PREFACE
Dear User,
this Privacy Policy is provided to you pursuant to Article 13 of Regulation (EU) 2016/679 – on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter, also referred to as, “the Regulation” or “GDPR”).
This Privacy Policy contains information on the processing of your personal data as a result of browsing the Internet and using the services made available to you through the website.
You will be provided with specific and/or supplementary information on the processing of your personal data each time we collect them, either through your interaction with the site or by virtue of contractual relationships established with our Company; you can view all of them at any time by clicking on the links in the “Information” section at the bottom of this page.
Attention: this Privacy Policy does not apply to web services provided by third parties, which you may use or consult and access through hypertext links. In this regard, we invite you to consult the privacy information and privacy policies provided by these third parties in the appropriate locations.
DEFINITIONS
Privacy Policy: The GDPR, the Privacy Code, the Measures of the Guarantor and, in general, all the legislation on the protection of individuals with regard to the processing of personal data.
GDPR or Regulation: The General Data Protection Regulation (EU) 2016/679 of April 27, 2016 on the protection of individuals with regard to the processing of personal data.
Personal Data: Any information relating to an identified or identifiable individual. In addition to the data provided by the User by means of any forms within individual areas of the Web Services, this also includes data relating to the User’s navigation.
Interested party: The identified or identifiable individual to whom the Personal Data relates.
Navigation data: In the course of their normal operation, the computer systems and software procedures used to operate the Web Services acquire certain data. The transmission of these data is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with the identified parties concerned, but by its very nature it could enable users to be identified through processing and association with data held by third parties. However, if the browsing session takes place after accessing the Reserved Area (so-called log in), the data collected are associated with the User’s personal account.
Browsing data includes:
- IP addresses or domain names of computers used by users connecting to the site;
- the addresses of the requested resources in URI (Uniform Resource Identifier) format;
- the time of the request;
- the method used to submit the request to the server;
- the size of the file obtained in response;
- the numerical code indicating the status of the response given by the server (successful, error, etc.);
- other parameters relating to the User’s operating system and computer environment.
Data provided by the User: This is the data which the User voluntarily and knowingly provides by sending communications (e.g. by e-mail, to the addresses on the web domain) or by filling in specific forms, if present in the areas provided by the Services.
The Data provided by the User are only strictly necessary for the purposes required by the Services on a case by case basis (for precise details regarding the categories of data collected on a case by case basis, please refer to the relevant privacy policy). By way of example, such data may be:
- personal details;
- concerning contact details (e.g. e-mail address);
- related to the contractual position of the User/Client;
- geolocation (if the user has given consent to the collection of data relating to their location);
- regarding the use of individual Services available to the User;
- concerning facts and events disclosed by the User in their messages (in this regard, and for their greater protection, the User is requested not to provide information not strictly pertinent to the subject of the request and the nature of the Services provided by the company).
Data Controller or Holder: The person who decides on the aims and methods of processing Personal Data. With reference to Web Services, the Unipol Group is the Company which this site refers to and whose references are at the bottom of each page.
Services or web services: The services provided through the Internet, used via the website and/or any applications.
User: The interested party (individual) who browses, consults, accesses or uses the Web Services.
DPO: The Data Protection Officer . The interested user may request clarifications regarding the processing of Personal Data or exercise their rights by contacting the DPO, in the manner and form indicated in the section “How to exercise rights and/or request information on processing”.
Privacy Guarantor: The Guarantor for the protection of personal data, i.e. the Italian national monitoring authority for the protection of personal data. Consult the website of the Privacy Guarantor.
Cookies: Cookies are pieces of information that are stored on your device (e.g., within your browser’s memory) when you visit a website or use a web application.
Each cookie may contain various data, such as the name of the server it comes from, a numerical identifier, etc.
View the Cookie Policy for more information.
INFORMATION ON THE PROCESSING OF THE USER'S PERSONAL DATA
The following is useful information concerning the processing of Personal Data carried out via the Web Services.
In particular, we want to inform you of:
- the identification and contact details of the Data Controller;
- the contact details of the Data Protection Officer (DPO);
- the categories of Personal Data processed through the Web Services;
- the purposes for which such Personal Data are processed on a case by case basis;
- the grounds for processing such data (so-called legal bases);
- the duration of their retention, always strictly necessary for the pursuit of the stated purposes;
- the categories of the data communication recipients.
| Data Controller | Registered office |
| Tenute del Cerro S.p.A. | Via Grazianella n. 5 – Fraz. Acquaviva – 53045 Montepulciano (SI) |
Categories of Personal Data, purpose and legal basis of processing and retention periods
| Categories of Personal Data | Purpose of processing | Legal basis | Data retention periods |
| Navigation data | Allow web browsing and the provision of Services | Need to implement a contract to which the individual is part of or to provide a service at the individual’s request | For the duration of navigation within the services |
| To obtain anonymous statistical information on the use of the Web Services, for the sole purpose of checking their correct functioning | Legitimate interest of the Company | The collected data are collected in aggregate and no longer traceable to the individual user who browsed the site. | |
| Data provided by the User: provision of Web Services | Booking of overnight stays at establishments | Need to execute a contract or a pre-contractual measure which the individual is a part of | For the duration of the booking; subsequently, if confirmed during check-in, the Data will be kept (as provided for by the privacy policy provided at that time), due to administrative/accounting requirements, for the time provided for by tax regulations (in general, 10 years) |
| Request for information | Need to execute requests made by the interested party (pre-contractual phase) or legitimate interest | The time taken to provide feedback |
The provision of your Personal Data is free and optional. We remind you, however, that it is indispensable for the pursuit of certain purposes (to provide you with the appropriate feedback requested, for registration in the Reserved Area or for the provision of individual Services); if not provided, in such cases, it may not be possible to proceed with the pursuit of those purposes.
We invite you, however, to consult the relevant information on the processing of data for more details.
Methods of data processing and recipients of data communication
The above data will not be distributed and may only be disclosed to employees of our Company who are specifically authorised to process them. They may also be acquired and/or processed by other companies of the Unipol Group and/or companies. Processing operations may be carried out by external parties to whom we entrust to carry out operations on our behalf, and with whom we enter into appropriate agreements aimed at regulating the processing of data.
Finally, the data may be disclosed at the express request of public authorities or law enforcement agencies.
The processing of Personal Data is always subject to the application of appropriate security measures to ensure the confidentiality, availability and integrity of the data.
RIGHTS OF THE USER (AS DATA SUBJECT)
The Privacy Regulation (Articles 15-22 of the Regulation) guarantees the User, as the Data Subject, the right to access their data, as well as to obtain its rectification and/or integration, deletion, or portability. The Privacy Regulation also grants the User the right to request the restriction of data processing and to object to processing, as well as the possibility to withdraw any consent given (withdrawal does not affect the lawfulness of processing carried out up to that point).
| Rights | What does it consist of? | Conditions for exercise |
Access to data | The User can request the Data Controller to:
| The User can always make such a request |
| Rectification or integration of data | The User can request the Data Controller to:
the Personal Data processed | If the processed data is inaccurate or incomplete |
| Deletion of data | The User can request the Data Controller to delete the Personal Data they are processing |
|
| Restriction of Personal Data processing | The User can request the Data Controller to not carry out any processing operations on their Personal Data, except for storage, unless with the User’s consent or to protect their rights |
|
| Objection to the processing of Personal Data | The User can object to processing based on legitimate interest (including the sending of promotional communications) or on a public interest | There must be reasons related to the User’s particular situation, except if the objection is to processing for direct marketing purposes |
| Objection to automated decision-making | The User can object to automated decision-making processes. If such a process is necessary for the conclusion of a contract, is based on explicit consent, is authorized by law or regulation of the State or the European Union, the User has the right to obtain human intervention from the data controller, to express their opinion, and to contest the decision | There is a decision based solely on automated processing, including profiling, that produces legal effects concerning them or significantly affects them in a similar way |
| Portability of Personal Data | The User has the right to receive in a structured, commonly used, and machine-readable format the Personal Data concerning them | Provided that all the following conditions are met:
|
| Withdrawal of consent | The User can withdraw the consent given. Withdrawal does not affect the lawfulness of processing carried out up to that point | Always |
HOW TO EXERCISE YOUR RIGHTS AND/OR REQUEST INFORMATION ON PROCESSING
The “Data Protection Officer” is available to assist with any doubts or clarifications, to exercise the rights of the interested parties and to provide an updated list of the categories of data recipients.
| Data Protection Officer or DPO | privacy@tenutedelcerro.it |
Your right to contact the Privacy Guarantor remains unaffected, including by means of a complaint, where deemed necessary for the protection of your Personal Data and your rights in this respect.
INFORMATION
Below is a list of the disclosures:
| Information on the processing of common data for contractual purposes and commercial promotion (TDC_InfC_CoCo_01) |
| Information on the processing of common data for contractual purposes and commercial promotion – Farmhouse Clients (TDC_InfC_CoCo_02) |
| Information on the processing of personal data for the purpose of bookings (TDC_Info_PreW_01) |