Privacy Policy

Privacy Policy (Art. 13 GDPR)

Last update: January 14, 2026

1) Data Controller

The Data Controller is ALBERGO MARIA S.A.S. DI DEL SOLE O. & C.,
VAT No. 00448270678, with registered office at
Via Morandi, 2 – zona Borgo S. Maria – 64025 Pineto (TE), Italy.

Contacts: Phone +39 085 9492065 – Email:
info@hotelmaria.net

This policy describes how personal data of users who browse the website or contact the hotel are processed.

2) Types of personal data processed

  • Identification and contact data (name, surname, email, phone number).
  • Booking and stay data (dates, number of guests, requests, preferences, notes provided by the user).
  • Browsing data (IP address, technical logs, device and browser information).
  • Communications sent by the user (messages and attachments).

3) Purpose of processing and legal basis

A) Managing requests and contacts

  • Purpose: to reply to information requests, quotes and availability.
  • Legal basis: performance of pre-contractual measures (Art. 6.1.b GDPR).

B) Bookings and stay management

  • Purpose: to manage bookings, confirmations and hotel services.
  • Legal basis: performance of a contract (Art. 6.1.b GDPR).

C) Legal and accounting obligations

  • Purpose: to comply with legal obligations (tax, accounting, public security if applicable).
  • Legal basis: legal obligation (Art. 6.1.c GDPR).

D) Protection of the Controller’s rights

  • Purpose: to prevent abuse, manage disputes and defend legal rights.
  • Legal basis: legitimate interest (Art. 6.1.f GDPR).

E) Marketing communications (optional)

  • Purpose: sending newsletters and promotional offers.
  • Legal basis: consent (Art. 6.1.a GDPR), where required.
  • Providing data: optional.

4) Processing methods and security

Data is processed using electronic and manual tools, with appropriate security measures to protect confidentiality and integrity.

5) Data provision

Providing data for requests and bookings is necessary. Marketing data is optional.

6) Data recipients

  • Authorized staff
  • IT, hosting, booking system providers (Data Processors)
  • Consultants (accountants, lawyers)
  • Public authorities where required by law

7) Data transfer outside the EU

Data is normally processed within the EU. If transferred outside, appropriate safeguards will be applied.

8) Data retention period

  • Contact requests: up to 12 months
  • Bookings and accounting data: according to legal obligations
  • Marketing: until consent is withdrawn

9) Data subject rights

You may exercise your rights under Articles 15–22 GDPR: access, rectification, erasure, restriction, portability, objection and withdrawal of consent.

You also have the right to lodge a complaint with the Data Protection Authority.

10) Cookies

This website may use technical cookies and, with consent, analytics or marketing cookies.

11) Changes to this policy

This policy may be updated. Changes will be published on this page.