Booking Online
backlogo
La Spinetta nel Borgo
Privacy Policy

Information on the processing of personal data pursuant to EU Regulation 2016/679

Pursuant to current legislation on the protection of personal data (EU Regulation No. 679 of 2016), we inform you that the processing of your personal data is carried out in a fair and transparent manner, for lawful purposes, and with due regard for your privacy and rights.

Data Controller

The Data Controller is LA SPINETTA NEL BORGO SOCIETÀ SEMPLICE AGRICOLA (Tax Code and VAT No.: 02440320501), with registered office at Via Casanova No. 68, 56030 Terricciola (PI), Italy.

Categories of personal data processed and purposes of processing

LA SPINETTA NEL BORGO SOCIETÀ SEMPLICE AGRICOLA, as Data Controller, informs you that it does not process special categories of personal data for the performance of its activities.

The personal data processed by the Data Controller may be used for the following purposes:

  • a) To fulfill contractual agreements;
  • b) To comply with current administrative, accounting, and tax obligations.

Please note that with reference to the purposes indicated in points (a) and (b), providing accurate data is mandatory. Any refusal and/or inaccurate or incomplete information would prevent the performance of the above-mentioned activities.

Methods of processing

Your data will be processed using appropriate paper, electronic, and/or telematic tools, with logic strictly related to the purposes mentioned above, and in any case, in such a way as to guarantee the security and confidentiality of the data.

Personal data will be processed exclusively by authorized personnel appointed directly by the Data Controller, LA SPINETTA NEL BORGO SOCIETÀ SEMPLICE AGRICOLA, which has implemented all necessary IT security measures to minimize the risk of privacy violations by third parties, constantly updating such measures whenever necessary.

Recipients or categories of recipients of personal data

The personal data processed by the Data Controller may be disclosed to specific entities considered recipients of such data. Article 4(9) of the Regulation defines a recipient of personal data as “a natural or legal person, public authority, agency, or another body to which the personal data are disclosed, whether a third party or not.”

In this regard, in order to correctly carry out all processing activities necessary to pursue the purposes indicated in this notice, the following recipients may process data on behalf of the Data Controller:

  • Third parties performing part of the processing activities and/or related or instrumental tasks. Such parties have been appointed Data Processors;
  • - Individuals, employees, and/or collaborators of the Controller entrusted with specific processing activities regarding your personal data. They have been given specific instructions concerning security and proper use of personal data;
  •  - Public or private entities that may access the data pursuant to laws, regulations, or EU legislation, within the limits established by such provisions.

Data will not be disseminated—meaning it will not be made available or accessible in any form to unspecified entities—unless an explicit, free, and informed consent has been given for each type of processing.

Duration of processing and criteria for data retention

For the purposes indicated in points (a) and (b), your data will be processed only for the time necessary to achieve the purposes for which they were collected and retained for the period required by law.

Rights of the data subject

At any time, you may exercise, pursuant to Article 7 of Legislative Decree 196/2003 and Articles 15–22 of EU Regulation No. 2016/679, the right to:

  • a) Request confirmation whether your personal data exist or not;
  • b) Obtain information about the purposes of processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated, and, when possible, the retention period;
  • c) Obtain rectification or erasure of data;
  • d) Obtain restriction of processing;
  • e) Obtain data portability, i.e., receive the data from a Data Controller in a structured, commonly used, and machine-readable format, and transmit them to another controller without hindrance;
  • f) Object to processing at any time, including processing for direct marketing purposes;
  • g) Object to automated decision-making concerning individuals, including profiling;
  • h) Request from the Data Controller access to personal data and to have them rectified or erased, or request restriction or objection to processing, in addition to the right to data portability;
  • i) Withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
  • j) Pursuant to Article 13, paragraph 2(d) of Regulation 679/2016, lodge a complaint with a supervisory authority.

To exercise these rights, please write to the Data Controller’s certified email address: laspinettanelborgossa@legalmail.it, preferably using the subject line “Privacy – Exercise of GDPR Rights”, or by post to: Via Casanova No. 68, Località Casanova, 56030 Terricciola (PI), Italy.