures (how we protect your data)
1. The Hotel, through appropriate technical instruments and organisational procedures, implements measures aimed at protecting your personal data against unauthorised treatment and/or loss of the same. Our technical systems are maintained taking due account of constant technological development. In order to avoid unauthorized treatment or loss of their data, we recommend that our Guests always use updated systems and that they do not share any sensible information such as credit card numbers, user names or passwords with third parties.

2. With a view to ensuring absolute confidentiality as to the services provided to our Guests as well the confidential treatment of their personal data, the Hotel has further improved its corporate policies so that your personal data can only be accessed by the staff who actually need them in order to provide the services you request.

F. Duration of Data Retention
As a rule, our Guests’ personal data are treated and kept only for the time needed in order to provide the services requested by the Guests (contract base) or in compliance with the applicable legal requirements (legal base). In particular, the data are kept for the entire duration of the contractual relationship between the Guest and the Hotel for legal and accounting purposes (e.g. in case of legal proceedings initiated by either the Hotel or the Guest). At any rate, the data are anonymized and deleted to the extent that the Hotel ceases to have any legal interest in retaining the same.

G. Transmission of your Data to Third Parties
Under certain circumstances, the Hotel needs to allow third parties to access your data in order to be able to provide its services (outsourcing), particularly for the management of its website as well as in order to send newsletters and for profiling and marketing purposes. In any case, such transmission only occurs to the extent that you have consented to it (see paragraph III above) and/or to the extent that this is required by and/or complies with the applicable law. At any rate, the Hotel’s Partners contractually commit to guaranteeing the same security standards offered by the Hotel both vis-à-vis our Guests and vis-à-vis the Hotel.

H. Transmission of your Data Abroad
Under certain circumstances, the Hotel needs to allow third parties abroad to access your data in order to be able to provide its services (outsourcing), to the extent that treatment in keeping with this statement is necessary. The said third parties are equally required to ensure the confidentiality of personal data. To the extent that the said third parties are based in countries where the level of protection of personal data does not correspond to our Swiss and/or European standards, we undertake to guarantee adequate protection of your data by means of specific binding agreements to be entered into or through appropriate legal measures. Feel free to request any further information you may need on this matter.

I. Cookies, Analysis and Tracking Systems, Social-media Plug-ins, external Links

1. Cookies are small packages of data, a kind of identification card, which your device exchanges with our server while you browse our website. In particular, the information so collected is intended to optimise your browsing experience in terms of pleasurableness and effectiveness. Cookies are automatically saved on your device by the browser you use for surfing the internet and also allow keeping track of your choices and settings so as to make each access more efficient. Each browser allows setting how to manage the cookies and even allows preventing the transmission of your information. Furthermore, you can disable the cookies either in part or completely and be informed each time a system requests the exchange of cookies etc. Please note that disabling the cookies may partly affect your browsing experience and result in certain services not functioning, whether in part or completely.

2. Our website is equipped with tracking systems which allow collecting the information necessary for its management and implementation. Here too, cookies are used along with tracking systems offered by third parties, such as for example Google analytics (see complete list)
Complete list:
- Google Analytics by Google Inc.
- Cloudflare by Cloudflare Inc.
- Doubleclick.net by Google Inc.

3. In order to allow our Guests to choose whether and how to keep in touch with our Hotel, communication also occurs through the most popular social media. In this regard, our website is equipped with systems, called plug-ins, which allow the user to enable a connection with the social medium selected. Only then, hence at the Guest’s express request, can the exchange of the data necessary for the use of the social medium take place.

4. Our website offers links to external websites of interest or useful for the provision of our services. The Hotel does not monitor such websites all the time, so you are invited to read the relevant statements on the protection of personal data before you start browsing them. The Hotel accepts no responsibility for the contents or for the enforcement of the Hotel’s personal data protection rules. At any rate, the Hotel does not provide any personal data to the administrators of such websites, unless expressly requested otherwise.

L. Minors
Unless the personal data of minors (within the meaning of the applicable laws) are transmitted by the respective holders of parental authority (parents, guardians etc.), such data are not collected by our Hotel. However, since we do not regularly collect any personal data except as provided by this document and by the applicable laws and regulations, we are unable to detect data such as, for example, the age of those visiting our website. If you believe that a minor who is subject to your parental authority has disclosed his/her personal data to us without your consent, please notify us without delay so as to ensure that the minor will not receive any communication from us such as, for example, our promotional information. Our staff will take all the necessary measures.

M. General Provisions
Please note that the transmission of communications, documents and other information by email is considered less reliable, secure and confidential than transmission by post or fax. Although we use state-of-the-art identification technologies to combat malware such as viruses and spam, we recommend that you use proper, updated protection systems (e.g. antivirus software) and we do not accept responsibility for any damage resulting from email messages or the loss of the same. Additionally, we reserve the right to reject any emails with potentially dangerous attachments.

N. Amendments to this Statement
The Hotel reserves the right to revise this statement in order to ensure adequate protection in compliance with the legislation in force. Therefore, this statement may be revised and/or amended, in particular as a consequence of major changes in legislation or derived from case law.

Should you have any concerns or questions on the scope of this declaration, please do not hesitate to contact us.

Version of July 2018

Menu