Why direct booking?

– best price guaranteed
– direct contact with us
– personalised service and offers


This privacy statement is addressed to all parties using this website in accordance with the regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 (General Data Protection Regulation - GDPR).

The declaration only applies to the mentioned page and not to any other pages that may be accessible to the user by clicking on a hyperlink.

The operator of this site guarantees that, in accordance with the law, personal data will be processed in compliance with the basic rights and freedoms and with the dignity of the person concerned, in particular for the purposes of confidentiality, personal identity and the right to the protection of personal data.

1. Name and address of the responsible person and of the data protection officer

Responsible person in the sense of GDPR:

Ganischger Ltd.

Markus Pichler

Via Sant’Osvaldo 2
39100 Bolzano

South Tyrol – Italy


+39 0471 616504


Data Protection Officer:

Markus Pichler

2. Location of data processing

Ganischger Ltd.
Hotel Ganischgerhof Mountain Resort & SPA

Rio Nero 22
39050 Nova Ponente (BZ)
South Tyrol – Italy

3. Extent and legal basis of the processing of personal data

We generally only process personal data of our users as far as this is necessary for the provision of a functional website as well as of our contents and services. Processing of personal data is carried out only with the consent of the user. An exception applies in those cases in which it is not possible to obtain prior consent for actual reasons and the processing of the data is permitted or provided for by legal regulations.

The legal basis for the processing of personal data is Art. 6 GDPR and, if necessary, specific contractual agreements with the user and associated obligations.

4. Data deletion and storage period

Unless specifically stated, we store personal data only for as long as necessary to fulfil the purposes pursued.

In some cases, the law prescribes the retention of personal data. In these cases, we only store the data for these legal purposes, but do not process it elsewhere and delete it after the legal retention period has expired.

5. General purposes of the processing

We use personal data for the purpose of providing this website and for the purposes set out below.

6. What data we use and why

Access data / server log files

When you use this website, information about your usage behaviour and your interaction with the site, as well as data about your computer or mobile device, is automatically collected (so-called server log files). This data includes:

  • Name and URL of the website accessed
  • Date and time of access
  • Browser type and version
  • Operating system
  • Referer URL (i.e. the previously visited page)
  • IP address of the client/user

All log files listed above are automatically deleted from our server after 365 days. The IP address of the user is only stored partially anonymised during this period. The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. We use this log data without assigning it to you personally or otherwise profiling it for statistical evaluations for the purpose of the operation, security and optimisation of our website, but also for the anonymous recording of the number of visitors to our website (traffic) and the extent and type of use of our website and services, as well as for accounting purposes in order to measure the number of clicks received from cooperation partners. This information allows us to provide personalised and location-based content and to analyse traffic, find and fix errors and improve our services.

This is also our legitimate interest in data processing according to Art 6 (1) f) GDPR.

In addition, accesses with the full IP address are administratively logged by the website operator, among other things, for the purpose of detecting and defending against cyber-attacks. This data is deleted after a maximum of seven days.


Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user calls up a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of symbols that enables the browser to be uniquely identified when the website is called up again.

Our legitimate interest in the use of cookies pursuant to Art 6 (1) f) GDPR is to make our website more user-friendly, effective and secure.

Since cookies are stored directly on your computer, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or limit the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

Further information on the use, management and deletion of cookies can be found under the following link: [Click here]

Google Analytics

We use Google Analytics, a web analytics service provided by Google, Inc. (Google). Google Analytics uses cookies that are stored on your computer and enable an analysis of user behaviour. The information generated by the cookie about the use of this website by visitors to the site is generally transmitted to a Google server in the USA and stored there.

According to its own information, Google has submitted to the Privacy Shield Agreement concluded between the European Union and the USA and has been certified for this purpose. Google thereby agrees to comply with the standards and regulations of European data protection law. You can find more information in the following linked entry: [Click here]

We have activated IP anonymisation on this website (anonymizeIp). This means that your IP address is shortened beforehand by Google within member states of the European Union or in other contractual states of the Agreement on the European Economic Area. Only in exceptional cases the full IP address is transmitted to a Google server in the USA and shortened there.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

Further information on the use, administration and deletion of cookies can be found under the following link: [Click here]

You can also prevent the transmission of data generated by cookies and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: [Click here]

As an alternative to the browser plug-in or within browsers on mobile devices, you can click on the following link to set an opt-out cookie that will prevent the collection by Google Analytics within this website in the future (this opt-out cookie only works in this browser and only for this domain. If you delete the cookies in your browser, you must click this link again): [Click here]

Google Web Fonts

This site uses so-called web fonts provided by Google for the uniform display of fonts. When you open a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.

For this purpose, the browser you are using must connect to Google's servers. This informs Google that our website has been accessed via your IP address. Google Web Fonts are used in the interest of a consistent and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 (1) f) GDPR.

If your browser does not support web fonts, a standard font from your computer will be used.

You can find more information about Google Web Fonts at Google Fonts FAQ and in Google's privacy policy: Google Privacy.

Data for the fulfilment of our contractual obligations (module: webshop/order form)

If orders are placed via this site, we process the personal data that we need to fulfil our contractual obligations, such as name, address, tax number, e-mail address, ordered products, billing and payment data. The collection of this data is necessary for the conclusion of the contract.

The deletion of the data takes place after the expiry of warranty periods and legal retention periods. Data linked to a user account shall in any case be retained for the duration of the management of this account.

The legal basis for the processing of this data is Art. 6 (1) b) GDPR, because this data is required for us to be able to fulfil our contractual obligations towards a customer.

Registration/User Account (module: user account)

On our website, we offer users the opportunity to register by providing personal data. The data is entered in an input form and transmitted to us and stored. The data will not be passed on to third parties.

For new registrations, we collect the master data provided in the input form as well as the access data (user name and password).

In order to ensure your proper registration and to prevent unauthorised logins by third parties, you will receive an activation link by e-mail after your registration to activate your account.

During the registration process, the user's consent to the processing of this data is obtained and reference is made to this data protection declaration.

Once you have created a user account, you can have it deleted at any time without incurring any costs. A notification in text form to the responsible person (e.g. by e-mail, fax, letter) is sufficient for this purpose. We will then delete your stored personal data, unless we still need to store it for the processing of orders or due to statutory retention obligations.

The legal basis for the processing of this data is your express consent in accordance with Art. 6 Para. 1 a) GDPR and, if applicable, Art. 6 Para. 1 b) GDPR if mutual contractual obligations still exist.

Newsletter (Modul: "Newsletter")

On our website, you have the option of subscribing to a free newsletter. When registering for the newsletter, the data from the form is transmitted to us. This involves the e-mail address and, if available, the first name and surname of the user.

For the processing of the data, your consent is obtained during the registration process and reference is made to this data protection declaration. The legal basis for the processing of the data is therefore your explicit consent in accordance with Art. 6 Para. 1 a) GDPR.

You can revoke your consent to receive the newsletter at any time and thus unsubscribe from the newsletter and request the cancellation of the stored data.

Contact form and e-mail contact

Our website contains a contact form that can be used for electronic requests. If a user makes use of this option, the data entered in the form will be transmitted to us and stored.

For the processing of the data, your consent is obtained during the sending process and reference is made to this data protection declaration. The legal basis for the processing of the data is therefore your explicit consent in accordance with Art. 6 Para. 1 a) GDPR.

As an alternative, it is possible to contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored. The legal basis for the processing of the data is therefore your explicit consent in accordance with Art. 6 Para. 1 a) and b) GDPR.

In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

The processing of the personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the sending process (server log files) serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

The user has the option to revoke his or her consent to the processing of personal data at any time.

Use of social plugins

Social plugins are integrated on this website using the so-called 2-click solution. By default, these buttons do not transmit any data to third parties. By manually activating them, the user agrees that data is transmitted to the respective operator of the social network and that third-party cookies are installed. But only for this one page and for the selected service. Preferences in this regard can be saved and changed at any time via the gear wheel icon.

If you activate the social plugins, please read the following explanations on how they work and what data is transferred.

Privacy policy for the use of Facebook plugins (Like button)

Plugins of the social network Facebook (Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA) are integrated on these internet pages. You can recognise the Facebook plugins by the Facebook logo or the "Like" button on our site. You can find an overview of the Facebook plugins here: [Click here]

Widget Google Maps

We integrate maps (Google Maps) from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, in one or more places on this website. These are integrated via a script, whereby your IP address and your location data are sent to Google (but not without your consent, usually in the context of the settings made on your end device). The data may be processed in the USA.

Google is certified under the Privacy Shield agreement (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active) and thereby offers a guarantee of compliance with European data protection law.

Google AdWords and Google Conversion-Tracking

This website uses Google AdWords. AdWords is an online advertising programme of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (Google).

Within the framework of Google AdWords, we use the so-called conversion tracking. When you click on an ad placed by Google, a cookie is set for conversion tracking.

Each Google AdWords customer receives a different cookie. The cookies cannot be tracked through the websites of AdWords customers. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted in to conversion tracking. The customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that personally identifies users. If you do not wish to participate in the tracking, you can revoke this use by easily deactivating the Google conversion tracking cookie via your internet browser under user settings. You will then not be included in the conversion tracking statistics.

The storage of conversion cookies is based on Art. 6 para. 1 f) GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.

More information on Google AdWords and Google Conversion Tracking can be found in Google's privacy policy: [Clicca qui]

You can configure your browser to be informed about the setting of cookies and to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or in general and to activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.

Facebook Pixel

Our website uses the website visitor action pixel from Facebook, Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (Facebook) for conversion measurement.

This makes it possible to track the behaviour of page visitors after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of the Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimised.

The data collected is anonymous for us as the operator of this website, and we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the corresponding user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook data usage policy. This enables Facebook to serve advertisements on Facebook pages as well as outside of Facebook. This use of the data cannot be influenced by us as the site operator.

You can find further information on the protection of your privacy in Facebook's privacy policy: [Hier Klicken]

You can also disable the Custom Audiences remarketing feature in the Ad Settings section at http://it-it.facebook.com/policy.php. To do this, you must be logged in to Facebook.

If you do not have a Facebook account, you can disable Facebook's usage-based advertising on the European Interactive Digital Advertising Alliance website: [Clicca qui]. A tal fine deve però effettuare il login su Facebook.

Google AdSense

  1. Our website uses Google AdSense, an online advertising service provided by Google Inc. (Google). Google AdSense uses cookies, which are text files placed on your computer, to help the website analyse how users interact with the site. Google AdSense also uses so-called web beacons (invisible graphics). These web beacons can be used to analyse information such as visitor traffic on the pages of this website. The information generated by cookies and web beacons about the use of this website (including the user's IP address) and the delivery of advertising formats will be transmitted to and stored by Google on servers in the United States. This information may be passed on by Google to contractual partners of Google. However, Google will not merge your IP address with other data stored by you.
  2. Users can prevent the installation of cookies from Google AdSense in various ways:
    1. by adjusting the browser software appropriately;
    2. by deactivating Google's interest-based ads Google;
    3. by deactivating the interest-based ads of the providers that are part of the self-regulation campaign "About Ads" sind;
    4. by permanent deactivation through a browser plug-in. The settings under b) and c) are deleted when cookies are deleted in the browser settings.
  3. For more information on data protection and cookies for advertising on Google AdSense, please see https://policies.google.com/privacy?hl=it.

7. Your rights as a person affected by data processing

If your personal data is processed, you are a person concerned within the meaning of the GDPR and you have the following rights towards the responsible person:

  1. the right to confirmation and information
  2. the right to rectification
  3. the right to erasure ("right to be forgotten")
  4. the right to restriction of processing
  5. the right to be informed
  6. the right to data transferability
  7. the right to object
  8. the right to revoke the declaration of consent under data protection law
  9. the right not to be subject to automated decision-making, including profiling
  10. the right to lodge a complaint with the supervisory authority.

Detailed information on the individual rights can be found under the following link: [Click here]

8. Data security

We are very concerned about the security of your data within the framework of the applicable data protection laws and technical possibilities.

Your personal data is always transmitted in encrypted form. This applies in particular to your orders and also to the customer login. You can recognise an encrypted connection by the fact that the address line of the browser changes from http:// to https:// and by the lock symbol in your browser line. We use the SSL (Secure Socket Layer) coding system, but we would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

To protect your data, we maintain technical and organisational security measures in accordance with Art. 32 GDPR, which we continuously adapt to the state of the art.

We also do not guarantee that our service will be available at certain times; disruptions, interruptions or failures cannot be excluded. The servers we use are carefully backed up on a regular basis.

9. Disclosure of data to third parties

Generally, we only use your personal data within our company. However, we cannot exclude that when data is transferred to third parties, it may be transferred to another EU or non-EU country or to an international organisation, provided that this is in accordance with the purpose of the data processing.

If and to the extent that we involve third parties in the performance of contracts (such as logistics service providers), they will only receive personal data to the extent that the transfer is necessary for the relevant service.

In the event that we outsource certain parts of data processing (commissioned processing), we contractually oblige commissioned processors to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the rights of the data subject.

10. Further information

If you have any questions or concerns about data protection, please contact our controller/data protection officer.


Further information:

GDPR - Reglement 2016/679

Data protection in the EU

Competent supervisory authority (Italy): Garante per la Protezione dei Dati Personali, Piazza di Monte Citorio 121, 00186 ROME, Tel: (+39) 06.696771, Fax: (+39) 06.69677.3785, E-mail: garante@gpdp.it, Website: http://www.garanteprivacy.it/.

For further information and GTC’s of Ganischger GmbH, please refer to our General Terms and Conditions.

11. Changes to this privacy policy

The responsible entity reserves the right to make changes to this privacy policy at any time by informing its users accordingly on this page. Users are therefore advised to consult this page regularly and to check the date of the last modification indicated at the bottom of the page. If a user rejects a change to the privacy policy, he or she may no longer use this application and may request the responsible entity to delete his or her personal data. Unless otherwise stated, the current privacy policy applies to all personal data that the controller has stored about a user.

Bolzano, 01 February 2021

  • No products in the cart.