Skip to content

Privacy policy

Last updated: June 2026

This policy describes how personal data of users who visit this site and submit a booking enquiry is processed, in compliance with Regulation (EU) 2016/679 (GDPR) and Italian Legislative Decree 196/2003 as amended by Legislative Decree 101/2018.

1. Data controller

VIAR servizi turistici srl, registered at Via Duca D'Aosta, 4, 80045 Pompei (NA), Italy.

The controller has not appointed a Data Protection Officer (DPO) because the conditions set out in Article 37 GDPR do not apply.

2. Personal data we collect

We only collect data you voluntarily provide through the booking enquiry form:

  • first and last name;
  • email address;
  • phone number;
  • stay dates, number of guests, room preference;
  • optional message.

When you visit the site, some technical data (IP address, browser user agent, pages visited) is also collected via the analytics tools described in the Cookie Policy.

To demonstrate the consent you give through the cookie banner (art. 7 GDPR) we keep, in pseudonymised form, a consent log containing: a random identifier, the date and time, the choices made, the policy version, the language and a cryptographic hash of your IP address. The IP address is not stored in clear text. Legal basis: the accountability obligation (arts. 5(2) and 7(1) GDPR).

3. Purposes and legal basis

Your personal data is processed for the following purposes:

  • Managing booking enquiries and contact: to reply to the form and, at your request, proceed with the booking. Legal basis: performance of pre-contractual measures taken at the request of the data subject and of the contract (Art. 6(1)(b) GDPR).
  • Compliance with legal obligations: invoicing, guest reports to Italian Public Security (Art. 109 TULPS), CIN/CURS registry. Legal basis: legal obligation (Art. 6(1)(c) GDPR).
  • Aggregate traffic analysis: improving the site using anonymous statistics. Legal basis: legitimate interest of the controller in maintaining and improving the service (Art. 6(1)(f) GDPR).

4. Data recipients

Your data may be disclosed, strictly to the extent necessary for the purposes above, to:

  • authorised staff of the controller (reception, administration);
  • Vercel Inc. (website hosting and distribution, and technical statistics via Vercel Analytics and Speed Insights);
  • Google Ireland Limited / Google LLC (site usage statistics via Google Analytics 4, subject to your consent);
  • the email provider used to receive enquiries sent through the form;
  • tax and administrative advisors, within the scope of legal obligations;
  • competent authorities (e.g. Italian Public Security) where required by law.

Data is never sold or shared with third parties for marketing purposes.

5. Transfers outside the EU

Some providers (notably Vercel Inc. and Google LLC) are based in the United States of America. Transfers take place under the Standard Contractual Clauses approved by the European Commission and any applicable adequacy decision (such as the EU-US Data Privacy Framework), with appropriate safeguards pursuant to Articles 44 et seq. GDPR.

6. Data retention

Data collected through the form is kept for the time strictly necessary to handle the enquiry. If a booking is actually made, data is retained for the period required by Italian tax law and by Article 109 TULPS (generally 10 years). Absent a booking, data is deleted within 24 months of the last contact, unless otherwise requested by the data subject.

7. Your rights

In relation to your personal data, you can exercise the following rights at any time under Articles 15-22 GDPR:

  • access to your data (Art. 15);
  • rectification (Art. 16);
  • erasure (Art. 17);
  • restriction of processing (Art. 18);
  • data portability (Art. 20);
  • objection to processing based on legitimate interest (Art. 21);
  • withdrawal of consent, without affecting the lawfulness of processing carried out before the withdrawal.

You can exercise your rights by writing to info@pompeihosteldeluxe.com.

8. Right to lodge a complaint

If you believe the processing of your data infringes the GDPR, you have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) (Piazza Venezia 11, 00187 Rome) or with another competent supervisory authority (Art. 77 GDPR).

9. Automated decision-making

Your data is not subject to automated decision-making or profiling under Article 22 GDPR.

10. Mandatory or optional data

Providing the data requested by the enquiry form is optional, but failure to provide it makes it impossible to process the request. Data required for legal obligations (e.g. Art. 109 TULPS at check-in) is mandatory.

11. Changes to this policy

This policy may be updated over time to reflect regulatory, organisational or technical changes. The current version is always published on this page with the relevant update date.

Book now