(articles 13 and 14 of EU Regulation 2016/679 (GDPR) and of Legislative Decree 196 of 30/06/2003, as amended by Legislative Decree 101 of 10/08/2018)
As required by the regulations above, we would like to inform you about how we process your personal data in the course of our business activities.
We will process your personal data in a lawful, correct and transparent way, limiting the data we use and its storage, and making sure it is accurate, complete and confidential in accordance with article 5 of the GDPR.
Your data will be collected directly from you or from third parties, as required by law or by contract; this may include using databases- It will be processed in accordance with the GDPR and current national legislation, including any provisions issued by the Control Authority, if they apply.
Az. Agricola Quercecchio di Maria Grazia Salvioni
Piazza Cavour 17 Montalcino (SI)
Farm tourism: Antica Grancia di Quercecchio – località Quercecchio – Montalcino (SI)
VAT no. 03761000581 Tel. +39 0577 839148
This policy describes how the Data Controller processes the personal data of visitors to the anticagranciadiquercecchio.it as part of the way they do business and provide their services.
The information does not concern other sites, pages or online services accessible through links you might find on the site referring to resources outside the site itself.
The computer systems and software procedures used to operate this site acquire, during normal operation and only while you are connected to the site, some personal data that is then transmitted implicitly in the use of internet communications protocols. This information is not collected for the purpose of associating it with specific users. However, given the type of data in question, it could be processed and combined with data held by third parties in order to identify you. The data is deleted a few hours after processing (unless the judicial authorities require it to be kept in order to investigate a crime).
This type of data includes the IP address or dominion name of the computers or devices used by visitors, the URI (Uniform Resource Identifier/Locator) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the state of the response from the server (successful, error, etc.) and other parameters relating to your operating system and software environment.
This data is necessary to use the web services, and is also processed in order to:
The legal basis for the processing is the legitimate interest of the Data Controller.
If you explicitly and voluntarily choose to send a message to the contact addresses on the site, or to a different email address of the Data Controller, you will be asked to provide your contact details so that we can reply, along with all the personal data included in the message.
Providing authorisation for the processing of personal data is optional; however, the free and voluntary sending of data and information by users via email represents explicit consent to the processing of the personal data contained in the emails sent.
By filling out the online booking form, you can make your own reservation for your stay at our facility without having to enter any personal data during the search phase.
The data are processed by the data controller in order to manage the reservations at the structure.
The legal bases are constituted by article 6, paragraph 1 letter a) and b) of the GDPR, which read:
Providing authorisation for the processing of personal data is optional;
however, the free and voluntary sending of data and information via email
represents explicit consent to the processing of the personal data contained in
the emails sent.
When managing bookings, accommodation and related services, the Data Controller collects and processes the following types of customer personal data:
Data processing is carried out by the Data Controller in the course of business for purposes related to guest booking and registration, payment management, issuing invoices or receipts, providing services related to the use of the facility, as well as for legal obligations, such as tax management and accounting, and the registration of guests with the obligation to collect and record personal details from a copy of the identity document and communicate them to the relevant authorities.
For the management and execution of contractual and pre-contractual relations in general. In particular, the data will be processed in order to comply with legal and regulatory obligations; the administrative management of contracts, including the management of invoices, payments and collections; the management of any litigation, as well as for internal controls, management, security of premises and protection of corporate assets.
Contact data, such as email address and telephone number, are necessary for service communications and used by the Data Controller for commercial and promotional communications.
The legal bases for the processing of personal data are constituted by Legislative Decree 196 of 30/06/2003, Ministerial Decree dated 7 January 2013 containing “Provisions concerning the communication to the public security authorities of the arrival of persons accommodated in accommodation” and article 6.1, letters b), c) and f) of the EU Regulation:
The processing of special category personal data is necessary in order to offer the best possible service for customers with special needs and/or disabilities. The processing of this category of data requires specific consent.
Providing data is mandatory only for data whose processing is required by law.
Providing data is necessary in order to set up a contractual relationship, to correctly meet pre-contractual and contractual obligations or, where a contractual relationship has already been established, to fulfil all or part of obligations and commitments under the contract.
Any consent given may be withdrawn at any time. If you withdraw your consent at a later date, this will not affect the lawful processing of your data up to the date of withdrawal.
If you decide to communicate personal data relating to third parties, you are responsible for informing the data subject and obtaining their consent. For data relating to minors, you are also responsible for having the legal right to communicate their data. The Data Controller shall not be held liable in any way in relation to such third parties.
The data of suppliers, such as data relating to professionals, company contacts and companies, are collected and processed by the Data Controller in the course of their business activities for purposes related to the possible selection, establishment, management and execution of contractual relations (including the management of the pre-contractual relationship and/or inclusion in the list of suppliers). In particular, the data will be processed for: the fulfilment of legal and regulatory obligations; the administrative management of contracts, including the management of invoices and payments; the receipt of goods and/or services at the premises of the Data Controller or any other supplier. For these purposes, the Data Controller collects the following categories of data:
The legal bases for the processing of these common personal data are provided by Legislative Decree 196 of 30/06/2003, and by article 6.1, letters b), c) and f) of the GDPR:
Providing data is mandatory only for data whose processing is required by law.
However, providing data is necessary in order to set up a contractual relationship, to correctly meet pre-contractual and contractual obligations or, where a contractual relationship has already been established, to fulfil all or part of obligations and commitments under the contract.
By spontaneously sending your CV, you are giving your explicit and unequivocal consent to the processing of the data contained in it. If the contents are of interest, they may be processed for the following purposes:
The legal basis for the processing of this personal data for the purposes indicated above is article 6, paragraph 1, letter b) of the GDPR, as the processing is necessary for the execution of pre-contractual measures taken at the request of the data subject.
Any CVs that are not considered of interest will not be kept.
Otherwise, specific information will be provided at the first contact or, alternatively, it will be possible to consult this information at any time through the website.
Personal data are not disclosed to unspecified third parties but, for the purposes indicated, may be disclosed to specific categories of recipients, including employees – appointed as persons authorised to process personal data under the direct authority of the Data Controller or otherwise instructed on the proper processing of data to which they have access – consultants and third-party service providers to the Data Controller (e.g. legal consultants; IT consultants) who process the data on behalf of the Data Controller in their capacity as Data Processors, other subjects, public or private, to whom the communication of data is mandatory, as well as other subjects who qualify as independent Data Controllers.
The data may also be communicated without the need for express consent
pursuant to article 6, letters b) and c) of the GDPR for the purposes of the
law to supervisory bodies and judicial authorities, following inspections or
audits, to all inspection bodies responsible for checks and inspections
relating to the regularity of legal obligations, including the scope of
prevention/suppression of any illegal activity also related to access to the
Personal data are not transferred outside the European Union. Should this be the case, personal data will be processed by companies/suppliers that perform the function of the Data Processor and ensure levels of data protection in compliance with Italian and European legislation. In any case, the transfer will be based on the assumptions provided for by current legislation (e.g. verification of the presence of a judgement of adequacy by the Commission of the system of protection of personal data of the country importing the data; consent of the person concerned).
The Data Controller will only process personal data that are strictly necessary and for the time necessary to fulfil the purposes illustrated above, and in any case for the time necessary as identified by Italian and European law, also in order to exercise the right of defence or to assert a right in court.
For any questions relating to the processing of your personal data, you can contact the Data Controller by emailing email@example.com
The Data Controller reserves the right to modify, supplement and/or update this information in order to adapt it to the applicable legislation or the provisions of the Data Protection Authority.
The Agriturismo Antica Grancia di Quercecchio offers attractive proposals for a stay in Montalcino. Choose the offer that best suits you and proceed with booking