Notice on the Processing of Personal Data – GDPR

Borgata Castello is constantly committed to protecting the online privacy of its users. This document has been drafted pursuant to Article 13 of EU Regulation 2016/679 (“Regulation”) to inform you about our privacy policy, to understand how your personal information is managed when you use our website (, hereinafter (“Site”), and, if applicable, to provide explicit and informed consent to the processing of your personal data. The information and data you provide or otherwise acquired during the use of Borgata Castello’s services, such as requests for information, quotes, and/or access to areas of the Site (“Services”), will be processed in compliance with the provisions of the Regulation and the confidentiality obligations that guide Borgata Castello’s activities.

According to the Regulation, the processing carried out by Borgata Castello will be based on the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, integrity, and confidentiality.

1. Data Controller

The data controller for the processing carried out through the Site is Borgata Castello of Giacomo Guzzarti as defined above. For any information regarding the processing of personal data by Borgata Castello, including the list of data processing managers, you can write to the following address:

2. Personal Data Subject to Processing

Following the navigation of the Site, we inform you that Borgata Castello will process personal data that may consist of an identifier such as a name, an identification number, an online identifier, or one or more factors specific to your physical, physiological, genetic, mental, economic, cultural, or social identity suitable to make the identified or identifiable subject (“Personal Data”).

Personal Data Processed Through the Site:

a. Browsing Data
The computer systems and software procedures used to operate the Site acquire, during their normal operation, some Personal Data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified individuals, but by its very nature, could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users connecting to the Site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the user’s operating system and computer environment. These data are used solely to obtain anonymous statistical information on the use of the Site and to check its correct functioning, to identify anomalies and/or abuses, and are deleted immediately after processing.
The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site or third parties: except for this possibility, currently, the data on web contacts do not persist for more than a few days.

b. Data Voluntarily Provided by the User
When using certain Services of the Site, the processing of Personal Data of third parties you send to Borgata Castello may occur. In these cases, you act as an independent data controller, assuming all the legal obligations and responsibilities. In this regard, you provide the broadest indemnity against any dispute, claim, or request for compensation for damages from processing, etc., that may be brought against Borgata Castello by third parties whose Personal Data have been processed through your use of the Site’s functions in violation of applicable personal data protection regulations. In any case, if you provide or otherwise process Personal Data of third parties in the use of the Site, you guarantee from now on – assuming all related responsibilities – that this particular hypothesis of processing is based on an appropriate legal basis pursuant to Article 6 of the Regulation, which legitimizes the processing of the information in question.

c. Cookie
Definitions, Characteristics, and Application of the Regulations.
Cookies are small text files that the sites visited by the user send and record on their computer or mobile device, to be transmitted back to the same sites upon the next visit. Thanks to cookies, a site remembers the user’s actions and preferences (such as login data, chosen language, font size, other display settings, etc.) so that they do not need to be re-entered when the user returns to the site or navigates from one page to another. Therefore, cookies are used to perform computer authentications, session tracking, and the storage of information regarding the activities of users who access a site. They may also contain a unique identification code that allows tracking of the user’s navigation within the site for statistical or advertising purposes. During navigation on a site, the user may also receive cookies from websites or web servers other than the one they are visiting (so-called “third-party cookies”). Some operations cannot be performed without the use of cookies, which are therefore technically necessary in certain cases for the operation of the site itself.
There are various types of cookies, depending on their characteristics and functions, and these can remain on the user’s computer for different periods of time: so-called session cookies, which are automatically deleted when the browser is closed; and so-called persistent cookies, which remain on the user’s device until a preset expiration date.
Under current Italian regulations, the use of cookies does not always require the explicit consent of the user. Specifically, “technical cookies,” which are used solely to carry out the transmission of a communication over an electronic communications network, or as strictly necessary to provide a service explicitly requested by the user, do not require such consent. In other words, these are indispensable cookies for the operation of the site or necessary to perform activities requested by the user. Among the technical cookies that do not require explicit consent for their use, the Italian Data Protection Authority (see Determination of simplified procedures for the information and acquisition of consent for the use of cookies of May 8, 2014, and subsequent clarifications, hereinafter referred to as “Provision”) also includes:

  • “analytics cookies” when used directly by the site manager to collect information, in aggregate form, on the number of users and how they visit the site;
  • functionality cookies, which allow the user to navigate based on a set of selected criteria (e.g., language) to improve the service provided to the user.

For “profiling cookies,” on the other hand, which are designed to create user profiles and are used to send advertising messages in line with the preferences expressed by the user while browsing the web, prior user consent is required.

3. Purpose of the Processing

The processing that we intend to carry out, subject to your specific consent where necessary, has the following purposes:

  • To enable the provision of the Services;
  • To respond to requests for assistance or information;
  • To fulfill any legal, accounting, and tax obligations;
  • To send promotional and marketing communications, including newsletters and commercial proposals, through automated tools (e.g., email, etc.) and non-automated tools (e.g., postal mail, telephone with operator, etc.); please note that the Data Controller collects a single consent for the marketing purposes described here, pursuant to the General Provision of the Italian Data Protection Authority “Guidelines on promotional activities and the fight against spam” of July 4, 2013; if you wish to object to the processing of your data for marketing purposes carried out with the means indicated here, as well as to revoke the consent given, you may do so at any time by contacting the Data Controller at the contact details indicated in this notice, without affecting the lawfulness of the processing based on the consent given before revocation.

4. Legal Basis and Mandatory or Optional Nature of Providing Data

The legal basis for processing Personal Data for the purposes referred to in section 3 (a–b) is Article 6(1)(b) of the Regulation, as the processing is necessary for the provision of Services or for responding to the data subject’s requests. Providing Personal Data for these purposes is optional, but any refusal to provide such data would make it impossible to provide the Services.

The purpose referred to in section 3.c represents a legitimate processing of Personal Data pursuant to Article 6(1)(c) of the Regulation. Once Personal Data has been provided, the processing is indeed necessary to comply with a legal obligation to which Borgata Castello is subject. The legal basis for processing for the purposes referred to in section 3.d is Article 6(1)(a) (user consent). For processing carried out for the same purposes involving the direct sending of promotional material or direct sales or the completion of market research or commercial communications relating to Borgata Castello products or services similar to those you have purchased, the Data Controller may use, without your consent, your postal and email addresses, pursuant to and within the limits permitted by Article 130, paragraph 4 of the Code and the provisions of the Italian Data Protection Authority’s ruling of June 19, 2008. The legal basis for processing your data for this purpose is Article 6(1)(f) of the Regulation.

5. Recipients of Personal Data

Your Personal Data may be shared, for the purposes specified in section 3 above, with:

  • Parties that typically act as data processors, namely: i) individuals, companies, or professional firms that provide assistance and consultancy services to Borgata Castello in accounting, administrative, legal, tax, financial, and credit recovery matters related to the provision of Services; ii) parties with whom it is necessary to interact for the provision of Services (e.g., hosting providers); iii) parties delegated to carry out technical maintenance activities (including maintenance of network equipment and electronic communication networks) (collectively, “Recipients”);
  • Entities, bodies, or authorities to whom it is mandatory to disclose your personal data under legal provisions or orders from the authorities;
  • Individuals authorized by Borgata Castello to process Personal Data necessary to carry out activities strictly related to the provision of Services, who have committed to confidentiality or have an adequate legal obligation of confidentiality (e.g., Borgata Castello employees).

6. Transfer of Personal Data

Your Personal Data is not shared with Recipients located outside the European Economic Area.

7. Data Retention

Personal Data processed for the purposes referred to in section 3(a–b) will be retained for the time strictly necessary to achieve those same purposes. In any case, as these are treatments carried out for the provision of Services, Borgata Castello will process Personal Data up to the time allowed by Italian law to protect its interests (Art. 2946 of the Italian Civil Code and subsequent amendments).
Personal Data processed for the purposes referred to in section 3(c) will be retained for the time required by the specific applicable legal obligation or regulation.
Personal Data processed for the purposes referred to in section 3(d) will be retained until the consent is withdrawn by the interested party, or, in the absence of such withdrawal, for a period deemed appropriate.
More information regarding the retention period of data and the criteria used to determine this period can be requested by writing to the following address:

8. Rights of the Interested Parties

Pursuant to Articles 15 and following of the Regulation, you have the right to request from Borgata Castello at any time, access to your Personal Data, rectification or deletion of the same or to oppose its processing, you have the right to request the limitation of processing in the cases provided by Art. 18 of the Regulation, as well as to obtain in a structured, commonly used and machine-readable format the data concerning you, in the cases provided by Art. 20 of the Regulation.
Requests should be sent in writing to the following address:

In any case, you always have the right to lodge a complaint with the competent Supervisory Authority (Garante per la Protezione dei Dati Personali), pursuant to Art. 77 of the Regulation, if you believe that the processing of your Personal Data is contrary to the legislation in force.

9. Changes

Borgata Castello reserves the right to modify or simply update the content of this policy, in part or completely, also due to changes in the applicable legislation. You will be informed of such changes through their publication on the Site. Borgata Castello therefore invites you to regularly visit this section to take note of the most recent and updated version of the privacy policy in order to be always updated on the data collected and their use.