Pursuant to and in accordance with art. 13 EU Regulation no. 2016/679 (hereinafter GDPR), please find below the information required by law relating to the processing of your personal data.
According to art. 4, clause 7 of GDPR, Agriturismo San Maurizio, with registered office in Montecatini V.C. Loc. Gello, Pod. San Maurizio, certified e-mail, is the Data Controller.
The processing of your Personal Data will be carried by means of paper, informatic and telematic tools, according to current regulation and to principles of accuracy, lawfulness, openness, relevance, completeness and no excess, exactness and with organizational and processing logics strictly linked to the undermentioned purposes. Your Data will be processed so that safety, entirety and privacy are guaranted, according to current regulation.

Purposes and legal basis of the processing

We process Personal Data (such as: name, surname, company name, email address, domicile/residence address, telephone number, bank account, payment data) that you have communicated during the reservation.
Your Personal Data will be processed for the following purposes:
a) administrative and accounting management of clients and suppliers;
b) conclusion of a contract with the Data Controller;
c) fulfillment of precontractual, contractual and fiscal obligations resulting from current relationship with you;
d) fulfillment of obligations resulting by current regulation;
e) exercise of Data COntroller’s rights, such as legal defence.

Legal basis of the processing pursuant to art. 6 of GDPR, points b) and c): Data processing is necessary to the performance of a contract of which the Data owner is part or to the performance of precontractual actions taken on data owner’s request. The processing is necessary to fulfill a legal obbligation the Data Controller is subject to.

Data storage time

The Data Controller will process your Personal Data for the time necessary to fulfill the above-metioned purposes and, in any case, for at least ten years after the end of the contract (pursuant to art. 2220 of Civil Code).

Disclosure and dissemination of the Data
For the purpose of administrative and accounting management of clients and suppliers, Data processed will not be disclosed to a third party, unless it is mandatory by law. Your Data can be disclosed to persons who need them for purposes ancillary to commercial contracts and only as far as they are strictly necessary (e.g. banks, shippers, companies in charge of bookkeeping, accountants, lawyers, hardware and software maintenance companies).
Personal data wil not be disseminated.

Data transfer abroad
Data will not be transferred abroad

Rights of the Data Subject
As a Data Subject, at any time, you may address the Data Controller in order to get full information about Data processing and exercise your rights (art. 15-22 of GDPR). Your rights include:
– access to you Personal Data;
– obtain the rectification or the erasure of your Data or the restriction of processing;
– object to the processing;
– object to Data portability;
– withdraw your consent, if possible. Data processing before consent withdrawal, based on a valid consent, remain legitimate after the withdrawal.

Data Subject, whenever he thinks that Data processing is against the law, has always the right to lodge a complaint with a competent authority (Garante per la Protezione dei Dati Personali), pursuant to art. 77 of GDPR. Contact details available at

Please note that Personal Data are defined by current European legislation as “any information relating to an identified or identifiable natural person (‘Data subject’): name, surname, domicile/residence address, tax code, number plate, e-mail address.

Obtaining informed consent during booking or online availability request
We inform you that your Data will be processed by means of digital tools, in compliance with privacy regulation (GDPR n. 679/2016), in order to provide you with the information you requested and, possibly, to define/confirm your booking. The full privacy policy is available at