Privacy policy

Information on the processing of personal data pursuant to art. 13 of the 2016/679 EU Regulation

In accordance with current legislation on the protection of personal data (EU Regulation No. 679 of 2016), we wish to inform you that the processing of your personal data is carried out correctly and transparently, for lawful purposes and protecting your privacy and your rights.

Contacts of the Data Controller and Data Processors

The Data Controller of your data is Rocca Costantino, Square Umberto I – 12065 Monforte d’Alba (CN) – Phone: 0173787156 – mail:

Categories of personal data processed

The Data Controller will process the following personal data:
– personal data (name, surname, date and place of birth, residence);
– contact details (telephone number, e-mail address);
– credit / debit card number or other payment details;
– nationality, passport, identity card, visa or other identification data issued by the government; – employment details;

Legal basis, Purpose of processing and storage of data

Personal data processed by the Data Controller may be used for the following purposes:
– To execute contractual agreements: acquire and confirm your booking of accommodation, catering, ancillary services and to provide the requested services.
Being the necessary treatments for the definition of the contractual agreement and for its subsequent implementation, its consent is not required, except in the case where particular data are given.
In case of refusal to provide personal data, we will not be able to confirm the booking or provide the
requested services.
– To full fill the obligation provided for by the “Consolidated Law on Public Security Laws (Article 109 RD 18.6.1931 No. 773) which requires to communicate to the Police Headquarters, for purposes of public security, the personalities of the clients accommodated according to the modalities established by the Ministry of the Interior.
The provision of data is mandatory and does not require its consent, and in case of refusal to provide it we will not be able to host it in our facility.
The data acquired for this purpose are not stored by us, unless you provide us with your specific consent.
– To comply with current administrative, accounting and tax obligations.
For these purposes, the processing is carried out without the need to acquire your consent. In case of refusal to provide the data necessary for the above-mentioned obligations, we will not be able to provide the requested services.
The data acquired for these purposes are stored by us for the time provided for by the respective regulations (10 years, and even more in the case of tax assessments);
– Check in and calculation of the tourist tax
– To full fill the obligation provided for by the art. 7 D.Lgs n. 322/1989 and the D.P.R. January 31, 2018 (approval of the 2017 – 2019 National Statistical Program – 2017 Update; D.P.C.M. of 22 July 2011 referred to in point B below.

Method of treatment

Your data will be processed using appropriate paper, electronic and / or computerised means, with logic strictly related to the aforementioned purposes and, in any case, in such a way as to guarantee the security and confidentiality of the data.
Your personal data are processed with the aid of computer tools in a lawful and correct manner for the performance of the above purposes and are protected by appropriate security measures that guarantee the confidentiality, integrity, accuracy, availability and updating.

They are kept for a period of time not exceeding that necessary for the purposes for which they were collected or subsequently processed.

Recipients or categories of recipients of personal data

Personal data processed by the Data Controller may be disclosed to specific subjects considered as recipients of such personal data. Article 4 in point 9) of the Rules defines as the recipient of a personal data “the natural or legal person, the public authority, the service or another body that receives communication of personal data, whether it is a third party or not “.
With this in mind, in order to correctly perform all processing activities necessary to pursue the purposes set out in this statement, the following recipients may be able to process the data on behalf of the Data Controller:
– Individuals, employees and / or collaborators of the Owner who are entrusted with specific and / or more processing activities on your personal data. These individuals have been given specific instructions on security and correct use of personal data.
– Subjects, public and private, who can access data under the provisions of law, regulation or community legislation, within the limits set by these rules.

Rights of the interested person

We also inform you that at any time, with regard to personal data, you may exercise your rights under the GDPR 679/2016, within the limits and under the conditions set out in Articles 7 and 15-22. For the exercise of these rights, described below, it is possible to contact the Data Controller at the e-mail address, preferably indicating in the object “exercise of the GDPR rights”. This request will be provided with suitable feedback according to the timing established by the GDPR.
By way of example, the interested person has the right to:
a) Revoke the consent previously given, without prejudice to the lawfulness of the treatment based on
consent before revocation;
b) Ask the Owner to access, rectify, delete personal data or limit the processing of personal data concerning him or to oppose their treatment;
c) To obtain data portability;
d) Propose a claim to the Guarantor for the protection of personal data if it considers that its rights have been violated.
The updated list of persons appointed as Responsible pursuant to article 28 of the GDPR is available at the company’s headquarters and is knowable through a specific request.