Privacy Policy

On 25 May 2018, a new regulation came into force in the European Union, called the EU General Data Protection Regulation 2016/679 (‘GDPR’). It provides strict and specific guidelines on how personal data is collected and managed. This also affects companies and individuals residing outside the EU but collecting data from EU citizens.

About Us
Corporate information

Registered address lOC. PIANDICAMPI 10
Tax code/VAT no. 01032440529
Person responsible for processing personal data JACOPO BANDINI
E-mail address
Telephone number +39 0577977110

What personal data do we collect?

When you use our services, you agree that our company collects certain personal data about you. We process two types of data, personal data that you provide when using our services and technical data that we collect automatically to improve the service.

Data provided by the user

name, surname, telephone, email, country

Contact form

We collect the following data with this application:

  • first name
  • surname
  • telephone
  • country
  • email

You may also choose to provide us with the following information:
information to formulate a cost estimate

  • date of arrival
  • city
  • country
  • phone
  • date of departure
  • number of adults
  • number of children
  • age of children
  • treatment
  • number of rooms
  • message or notes
  • interest in current offers

Newsletter form

We collect the following data with this application:

  • email (mandatory)

We only store this data in order to provide you with the requested service: occasional sending of informative newsletters about offers, news and events

If you provide personal data of third parties, e.g. your family members or friends, you must be sure that these parties have been adequately informed and have consented to the processing of their data in the manner described in this policy.

We do not disclose this data to third parties.

Automatically collected data

  • data collected using cookies or similar technologies: for more information, please visit the ‘Cookies’ section.

How do we use your data?

We use the data collected, if you have expressly given us consent, for:

  • reply directly to your contact request by e-mail
  • occasionally send you informative newsletters on offers, news and events

Is the provision of data compulsory?

The provision of personal data is compulsory only for the processing necessary for the provision of the services offered (refusal for the purposes of service provision makes it impossible to use the service itself); on the other hand, it is optional for promotional and profiling purposes, and refusal to give consent has no negative consequences on the provision of the service offered within the website and its applications.

Who are the subjects of data processing?

The data controller is [Bandini Jacopo, Antico Borgo San Lorenzo] in the person of its pro-tempore legal representative, with registered office at [Loc. Piandicampi 10, p.iva 01032440529].

The designated Data Protection Officer pursuant to Article 37 of the GDPR is [Bandini Jacopo]

We remind you that you may at any time contact the DPO and send any question or request concerning your personal data and respect for your privacy by writing to []

  • administrative and judicial bodies and authorities by virtue of legal obligations

Under no circumstances do we give or sell personal data to third parties.

The data controller takes appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of personal data. The processing is carried out by means of computer and/or telematic tools, with organisational methods and logic strictly related to the purposes indicated. In addition to the data controller, in some cases, other subjects involved in the organisation of this application (administrative, sales, marketing, legal, system administrators) or external subjects (such as third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the data, also appointed, if necessary, as data processors by the data controller. The updated list of data processors can always be requested from the data controller.

What rights do you have over your data?

Users may exercise their rights with regard to the data processed by the data controller. In particular, users have the right to:

  • withdraw consent at any time. Users may revoke their previously expressed consent to the processing of their personal data.
  • oppose the processing of your data. You may object to the processing of your data when it is done on a legal basis other than consent. Further details on the right to object can be found in the section below.
  • access to your own data. The user has the right to obtain information on the data processed by the data controller, on certain aspects of the processing and to receive a copy of the processed data.
  • verify and request correction. Users may verify the correctness of their data and request that it be updated or corrected.
  • obtain the deletion or removal of your personal data. When certain conditions are met, the user may request the deletion of his or her data by the data controller.
  • receive their data or have them transferred to another data controller. You have the right to receive your data in a structured, commonly used and machine-readable format and, where technically feasible, to have it transferred without hindrance to another data controller. This provision is applicable when the data are processed by automated means and the processing is based on the user’s consent, on a contract to which the user is a party or on contractual measures connected therewith.
  • Propose a complaint. The user may lodge a complaint with the competent data protection supervisory authority or take legal action.
  • obtain restriction of processing. When certain conditions are met, the user may request the restriction of the processing of his data. In this case, the data controller will not process the data for any purpose other than its storage.

We have created this form to make it easier for you to exercise the following rights over your personal data:

  • View your personal data
  • Correct your personal data (specify in the notes the fields to be changed)
  • Revoke your consent to use your personal data
  • Delete your personal data from your site/list
  • Portability of your data to others (specify in the notes)

How long and how do we store your data?

Data are processed and stored for the time required by the purposes of the services used and for which they were collected.

  • Personal data collected for purposes connected with the performance of a contract between the holder and the user will be retained until the performance of that contract is completed.
  • Personal data collected for purposes related to the legitimate interest of the data controller will be retained until such interest is satisfied. The user may obtain further information on the legitimate interest pursued by the controller in the relevant sections of this document or by contacting the controller at this email:

When processing is based on the user’s consent, the controller may retain personal data for a longer period until that consent is revoked. Furthermore, the controller may be obliged to retain personal data for a longer period in compliance with a legal obligation or by order of an authority. At the end of the retention period, the personal data will be deleted. Therefore, upon expiry of this period, the right of access, deletion, rectification and the right to data portability can no longer be exercised.

Changes to this privacy policy

The data controller reserves the right to make changes to this privacy policy at any time by informing users on this page and, if possible, on this application as well as, where technically and legally feasible, by sending a notification to users through one of the contact details held by the data controller . Please therefore consult this page regularly, referring to the date of last modification indicated at the bottom. Where changes affect processing operations whose legal basis is consent, the data controller will collect the user’s consent again, if necessary.


#Ultimo aggiornamento al: 03-10-2022 13:58:31