Privacy Policy

Dear Client,
pursuant to current legislation on the protection of personal data (Regulation (EU) 2016/679 – GDPR and Legislative Decree 196/2003 and subsequent amendments and supplements), we wish to inform you that the processing of your personal data is carried out correctly and transparently, for lawful purposes and protecting your privacy and your rights.
Therefore, in compliance with the aforementioned legislation, and in particular in compliance with art.13 of Regulation (EU) 2016/679, we hereby provide you with the following information:

Methods of processing.
Data processing is carried out both by electronic means (including through our website: www.montestigliano.it) and with the aid of hard copy records in order to carry out the services offered.

Nature of the data processed.
If you sign up as one of our contacts or if you request news or buy our products, we will process your personal and fiscal data, as well as the economic data necessary to establish relations between you and our company. We do not generally process any sensitive or judicial data, but if this becomes necessary, we will only do so with your prior consent.

Purposes and methods of carrying out services.
1) acquire and confirm your bookings for accommodation services and ancillary services, and provide the requested  services. For the management of payments, your data may be disclosed to third parties, banks and financial entities. Considering such data processing is necessary to define the contractual agreement and its subsequent implementation, your authorisation is not requested, except in cases where sensitive data is provided, pursuant to art. 9 of Regulation (EU) 2016/679. In the case of refusal to submit personal data, we will be unable to confirm the booking or provide the requested services (art. 6, paragraph 1, letter a) of Regulation (EU) 2016/679). Processing of your data will cease upon your departure, but some of your personal data may or must continue to be processed for the purposes and in the manner indicated as follows;

2) to fulfil the obligations set out in the Consolidated Law on Public Safety (article 109 of the R.D. 18.6.1931 n. 773), which requires us by law to communicate the personal details of our guests to Local Police Authorities, for public security purposes, pursuant to the Decree of 7 January 2013 by the Italian Ministry of the Interior, as well as the insertion of their data on the ricestat online platform. The submission of data is mandatory, and does not require your consent (art. 6, paragraph 1, letter c) of Regulation (EU) 2016/679) and in the case of refusal to submit data we will be unable to host you at our facility;

3) to comply with current administrative, accounting and tax requirements. For such purposes, your explicit consent is not required to carry out data processing (art. 6, paragraph 1, letter c) of Regulation (EU) 2016/679). Data is processed by us and our representatives, and is disclosed to external parties solely to fulfil our legal obligations. In the case of refusal to supply the data necessary for the above-mentioned requirements, we will be unable to provide the requested services. The data collected for these purposes is retained in our records for the period required by current legislation (10 years, or longer in the case of tax assessments);

4) to speed up registration procedures in the event of future bookings at our facility. For this purpose, subject to your consent, which can be revoked at any time, your data will be kept for a maximum period of 5 years and will be used when you are once again a guest at our facility, for the purposes referred to in the previous points;

5) to allow you to receive messages and telephone calls during your stay. For these purposes, your consent is required. You may withdraw your consent at any time. Such processing will in any case cease once you have departed;

6) to send you promotional messages and updates on our prices and offers. For this purpose, with your consent, your data will be kept for a maximum period of 5 years and will not be disclosed to third parties. You may withdraw your consent at any time;

7) with prior consent, to manage any needs related to accessibility, through health-related information collected from the data subject, with reference to any physical needs (for example in the case of limited mobility or any food allergies/intolerances);

8) in the case of event management, guests as a rule have their independent photographer, however consent may be required to take photographs and record videos to be published on social networks (Facebook, Instagram, YouTube and Twitter) for advertising and promotional purposes;

9) in some cases, the prevailing interest of the data controller may exist, for example in the event of breach of contract by the counterparty, that may lead the owner to begin credit recovery procedures. In such cases your consent is not required, pursuant to art. 6, paragraph 1, letter f) of Regulation (EU) 2016/679);

Duration of data processing.

Data is processed until the completion of provided services and also thereafter, to fulfil legal obligations and for administrative and commercial purposes.

Data provided voluntarily by the data subject.
In the event you choose to make a payment using one of the available methods (bank transfer, credit card, debit card, bank check and cash), in addition to the data requested in the contact form (name, surname, e-mail), you will be required to provide us with all the data necessary to carry out such procedures. Failure to communicate even some of this data makes it impossible to carry out said services.

The explicit and voluntary submission of data through filling out and sending emails to the addresses indicated on our website implies the subsequent acquisition of the same data. All the required data (usually: name, surname, telephone number, e-mail) is necessary for us to respond to your requests and/or carry out the services that you require from us. A summary of the specific information is provided and/or displayed on the individual pages of the website used for carrying out particular services on request.

Obligation or right to provide data and consequences of eventual refusal.
The above listed data (name, surname, e-mail) are necessary for us to be able to carry out requested services: failure to provide all or part of such data, consequently, makes the implementation of such services impossible.

While browsing our site, contacting us via telephone or even in the case of a direct visit, you may also be asked to communicate further data that is not strictly necessary for the fulfilment of the primary service (holiday accommodation), but is required to carry out any ancillary services (event organisation or provision of other services) which will, in each individual case, be made present to you. Failure to provide such data is evaluated on a case-by-case basis, and determines consequent decisions made according to the importance we give to the requested data that you have not supplied.

When we would like to offer you an ancillary service, we will duly communicate the specifically defined purposes in detail and your explicit consent will be required.

Failure to provide the data required for a specific service or failure to give the relative and subsequent consent to its use does not affect the possibility of requesting and consenting to the provision of other different ancillary services (much less does it prevent or exclude the primary service).

Data communication and distribution.
Data collected is not “distributed” by us, in other words, it is not made known to indeterminate subjects in any way, including by making it available for viewing or consultation; however, it may be “communicated” by us, or made known to one or more specific entities, in particular to:
– individuals who may access the data to fulfil a legal obligation, within the limits established by the law itself;
– credit and/or financial institutions, in the case of electronic payments;
– partner companies, if consent has been given to the sending of advertising and direct marketing on their part;

Rights of the data subject (articles 13/22 and 77/79 of the EU Regulation 2016/679)

If the data subject intends to exercise the rights referred to in articles 13/22 and 77/79 of Regulation (EU) 2016/679 in relation to his or her personal data or if he or she has other questions or requests, including on this privacy policy, he or she may contact the Data Controller through the contact details indicated on the Website or using our contact details: 

Data Controller: Giancarlo Donati, as sole proprietor
registered address:              Via Bencivenni 29, 61040 Mercatello sul Metauro (PU)

Tax Code:                               DNTGCR33S05A944B

VAT no.:                                  00155550411

Mobile:                                    +39 3394016247

e-mail:                                     info@palazzodonati.it

The Data Controller declares himself available to meet the requests of the data subject, however he advises that it is not always possible to physically delete information relating to interactions that have taken place and any past transactions and/or reservations.
Data subjects may exercise certain rights regarding the data processed by the controller.

In particular, the data subject has the right to:
withdraw their consent at any time. The data subject may always withdraw consent to the processing of their previously mentioned Personal Data (art. 13, paragraph 2, letter c) of Regulation (EU) 2016/679);
object to the processing of their data. The data subject may object to the processing of their data in the events referred to in art. 21 of Regulation (EU) 2016/679).
access their own personal data. The data subject has the right to access information on what data is processed by the controller, on particular aspects of said processing, and to receive a copy of any data processed (art. 15 of Regulation (EU) 2016/679);
verify and request the data be rectified. The data subject may check that their personal data is correct and ask for it to be updated or rectified (art. 16 of Regulation (EU) 2016/679);
restrict processing. When certain conditions are met, the data subject may ask for the processing of their data to be restricted. In this case we will not process the data for any purpose other than its conservation (art. 18 of Regulation (EU) 2016/679);
have their personal data removed or deleted. When certain conditions are met, the data subject may request the deletion of his or her data by the Data Controller (art. 17 of Regulation (EU) 2016/679). In such cases we will duly remove any data as swiftly as possible
have their data sent to themselves or transferred to another controller (data portability). Data subjects have the right to receive their data in a structured, commonly used and machine-readable format, and where technically feasible, to have it transferred without hindrance to another controller. This provision is applicable where the data processing is carried out by automated means and is based on the data subject’s consent, in respect of a contract to which the data subject is party or prior to entering into a contract (art. 20 of Regulation (EU) 2016/679);
not to be subject to a decision based solely on automated processing, including profiling, in cases where the data subject may exercise his or her rights (art. 22 of Regulation (EU) 2016/679);
lodge a complaint. The data subject may lodge a complaint with the competent personal data protection supervisory authority (art. 77 of Regulation (EU) 2016/679);
take legal action (art. 79 of Regulation (EU) 2016/679).