Ora del Garda

LEGAL

Privacy Policy

How Ora del Garda collects, uses, and protects your personal data under the GDPR. Covers analytics, affiliate cookies, your rights, retention periods, and contact details.

Updated

Last updated: 12 May 2026.

Ora del Garda is committed to handling your personal data lawfully, fairly, and transparently. This policy explains what we collect, why, how we use it, who we share it with, how long we keep it, and what rights you have under the EU General Data Protection Regulation (GDPR) and the UK GDPR.

Who we are

The data controller for personal data processed via oradelgarda.com is:

We do not currently have a statutory obligation to appoint a Data Protection Officer. All privacy enquiries should go to the email above.

Data we collect

We try to collect as little personal data as possible. In practice, this is what we process:

1. Contact form submissions (when you write to us). Name, email address, the content of your message, and the timestamp of the submission. We collect this only when you choose to contact us. We do not have a contact form live at the time of writing; emails sent directly to hello@oradelgarda.com are processed under the same terms.

2. Analytics events. When you visit the site, we record anonymised analytics via Google Analytics 4 (with IP anonymisation enabled) and via our hosting platform’s first-party analytics (Cloudflare and/or Vercel). The data includes page views, referring URL, device type, approximate geographic location at country/region level, time on page, and session identifiers. We do not collect your full IP address, and we do not link analytics events to your identity.

3. Affiliate network tracking cookies. When you click an outbound link to one of our affiliate partners (for example GetYourGuide, Viator, Booking.com, Click&Boat, or Rentalcars), that partner may set a tracking cookie in your browser to attribute any subsequent booking to us. These cookies are set by the partner, not by us. See our cookie policy for details.

4. Security and operational logs. Our hosting providers keep short-term server logs containing IP addresses, user-agent strings, and request URLs for the purpose of detecting abuse, debugging, and protecting site availability. These are retained briefly and are not used to profile visitors.

We do not collect: payment information (we never handle your card details — bookings happen on partner sites), special-category data as defined in Article 9 of the GDPR (race, ethnicity, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, sex life, sexual orientation), criminal-offence data, or data from automated decision-making or profiling that produces legal or similarly significant effects.

We do not build behavioural profiles of visitors. We do not enrich our analytics with third-party data brokers. We do not run remarketing or retargeting audiences. We do not operate a newsletter at the time of writing; if we launch one in future, it will be opt-in only with clear unsubscribe in every email.

We rely on the following legal bases under Article 6(1) of the GDPR:

Third parties who process data on our behalf or alongside us

We do not sell personal data, ever. We do not share personal data with third parties for advertising purposes.

International transfers

Some of our processors (notably Cloudflare, Vercel, and Google) are based in the United States. Where personal data is transferred outside the European Economic Area, we rely on:

You can request a copy of the safeguards in place by emailing hello@oradelgarda.com.

Cookies

Full detail of the cookies we and our partners set is on our dedicated cookie policy page.

Your rights under the GDPR

You have the following rights regarding personal data we hold about you:

How to exercise your rights

Email hello@oradelgarda.com with a description of the request and, where helpful, the approximate date range of the data you are asking about. We will reply within 30 days of receiving the request. Where the request is complex or where we have received a large number of requests at once, we may extend the response window by a further 60 days; we will tell you within the first 30 days that we are doing so and explain why.

We do not charge a fee for reasonable requests. We may charge a reasonable administrative fee or refuse requests that are manifestly unfounded or excessive, and we will explain our reasoning if we do.

Identity verification. Before releasing personal data, we may ask you to verify your identity — typically by replying from the email address we hold for you, or by confirming details of a prior interaction. We do this to avoid disclosing data to the wrong person. We do not ask for government identity documents unless absolutely necessary.

Complaints. If you are not satisfied with how we have handled your data or your request, you have the right to lodge a complaint with the data protection authority in your EU/EEA country of residence, place of work, or where the alleged infringement occurred. The European Data Protection Board lists all national authorities at edpb.europa.eu. UK residents can complain to the Information Commissioner’s Office at ico.org.uk. We would prefer the chance to fix the issue first — please tell us before you escalate.

Retention

When the retention period ends, data is deleted or fully anonymised.

Children

Ora del Garda is not directed at children. We do not knowingly collect personal data from anyone under the age of 16. If you believe a child has provided us with personal data, contact hello@oradelgarda.com and we will delete it.

Changes to this policy

We will update this policy when our processing or the legal landscape changes. The “Last updated” date at the top of this page reflects the most recent change. For material changes that affect users with known contact details, we will notify those users by email before the change takes effect.

Use this page with AI

Open in ChatGPT Open in Claude Summarize with Perplexity