This policy is provided in accordance with Article 13 of Regulation 2016/679 (GDPR), pursuant to Article 13 of Legislative Decree No. 196/2003 (Personal Data Protection Code) and applies to all personal data processed in the manner set out below.

Data Controller
The Data Controller of the Personal Data collected is: Hotel La Collegiata
Place of Operation: Località La Strada 27, 53037 - San Gimignano, Siena - Tuscany - Italy
Owner's email address:

Typologies of Data Collected

Full details on each type of data collected are provided in the dedicated sections of this privacy policy. User's Personal Data may be freely provided by the User or, in the case of Usage Data, automatically collected during the use of the site. Unless otherwise specified, all requested Data are mandatory. If the User refuses to provide them, it may be impossible to provide the service. In cases where some Data are optional, Users may abstain from communicating such Data, with no consequence on the availability of the Service or its operation. Should Users doubt about which Data is mandatory, they are encouraged to contact the Data Controller. The possible use of Cookies, or other tracking tools, by the site or third party service holders used, unless otherwise specified, has the purpose of providing the Service requested by the User. The User assumes responsibility for the Personal Data of third parties obtained, published or shared through the site and guarantees that he/she has the right to communicate or disseminate it, releasing the Owner from any liability towards third parties.


Purposes of Data Collection

The User's Data are collected to enable the Owner to provide its Services, as well as for the following purposes: Statistics, Newsletters, Personalized Advertising, Accounting, Content and Functionality Performance Testing, Interaction with social networks and external platforms, Displaying content from external platforms and interaction with data collection platforms and other third parties. Should you wish to obtain further detailed information on the purposes of processing and the Personal Data concretely relevant for each purpose, you may refer to the relevant sections of this document.

Data processing mode

The Data Controller shall take all necessary security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data. Data processing is carried out using computer and/or telematic tools, with organizational methods and logics strictly related to the indicated purposes. In addition to the Data Controller, other parties outside the company (administrative, sales, marketing, legal, system administrators) or external parties (such as third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) also being appointed, if necessary, Data Processors by the Data Controller have access to the data. The updated list of Data Processors can always be requested from the Data Controller.

Legal basis of data processing

Personal Data related to the User are processed by the owner if one of the following conditions exists: the User agreed for one or more specific purposes;

However, it is always possible to request the Data Controller to clarify the concrete legal basis of each processing, and in particular to specify whether the processing is based on law, part of a contract, or necessary to conclude a contract.


Processing of Data is carried out at the operational offices of the Data Controller and at any other location where the parties involved in the processing are located. For more information, please contact the Data Controller. Personal Data of the User may be transferred to a country other than the country where the User is located. To obtain more information about the location of the processing, the User may refer to the section on Personal Data processing details. The User has the right to obtain information regarding the legal basis for the transfer of Data outside the European Union or to an international organization under public international law or consisting of two or more countries, such as the UN, as well as regarding the security measures taken by the Controller to protect the Data. Should any of the above-mentioned Data transfers take place, the User may refer to the specific sections of this document or request information from the Data Controller by contacting it at the contact details given at the front of this document.

Data retention period

Data are processed and retained as long as the purposes for which they were collected require:

In cases where the processing is based on the User's consent, the Controller may keep the Personal Data longer until that consent is revoked. Furthermore, the Controller may be obliged to retain Personal Data for a longer period in compliance with a legal obligation or by order of an authority. At the end of the period of storage, the Personal Data will be deleted. Therefore, upon the expiration of this period the right of access, deletion, rectification and the right to Data portability can no longer be exercised.

Information on the processing of Personal Data

Personal Data are collected for the following purposes and through the following services:

Additional information about Personal Data

Privacy Policy

The User, by filling out the contact form with their Data, consents to their use to respond to requests for information, quotes, or any other nature indicated by the header of the form.

User Rights

According to Articles 15 - 21 of EU Regulation 2016/679, a number of rights are granted to each data subject

The data subject shall also have the right to lodge a complaint with the competent supervisory authority, the Privacy Controller. The requests referred to in the preceding points must be addressed in writing to the Data Controller. The Data Controller will, within the time limits established by current regulations, provide timely responses to requests to exercise the rights of data subjects.

This site uses cookies to improve the browsing experience (read Policy)   -    If you continue browsing, you agree to use our cookies OK