Go to content
Privacy Regulamentation UE 2016/679
Fabio Marra, owner of Tenuta Spennagalli, with registered office in via Tempa di Pilato, 21 / f - 84045 Altavilla Silentina (Sa) Italy, as Data Controller (hereinafter, "Owner"), informs, pursuant to art . 13 D. Lgs. 196/2003 (hereinafter, "Privacy Policy") and art. 13 EU Regulation 2016/679 (hereinafter, "GDPR"), which will process user data (hereinafter "User" and / or "Users") collected through the website ( hereinafter, also "Site") in the manner and for the following purposes.

1.      Type of data processed through the Site
The Data Controller processes the following types of personal data (hereinafter, "data") provided by the Users of the Site during their consultation and navigation and in particular:

Data obtained while a User is browsing the Site
The computer systems, cookie technology and software procedures used for the operation of the website acquire, during their normal operation, some data whose transmission is implicit in the use of the Internet. This is information that is not collected to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, allow browsing Users to be identified. This category of data includes, for example, the IP addresses or domain names of the computers used by the Users who connect to the Site, the pages visited by the Users within it, the domain names and the addresses of the websites from which the User has accessed (by referral) to the Site, the addresses in URI (Uniform Resource Identifier) ​​notation of the requested resources, the time of the request, the method used to submit the request to the web server, the size of the file obtained in response, the numerical code indicating the status of the response given by the web server, and other parameters relating to the type of browser (eg Internet Explorer, Chrome, Firefox ...), operating system (eg Macintosh, Windows) and IT environment of the User.
These data are collected through first-party proprietary technical cookies and third-party analytical cookies. For more information on browsing data, Users are invited to consult the Site Cookie Policy.

Personal data provided by Users
The Site is accessible to the User without the need for his identification for consultation purposes. However, the User has the right, if desired, to provide the Data Controller with their identification data including for example name and surname, e-mail address, in order to receive information on the structure and commercial offers on the products / services on the site and this either directly or by filling in the contact form.

2.      Purpose of the processing
The data provided by the User will be processed without the prior consent of the User pursuant to art. 24 lett. b) Privacy Code and art. 6 lett. b) GDPR, for the following Service purposes:
  • for the management and processing of statistical surveys on the use of the Site;
  • to carry out the maintenance and technical assistance necessary to ensure the correct functioning of the Site and the services connected to it;
  • to improve the quality and structure of the Site, as well as to create new services, functionality and / or features of the same;
  • to allow the User to find information to increase his knowledge of the topics on the site and the products and services it offers;
  • to process any contact request sent by the User by filling in the appropriate form or by email;
  • to allow the owner to exercise his rights in court and repress illegal behavior;
  • to fulfill legal or regulatory obligations.
Nature of the provision: necessary
Consequences of refusal to provide data: Failure to provide the data will prevent the Data Controller from performing the activity requested by the user.
Data protection measures: The operating system of the server, in which the web application and the database is located, is installed on a hardware infrastructure based on cloud computing provided by the company Aruba Spa able to guarantee high levels of integrity, availability and confidentiality of information.
The data held by the owner of the site (emails and names of any contacts) are stored on the computer and are accessible only to the Owner and protected by access passwords and by antivirus and external anti-intrusion systems. Any other external iCloud systems will further guarantee data retention according to current regulations.

3.      Nature of the provision of data
The provision of data by the user necessary for the purposes of the Service referred to in point 1 of the previous paragraph and optional for the purposes of the service referred to in point 2. Any refusal to provide such data may make it impossible to provide the services.

4.      Method, place and duration of the treatment

The processing of User data is carried out by means of the operations indicated in art. 4 of the Privacy Code and art. 4 n. 2) GDPR and in particular: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, access, use, interconnection, blocking, communication, cancellation and destruction of data.
The Data Controller processes Users' Personal Data by adopting appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data.
The processing is carried out using IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated. In addition to the Data Controller, in some cases, external parties may have access to the Data (such as third party technical service providers, hosting providers, IT companies, communication agencies) also appointed, if necessary, as Data Processors by the Data Controller. The updated list of Managers can always be requested from the Data Controller.
Where: the Data are processed at the Data Controller's operational headquarters and in any other place where the parties involved in the processing are located. For more information, contact the owner.
Duration of Treatment: only for the time strictly necessary to achieve the purposes for which they were collected and, in any case, no later than 2 years from their collection for the purposes of the Service referred to in point 1 paragraph II and no later than 1 year from their collection for Commercial purposes referred to in point 2 of paragraph II.

Details on the processing of personal data in order to contact the user:
Contact form on the site
By filling out the contact form with their data, the User consents to their use to respond to requests for information or any other nature indicated by the form header.
Personal Data collected: surname, email, telephone number, and various types of Data as specified in the privacy policy of the service.

Contact by em@il
Users who have provided their em@il could be contacted to provide more information on the requested service or, following consent, for commercial or promotional purposes related to this activity, as well as to satisfy requests for support.
Personal Data collected: address em@ail

5.      Data access
The data may be made accessible exclusively for the aforementioned purposes to the following subjects:
Data Controller (site owner) in his capacity as person in charge / authorized and / or internal manager of the treatment and / or system administrator and any additional internal persons in charge / authorized indicated by the Data Controller.
Third-party companies or other subjects that carry out outsourced activities on behalf of the owner, (eg. Email service manager, web agency, advertising agency, webmaster) in their capacity as external data processors pursuant to Article 29 of the Code regarding protection of personal data.

6.      Data communication
Without the express consent of the User (pursuant to Article 24 letter a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR), the Data Controller may communicate the User's data for the purposes of the Service referred to in art. II.1) to Supervisory Bodies, Judicial Authorities as well as to all other subjects to whom communication is mandatory by law for the accomplishment of the aforementioned purposes, as independent data controllers. User data will not be disclosed.
7.      Data Transfer
The personal data provided by the User can only be used to allow the sending of communications related to the requested service, by e-mail or telephone for initiatives and / or services offered by the site and / or, in the case of specific consent, newsletters. containing in-depth information on the main issues related to the services offered.
The data acquired with the user's consent according to point 2 on the Purpose of the Processing, will not be transferred outside the European Union.
8.      Third Party Websites
It should be noted from now on that, if the Site contains links that refer to websites of third parties, the Data Controller cannot exercise any control over the content of such websites nor does it have any access to the personal data of the users visiting them. .
The owners of the aforementioned websites will therefore remain the sole and exclusive owners and managers of the processing of the personal data of their users, remaining, the Data Controller, unrelated to this activity as well as to any liability, prejudice, cost, which may arise. from its failure or incorrect completion.
9.     Users rights
The User will have the right to exercise the rights referred to in art. 7 of the Privacy Code and art. 15 GDPR.
In particular, the User has the right at any time to obtain from the Owner confirmation of the existence or not of personal data concerning him, even if not yet registered, and their communication in an intelligible form.
In relation to the treatments described in this Notice, the interested party may, under the conditions provided for by the GDPR, exercise the rights enshrined in articles 15 to 21 of the GDPR and, in particular, the following rights:
  • right of access - Article 15 of the GDPR: the right to obtain confirmation as to whether or not personal data concerning you are being processed and, in this case, to obtain access to your personal data, including a copy of the same.
  • right of rectification - Article 16 of the GDPR: the right to obtain, without undue delay, the correction of inaccurate personal data concerning him and / or the integration of incomplete personal data;
  • right to cancellation (right to be forgotten) - Article 17 of the GDPR: right to obtain, without undue delay, the cancellation of personal data concerning him.
  • right to limitation of treatment - article 18 of the GDPR: right to obtain limitation of treatment, when:

a. the data subject disputes the accuracy of the personal data, for the period necessary for the owner to verify the accuracy of such data;
b. the processing is unlawful and the interested party opposes the cancellation of personal data and instead requests that its use be limited;
c. personal data are necessary for the interested party to ascertain, exercise or defend a right in court;
d. the interested party opposed the processing pursuant to art. 21 GDPR, in the period of waiting for the verification of the possible prevalence of legitimate reasons of the data controller with respect to those of the interested party.
  • right to data portability - article 20 of the GDPR: right to receive, in a structured format, commonly used and readable by an automatic device, the personal data concerning him provided to the Data Controller and the right to transmit them to another holder without impediments, if the processing is based on consent and is carried out by automated means.
  • right to object - article 21 of the GDPR: right to object, at any time for reasons connected to your particular situation, to the processing of personal data concerning you based on the condition of lawfulness of the legitimate interest or the execution of a task of public interest or the exercise of public authority, including profiling, unless there are legitimate reasons for the Data Controller to continue the processing that prevail over the interests, rights and freedoms of the data subject or for the assessment, exercise or defense of a law in court. Furthermore, the right to object to processing at any time if personal data are processed for direct marketing purposes, including profiling, to the extent that it is connected to such direct marketing.
  • cancellation right - The interested party has the right to withdraw his consent at any time. The withdrawal of consent does not affect the lawfulness of the processing based on consent before the withdrawal.
The aforementioned rights may be exercised against the Data Controller by contacting the references described above.
The exercise of rights as an interested party is free pursuant to Article 12 of the GDPR. However, in the case of manifestly unfounded or excessive requests, also due to their repetitiveness, the Data Controller may charge you a reasonable fee, in light of the administrative costs incurred to manage the request, or deny the satisfaction of your request.

10.  How to exercise rights
To exercise the rights referred to in the previous article, the User may, at any time, contact the owner of the site via email
The interested party has the right to lodge a complaint with the Guarantor Authority for the protection of personal data, Piazza di Montecitorio n. 121, 00186, Rome (RM)
11.  Data Owner
The Data Owner is Fabio Marra  owner of Tenuta Spennagalli, resident in via Tempa di Pilato, 21/f – 84045 Altavilla Silentina (Sa) Italia

Info not in this Policy
More information in relation to the processing of Personal Data may be requested at any time from the Data Owner using the contact information.
Privacy Policy Updates
The Data Controller reserves the right to make changes to this privacy policy at any time by giving publicity to the Users of this page. Please therefore consult this page often, referring to the date of the last modification indicated at the bottom. In case of non-acceptance of the changes made to this privacy policy, the User is required to cease using this Application and may request the Data Controller to remove their Personal Data. Unless otherwise specified, the previous privacy policy will continue to apply to the Personal Data collected up to that time.

Last update
This Policy is been updated on 06/09/2022
Back to content

Click here to revoke the Cookie consent