Privacy Policy relating to the Site


Summary of the policy

This information describes how the site is managed with reference to the processing of the personal data of users who consult it and who will provide it. This is an information that is also made pursuant to current legislation on the protection of personal data (EU Regulation No. 679 of 2016) to those who consult the pages of the Site (hereinafter: "Site ") or who use the services made available on it.

The information is provided exclusively for the website and not for the other websites that may be consulted by the user through the links or implementations present on the website.

Purpose of the treatment

The data provided by the user will be processed in order to allow Tenuta Santa Caterina to optimally deliver the service, in particular for:

- respond to user requests;

- the possible conclusion, management and execution of a reservation;

- to implement legal obligations, regulations, national and Union regulations and deriving from provisions issued by authorities legitimated by the law;

- anonymous processing of statistics and market research;

- marketing purposes (if the user expressly consents) with the subscription to our newsletter.

Contact info

Data Controller

Tenuta Santa Caterina - Parrini Letizia Farm - Responsible for the treatment: Parrini Letizia

Loc. Scotto n.173, Via Valcarene - San Martino, 57037 Portoferraio (LI)

P.IVA 01877650497 C.F. PRRLTZ63D62G912R

Tel: +39 0565 1931963

Owner contact email:


Complete policy

Information on the treatment of personal data

This privacy statement has been prepared on the basis of multiple regulatory systems, including articles 13 and 14, from 15 to 22 and 34 of the EU Regulation 2016/679.

Your data will be processed by computer and manual means for the time strictly necessary to achieve the purposes for which they were collected and in compliance with the principles established by current legislation on the protection of personal data, updated to EU Regulation no. 679 of 2016. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.

For more information on the methods of treatment, and to exercise the other rights recognized to you, you can contact the Data Controller.

Information collected from the Site and therefore from Tenuta Agricola Santa Caterina.

While browsing the site, the user is given the opportunity to contact, even in non-electronic form, through our format, the agricultural estate for requests for reservations or information on your holiday.

Data provided voluntarily by the user

The optional, explicit and voluntary sending of e-mail messages to the address indicated on this Site entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the same request. The optional, explicit and voluntary registration through specific contact forms (forms) present on our Site entails the subsequent acquisition of all the data reported in the fields filled in by the user and the treatment, in accordance with what is reported in the specific information reported for each individual form , is carried out exclusively in fulfillment of the related purposes.

With regard to the information that may be requested or that will be spontaneously provided, the provision of data may in some cases be optional and in others, however, mandatory. In such cases, any refusal to provide such data could have, as a consequence, the absolute or partial impossibility of executing the relationship.

The data processing could also concern personal data falling, according to the legislation of some States, in the category of "sensitive data", as under qualified, with consequent adoption by the Data Controller of all due cautions and prescriptions dictated by the privacy legislation .

The User assumes responsibility for the Personal Data of third parties obtained, published or shared and guarantees that he has the right to communicate or disseminate them, freeing the Owner from any liability to third parties.

Among the Personal Data collected by the Owner, independently or through third parties, there are the data communicated during the use of the service: name, surname, email, telephone number, address, various types of data, cookies, navigation data .

Full details on each type of data collected are provided in the dedicated sections of this privacy policy or through specific information texts displayed before the data are collected.

Any use of cookies - or other tracking tools - by the Owner or by the owners of third party services, unless otherwise specified, has the purpose of providing the service requested by the User, in addition to the additional purposes described in this document and in the Cookie Policy.

Below we list the contact methods through which the Site can collect the personal information of the interested party or through which the same could contact the Data Controller by directly providing their personal data. This information may be acquired from the Site through services prepared and managed directly by the Owner or acquired from third-party services. For each method of contact, detailed information is provided below in order to indicate to the interested party who acquires the requested information, what are the methods and purposes for which it is collected, the legal basis of the data processing and, in the case of transfer to third parties , any categories of third parties to which they will be transferred.

Contact methods proposed by the Site through which the user could provide his personal information:

A) Contact form

By filling in the contact form with their Data, the User consents to their use to respond to requests for information, quotes, or any other kind indicated by the form header.

Personal Data collected: name, surname, email, address, city, telephone number and other various types of Data.

B) Telephone, fax, email and postal addresses

Browsing the site, the user can find our telephone numbers, fax numbers, e-mail addresses and postal addresses to contact us. The service acquires personal data to respond to your requests.

Legal basis for data processing

The legal basis for data processing, pursuant to art. 6 of the Regulation (EU) is represented by the consent to the processing of personal data, for one or more specific purposes, expressly expressed.

Transfer of collected data to third parties: exclusion

The data acquired by these services will not be transferred to third parties.

During any contact of the interested party with the Data Controller, it may be required to provide information useful for continuing the relationship through "free" request fields (sending forms, sending e-mails and other contacts). In this specific case, the interested party is free to send further information, which in any case will always be treated in accordance with the current provisions on the protection of privacy.

Method of treatment

All data provided by the interested party during or through the navigation of the Site will be processed, subject to express consent, by the data controller, by the data processors (if appointed by the data controller) and / or by the agents appointed by the data controller and / or by the data processors.

Consent may also be expressed limited to some processing operations only.

All the operations that will be performed on the data provided are carried out in compliance with the principles of correctness, lawfulness and transparency and are adequate for the protection of confidentiality. The processing operations will concern the collection, registration, organization, structuring, storage, adaptation and modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction, as well as the combination of two or more of the aforementioned activities.

The data provided are processed manually and / or automatically, on paper and / or digital (thanks to the help of electronic means owned by us and / or provided by third parties). They are kept with adequate technical, IT, organizational, logistical and procedural security measures, measures that at least configure the minimum level of protection required in relation to the risks pursuant to art. 31 of the privacy code and art. 5 of the Regulation, and in any case comply with the principles of:

 lawfulness, correctness and transparency towards the interested party;

 purpose limitation (data will be collected for specific, explicit and legitimate purposes, and

subsequently treated in a way that is not incompatible with these purposes);

 data minimization (the data collected will be adequate, relevant and limited to what is necessary in compliance with the purposes for which they are processed);

 accuracy (the data will be updated and possibly corrected promptly);

 limitation of retention (the data will be stored in a form that allows identification of the

interested parties for a period of time not exceeding the achievement of the purposes for which they are processed);

 integrity and confidentiality

In no case will personal data be disclosed to third parties without the prior consent of the user.

Place of treatment

The Data are processed at the Data Controller's operating offices and in any other place where the parties involved in the processing are located. The personal information provided through the Site is sent and could be stored on servers located both in the territory of the European Union and elsewhere.

Retention period

The data are stored in a form that allows the identification of the interested parties for a period of time not exceeding the achievement of the purposes for which they are processed. The Data Controller may be obliged to keep Personal Data for a longer period in compliance with a legal obligation or in execution of an authority's order.

At the end of the retention period, Personal Data will be deleted. Therefore, at the end of this term, the right of access, cancellation, rectification and the right to data portability can no longer be exercised.

Any personal information to be provided by the interested party, through the use of the Site, can be communicated by the Owner and / or Manager to any other companies or third parties, which are expressly mentioned in the cases described below.

Any communications to third parties of your data

All the data processing operations described in this privacy statement may require that the information collected by the Data Controller be shared with any of our affiliated companies, including foreign ones, and with partners, suppliers (e.g. credit institutions, shippers, logistics companies) , consultants and with any future owner of the Site or of the activity, in the context of the provision of the services requested by the interested party.

The Data Controller may communicate personal data to other companies in relation to any type of possible or effective reorganization, merger, sale, transfer, transfer or other provisions regarding our business or part of it, assets and shares / quotas.

The Data Controller may also use and / or use the services of other companies or individuals to carry out actions and functions on our behalf, including, for example, providing services, sending correspondence, providing marketing assistance, analyzing data, providing assistance services to the consumer, for accounting, financial, commercial, administrative and billing, legal and tax purposes, etc.

In order to carry out the activity entrusted to them, the natural persons or companies mentioned above can process the personal information of the interested party as data processors, appointed by the Data Controller, or as independent data controllers. The Data Controller communicates to these companies or natural persons only and only that personal information that is strictly necessary for the specific performance of their functions.

Upon specific request, the Data Controller may collaborate with any Court, court, administrative authority, police authority, or other similar authority in any investigation or proceeding that may concern the interested party or be related to the use of the Site by the same.

Said collaboration may involve the communication to the authorities, upon explicit request, of personal information concerning the interested party.

Although the Data Controller takes appropriate measures to protect personal information or any sensitive data that, during the use of the Site or with the use of e-mail services are provided by the interested party, no transmission via the Internet can ever be guaranteed , by definition, as 100% safe.

Plugin and Widget

The Site may use plugins provided by third parties.

When the interested party visits a page of the Site that contains one or more of these elements, his browser displays content (texts and / or images) and / or sent and / or decided by the owner of the Plugin. These plugins may also install cookies (third party cookies).

The Site is therefore not responsible for such content and, therefore, please refer to the privacy policy of the Plugin owner.

The Site uses social plugins from the following (indicated for indicative and non-limiting purposes) social networks: ("Facebook"), ("Google+"), ("Instangram").

In the future, other Plugins, from other sites and / or Social Networks may be included in the pages of our Site.

Navigation data

During their normal operation, the IT systems and software procedures used to operate this Website acquire some personal data whose transmission is implicit in the use of Internet communication protocols.

This is information that is not collected to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified.

This category of data includes the IP addresses or domain names of the computers used by users who connect to the Site, the addresses in URI (Uniform Resource Identifier) ​​notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's computer environment.

These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the Site: except for this eventuality, the data on web contacts persist for a time not exceeding that necessary for the purposes for which they are collected and subsequently treated.


The services contained in this section allow the Data Controller to monitor and analyze traffic data and are used to keep track of User behavior.

Google Analytics with anonymized IP (Google Inc.)

Google Analytics is a web analysis service provided by Google Inc. ("Google"). Google uses the Personal Data collected for the purpose of tracking and examining the use of, compiling reports and sharing them with other services developed by Google.

Google could use Personal Data to contextualize and personalize the advertisements of its advertising network.

This integration of Google Analytics makes the IP address of the data subject anonymous. Anonymization works by shortening the IP address of the Users within the borders of the member states of the European Union or in other countries adhering to the agreement on the European Economic Area. Only in exceptional cases, the IP address will be sent to Google's servers and abbreviated within the United States.

Personal Data collected: Cookies and Usage Data.

Place of treatment: United States - Privacy Policy - Opt Out. Person adhering to the Privacy Shield.

Use of Cookies

Cookies are small text strings that the sites visited by the user send to his terminal, usually to the browser, where they are stored and then retransmitted to the same sites on the next visit to the same terminal. This website, owned by the owner, uses technical cookies. These cookies do not allow the acquisition of the user's personal identification data. To learn more and to read the detailed information, the User can consult the Cookie Policy.

The rights of the interested party pursuant to art. 7 of Legislative Decree 196/2003 and of the articles 12, 13 and 14, from 15 to 22 and 34.

Regulation EU 2016/679

If the interested party intends to exercise the rights referred to in art. 7 of Legislative Decree 196/2003 and of the articles 12, 13 and 14, from 15 to 22 and 34 EU Regulation 2016/679 in relation to your personal data or if you have other questions or requests also on this privacy policy, you can contact the Owner through the contact details indicated on the Site or using the following data:

Tenuta Santa Caterina - Parrini Letizia Farm - Responsible for the treatment: Parrini Letizia

Loc. Scotto n.173, Via Valcarene - San Martino, 57037 Portoferraio (LI)

P.IVA 01877650497 C.F. PRRLTZ63D62G912R

Tel: +39 0565 1931963

Owner contact email:

The Data Controller and / or the Data Processor declare themselves available to meet the requests of the interested party, however it is advised that it is not always possible to physically delete information relating to interactions that have occurred and any past transactions and / or reservations.

Users can exercise certain rights with reference to the data processed by the owner.

In particular, the User has the right to:

 withdraw consent at any time. The User can always withdraw consent to the processing of their Personal Data previously expressed.

 object to the processing of your data. Further details on the right to object are indicated in the section below.

 access their data. The user has the right to obtain information on the data processed by the owner, on

certain aspects of the processing and to receive a copy of the processed data.

 check and request correction. The User can verify the correctness of their Data and request it

the update or correction.

 obtain the limitation of the treatment. When certain conditions are met, the User can request the limitation of the processing of their Data.

 obtain the cancellation or removal of your Personal Data. When certain conditions are met,

the User can request the cancellation of their Data by the Owner.

 receive your data or have it transferred to another holder (data portability). The User has the right to receive i

own Data in structured format, commonly used and readable by automatic device and, where technically

feasible, to obtain the unhindered transfer to another holder. This provision is applicable

when the data are processed with automated tools and the processing is based on the user's consent,

on a contract to which the User is a party or on contractual measures connected to it.

 propose a complaint. The User can lodge a complaint with the data protection supervisory authority

competent personnel or to act in court.

Details on the right to object (pursuant to art. 21 EU Reg. 2016/679)

When Personal Data are processed in the public interest, in the exercise of public powers with which the Data Controller is invested or to pursue a legitimate interest of the Data Controller, Users have the right to oppose the processing for reasons related to their particular situation.

Users are reminded that, if their data were processed for direct marketing purposes, they can object to the processing at any time, without providing any reasons. To check whether the Data Controller processes data for direct marketing purposes, Users can refer to the respective sections of this document.

How to exercise your rights

To exercise their rights, Users can send a request to the owner's contact details indicated in this document. Requests will be processed by the Data Controller as soon as possible, in any case within a month, as required by law.

Third party sites and hyperlinks

On the Site there may be implementations, hypertext links, and / or advertisements to other sites owned by third parties and not controlled by the Owner. In these cases, the Data Controller cannot be held responsible in any way for personal information collected, stored and used by third parties through their sites.


In the communication of personal data by the interested party, it is requested that he expressly guarantee that he is not less than 18 years old. The Data Controller does not intend to collect any personal data of individuals under the age of eighteen. Where necessary, children are specifically asked not to communicate their data through our sites and / or reasonable measures are taken to ensure parental / guardian control over such communication.

Changes to our privacy policy by the Data Controller

The Data Controller reserves the right to make changes to this privacy policy at any time by giving information to Users on this page and, if possible, if technically and legally feasible, by sending a notification to Users through one of the contact details of which it is held by the Owner. Therefore, please consult this page regularly, referring to the date of the last modification indicated at the bottom.

Definitions and legal references

For the purposes of this statement of the privacy code and of the European regulation, the following definitions apply:

 "form", indicates the interface of a site or application that allows the client user to enter and send one or more freely entered data to the web server; it is also called a form or more frequently a form;

 "processing", any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or a set of personal data, such as the collection, registration, organization, structuring, conservation, adaptation and modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction;

 "personal data", any information relating to an identified or identifiable natural person ("data subject"); the natural person who can be identified, directly or indirectly, with particular reference to an identifier such as the name, an identification number, location data, an online identifier or one or more characteristic elements of his physical identity is considered identifiable, physiological, genetic, psychic, economic, cultural or social;

 "identification data", the personal data that allow the direct identification of the interested party on the basis of the above criteria;

 "sensitive data", personal data suitable for revealing racial and ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, unions, associations or organizations of a religious, philosophical nature, politician or trade union, as well as personal data suitable to reveal the state of health and sexual life;

 "data controller", The natural or legal person, public authority, service or other body which, individually or together with others, determines the purposes and means of the processing of personal data and the tools adopted, including the measures of security relating to the operation and use of the Site.

Unless otherwise specified, the Data Controller is Tenuta Santa Caterina - Azienda Agricola di Parrini Letizia;

 "data controller", the natural, legal person, public administration and any other entity that processes personal data on behalf of the Data Controller, as set out in this privacy policy;

 "agents", the natural persons authorized to carry out processing operations by the owner or manager;

 "interested", the natural person to whom the Personal Data refers;

 "user", the individual who uses the Site who, unless otherwise specified, coincides with the interested party;

 "communication", the disclosure of personal data to one or more specific subjects other than the interested party, the representative of the owner in the territory of the State, the manager and agents, in any form, including by making them available or consultation ;

 "dissemination", the giving knowledge of personal data to indeterminate subjects, in any form, also

by making them available or consulting;

 "anonymous data", the data that originally, or following processing, cannot be associated with an identified or identifiable interested party;

 "blocking", the storage of personal data with temporary suspension of any other processing operation;

 "database", any organized complex of personal data, divided into one or more units located in one or more sites;

 Italian "Guarantor", the authority referred to in article 153, law of 31 December 1996, n. 675, the first set of rules governing privacy in the Italian legal system;

 "minimum measures", the set of technical, IT, organizational, logistical and procedural security measures that configure the minimum level of protection required in relation to the risks envisaged in article 31 of the Privacy Code (Legislative Decree 196/2003 );

 "Usage Data", is the information collected automatically through the Site (also by third party applications integrated into the Site), including: IP addresses or domain names of the computers used by the User who connects with the Site, the addresses in URI (Uniform Resource Identifier) notation, the time of the request, the method used to forward the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response from the server (successful, error, etc.) the country of origin, the characteristics of the browser and operating system used by the visitor, the various temporal connotations of the visit (for example the time spent on each page) and the details of the itinerary followed within the Application, with particular reference to the sequence of pages consulted, to the parameters relating to the operating system and the User's IT environment.

New Version: dated 4th July 2020 - European Regulation n.679 / 2016.