top of page

Privacy Policy Villa Maria Lodge

Last Updated: May 19, 2026

At Villa Maria Lodge, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you interact with our website, services, or facilities. It is designed to comply with the General Data Protection Regulation (GDPR) and other applicable European data protection laws.

If you have any questions about this policy or your personal data, please contact us at info@villamarialodge.com.

1. Who we are

Villa Maria Lodge is the data controller for the personal information we process.

 

Our contact details are:​

2. What personal data we collect

We may collect and process the following categories of personal data to provide our services and improve your experience:

  • Identity Data: This includes your name, title, and passport details. We collect this information to fulfill booking requests and verify your identity. The legal basis for processing this data is contract necessity (Article 6(1)(b) GDPR), and we retain it for 6 years after your last interaction with us.
     

  • Contact Data: This includes your email address, phone number, and  postal address. We use this data to communicate with you regarding bookings, updates, and promotional offers (if you have consented). The legal basis is consent (Article 6(1)(a) GDPR) for marketing purposes or contract necessity (Article 6(1)(b) GDPR) for service-related communications. We retain this data until you withdraw consent or for 6 years after your last interaction.
     

  • Demographic Data: This includes your birth date and nationality. We collect this information to tailor our services to your needs. The legal basis is legitimate interest (Article 6(1)(f) GDPR), and we retain it for 2 years after collection.
     

  • Technical Data: This includes your IP address, browser type, and cookie data. We use this information to analyze website traffic and improve functionality. The legal basis is legitimate interest (Article 6(1)(f) GDPR), and we retain it for 13 months (for cookies) or the duration of your session.
     

  • Marketing Preferences: This includes your responses to surveys and promotional opt-ins. We use this data to send you tailored offers and updates. The legal basis is consent (Article 6(1)(a) GDPR), and we retain it until you withdraw consent.
     

  • Payment Data: This includes payment card details, which are processed securely by third-party payment providers. We do not store your payment data. The legal basis is contract necessity (Article 6(1)(b) GDPR).
     

  • We do not process sensitive personal data (e.g., health, religion, or biometric information) unless explicitly required by law or with your explicit consent under Article 9 GDPR.​​​​​​​​

3. How we use your personal data

We use your personal data for the following purposes, each with a specific legal basis:

  • Booking and Service Fulfillment: We process your data to confirm and manage your bookings, provide requested services, and ensure a smooth experience during your stay. The legal basis for this processing is contract necessity (Article 6(1)(b) GDPR). You have the right to access, rectify, or erase this data.
     

  • Sending Updates and Offers: If you have provided consent, we may send you updates, special offers, or promotional materials via email or other communication channels. The legal basis is consent (Article 6(1)(a) GDPR), and you have the right to withdraw your consent at any time.
     

  • Improving Our Services: We analyze feedback, usage patterns, and other data to enhance our services, website functionality, and guest experience. The legal basis is legitimate interest (Article 6(1)(f) GDPR), and you have the right to object to this processing.
     

  • Internal Record-Keeping: We maintain records of your interactions with us for administrative purposes, such as managing bookings and complying with legal obligations. The legal basis is legitimate interest (Article 6(1)(f) GDPR), and you have the right to access or restrict this processing.
     

  • Cookie Management: We use cookies and similar technologies to manage your preferences and improve your browsing experience. The legal basis is consent (Article 6(1)(a) GDPR) for non-essential cookies or legitimate interest (Article 6(1)(f) GDPR) for strictly necessary cookies. You have the right to withdraw consent or object to the use of non-essential cookies.

Cookie Consent Management

To manage cookies and similar technologies (tracking pixels, web beacons, etc.) and related consents, we use the Essential Wix cookies.


The legal basis for processing personal data in this context is Articles 6(1)(c) and (f) GDPR. Our legitimate interest is managing cookies and similar technologies and their consents.


Providing personal data is neither contractually required nor necessary for contract conclusion. You are not obligated to provide personal data. If you do not, we will be unable to manage your consents

Data Security

Privacy is our priority. We have implemented appropriate physical, digital, and managerial measures to protect your data and prevent unauthorized access.

Changes to this policy

If we make changes, we update this page. We will never reduce your rights without consent: for significant updates, we will also notify you by email.

Keeping things accurate

Think we’ve got something wrong? Just drop us a line by email or post. We’ll correct it right away.

bottom of page