PRIVACY POLICY
This Privacy Policy describes how personal data of users who visit the website www.podereconti.com is processed, in accordance with Regulation (EU) 2016/679 (“GDPR”) and applicable Italian data protection legislation.
________________________________________
1. Data Controller
The Data Controller is:
Lunimato snc di Conti C & C
Operational address: Via Dobbiana Macerie 3, 54023 Filattiera (MS), Italy
Email: info@podereconti.com
Telephone: +39 348 2681830
________________________________________
2. Types of Data Processed
a) Browsing data
During normal operation, the computer systems and software procedures used to operate this website acquire certain personal data whose transmission is implicit in the use of Internet communication protocols.
This includes, for example, IP addresses, domain names of devices used by users, and technical information related to requests.
Such data is used solely for:
• obtaining anonymous statistical information on website usage
• ensuring the correct functioning and security of the website
________________________________________
b) Data voluntarily provided by the user
If users contact the Data Controller by email or through other contact methods made available on the website, the personal data provided (such as name, email address, phone number, and message content) will be processed in order to respond to the request.
_______________________________________
3. Purposes and Legal Basis of Processing
Personal data is processed for the following purposes:
a) Responding to information requests
b) Managing communications with users
c) Complying with legal, administrative, and accounting obligations
d) Managing accommodation bookings via the online Booking Engine
e) Website traffic analysis and statistical purposes (subject to consent where required)
f) Promotional or marketing communications, only where explicit consent has been given [CHECK – currently not active]
The legal bases for processing are:
• performance of pre-contractual and contractual measures
• compliance with legal obligations
• consent of the data subject, where applicable
• legitimate interests of the Data Controller, where applicable
________________________________________
4. Online Bookings and Booking Engine
Accommodation bookings are managed through an online Booking Engine provided by Blastness S.r.l., which acts as Data Processor pursuant to Article 28 GDPR.
Personal data entered during the booking process is processed for the purpose of managing reservations, guest communications, and related contractual obligations.
Further information on the processing of personal data within the Booking Engine is available in the dedicated privacy information provided during the booking process.
________________________________________
5. Restaurant Reservations and E-commerce
The website may contain links to external platforms used for:
• restaurant reservations (e.g. Plateform)
• online shop purchases (e.g. Shopify)
When users access these platforms, they leave the website and are subject to the privacy policies of the respective platforms, which act as independent Data Controllers. Payments and checkout procedures are handled directly by those platforms. The Data Controller does not store full payment details.
________________________________________
6. Cookies and Tracking Technologies
The website uses technical cookies necessary for its operation and, subject to user consent, statistical and marketing cookies.
Cookie preferences are managed through a dedicated cookie banner, which allows users to:
• accept all cookies
• select individual cookie categories
• refuse non-essential cookies
Detailed information about cookies used on the website is available in the Cookie Policy, accessible via the website footer.
________________________________________
7. Analytics and Social Media
The website uses analytics services, including Google Analytics, to analyse aggregated and anonymous information about website usage, subject to user consent where required.
The website also contains:
• links to social media platforms (such as Instagram and Facebook)
• an embedded Instagram feed on the homepage
These platforms operate as independent Data Controllers. Interaction with embedded content or external social media links may result in data processing by the respective platforms in accordance with their own privacy policies and cookie settings.
________________________________________
8. Recipients of Personal Data
Personal data may be disclosed to:
• technical and IT service providers
• website hosting and maintenance providers
• booking and reservation service providers
• professional advisors (e.g. legal, tax, accounting)
• competent authorities, where required by law
Some third-party service providers operate as independent Data Controllers, while others act as Data Processors on behalf of the Data Controller.
________________________________________
9. Data Transfers
Personal data is primarily processed within the European Union. Where transfers to countries outside the EU/EEA occur, they are carried out in compliance with applicable data protection laws and appropriate safeguards.
________________________________________
10. Data Retention
Personal data is retained for the time necessary to fulfil the purposes for which it was collected and, in particular:
• for the duration of contractual relationships
• as required by applicable legal and accounting obligations
• until consent is withdrawn, where processing is based on consent
________________________________________
11. Data Subject Rights
Data subjects may exercise the rights provided under Articles 15–22 GDPR, including the right to:
• access their personal data
• request rectification or erasure
• restrict or object to processing
• request data portability, where applicable
• lodge a complaint with the competent supervisory authority
Requests may be sent to: info@podereconti.com
________________________________________
12. Changes to This Privacy Policy
This Privacy Policy may be updated from time to time.
Users are encouraged to review it periodically.
