Privacy & Cookie policy

1. DATA CONTROLLER

Following access to this website, personal data relating to identified or identifiable natural persons may be processed.

The Data Controller of the personal data collected through this website is:

Comolac SRL
Registered address: Via Andrea Stoppani 6, 22017 Menaggio
Email: info@comolac.com

The Data Controller determines the purposes and means of the processing of personal data in accordance with Regulation (EU) 2016/679 (GDPR).
 

​​​

2. PLACE WHERE DATA IS PROCESSED

Data processing related to the web services of this website, which is hosted by Wix.com Ltd. (https://www.wix.com), is carried out at the registered office of Comolac and by Wix as technical service provider.

Personal data is processed exclusively by authorized personnel of Comolac, as well as by external parties appointed as data processors, solely for technical management, maintenance, and the provision of website-related services.

The personal data provided by users through booking requests, contact forms, newsletter subscriptions, or other informational requests is used exclusively to provide the requested services and communications.

Such data is not disclosed to third parties, except in the following cases and only where strictly necessary:

• Technical and IT service providers, including Wix.com Ltd., acting as hosting and website infrastructure provider;

• Payment service providers (such as Stripe and/or PayPal), exclusively for the purpose of processing payments securely;

• Professional advisors or service providers who support Comolac in accounting, administrative, legal, fiscal, or compliance-related matters;

• Public authorities or bodies, where disclosure is required by law or pursuant to lawful requests.

In all cases, personal data is processed in accordance with applicable data protection legislation and appropriate technical and organizational measures are adopted to ensure data security and confidentiality.
 

 

3. Reservations

In the event that a reservation is made through this website, the user is required to provide certain personal data, including name, address, telephone number, email address, and information related to the selected payment method. Credit card or payment details are processed exclusively by authorized payment service providers and are not stored or processed directly by Comolac.

Comolac uses such information solely for the purpose of managing and processing accommodation reservations, as well as for sending communications strictly related to the booking, such as booking confirmations, receipts, reservation references, and applicable terms and conditions.

The personal data provided will not be used for marketing purposes and will not be sold, transferred, or disclosed to third parties, except where strictly necessary to perform the requested services and in the following cases:

• Booking and reservation management services, including bnbforms (https://bnbforms.com), which acts as a data processor for the collection and management of booking requests;

• Technical and IT service providers, including Wix.com Ltd. (https://www.wix.com), acting as hosting and website infrastructure provider;

• Payment service providers (such as Stripe and/or PayPal), exclusively for the secure processing of payments;

• Professional advisors or service providers who assist Comolac with accounting, administrative, legal, fiscal, or compliance-related obligations;

• Public authorities or other entities, where disclosure is required by applicable law or pursuant to lawful requests.

In all cases, Comolac adopts appropriate technical and organizational measures to ensure the security, confidentiality, and integrity of personal data, with particular attention to the protection of payment-related information transmitted during online reservation procedures.
 

​

4. Navigational Data

The information systems and software procedures used to operate this website acquire certain personal data as part of their normal operation. The transmission of such data is inherent to Internet communication protocols.

This information is not collected in order to identify users; however, by its nature, it may allow identification after being processed and combined with data held by third parties.

This category of data includes, by way of example: IP addresses or domain names of the devices used by users to access the website, URI (Uniform Resource Identifier) addresses of requested resources, the date and time of requests, the method used to submit requests to the server, the size of files obtained in response, numerical codes indicating the status of server responses (successful, error, etc.), and other parameters related to the user’s operating system and IT environment.

Such data is used exclusively to obtain anonymous statistical information on website usage, to ensure proper functioning of the website, and to maintain its security. These data are generally deleted shortly after processing and, in any event, are not retained for longer than seven (7) days, except where required to ascertain responsibility in the event of cybercrimes or unlawful activities affecting the website.

​​​

​

5. Data Voluntarily Provided by the User

The voluntary sending of emails to the addresses indicated on this website, as well as the completion of contact forms, booking requests, or other submission forms, entails the acquisition of the sender’s contact details (such as email address and name), which are necessary to respond to requests and provide the requested services, together with any additional personal data contained in the communication.

Personal data provided by users is processed exclusively for purposes directly related to the requested services, including responding to inquiries, managing accommodation reservations, and fulfilling contractual obligations.

Where users expressly subscribe to newsletters or request to receive promotional communications, the related personal data will be processed solely for such purposes, based on the user’s explicit consent, which may be withdrawn at any time.​

​​

​

6. PERIOD FOR DATA RETENTION – CRITERIA USED

In accordance with Article 5(1)(e) of Regulation (EU) 2016/679 (GDPR), personal data is retained only for as long as necessary to fulfill the purposes for which it was collected.

Retention periods include, by way of example:

• Technical navigation data: for the duration of the browsing session or up to 7 days for security purposes;

• Contact requests: up to 12 months;

• Booking and contractual data: up to 10 years, as required for administrative, accounting, and legal obligations;

• Newsletter and marketing communications: up to 24 months or until consent is withdrawn.

​

​

7. RIGHT TO LODGE A COMPLAINT

If a data subject considers that the processing of personal data relating to him or her infringes Regulation (EU) 2016/679 (GDPR), he or she has the right to lodge a complaint with the competent supervisory authority.

For Italy, the competent authority is:

Garante per la Protezione dei Dati Personali  
(www.garanteprivacy.it)

Alternatively, the data subject may seek judicial remedy in accordance with Articles 77 and 79 GDPR.

​

​

8. DATA SUBJECTS’ RIGHTS

Data subjects may exercise the rights provided for under Articles 15–22 GDPR, including the right to access, rectify, erase, restrict, or object to processing, as well as the right to data portability.

Requests may be addressed to:

Comolac
Email: info@comolac.com

​​

​

9. DAC7 – TAX REPORTING OBLIGATIONS

In accordance with Directive (EU) 2021/514 (DAC7) and the relevant Italian implementing legislation, Comolac is required to collect and process certain personal and transactional data relating to accommodation bookings in order to comply with mandatory tax reporting obligations.

For this purpose, Comolac may process personal data of guests and transaction-related information, including identification and booking details, where required by applicable tax laws. Such data may be communicated to the competent tax authorities through the appropriate reporting channels.

Personal data processed for DAC7 compliance purposes is handled exclusively to fulfill legal obligations and is retained for the period required by applicable tax and accounting regulations.

The processing of personal data for DAC7 purposes is carried out pursuant to Article 6(1)(c) of Regulation (EU) 2016/679 (GDPR), as it is necessary for compliance with a legal obligation to which the Data Controller is subject.

​

​

10. COOKIE POLICY

This website uses cookies and similar technologies to ensure proper functioning, enhance the user experience, and collect aggregated information on website usage.

Cookies are small text files stored on the user’s device when visiting a website. They may be classified as follows:

• Technical cookies, which are necessary for the operation of the website and to enable essential functions such as navigation, session management, and access to secure areas. These cookies do not require the user’s consent;

• Analytical cookies, which allow Comolac to collect aggregated and anonymous information on how visitors use the website, in order to improve its performance and functionality. Such cookies are used only with the user’s prior consent, unless they are configured in a way that prevents the identification of users;

• Third-party cookies, which may be installed by external service providers integrated into the website (such as booking, analytics, or payment services). The use of such cookies is subject to the privacy and cookie policies of the respective third parties.

Users may give, refuse, or withdraw consent to the use of non-essential cookies at any time through the cookie banner displayed upon first access to the website or through the cookie settings subsequently available.

The installation of technical cookies does not require the user’s consent. Refusal or withdrawal of consent for non-essential cookies does not affect the ability to browse the website or to make booking requests.

Further details on the cookies used, their purposes, duration, and providers are available through the cookie settings interface.
 

​