PRIVACY POLICY

1. Introduction

This website is operated by WWWind Square del Hermann Stricker () hereinafter referred to as “we,” “our,” or “us”, located in Via Gardesana 374, 37018 Malcesine (VR), Italy. This Privacy Policy explains how we collect, use, and protect personal information of our customers, suppliers and interested parties when they visit our website or use our services.

Since the protection of your personal data is very important to us, we strictly adhere to the legal provisions of the Data Protection Act and the GDPR when collecting and processing your personal data. Therefore, please read our privacy policy carefully before you continue to use our websites and, if necessary, give your consent to data processing.

2. Use of Cookies

a. If you use our website solely for informational purposes, meaning you do not send us information (e.g., via a contact form), we collect only the personal data that your browser transmits to our server. This data is essential for us to display the website and ensure stability and security in accordance with Art. 6 para. 1 p. 1 lit. f GDPR. The following data is collected:

  • IP address
  • Date and time of the request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Request content
  • Access status / HTTP status code
  • Amount of data transferred
  • Website from which the request originates
  • Browser used
  • Operating system and its interface
  • Language and version of the browser software

b. Additionally, first-party and third-party cookies are stored on your device when you use our website, provided you give prior consent through our cookie banner. Cookies are small text files stored on your hard drive by your browser. The party setting a cookie (whether it’s us or the third parties listed below) receives specific information. These cookies are used to recognize you as a user and to track the usage of our services. Additionally, we use cookies for marketing purposes to analyze your usage behavior and potentially provide targeted advertising.

There are generally three categories of cookies:

  1. First-Party Cookies

    First-party cookies are stored directly by us or our website to provide an optimal user experience. These include functional cookies, such as those needed for a shopping cart.

  2. Third-Party Cookies

    Third-party cookies are set in your browser by an external provider. These are typically tracking or marketing tools that analyze user behavior or enable the third-party provider to recognize you across various websites. These cookies are used, for instance, in retargeting marketing. We use the following third-party cookies:

    • _ga: Google Analytics - Registers a unique ID to generate statistical data on how visitors use the website. Expires after 2 years.
    • _gat: Google Analytics - Used to throttle request rate. Expires after 1 day.
    • _gid: Google Analytics - Registers a unique ID to generate statistical data on how visitors use the website. Expires after 1 day.
    • _fbp: Facebook - Used via Google Tag Manager and Facebook to deliver a range of advertising products, such as real-time bidding from third-party advertisers. Expires after 3 months.
    • _gcl_au: Used through Google Tag Manager by Google AdSense to test ad effectiveness. Expires after 3 months.
  3. Third-Party Requests

    Third-party requests refer to any interaction you, as a site user, have with external services via our site (e.g., interacting with social media plugins or using a payment provider’s services). Although no cookies are stored in these cases, there may still be a transfer of personal data to the third-party provider, depending on the interaction. For this reason, we inform you about the tools and applications we use in our privacy policy.

c. You have the option to modify your browser settings to reject third-party cookies or all cookies. Please note, however, that doing so may prevent full functionality of our website.

d. To inform you comprehensively about the cookies we use, a cookie banner appears upon your first visit to our website. This banner, in accordance with ECJ case law (01.10.2019, C-673/17, Planet 49) and other relevant regulations, displays all cookies, their purpose, storage duration, and origin. Only upon your consent will cookies be stored, except for technically mandatory cookies needed for correct website display.

e. You may change your browser settings at any time to refuse third-party cookies or all cookies. However, please be aware that refusing cookies may impact the availability and functionality of certain features on our website.

3. Data Collection through Forms and Bookings

Personal data that goes beyond the information stored by cookies is processed by us in the context of the operation of our website only if you provide it to us voluntarily, for example, when you register with us, enter into a contractual relationship with us or otherwise contact us.

We use the personal data provided by you only to the extent necessary to fulfill the respective purpose of the processing (e.g. registration, sending newsletters, processing an order, sending information material and advertising, processing a competition, answering a question, enabling access to certain information) and as permitted by law (esp. according to Art. 6 or Art. 9 GDPR) (e.g. the sending of advertising and information material to existing customers according to Art. 6 para. 1 p. 1 lit. f GDPR).

4. Data Retention

We retain the personal data you provide solely for customer service, marketing, or informational purposes for a period not longer than needed. However, if you wish, we will delete this data before the three-year period, provided there are no legal retention obligations that prevent us from doing so.

In cases where a contract has been initiated or concluded, we will continue to process your personal data beyond the completion of the contractual relationship. This retention period extends to cover applicable warranty, guarantee, statutory retention, and limitation periods. Additionally, if there are ongoing or anticipated legal proceedings where your data may serve as evidence, we retain it until the conclusion of such proceedings.

5. Data Transmission

a. General
As a matter of principle, your data will not be shared with third parties unless we are legally obligated to do so, the data transfer is required to fulfill a contractual relationship with you, or you have given your explicit consent to the sharing of your data.

We may share your data with external processors or cooperation partners if it is necessary for contract processing, if we have a legitimate interest which is disclosed separately when relevant, or if specific standards require it. This may include sharing data with payment processors, booking systems, or other service providers essential for operational functionality.

We do not sell or otherwise market your personal data to third parties. If our contractual partners or data processors are based in a third country, i.e., outside the European Economic Area (EEA), we will inform you about any possible consequences of this transfer in the specific service descriptions provided.

If a third-party processor accesses your personal data, we require them to comply with all data protection regulations to the same standard that we uphold, ensuring data is handled securely and in accordance with GDPR.

b. Data Transfer to the USA
Certain services we offer involve data transfer to the USA. For such services, your consent is necessary for the processing of your data within the USA, unless there are alternative legal justifications, such as the fulfillment of contractual obligations. We obtain this consent either through our cookie banner or directly through a specific consent statement, depending on the service.

Your consent is required as recent European Court of Justice (ECJ) rulings (Case C-311/18, Schrems II) determined that the USA lacks an adequate level of data protection, particularly concerning data access by U.S. authorities under the Foreign Intelligence Surveillance Act (FISA 702). Specifically, the ECJ noted that such access is not subject to sufficient restrictions, does not require prior approval from an independent authority, and offers limited legal recourse for data subjects affected by such measures.

6. Our Online Services

a. Newsletter
We offer a complimentary newsletter subscription. By signing up, you will receive news, updates, and promotional content relevant to our services, including information about us. To subscribe, a valid email address is required.

When you first subscribe, we collect and store your first and last name, email address, country, IP address, and the date and time of your subscription. This information helps improve our services and ensures security against unauthorized subscriptions. The data you provide during subscription is used solely for marketing and is not shared with external parties. You may unsubscribe at any time by following the link provided in each newsletter.

b. Contact Forms
You may contact us through our website’s contact form. For this purpose, we collect and store your name, email address, phone number, and any information you provide within the form, such as product inquiries or service requests. This information is combined with any existing data we may have on file to improve our services.

c. Customer Surveys
We conduct periodic surveys for research and analysis, contacting customers and interested parties who have voluntarily provided their contact details. These surveys allow us to improve our offerings and understand customer preferences. Data is processed in an anonymized form whenever possible, but contact data is retained for follow-up if needed. You may opt out at any time by notifying us.

d. Competitions
We occasionally host competitions to increase website engagement. Participation requires providing contact information, which is used to notify winners. If the competition involves a partner, this will be disclosed. Data collected for competitions is used exclusively for processing entries and notifying winners unless explicit consent is given for marketing use.

e. Online Check-In
We offer an online check-in feature for guests at our Windsquare Center. This service collects personal data, including name, address, contact details, and booking information, to streamline your arrival and enhance our service. Data provided through check-in is not shared with third parties outside our company.

f. Online Booking
We offer an online booking feature for guests, using the third-party booking platform Viking Bookings, that securely processes your data in compliance with GDPR standards. When you make a reservation or booking through our website, Viking Bookings collects and stores your personal information, such as name, contact details, and payment information, solely to facilitate and confirm your booking. Viking Bookings operates under strict data processing agreements to ensure the confidentiality and security of your data. Read more...

7. Tools and Applications

Our website utilizes various third-party tools, including Google Analytics, Google Ads, Google Maps, and social media plugins. These tools may collect data such as IP addresses and browsing information to improve functionality or provide relevant advertising. Data shared with these tools may be transferred to and processed in the USA. Please note that U.S. law may not provide the same data protection standards as within the EEA.

a. Google Tools
We use Google Analytics for site analytics and Google Ads for advertising. These tools may use cookies to gather usage data. You may adjust your browser settings to disable these cookies or use Google’s opt-out options.

b. Facebook Custom Audiences
For targeted advertising, we use Facebook Custom Audiences, which may link your site usage with your Facebook account to deliver interest-based ads. You may opt out of this feature through Facebook settings.

c. Social networks
In addition, our website offers you the opportunity to interact with various social networks via links and plugins. These may include:

  • Facebook, operated by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
  • Instagram, operated by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
  • Tripadvisor, operated by Tripadvisor LLC, 400 1st Avenue, Needham, MA 02494, USA
  • YouTube, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
  • WhatsApp, operated by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

If you click on a link or a plugin of one of these social networks, the plugin or link is activated and, as described, a connection to the respective server of the network is established. We have no influence on the scope and content of the data that is transmitted to the respective operator of such a social network by clicking on the plugin.

8. Data Security

We employ technical and organizational measures to protect your personal data from unauthorized access, alteration, and disclosure. These measures are regularly updated to align with industry standards.

9. Your Rights

Under the EU GDPR and the Italian Data Protection Act, you, as the data subject in our data processing activities, are entitled to the following rights and may exercise these options:

Right to information (Art. 15 GDPR)
You have the right to inquire whether and which personal data of yours is being processed by us. For security purposes and to prevent unauthorized access, we will require verification of your identity before providing any information.

Right to rectification and deletion (Art. 16 & Art. 17 GDPR)
You have the right to request prompt correction of any inaccurate personal data held about you. Additionally, where applicable, you may request the completion of incomplete data or the deletion of your personal data, provided the conditions set forth in Art. 17 GDPR are met.

Right to restriction of processing (Art. 18 GDPR)
You have the right to request that we limit the processing of your personal data under specific legal circumstances. Once processing is restricted, your data will only be processed with your consent or for legal claims and defenses.

Right to data portability (Art. 20 GDPR)
You may request a copy of the personal data you have provided to us in a structured, commonly used, and machine-readable format. This allows you to transfer your data either to yourself or directly to another organization, as per your request.

Right of objection (Art. 21 GDPR)
If the processing of your personal data is based on our legitimate interests or those of a third party, you have the right to object to this processing at any time based on your specific situation. Following your objection, we will cease processing your data unless there are compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is required for legal claims. Additionally, you may object to data processing for direct marketing purposes at any time, effective immediately.

Revocation of consent
If you have given your explicit consent for data processing, you may revoke this consent at any time. The revocation will affect future processing but does not impact the legality of processing based on consent prior to withdrawal.

10. Contact Information

For data protection inquiries, please reach out to us at:

WWWind Square Watersports Center
Via Gardesana 374, Malcesine, Italy
Email: info@wwwind.com
Telephone: +39 376 02 92 903

Version: January 2025