Privacu Policy

Last updated: February 2026

1. Data Controller

The Data Controller of personal data is Hotel Rufolo
with registered office at Via San Francesco, 5 - 84010 Ravello (SA), Italy.

Contact email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Phone: +39 089 857459

2. Purpose of Processing

Personal data collected through this website are processed for the following purposes:

  • Managing information requests submitted through the contact forms available on the website (including those dedicated to events and weddings);
  • Managing online reservations through a link to the Ericsoft.com portal, which users access to check room availability and complete their booking;
  • Direct communications via email or telephone regarding stays, events, or weddings;
  • Anonymous statistical analysis of website usage through Google Analytics;
  • Links to social networks (Facebook and Instagram) via connection or sharing buttons available on the website.

3. Categories of Data Processed

The data processed may include:

  • Identification and contact data (first name, last name, email address, phone number);
  • Booking-related data (stay dates, number of guests, preferences);
  • Technical browsing data (IP address, browser type, device, log data);
  • Any other information voluntarily provided by the user in contact form fields.

4. Legal Basis for Processing

The processing of personal data is based on the following legal grounds:

  • Data subject consent (Art. 6(1)(a) GDPR), given through the voluntary submission of contact forms or browsing with analytics cookies;
  • Performance of pre-contractual or contractual measures (Art. 6(1)(b) GDPR), in the case of information requests or bookings;
  • Legitimate interest of the Data Controller (Art. 6(1)(f) GDPR) for website security activities and improvement of user experience.

5. Methods of Processing

Data are processed using electronic and manual tools, in compliance with the principles of lawfulness, fairness, transparency, and data minimization established by the GDPR. Appropriate technical and organizational measures are implemented to ensure data security and confidentiality.

6. Disclosure of Data

Personal data are not disclosed publicly but may be shared with external parties acting on behalf of the Data Controller, such as:

  • IT service companies and hosting providers for technical website maintenance;
  • online booking service providers (e.g., Ericsoft.com);
  • consultants or professionals collaborating with the property, within the limits of the purposes indicated above;
  • competent authorities, where required by law.

7. Data Transfers Outside the EU

Data collected through Google Analytics may be transferred to countries outside the EU. In such cases, the transfer is carried out in compliance with the safeguards provided for under Chapter V of the GDPR, through standard contractual clauses or other adequacy mechanisms.

8. Data Retention

Personal data are retained for the time necessary to achieve the purposes for which they were collected, and in any case no longer than:

  • 12 months for information requests or contacts not followed by a booking;
  • 10 years for data related to concluded contracts or bookings, in compliance with accounting and tax obligations;
  • 26 months for anonymized browsing data collected through Google Analytics.

9. Data Subject Rights

As a data subject, users may exercise at any time the rights provided under Articles 15–22 of the GDPR, including:

  • right of access to personal data;
  • right to rectification and updating;
  • right to erasure (“right to be forgotten”);
  • right to restriction of processing;
  • right to data portability;
  • right to object to processing on legitimate grounds;
  • right to withdraw consent, where processing is based on consent.

Requests may be sent to This email address is being protected from spambots. You need JavaScript enabled to view it.. The Data Controller will respond within 30 days.

10. Right to Lodge a Complaint

Data subjects have the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it) if they believe that the processing of their personal data violates applicable regulations.

11. Cookies and Tracking Tools

The website uses technical and analytics cookies. In particular, Google Analytics with IP anonymization is active for anonymous statistical purposes. Users may manage or disable cookies through the information banner or their browser settings.

12. External Links and Social Networks

The website contains links and connection buttons to the official Hotel Rufolo profiles on Facebook and Instagram. Accessing these platforms may result in data collection by the respective operators, in accordance with their privacy policies.

13. Updates to the Privacy Policy

This policy may be updated periodically to comply with regulatory or technical changes. Any substantial changes will be communicated on the website. The latest updated version is always available on this page.

HR - Hotel Rufolo

Via S. Francesco, 1 84010 Ravello (SA) Italy
Tel. +39 089 857 133
info@hotelrufolo.it

F.LLI SCHIAVO S.R.L.
p.iva 04974570659
PEC: f.llischiavosrl@pec.it

REA SA409453
CAPITALE SOCIALE € 30.000,00

CIN: IT065104A182MFGZXK

Privacy Policy

Cookie Policy

Accessibility Statement

Privacy Policy

Cookie Policy

Accessibility Statement

Web Design

Riccardo Calce
www.quidp.com


Photography

Marino Casini
www.spazidipregio.it

Vincent Aiello
www.vincentaiello.com


Video Production

DUEINFO
www.dueinfo.com


CREDITS