Information note pursuant to art.13 of EU Regulation 2016/679 – art.13 of Legislative Decree 196/2003 (Personal data protection code) and subsequent amendments.

Last updated May 2018.

This information describes the data management methods of this website and is made pursuant to the European GDPR Regulation n. 2016/679 and Legislative Decree Italian n. 196 of 30 June 2003 which provide for the protection of people and other subjects regarding the processing of personal data.

The information is provided by Sant’Alberto & Osteria ss as “Owner” of the processing of data collected through the site mentioned above (therefore other websites or electronic spaces owned by third parties are excluded, reachable through external links, even if present on the pages of this site).

The data provided by you will be used for the sole purpose of following up your requests and may be disclosed to third parties only if this is necessary for this purpose, or with your explicit consent.

The data will be kept for the time strictly necessary to provide the interested party with the requested services and will in any case be eliminated following a request from the interested party, without prejudice to further conservation obligations established by law.

The collection of user data takes place through the compilation of electronic forms on the pages of the site relating to the services requested and specified; the authorization to the processing of data by the owner of this site is explicitly requested from the user by confirming and selecting the appropriate check on the forms with a brief information and the link to this complete information.

Before submitting any request, users are sent to read this complete information which specifies the limits, purposes and methods of data processing.

Type of data processed, consent and purpose of the treatment.

Navigation data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some data whose transmission is implicit in the use of Internet communication protocols, including for example the country of origin, the language, access time, date, pages visited, errors and other statistical navigation data.

This is information that is not collected to be associated with identified interested parties, but exclusively to carry out internal statistics suitable for the functioning of the site, but which by their very nature could, through processing and association with data held by third parties (e.g. connection provider). , allow you to identify users.

No data deriving from the web service will be communicated or disseminated, except to fulfill the obligations established by laws, regulations or community regulations.

Navigation cookies

In compliance with the directives of the Italian Guarantor for the protection of personal data and the European directives (EU Cookie La) on the use of cookies on websites, we invite you to read the extended information which indicates all the information regarding what they are and how cookies are used on this site in this dedicated section: “information on the use of cookies”

Personal data voluntarily provided by users

The optional, explicit and voluntary sending of personal information through the electronic forms on the website or by e-mail to the addresses indicated on this website, involves the subsequent acquisition of the sender’s email address (necessary to be able to respond to requests) , the connection IP and any other personal data requested by the form or entered in the message.

The acquired data will be processed by the Data Controller together for the purpose of providing the requested services and for managing them, both manually and automatically, digitally and on paper; the communication of data to third parties and / or outside the European community will take place only if this is necessary in order to comply with the request received and only for data strictly necessary for the chosen purpose.

The Data Controller may use the data provided in order to periodically send messages and communications via e-mail or other digital systems exclusively for technical, informative and security purposes regarding the service requested / provided.

Authorization to process the data will be explicitly requested from the user by confirming and selecting the appropriate check on the request form, without acceptance the requested services cannot be provided.

Processing methods and protection of personal data

The processing of personal data is carried out by means of the operations regulated by the legislation and precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data .

The treatment is carried out through automated tools and / or manually for the time necessary to achieve the purposes for which the data were collected and may remain archived even after the termination of the relationship for the purposes of service, however, in accordance with regulatory provisions in force on the matter.

Specific security measures and technologies are observed to ensure confidentiality and protection and to prevent data loss, illicit or incorrect use and unauthorized access.

Optional supply of data

Apart from what is specified for navigation data, users are free to provide (or not provide) their personal data through electronic forms. Their absence can only make it impossible to provide the services and obtain what is requested.
Owner, managers and access to data

The owner and manager of the treatment is:

Sant’Alberto & Osteria s.s.

Va Francigena, 59 – 53023

Castiglione d’Orcia (Siena)

VAT number 01437990524

In addition to the employees and collaborators of Sant’Alberto & Osteria ss, the processing of personal data may also be carried out by third parties and / or outside the European community to which the company entrusts certain activities (or part of them) exclusively connected or instrumental to the performance of the treatments or the provision of the requested services and only for data strictly necessary for the chosen purpose. In this event, the same subjects will operate as independent owners, co-owners, or will be appointed as Managers or processors.

The Data Controller ensures as of now that the transfer of non-EU data will take place in accordance with the applicable legal provisions by stipulating, if necessary, agreements that guarantee an adequate level of protection and / or by adopting the standard contractual clauses provided by the European Commission.


This site and the owner’s services are not intended for minors under the age of 18 and the owner does not intentionally collect personal information relating to minors. In the event that information on minors were unintentionally registered, the Data Controller will delete them in a timely manner, at the request of the interested parties.

Rights of the interested parties

At any time, the interested party can exercise your rights towards the data controller, pursuant to art. 7 of Legislative Decree n. 196 of 30 June 2003 and art. 15 of the GDPR, namely:

The interested party has the right to obtain:

– confirmation of the existence or not of personal data concerning him, even if not yet registered;

– and their communication in an intelligible form.

The interested party has the right to obtain the indication:

– the origin of personal data;

– the purposes and methods of treatment;

– the logic applied in case of treatment carried out with the aid of electronic instruments;

– of the identification details of the Data Controller, of the managers and of the representative appointed pursuant to art. 5 paragraph 2 and art. 3, paragraph 1, GDPR;

– the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the State, managers or agents.

The interested party has the right to obtain:

– updating, rectification or, when interested, integration of data;

– the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;

– the attestation that the operations referred to in the previous points have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment proves impossible or involves a use of means manifestly disproportionate to the protected right.

The interested party has the right to object, in whole or in part:

– for legitimate reasons, to the processing of personal data concerning him, even if pertinent to the purpose of the collection; – to the processing of personal data concerning him for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication.

Where applicable, the interested party also has the rights referred to in articles 16-21 GDPR (Right of rectification, right to be forgotten, right of limitation of treatment, right to data portability, right of opposition), as well as the right of complaint to the Guarantor Authority.

Methods of exercising the right

The interested party may at any time exercise the rights through:

– Registered return ticket to: Sant’Alberto & Osteria s.s., Va Francigena, 59 – 53023, Castiglione d’Orcia (Siena)

– Email to:


This information may undergo changes aimed at improving the protection of users’ personal data. We therefore recommend that you regularly check this Notice and refer to the most updated version.

Social Plug-in

Our web pages may contain Social Networks plug-ins (eg, operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, United States (“Facebook”). If you access a of our web pages equipped with a similar plug-in, the internet browser connects directly to the social network and the plug-in is displayed on the screen thanks to the connection with the browser. Before using these plug-ins, please consult the privacy policy of the social networks themselves, on their official pages.

This post is also available in: Italian