Villa Pedossa – Your Country Escape

Privacy Policy

1. Scope of the European Union Regulation 2016/679 of the European Parliament and of the Council
This Regulation applies “to the processing of personal data carried out as part of the activities of an establishment by a controller or a controller within the Union, regardless of whether the processing is carried out in the Union or not” and “to the processing of personal data of data subjects located in the Union, carried out by a controller or a controller who is not established in the Union, when the activities relate to: (a) the supply of goods or the provision of services to the aforementioned interested parties in the Union, irrespective of the obligation of a payment by the person concerned; or (b) monitoring their behavior to the extent that such behavior takes place within the Union “.

2. Why a Privacy Policy?
The information provided below describes the processing operations performed on the personal data of the users visiting the website.
A Privacy Policy Statement must be provided to those who interact with the web services offered by Az. Agr. Frattesi Alessandra (hereinafter the “data controller”) from the home page of the Internet site Villa Pedossa in accordance with Chapter III of Regulation (EU) 2016/679.
The statement provided does not concern other online websites and pages or services that can be accessed via links found on the Villa Pedossa website.
This statement is also inspired by Recommendation No. 2/2001 which was adopted on 17 May 2001 by the European authorities for the protection of personal data within the Working Party established by Article 29 of directive No. 95/46/EC to identify certain minimum requirements for the collection of personal data online and, in particular, the methods, timing and nature of the information that the data controllers must provide to the users when they connect to web pages, regardless of the purpose of the link.
The Recommendation and a summary description of its purposes are reported on the website of the “Garante della Protezione dei Dati Personali” in both Italian and English.

3. Data Controller

Visiting the above mentioned website may result in processing data relating to identified or identifiable natural persons.
The data controller is:
Az. Agr. Frattesi Alessandra
Via Marche, 28
60019 Senigallia (An)
VAT number 02257940425
Mob. +39 346 7827007    Email:

4. Place of data processing
Any data processing connected to the web services of this website takes place at the data controller’s facility or at third-party hosting companies commissioned by the data controller and are only handled by technical staff in charge of processing, or by persons in charge of occasional maintenance operations. No data deriving from the web service is communicated or disclosed to third parties except for legal obligations or contractual obligations.

5. Types of data processed
Navigation data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or domain names of the computers used by users who connect to the website, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters related to the operating system and the user’s computer environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the website as well as to check the correct functioning of said website and are deleted immediately after processing. The data could be used to ascertain responsibility in the case of hypothetical computer crimes against the website: except for this eventuality, the data on web contacts do not persist for more than 7 (seven) days (see Cookies Policy at the following link).

Data provided by the user
The optional, explicit and voluntary sending of emails to the addresses indicated on this website entails the subsequent acquisition of the sender’s email address, necessary to respond to requests, as well as any other personal data included in the message.
Specific information pursuant to Chapter III of Regulation (EU) 2016/679 with any request for consent to the processing will be reported or linked via links on the pages of the website prepared for the acquisition of personal data.

6. Cookies
When you visit this website, cookies will be saved on your device.
Cookies are small text files that the website records on its computer or mobile device, for technical purposes (such as the management of navigation within the website) or for statistical purposes (to know, for example, the number of people who have visited the various sections of the website or the hours with the greatest number of visitors).
This information is useful to improve navigation on our website.
We do not use cookies to transmit information of a personal nature, nor are persistent cookies used, or systems for tracking users, of any kind. The use of session or technical cookies (which are not stored permanently on the user’s computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) allowing a safe and efficient exploration of the website. Session cookies or technical cookies used on this website avoid the use of other technologies that could compromise the privacy of users’ browsing and do not allow the acquisition of personal identification data.
Pursuant to the provision of the “Garante della Protezione dei dati personali” “Identification of simplified procedures for the disclosure and acquisition of consent for the use of cookies” (of 8 May 2014, published in The Italian Official Gazette No. 126 of June 3, 2014), the use of technical cookies are allowed without prior consent from the user.

Google Analytics (Google Inc.)
The services contained in this section allow the data controller to monitor and analyze traffic data and are used to keep track of user’s behavior. Google Analytics is a web analytics service provided by Google Inc. (“Google”). Google uses personal information collected for the purpose of tracking and examining the use of this application, compiling reports and sharing them with other services developed by Google. Google may use the personal data to contextualize and personalize the advertisements of its advertising network.

Personal data collected: cookies and usage data.
Place of processing: United States – Privacy Policy – Opt Out. Subject to the Privacy Shield.

Google itself has released a plugin, compatible with the major browsers (Chrome, Firefox and Internet Explorer), which disables the ga.js code, which is the web tag system of Google products that allows you to monitor sites, measure online activities users so that the owners of websites can have more information on the visibility of their pages and are able to optimize the content in an optimal manner. The add-on and further information can be found at

7. Optional nature of the provision of data
Apart from that specified for navigation data, the user is free to provide personal data contained in the various modules on the website according to the indications set out in Chapter III of Regulation (EU) 2016/679.
Failure to provide the data indicated as mandatory implies the impossibility on the part of the user to participate in the initiative.
For the sake of completeness it should be noted that in some cases (not subject to the ordinary management of this website) the authority for the protection of personal data can request news and information pursuant to Art. 157 of Legislative Decree 196/2003, for the purpose of monitoring the processing of personal data. In these cases the answer is mandatory under penalty of administrative sanction.

8. Methods of processing
Personal data are processed with automated tools for the length of time strictly necessary to achieve the purposes for which they were collected. Specific security measures have been implemented to prevent data loss, illicit or incorrect use and unauthorized access.

9. Rights of data subjects
One of the fundamental rights of the person concerned guaranteed by Regulation (EU) 2016/679 is most certainly the right of access under Art. 15, which establishes that the person concerned (the data subject) has the right to obtain from the data controller confirmation that there is or is not any personal data processing concerning the data subject. Furthermore, in the case that there is data being processed, the data subject has the right to access that data and the right to the following information:
a) the purposes of the processing;
b) the categories of personal data in question;
c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients are of third countries or international organizations;
d) where possible, the retention period of the personal data provided or, if not possible, the criteria used to determine this period;
e) the existence of data subject’s right to request that the data controller rectifies or deletes personal data or limits the processing of personal data concerning him or her to oppose their treatment;
f) the right to lodge a complaint with a supervisory authority;
g) if the data are not collected from the data subject, all information available on their origin;
h) the existence of an automated decision-making process, including profiling and, at least in some cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject.

Under Articles 15 to 20, the data controller must provide the data subject with the information on the actions taken regarding the data subject’s request for access without undue delay and no later than 1 (one) month from receipt of the request. This deadline may be extended for up to a further 2 (two) months, if necessary, taking into account the complexity of the request and the number of requests.

If an extension of the deadline is applied, the person concerned is informed of the reasons for the delay within 1 (one) month of receiving the request. If the person concerned  submits the request in electronic format, the information is provided, where possible, in electronic format, unless otherwise indicated by the person concerned.

Other rights of the person concerned are:
the right of rectification for which the person concerned has the right to obtain the correction of inaccurate personal data concerning him or her without undue delay from the data controller. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data by further providing an additional declaration. On the other hand the person concerned, has the right to obtain from the data controller the limitation of processing when one of the following hypotheses occurs:
a) the person concerned disputes the accuracy of personal data, for the period necessary for the data controller to verify the accuracy of such personal data;
b) the processing is illegal and the person concerned opposes the cancellation of personal data and asks instead that its use is limited;
c) although the data controller no longer needs the personal data for processing purposes, those personal data are necessary for the data subject to ascertain, exercise or defend a right in court;
d) the person concerned has opposed the treatment under Article 21, paragraph 1, pending verification of the possible prevalence of the legitimate reasons of the data controller in regard to those of the person concerned.
If the processing is limited, personal data are treated, except for storage, only with the consent of the person concerned or for the assessment, exercise or defense of a right in court or to protect the rights of another natural or legal person or for reasons of significant public interest to the Union or to a Member State.
With the recognition of the right to cancel and to be forgotten, the person concerned must have the right to request that their personal data are deleted and no longer processed in the case the data are no longer necessary for the purposes for which they were collected or otherwise processed, in the case the consent has been withdrawn or he or she has opposed the processing of his/her personal data or in the case the processing of the personal data is not otherwise compliant with the set rules and regulations.
This right is particularly relevant if the data subject gave consent when he/she was a minor, and therefore not fully aware of the risks deriving from the treatment, and he/she subsequently wants to delete this type of personal data, in particular from the Internet.
Finally, the Art. 20 of the Regulation (EU) 2016/679 introduces a new right with respect to the previous legislation, namely the right to data portability for which the data subject has the right to receive personal data concerning him or her provided in a structured format to a data controller and has the right to transmit such data to another data controller without impediment by the data controller to whom he or she has provided them if:
a) the processing is based on consent pursuant to Article 6, paragraph 1, letter a) or Article 9, paragraph 2, letter a) or on a contract under Article 6, paragraph 1, letter b);
and b) processing is carried out by automated means.

Requests must be sent to the data controller at the contact numbers indicated above.

Document updated on 22/03/2020