Privacy Policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA 
Pursuant to art. 13 of the 2016/679 EU Regulation 

Preamble

 Dear Customer, 
In accordance with current legislation on the protection of personal data (EU Regulation No. 679 of 2016), we wish to inform you that the processing of your personal data is carried out correctly and transparently, for lawful purposes and protecting your privacy and your rights. 

***** 

Information pursuant to art. 13, par. 1 

A) Contacts of the Data Controller and Data Processors 

The Data Controller of your data is AZ. AGR. BRICCO MAIOLICA S.S.A., with registered office located in Via Bolangino n. 7, 12055 Diano d’Alba (CN); mail: info@agriturismocastella.com 

The Data Controller informs you that your personal data will be processed in accordance with articles 12 and 13 of EU Regulation no. 2016/679 (General Data Protection Regulation, hereinafter referred to as “GDPR”), by specifically authorized subjects, limited to the purposes and with the methods that will be specified below with reference to the functions of the web portal www.agriturismocastella.com 

The updated list of persons appointed as Responsible pursuant to article 28 of the GDPR is available at the company’s headquarters and is knowable through a specific request. 

B) Object, purpose of processing 

The Data Controller informs you that when you use our services you accept that your personal data will be processed. 

Only the following personal data will be processed: 

  • a. Personal data 
  • b. Email 
  • c. Telephone number 

All personal data provided through the Website shall be lawfully and correctly processed for the purpose of: 

  • a) providing the request services; 
  • b) to reply to users’ communications and questions. 

Please refer to the appropriate cookie information for more information. 

C) Legal basis for data processing 

Except as specified in the Cookie Policy for navigation data, the communication to the Data Controller of the personal data specified above, has as a basis for the lawfulness of the treatment: the legitimate interest of the data controller provided that it is not in conflict with the rights and freedoms of the interested party, the fulfillment of the contractual and/or pre-contractual obligations assumed with you. The treatment carried out on the personal data of users is based on the art. 6 of EU Regulation 2016/679 letters: A, B, C, F. 

Being the necessary treatments for the definition of the contractual agreement and for its subsequent implementation, in case of refusal to provide personal data, we will not be able to provide the requested services. 

D) Recipients or categories of recipients of personal data 

Personal data processed by the Data Controller may be disclosed to specific subjects considered as recipients of such personal data. 

With this in mind, in order to correctly perform all processing activities necessary to pursue the purposes set out in this statement, the following recipients may be able to process the data on behalf of the Data Controller: 

– subjects – internal or external to the company – who provide IT and telematic services for the management of the information system used by the Data Controller and of the telecommunications networks. These subjects have been appointed as controllers. 

– Third parties who perform part of the processing and / or related activities and instrumental activities. 

– Individuals, employees and / or collaborators of the Owner who are entrusted with specific and / or more processing activities on your personal data. These individuals have been given specific instructions on security and correct use of personal data. 

– Subjects, public and private, who can access data under the provisions of law, regulation or community legislation, within the limits set by these rules. 

Information pursuant to art. 13, par. 2 

A) Data retention period 

Pursuant to article 5 in compliance with the principles of lawfulness, purpose limitation and data retention and minimization, the data collected for the purposes referred to in points a) and b) will be kept according to the law and for the time necessary to carry out the activities referred to for the purposes indicated above in compliance with the terms of the law. 

B) Rights of the interested party 

We also inform you that at any time, with regard to personal data, you may exercise your rights under the GDPR 679/2016, within the limits and under the conditions set out in Articles 7 and 15-22. For the exercise of these rights, described below, you can contact the owner at the email address info@agriturismocastella.com, preferably indicating in the object “exercise of rights GDPR”. This request will be provided with suitable feedback according to the timing established by the GDPR. 

By way of example but not exhaustive, the interested party has the right to: 

  • a) Revoke the consent previously given, without prejudice to the lawfulness of the treatment based on consent before revocation; 
  • b) Ask the Owner to access, rectify, delete personal data or limit the processing of personal data concerning him or to oppose their treatment; 
  • c) To obtain data portability; 
  • d) Propose a claim to the Guarantor for the protection of personal data if it considers that its rights have been violated 

C) Automated decision making and profiling 

The Data Controller informs you that, for the purposes of processing your personal data, it does not make use of automated decision-making processes, or those aimed at making decisions based solely on technological means on the basis of predetermined criteria (i.e. without human involvement). The owner does not carry out profiling activities.