Agriturismo a Montalcino
+39 0577 839148 Write to us
Book Now!

Privacy Policy

(articles 13 and 14 of EU Regulation 2016/679 (GDPR) and of Legislative Decree 196 of 30/06/2003, as amended by Legislative Decree 101 of 10/08/2018)

As required by the regulations above, we would like to inform you about how we process your personal data in the course of our business activities.

We will process your personal data in a lawful, correct and transparent way, limiting the data we use and its storage, and making sure it is accurate, complete and confidential in accordance with article 5 of the GDPR.

Your data will be collected directly from you or from third parties, as required by law or by contract; this may include using databases- It will be processed in accordance with the GDPR and current national legislation, including any provisions issued by the Control Authority, if they apply.

DATA CONTROLLER

Az. Agricola Quercecchio di Maria Grazia Salvioni
Piazza Cavour 17 Montalcino (SI)

Farm tourism: Antica Grancia di Quercecchio – località Quercecchio – Montalcino (SI)

VAT no. 03761000581 Tel. +39 0577 839148

Privacy Policy

Scope

This policy describes how the Data Controller processes the personal data of visitors to the anticagranciadiquercecchio.it as part of the way they do business and provide their services.

The information does not concern other sites, pages or online services accessible through links you might find on the site referring to resources outside the site itself.

Navigation data

The computer systems and software procedures used to operate this site acquire, during normal operation and only while you are connected to the site, some personal data that is then transmitted implicitly in the use of internet communications protocols. This information is not collected for the purpose of associating it with specific users. However, given the type of data in question, it could be processed and combined with data held by third parties in order to identify you. The data is deleted a few hours after processing (unless the judicial authorities require it to be kept in order to investigate a crime).

This type of data includes the IP address or dominion name of the computers or devices used by visitors, the URI (Uniform Resource Identifier/Locator) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the state of the response from the server (successful, error, etc.) and other parameters relating to your operating system and software environment.

This data is necessary to use the web services, and is also processed in order to:

  • obtain statistical information on how the services are used (most visited pages, number of visitors per time slot or day, geographical areas of origin, etc.);
  • check that the services offered are working properly;
  • improve the services offered through the website.

The legal basis for the processing is the legitimate interest of the Data Controller.

Data communicated by you when using the email and the “contact” service of our site

If you explicitly and voluntarily choose to send a message to the contact addresses on the site, or to a different email address of the Data Controller, you will be asked to provide your contact details so that we can reply, along with all the personal data included in the message.

Providing authorisation for the processing of personal data is optional; however, the free and voluntary sending of data and information by users via email represents explicit consent to the processing of the personal data contained in the emails sent.

Using the “online booking” service

By filling out the online booking form, you can make your own reservation for your stay at our facility without having to enter any personal data during the search phase.

The data are processed by the data controller in order to manage the reservations at the structure.

The legal bases are constituted by article 6, paragraph 1 letter a) and b) of the GDPR, which read:

  1. The data subject has given consent to the processing of his or her personal data for one or more specific purposes; (see Recitals 42 and 43);
  2. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Recital 44);

Providing authorisation for the processing of personal data is optional; however, the free and voluntary sending of data and information via email represents explicit consent to the processing of the personal data contained in the emails sent.

Customer data

When managing bookings, accommodation and related services, the Data Controller collects and processes the following types of customer personal data:

  • Common identification data, such as: Name, surname and residence
  • Personal data, such as place and date of birth
  • A copy of the identification document submitted, including its number and expiry date
  • Data relating to electronic payment systems (credit/debit card number and expiry date)
  • Data that come under the special categories described in article 9 of the GDPR; such as data related to health.

Data processing is carried out by the Data Controller in the course of business for purposes related to guest booking and registration, payment management, issuing invoices or receipts, providing services related to the use of the facility, as well as for legal obligations, such as tax management and accounting, and the registration of guests with the obligation to collect and record personal details from a copy of the identity document and communicate them to the relevant authorities.

For the management and execution of contractual and pre-contractual relations in general. In particular, the data will be processed in order to comply with legal and regulatory obligations; the administrative management of contracts, including the management of invoices, payments and collections; the management of any litigation, as well as for internal controls, management, security of premises and protection of corporate assets.

Contact data, such as email address and telephone number, are necessary for service communications and used by the Data Controller for commercial and promotional communications.

Legal bases

The legal bases for the processing of personal data are constituted by Legislative Decree 196 of 30/06/2003, Ministerial Decree dated 7 January 2013 containing “Provisions concerning the communication to the public security authorities of the arrival of persons accommodated in accommodation” and article 6.1, letters b), c) and f) of the EU Regulation:

  • processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  • processing is necessary so that the Data Controller can fulfil their legal obligations;
  • processing is necessary so that the Data Controller can pursue their legitimate interests. The legitimate interests that may justify the processing of personal data are those of the Data Controller or third parties relating to the management of contractual or pre-contractual relations at each stage of the relationship.

The processing of special category personal data is necessary in order to offer the best possible service for customers with special needs and/or disabilities. The processing of this category of data requires specific consent.

Obligatory personal data

Providing data is mandatory only for data whose processing is required by law.

Necessary personal data

Providing data is necessary in order to set up a contractual relationship, to correctly meet pre-contractual and contractual obligations or, where a contractual relationship has already been established, to fulfil all or part of obligations and commitments under the contract.

Any consent given may be withdrawn at any time. If you withdraw your consent at a later date, this will not affect the lawful processing of your data up to the date of withdrawal.

Third party data communicated by the data subject

If you decide to communicate personal data relating to third parties, you are responsible for informing the data subject and obtaining their consent. For data relating to minors, you are also responsible for having the legal right to communicate their data. The Data Controller shall not be held liable in any way in relation to such third parties.

Supplier data

The data of suppliers, such as data relating to professionals, company contacts and companies, are collected and processed by the Data Controller in the course of their business activities for purposes related to the possible selection, establishment, management and execution of contractual relations (including the management of the pre-contractual relationship and/or inclusion in the list of suppliers). In particular, the data will be processed for: the fulfilment of legal and regulatory obligations; the administrative management of contracts, including the management of invoices and payments; the receipt of goods and/or services at the premises of the Data Controller or any other supplier. For these purposes, the Data Controller collects the following categories of data:

  • personal data and contact details of suppliers (e.g. name, surname, date of birth, tax code, address, telephone contacts, residence, domicile);
  • tax data (e.g. tax code, VAT number);
  • any other data you provide yourself.

Legal bases

The legal bases for the processing of these common personal data are provided by Legislative Decree 196 of 30/06/2003, and by article 6.1, letters b), c) and f) of the GDPR:

  • processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  • processing is necessary so that the Data Controller can fulfil their legal obligations;
  • processing is necessary so that the Data Controller can pursue their legitimate interests. The legitimate interests that may justify the processing of personal data are those of the Data Controller or third parties relating to the management of contractual or pre-contractual relations at each stage of the relationship.

Providing data is mandatory only for data whose processing is required by law.

However, providing data is necessary in order to set up a contractual relationship, to correctly meet pre-contractual and contractual obligations or, where a contractual relationship has already been established, to fulfil all or part of obligations and commitments under the contract.

CVs and spontaneous candidatures

By spontaneously sending your CV, you are giving your explicit and unequivocal consent to the processing of the data contained in it. If the contents are of interest, they may be processed for the following purposes:

  • to assess your professional profile;
  • to contact your in order to schedule any interview necessary, using the contact details provided by you.

The legal basis for the processing of this personal data for the purposes indicated above is article 6, paragraph 1, letter b) of the GDPR, as the processing is necessary for the execution of pre-contractual measures taken at the request of the data subject.

Any CVs that are not considered of interest will not be kept.

Otherwise, specific information will be provided at the first contact or, alternatively, it will be possible to consult this information at any time through the website.

Recipients

Personal data are not disclosed to unspecified third parties but, for the purposes indicated, may be disclosed to specific categories of recipients, including employees – appointed as persons authorised to process personal data under the direct authority of the Data Controller or otherwise instructed on the proper processing of data to which they have access – consultants and third-party service providers to the Data Controller (e.g. legal consultants; IT consultants) who process the data on behalf of the Data Controller in their capacity as Data Processors, other subjects, public or private, to whom the communication of data is mandatory, as well as other subjects who qualify as independent Data Controllers.

The data may also be communicated without the need for express consent pursuant to article 6, letters b) and c) of the GDPR for the purposes of the law to supervisory bodies and judicial authorities, following inspections or audits, to all inspection bodies responsible for checks and inspections relating to the regularity of legal obligations, including the scope of prevention/suppression of any illegal activity also related to access to the website.

Transfer abroad

Personal data are not transferred outside the European Union. Should this be the case, personal data will be processed by companies/suppliers that perform the function of the Data Processor and ensure levels of data protection in compliance with Italian and European legislation. In any case, the transfer will be based on the assumptions provided for by current legislation (e.g. verification of the presence of a judgement of adequacy by the Commission of the system of protection of personal data of the country importing the data; consent of the person concerned).

Your rights as data subject under the GDPR

  1. Right to access: to obtain confirmation from the data controller as to whether personal data concerning you are being processed or not and, if so, to obtain access to the personal data and information provided for in article 15 of the GDPR.
  2. Right to rectification: to have the data controller correct inaccurate personal data concerning you without undue delay and to obtain the integration of incomplete personal data, as provided for in article 16 of the GDPR.
  3. Right to deletion: right to request and obtain without undue delay the deletion of personal data concerning you when they are no longer necessary for the purposes for which they were collected or otherwise processed, or where they have recourse to additional conditions under article 17 of the GDPR, and the request is legitimate without incurring the legal limitations under article 17, paragraph 3, letter b).
  4. Right to restriction of processing: in accordance with article 18 of the GDPR, you have the right to restrict the way the data is processed by the data controller if:
  5. you dispute the accuracy of the personal data, for as long as it is necessary for the data controller to verify its accuracy;
  6. the processing is unlawful, but you yourself oppose the deletion and instead request the application of restrictive measures;
  7. although the data controller no longer needs the data for the purposes of processing, they ask to continue processing the data in so far as it is necessary for the establishment, exercise or defence of their rights in court.
  8. Right to Portability: in accordance with article 20 of the GDPR, as data subject you have the right to receive the personal data that you provided to us in a structured, commonly used and automatically readable format;
  9. if you exercise this right, you may request that the data controller transmits these data directly to another data controller if technically possible;
  10. you have the right to object to processing based on an automated decision making processes concerning a natural person, where this includes profiling;
  11. if the processing is based on consent, you can revoke it at any time. However, if you do so, all activities carried out before revocation will remain valid and effective.
  12. Right to lodge a complaint: without prejudice to any other jurisdictional appeal, you have the right to submit a complaint to the national supervisory authority for the protection of personal data (Guarantor Authority for the Protection of Personal Data, the “Data Protection Authority”) if you believe that your personal data processing violates the GDPR and/or the Italian law implementing the provisions of the Data Protection Code as amended by Legislative Decree 101/2018.

Data storage

The Data Controller will only process personal data that are strictly necessary and for the time necessary to fulfil the purposes illustrated above, and in any case for the time necessary as identified by Italian and European law, also in order to exercise the right of defence or to assert a right in court.

For any questions relating to the processing of your personal data, you can contact the Data Controller by emailing info@quercecchio.it

The Data Controller reserves the right to modify, supplement and/or update this information in order to adapt it to the applicable legislation or the provisions of the Data Protection Authority.

For your holidays in Tuscany

Offers for stays in Montalcino

The Agriturismo Antica Grancia di Quercecchio offers attractive proposals for a stay in Montalcino. Choose the offer that best suits you and proceed with booking

September in Montalcino
September marks the start of harvest time, the sacred moment of the entire production of Brunello di Montalcino. These days that are replete with charm see the entire year’s work come to fruition. Throughout the Montalcino countryside, the scents and...
Read more

A stay with wine tasting
Book a stay in our farmhouse and you can combine your holiday in Montalcino with a tasting of the products produced at our winery: Brunello di Montalcino, Rosso di Montalcino, plus our extra-virgin olive oil produced from centuries-old trees.
Read more

Summer in Montalcino
The Agriturismo Antica Grancia di Quercecchio offers all future guests who book for the period from May to June 2021 a 5% discount on stays of a minimum 3 nights. In addition, you will be our guests on one of...
Read more