Privacy Policy of the website www.casalevincenzo.com
Last updated: May 16, 2025
Casale Vincenzo takes the protection of users’ personal data seriously. This privacy notice is provided in accordance with Articles 13 and 14 of EU Regulation 2016/679 (GDPR) and describes how personal data is collected, used, stored, and, where necessary, shared with third parties when users visit the website www.casalevincenzo.com or interact with our online services.
1. Data Controller
The Data Controller is:
Casale Vincenzo D.I. di Matteo Pacchione
Via Materna, 13 – 65010 Collecorvino (PE), Italy
CIN: IT068015B4BFX3YHWX
VAT: IT01972330680
Email:
Phone / WhatsApp: +39 392 740 6036
2. Types of data collected
During navigation and interaction with the website, the following categories of data may be collected:
a) Data voluntarily provided by the user
- First name, last name, email address, phone number, and other identifying information provided via contact or booking forms
- Information provided for accommodation requests, quotes, or direct communication
- Tax and billing data in case of confirmed services
b) Automatically collected navigation data
The site may collect technical data during browsing that could, directly or indirectly, identify the user. This may include:
- IP address
- Access date and time
- Pages visited
- Type of browser and device used
- Operating system
- Referrer (source page)
- Server logs and security activity
These data are collected using IT tools and hosting services and are used solely to ensure the proper functioning of the website, prevent unauthorized access, abuse, or fraud, and fulfill legal obligations. They are not used for profiling purposes.
3. Purpose and legal basis of processing
Personal data is processed for the following purposes:
1. Managing requests sent via contact and booking forms
2. Providing requested hospitality or tourism services
3. Fulfilling legal, tax, and administrative obligations (e.g. communication to the Police Headquarters)
4. IT security and abuse prevention
5. The Data Controller’s legitimate interest in protecting the digital infrastructure
The legal bases for processing are:
- Art. 6, para. 1, letter a): user consent
- Art. 6, para. 1, letter b): performance of a contract or pre-contractual measures
- Art. 6, para. 1, letter c): legal obligations
- Art. 6, para. 1, letter f): legitimate interest of the Controller
4. Data processing and security
Data is processed using electronic tools in protected environments, adopting appropriate technical and organizational measures to ensure:
- Confidentiality
- Integrity
- Availability
Specifically:
- Data is stored on Aruba servers (Italian GDPR-compliant provider) and other SaaS providers
- Passwords are stored securely and encrypted
- Devices are protected by up-to-date antivirus and firewalls
- Forms send data to a Gmail inbox, a SaaS service compliant with the Data Privacy Framework
- Access is limited to authorized personnel
5. Data disclosure
Data may be disclosed to:
- IT, hosting, and email service providers
- Legal, tax, and accounting consultants
- Law enforcement authorities (e.g. Police Headquarters) as required by current legislation
- Public authorities within legal limits
Data will not be publicly disclosed unless legally required.
6. Data transfer abroad
Some data (e.g. email content) may be transferred to third countries, particularly the United States, due to the use of services such as Gmail (Google LLC).
Such transfers are carried out in accordance with international standards (Data Privacy Framework or Standard Contractual Clauses), ensuring an adequate level of personal data protection.
7. Data retention periods
- Form submissions: stored on the server for a maximum of 365 days
- Emails: retained indefinitely for management and record-keeping purposes
- Billing data: stored for at least 10 years in compliance with tax regulations
- Technical data (IP, logs): stored for at least 12 months or for technical periods that may vary for security reasons
8. User rights
The user may exercise their rights under Articles 15–22 of the GDPR at any time:
- Right of access
- Rectification or erasure
- Restriction or objection to processing
- Data portability
- Withdrawal of consent
- Complaint to the Data Protection Authority (www.garanteprivacy.it)
To exercise these rights, please write to:
9. Nature of data provision
Providing data is:
- Mandatory for legal, fiscal, or public security purposes
- Necessary to access the services offered (e.g. bookings)
- Optional for non-essential data
Failure to provide data may make it impossible to deliver the requested service.
10. Changes to this notice
The Data Controller reserves the right to modify this privacy notice at any time. Any updates will be communicated via the website. This version is current as of May 16, 2025.
