Wi-Fi Privacy Policy
Last updated: 1 April 2026
1. Introduction
This privacy notice describes how Villa Traiano Holding Ltd, jointly with the Italian company VT Hospitality S.r.l., collects, uses and protects the personal data of users who access the Guest Wi-Fi service provided at the Villa Traiano hotel, in compliance with EU Regulation 2016/679 (GDPR), Italian Legislative Decree 196/2003 as amended, the UK GDPR and the Data Protection Act 2018.
Accessing the Guest Wi-Fi network involves the processing of certain personal data. Please read this notice carefully before using the service.
2. Data Controller
The Data Controller is:
Villa Traiano Holding Ltd
20 Wenlock Road, London, England, N1 7GU
Companies House: 16607218
Email: info@villatraiano.com
Joint Controller for processing carried out at the Italian premises:
VT Hospitality S.r.l.
Registered office: Viale dei Rettori 9, 82100 Benevento (BN), Italy
VAT / Italian Tax Code: 01892000629
REA: BN - 313670
Certified email (PEC): hospitality@pec.villatraiano.com
Email: privacy@villatraiano.com
Data Protection Officer (DPO):
Email: dpo@villatraiano.com
3. Personal Data Collected
When you use the Guest Wi-Fi service, the following data is automatically collected:
- Device identification data: MAC (Media Access Control) address, device name, operating system
- Connection data: assigned IP address, connection and disconnection date and time, session duration, data volume transferred
- Browsing data: DNS query logs, categories of websites visited
- Authentication data: email address or room number provided during captive portal login
- Approximate location data: the access point used within the property
4. Technology Infrastructure
The Guest Wi-Fi service is managed through the Cisco Meraki platform, which acts as a data processor pursuant to Article 28 of the GDPR. Cisco Meraki provides network management, user authentication, traffic monitoring and security policy enforcement.
Data collected by the Meraki platform may be processed and stored on servers located within the European Economic Area (EEA) and/or the United States of America. Transfers to the USA are safeguarded by Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework.
5. Purposes and Legal Bases
Personal data collected through the Wi-Fi service is processed for the following purposes:
| Purpose | Legal basis |
|---|---|
| Provision and management of the Guest Wi-Fi service | Performance of a contract — Art. 6(1)(b) GDPR |
| Network security, prevention of unauthorised access and protection against unlawful activities | Legitimate interest — Art. 6(1)(f) GDPR |
| Compliance with legal obligations regarding retention of electronic traffic data (Italian Legislative Decree 196/2003, Art. 132) | Legal obligation — Art. 6(1)(c) GDPR |
| Diagnostics and optimisation of Wi-Fi network performance | Legitimate interest — Art. 6(1)(f) GDPR |
| Response to requests from judicial or law enforcement authorities | Legal obligation — Art. 6(1)(c) GDPR |
6. Retention Periods
Data collected through the Wi-Fi service is retained for the following periods:
- Electronic traffic data (connection logs): 6 months from the date of recording, pursuant to Art. 132 of Italian Legislative Decree 196/2003
- Authentication data (email, room number): 6 months from the date of access
- Session and diagnostic data: 30 days from the date of collection
- Meraki Dashboard logs: in accordance with Cisco Meraki's data retention policies (typically 1 year for aggregated data)
Once retention periods expire, data is deleted or irreversibly anonymised.
7. Data Sharing
Data collected through the Wi-Fi service may only be shared with:
- Cisco Systems, Inc. / Cisco Meraki (USA) — Wi-Fi network management platform provider, acting as data processor
- Judicial and law enforcement authorities — in response to lawful requests under applicable legislation
- IT service providers — for maintenance and technical support of the network infrastructure, bound by confidentiality agreements
Data is never sold or shared with third parties for commercial, marketing or profiling purposes.
8. Security Measures
Villa Traiano implements the following technical and organisational measures to protect data collected through the Wi-Fi service:
- WPA3/WPA2 encryption for wireless traffic protection
- Network segmentation (VLAN) to isolate guest traffic from the hotel's internal network
- Firewall and intrusion detection/prevention systems
- Multi-factor authentication (MFA) for Meraki management platform access
- Periodic audits of network configuration and administrative access
9. Your Rights
Under Articles 15-22 of the GDPR, Wi-Fi service users have the right to:
- Access — obtain confirmation of processing and a copy of your personal data
- Rectification — correct inaccurate or incomplete data
- Erasure — request deletion of data, subject to mandatory retention obligations for traffic data
- Restriction — restrict processing in certain circumstances
- Portability — receive data in a structured, machine-readable format
- Objection — object to processing on legitimate grounds
To exercise your rights, please contact our DPO at dpo@villatraiano.com.
Note: erasure of electronic traffic data may not be possible during the mandatory retention period required by law (Art. 132, Italian Legislative Decree 196/2003).
10. Supervisory Authorities
You have the right to lodge a complaint with the relevant supervisory authority:
- Italy: Garante per la Protezione dei Dati Personali — www.garanteprivacy.it
- United Kingdom: Information Commissioner's Office (ICO) — ico.org.uk
11. Contact
For any questions regarding the processing of personal data in connection with the Wi-Fi service, please contact:
Data Protection Officer (DPO)
Email: dpo@villatraiano.com
For the general privacy policy of the website and hotel, please refer to our Privacy Policy.