Pursuant to articles 12 et seq. of Regulation (EU) 2016/679 (GDPR)
Information on the processing of personal data pursuant to Articles 12 et seq. of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016
The Regulation (EU) 2016/679 ("General Data Protection Regulation"), hereafter GDPR, provides for the protection of individuals with regard to the processing of personal data. Villa Sant'Agnese, in compliance with the aforementioned legislation, undertakes to ensure that the processing of data relating to a natural person (hereinafter referred to as "affected") is based on principles of correctness, lawfulness and transparency, as well as the protection of privacy and interested himself.
In compliance with the provisions of EU Reg. 2016/679 (European Regulation for the protection of personal data) we provide the necessary information regarding the processing of personal data supplied by you.
Our structure, as Owner, will process your personal data in compliance with the law, with the utmost care, implementing effective procedures and management processes to ensure the protection of the treatment. To this end, the writer, using material and management procedures to safeguard the data collected, undertakes to protect the information communicated, so as to prevent unauthorized access or disclosure, as well as to maintain the accuracy of the data and to guarantee its use. appropriate to them.
Legal basis of the processing
This site processes data based on consent. With the use or consultation of this site visitors and users explicitly approve this privacy statement and consent to the processing of their personal data in relation to the methods and purposes described below, including any disclosure to third parties if necessary for the provision of a service.
The provision of data and therefore the consent to the collection and processing of data is mandatory to continue browsing the site.
In accordance with this premise, the following information is provided:
Personal data collected and mandatory or optional nature of the provision of data and consequences of any refusal
Like all websites, this site also makes use of log files in which information collected in an automated manner is kept during user visits. The information collected could be the following:
internet protocol address (IP);
type of browser and device parameters used to connect to the site;
name of the Internet service provider (ISP);
visit date and time;
web page of origin of the visitor (referral) and exit;
possibly the number of clicks.
The above information is processed in an automated form and collected in order to verify the proper functioning of the site, and for statistical or security reasons.
For security purposes (spam filters, firewalls, virus detection), the automatically recorded data may possibly also include personal data such as IP address, which could be used, in accordance with applicable laws, in order to block attempts at damage to the site itself or to cause damage to other users, or in any case harmful activities or constituting a crime. Such data are never used for the identification or profiling of the user, but only for the protection of the site and its users.
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of the computers used by users connecting to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user's computer environment.
Apart from that specified for navigation data, the user is free to provide personal data additional to those previously indicated, by registering to the site.
Failure to provide such data may make it impossible to obtain what was requested, the impossibility of providing certain services and the browsing experience on the site could be compromised.
Villa Sant'Agnese specifies that it does not collect your "sensitive" data under any circumstances.
Retention times of your data
Personal data collected during browsing will be kept for the time necessary to carry out the specified activities and not later than 26 months. Data provided voluntarily by the user will be retained as long as the customer does not revoke the consent.
Method of treatment
Pursuant to and for the purposes of articles. 12 and ss. of the GDPR, we wish to inform you that the personal data you communicate will be recorded, processed and stored in our electronic archives, adopting appropriate technical and organizational measures aimed at protecting the data. The processing of your personal data may consist of any operation or set of operations between those indicated in art. 4, paragraph 1, point 2 of the GDPR.
The processing of personal data will take place through the use of tools and procedures suitable to ensure the security and confidentiality and can be carried out, directly and / or through third parties delegated through the use of electronic means or electronic tools
Transfer of personal data abroad
The data supplied by you will be processed only in Italy. If your data are transferred to a third country or to an international organization in the context of a contractual relationship, the rights attributed to you by the Community legislation will be guaranteed and you will be promptly notified.
Purposes of the processing for which personal data are intended
For all users of the site, personal data may be used for:
allow browsing through the public web pages of our site;
respond to requests received through the e-mail addresses published on the site;
obtain anonymous statistical information on the use of the site (eg analysis of the most visited pages);
obtain anonymous statistical information on the geographical areas of origin;
check the correct functioning of the site;
the ascertainment of any responsibility in case of offenses committed against the site.
The personal data of users who register on the site will be treated, as well as for the purposes described above, also for the purposes related to the services requested and in particular for:
request information on the availability of accommodation at Villa Sant'Agnese;
request information on accommodation rates;
view informative material of the Villa Sant'Agnese Historical Residence;
allow browsing through the reserved web pages of our site;
register users for the requested service;
fulfill the contractual obligations of the requested service, where foreseen;
marketing purposes;
sending advertising, technical and promotional information via e-mail;
direct sales through the web.
Scope of knowledge of your data
The following data may be disclosed to your data and any categories of subjects appointed or responsible for processing by the writer. Collaborators in general employed to:
Website maintenance.
Please note that browsing the Villa Sant'Agnese website will be downloaded cookies called technical, namely:
session cookies used to "fill the cart" in online purchases; authentication cookies; cookies for multimedia content such as flash players that do not exceed the duration of the session; personalization cookies (for example for the choice of navigation language), etc .;
cookies (so-called "analytics") used to statistically analyze site visits / visits that exclusively pursue statistical purposes and collect information in aggregate form.
Furthermore, by browsing the Villa Sant'Agnese website you can be redirected to functions of other sites that in turn use cookies, such as:
Google Maps
On some pages there are interactive maps provided by Google, which may install cookies to detect information and preferences related to this service.
For more information on the use of cookies by Google, see the privacy policy of Google:
On some pages there are videos posted on YouTube, which may install cookies to detect preferences on the use of this service. For more information on how YouTube uses cookies, see the privacy policy
Google Analytics
To determine how often users visit each page of the site, how long they stay and how often they generate a conversion.
Google AdWords
To attract new visitors to the website, increase online sales, receive more phone calls and retain customers by sending spot links to the company website during their surfing
Pixel di Facebook
To track people on the website in order to show them (or exclude them) of their Facebook ads; optimize campaigns towards specific actions; and monitor the results. In particular, it monitors the key page views; monitor searches on the website; monitor when items are added to a cart; monitor when items are added to a wish list; monitor when payment information is added to the purchase process; monitor completed purchases or purchase procedures; monitor when a user expresses interest in your offer; monitor when an enrollment form is completed
Pixel di Linkedin
To show relevant advertising both on the LinkedIn site and not. To find out if someone saw an ad on LinkedIn and later visited and took action (for example, downloaded a white paper or made a purchase) on the site. Determine if an ad was shown and what its performance was, or provide information on how the user interacts with the advertising message.
Come disabilitare i cookies?
Most browsers (Internet Explorer, Firefox, Chrome, etc.) are configured to accept cookies. Cookies stored on your device's hard drive can still be deleted and you can also disable cookies by following the instructions provided by the main browsers, to the following links:
Internet Explorer
Communication and dissemination
Your data, provided through the registration, may be communicated, meaning by this term informing one or more specific subjects, by the writer outside the company to implement all the necessary legal and / or contractual obligations. In particular, your data may be disclosed to:
a) Public Bodies or Offices or supervisory authorities according to legal and / or contractual obligations.
Your data may be communicated by the writer in the following terms:
to subjects who can access the data by virtue of the provision of law, regulation or community legislation, within the limits set by these rules;
to subjects who need access to your data for auxiliary purposes to the relationship between you and us, within the limits strictly necessary to perform the auxiliary tasks;
to our consultants and / or professionals, within the limits necessary to carry out their duties at our organization or their organization, subject to our letter of appointment which imposes the duty of confidentiality and security.
Dissemination - The writer will not disseminate your data indiscriminately, or in other words, will not give it to indeterminate subjects, even by making available or consulting.
Confidence and confidentiality - The writer considers precious the trust shown by the interested parties who will have consented to the processing of their personal data and for this he undertakes not to sell, rent or lease personal information to others.
Rights referred to in Articles 15 et seq., GDPR
Pursuant to art. 15 and ss. of the GDPR You have the right to obtain confirmation of the existence or otherwise of processing of personal data concerning you, registered. You have the right to access your personal data and to request correction, deletion or limitation as well as to object, in whole or in part, to the processing performed.
You have the right to obtain from the holder access to the following information:
a) the purposes of the processing;
b) the categories of personal data in question;
c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients of third countries or international organizations;
(d) where possible, the retention period of the personal data provided or, if not possible, the criteria used to determine this period;
e) if the data are not collected from the data subject, all information available on their origin;
(f) the existence of an automated decision-making process, including the profiling referred to in Article 22 (1) and (4) and, at least in such cases, significant information on the logic used, and the importance and expected consequences of such processing for the interested party
If the data are transferred to a third country or to an international organization, you have the right to be informed of the existence of adequate guarantees pursuant to art. 46 of the GDPR.
To exercise these rights, please contact our "Data Controller" at the address This email address is being protected from spambots. You need JavaScript enabled to view it. or call 0575 659609 or send a letter to Maria Elena Mungo, via Madonna del Bagno, 108, 52043, Castiglion Fiorentino, Arezzo (AR), Italy. The Holder will reply within 30 days of receiving your formal request.
We also remind you that, in case of violation of your personal data, you have the right to lodge a complaint with the competent authority: "Guarantor for the protection of personal data".
Identification of the Owner and, if appointed, of the Representative in the territory of the State and the Data Protection Officer.
Data controller
The data controller is the writer Maria Elena Mungo, with registered office in via Madonna del Bagno, 108, 52043, Castiglion Fiorentino, Arezzo (AR), Italy email: This email address is being protected from spambots. You need JavaScript enabled to view it. .
Responsible for data protection
The Data Protection Officer (RPD) is Giancarlo Mungo, with registered office in via Madonna del Bagno, 108, 52043, Castiglion Fiorentino, Arezzo (AR), Italy email: This email address is being protected from spambots. You need JavaScript enabled to view it. .
Responsible for the treatment
For the purposes indicated above, Maria Elena Mungo is not required to appoint treatment managers.
Representative established in the territory of the State
We inform you that, myself pursuant to art. 4 paragraph 1, point 17 of the GDPR, by not using any circumstances provided for by the aforesaid Regulation requiring such appointment, has not appointed any Representative established in the territory of the State for the purposes of applying the regulations on the processing of personal data.
The treatments without the need for the consent of the interested party
It is specified that the writer, even in the absence of your consent, will be entitled to process your personal data if this is necessary for:
fulfill an obligation under the law, a regulation or community legislation;
perform obligations arising from a contract of which you are a part or to fulfill specific requests before the conclusion of the contract.
Furthermore, your express consent is not required when the treatment:
a) regards data from public registers, lists, deeds or documents that can be known by anyone, without prejudice to the limits and procedures that the laws, regulations or Community legislation establish for the disclosure and publicity of data or data related to the performance of activities economic, treated in compliance with current regulations regarding corporate and industrial secrecy;
b) is necessary for the protection of the life or physical safety of a third party (in this case, the holder is required to disclose to the processing of personal data the subject concerned through the information even after the treatment itself, but without In this case, therefore, the consent is expressed following the presentation of the information);
c) with the exclusion of the diffusion, it becomes necessary for the purpose of carrying out the defensive investigations referred to in the law of December 7, 2000, n. 397, or, in any case, to assert or defend a right in court, provided that the data are processed exclusively for these purposes and for the period strictly necessary for their pursuit, in compliance with current regulations regarding company and industrial secrecy;
d) with the exclusion of dissemination, it is necessary, in the cases identified by the Guarantor on the basis of the principles established by law, to pursue a legitimate interest of the owner or a third recipient of the data, also with reference to the activity of banking groups and companies subsidiaries or affiliates, where fundamental rights and freedoms do not prevail, the dignity or a legitimate interest of the interested party.
of the processing of personal data