Privacy Policy


This disclaimer is made for those who interact with the web services of our company and is accessible electronically from the following address: corresponding to the homepage of our official website. The disclaimer is provided only for the site of our company and not for other websites that may be consulted by the user through external links.

For legal purposes, reference is made to the Italian version.

Castello di Spessa Soc. Agr. A R.L., with registered office in Via Spessa, 1 34070 Capriva del Friuli (GO), as Data Controller, informs interested parties pursuant to art. 13 D.Lgs. 30.06.2003 n. and to art. 13 EU Regulation n. 2016/679 "GDPR", on the purposes and methods of processing collected personal data, their scope of communication and dissemination, in addition to the nature of their contribution.
Pursuant to art. 23 of Legislative Decree 196/2003 consent to the processing of the aforementioned data is necessary. The consent is considered granted by checking the box at the bottom of the registration form, which can be in paper or digital format.

The Data Controller processes only non-sensitive personal data. For example, the personal information we collect includes may be:
1) Data relating to navigation: the technological systems used to manage this website read, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is data that is not collected to be associated with identified, but by their very nature could, through complex processing and associations with data held by third parties, allow users to be identified. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning. The data could be used to ascertain responsibility in the event of hypothetical IT crimes to the detriment of the site and may be presented to the Judicial Authorities, if the latter explicitly requests it.
2) Information sent voluntarily by the user: the optional, explicit and voluntary sending of e-mails to the addresses indicated on this website entails the subsequent acquisition of the personal data entered (by way of example but not exhaustively: name, surname, address of email). In the case of requests for an estimate or booking, they may also include: telephone number and address, credit card details (type and number of card, name on the card, expiration date and cvc code), information on guests' stays, including arrival and departure dates, special requests and preferences on services (including services of any kind and room preferences);
3) Information provided regarding personal marketing preferences or when participating in surveys, contests or promotional offers.
Specific summary information will be progressively reported or displayed on the pages of the site prepared for particular services on request.

a) marketing;
b) sending of informative and promotional material;
c) sending commercial communications;
d) recognition of the degree of satisfaction of the products and / or services offered by the Company;
e) sending invitations for events;
f) compliance with legal obligations.

The data will be processed by the Data Controller at its registered office and operating office.
The processing of personal data is carried out by means of the operations indicated in art. 4 of the Privacy Code and art. 4 n. 2) GDPR and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data are processed using computer procedures, electronic means and residual on paper, by internal individuals specifically appointed as well as by external managers in the case appointed, and this also on the basis of existing contractual agreements.
The Controller adopts appropriate procedures and systems to protect data against the risk of loss, misuse or alteration. Furthermore, it has implemented and uses security procedures and technical and physical restrictions regarding access and use of personal data on its servers. Access to personal data is allowed only to authorized personnel, and can only take place during the course of their work.

The data can be made accessible to
- employees and collaborators of the Data Controller, in their capacity as persons authorized to process and / or data processors and / or system administrators. All the appointed persons will carry out exclusively the processing operations, on behalf of the Data Controller and / or the manager, within the limits, in the manner and according to the methods expressly indicated in the respective appointment documents.
- third-party companies or other subjects (as an indication, credit institutes, professional firms, consultants, insurance companies for the provision of insurance services, platform for sending the newsletter etc.) who carry out outsourced activities on behalf of the Owner, in their capacity as external managers of the treatment.
These operators will be required to comply with confidentiality agreements and will be prohibited from using your personal data for their own purposes or for any other purpose.

Personal data will not be disclosed by the Owner.
Communication to third parties, other than the Data Controller, managers, internal but also external to the company structure, and appointed and appointed processors, is provided for the pursuit of the purposes indicated and in any case within the limits of the same, to subjects and companies third parties, business partners, engaged in the correct and regular pursuit of the purposes described. The data provided by the user can be communicated to the subjects for whom there is a duty of communication under the law or a need for communication to assert the right of the company to the bodies in charge. In any case, processing by third parties must be carried out according to correctness and in compliance with the provisions of the law in force.

The mailing list and the sending of the newsletter are managed on the MailChimp® platform, belonging to the company Rocket Science Group, LLC, which is based in the United States and adheres to the c.d. "Safe Harbor" agreement, which imposes a level of protection of personal data equal to the standards required by the Privacy Authorities of the EU countries. The aforementioned company will process the data of the interested parties as independent holder, in compliance with the aforementioned standards (see information by clicking here.) For any doubt or clarification, the interested party can directly contact Rocket Science Group, LLC, Mailchimp Privacy Department, 512 Means St., Suite 404, Atlanta, Georgia 30318. Failure to consent to the communication and transfer of data as detailed above will make it impossible to obtain the newsletter service.

The provision of data is optional and is returned to the will of the subject who wants to know the portfolio prepared by the owner. Failure to provide the data that are strictly necessary for registration implies the impossibility of following up the same and the consequent use of the services. Data not expressly indicated as mandatory, may be freely granted by the interested parties. The interested party may subsequently deny the possibility to process data already provided: in this case, he / she will not be able to receive any other communication concerning the owner's portfolio or other commercial communications of the professional activities carried out by the Owner.

We will store personal information for as long as necessary, as required by applicable laws (including those relating to the retention of documents), to provide you with the services, to resolve any disputes with regard to any party and in any case necessary in order to enable us to perform our commercial activity. All personal information that we retain will be subject to the provisions of this privacy statement.
The data are kept until the request of the person concerned to withdraw.

The newsletter and the services of the Data Controller are not intended for minors under the age of 18 and the Data Controller does not intentionally collect personal information about minors. In the event that information on minors were unintentionally registered, the Data Controller will delete them in a timely manner, at the request of users.

These services allow interaction with social networks, or with other external platforms, directly from the links in the newsletter and on the website of the owner. The interactions and information acquired are in any case subject to the User's privacy settings related to each social network. If an interaction service with social networks is installed, it is possible that, even if the Users do not use the service, the same collect traffic data relating to the pages in which it is installed.

According to the art. 7 of the Privacy Code and art. 15 GDPR, the interested party can obtain confirmation of the existence or not of personal data concerning him, even if not yet registered, and their communication in intelligible form. The interested party has the right to obtain the indication:
a) of the origin of personal data;
b) of the purposes and methods of the processing;
c) of the logic applied in case of treatment carried out with the aid of electronic instruments;
d) of the identification details of the owner, of the responsible and of the designated representative according to article 5, paragraph 2 and art. 3, paragraph 1, GDPR;
e) of the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the territory of the State, managers or agents.

The interested party has the right to obtain:
a) updating, rectification or, when interested, integration of data;
b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case where such fulfillment is it proves impossible or involves a use of means manifestly disproportionate to the protected right.

The interested party has the right to object, in whole or in part:
a) on legitimate grounds, to the processing of personal data concerning him / her, even though they are relevant to the purpose of the collection;
b) to the processing of personal data concerning him for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication. Where applicable, you also have the rights referred to in Articles 16-21 GDPR (Right of rectification, right to be forgotten, right of limitation of treatment, right to data portability, right of opposition), as well as the right of complaint to the Guarantor Authority.

You can exercise your rights at any time by sending an email to Questo indirizzo email è protetto dagli spambots. E' necessario abilitare JavaScript per vederlo.

The owner is Castello di Spessa Soc. Agr. to R.L. with headquarters in via Spessa 1 in Capriva del Friuli (GO)
The Responsible is the pro tempore manager of the commercial area. An updated list of the managers, appointed by the Owner in accordance with art. 29 of Legislative Decree 196/2003, is available at the registered office of the owner.
For each communication pursuant to art. 7 and ss. Of the D.lgs. n. 196/2003 and s.m.i. The Owner provides the address Questo indirizzo email è protetto dagli spambots. E' necessario abilitare JavaScript per vederlo.

This disclaimer may change. It is therefore advisable to regularly check this information and refer to the latest version in italian language.

        Facebook Twitter Instagram YouTube Pinterest Google+

NOTA! Nel rispetto della Direttiva 2009/136/CE, ti informiamo che questo sito utilizza i cookie. Continuando a navigare nel sito si accetta l'utilizzo dei cookies. To find out more about the cookies we use and how to delete them, see our privacy policy.

I accept cookies from this site.

EU Cookie Directive Module Information