Privacy Policy



Il Borro S.r.l. – Societá Agricola, Loc. Borro 1 – 52024 San Giustino , Tel.: 055.977053 Fax: 055.977864, Register of Companies No. AR-94016 P.Iva: 01261410516 (Company);


1.  Personal data processed for the functioning of the Website
During normal operations, the computer systems and software procedures used to run this Website gather various personal data whose transmission is implicit in the use of Internet communication protocols. This information is not gathered with the intention of associating it with identified users but, by its nature, could lead to Website users being identified through the processing and association with data held by the Company or third parties. This data category includes IP addresses or domain names of the computers used to connect to the Website, URI (Uniform Resource Identifier), addresses of the requested resources, timestamps of the requests, the method used to submit the requests to the server, size of the file obtained in response, numerical code indicating the status of the server response (successful, error etc.), and other parameters pertaining to the user’s operating system and the IT environment.

2. Data provided directly by the user
As requested by various sections of this Website, the optional, explicit and voluntary sending of data is used to process the user’s requests, for example, to request information or clarification by calling the numbers indicated on the Website or by writing to the email addresses indicated, for purposes such as booking our facilities, participating in events, or purchasing products online. We hereby declare that the Website may be used only by those who are at least 18.

2.  Geolocation data
In order to provide geo-localized services, this Website may process data related to your geographical position. Most browsers and devices provide the user with default tools to prevent geographical tracking. If the user has expressly authorized geolocation, this Website may receive information regarding their actual geographical position.


Functioning of the Website
The data collected while visiting and browsing the website are used to obtain anonymous statistical information on the use of the Website and to check its correct functioning. Legal basis of the purpose: execution of a contract in which you are a party (use of the Website). Retention period of personal data: for the entire duration of the browsing session on the Website. For more information, see the Cookie Policy

Contractual purposes
The data provided directly by the user are used for the following purposes: a. fulfill the requests of the interested party (contact request);
a. book stays and/or experiences at our facilities;
b. book stays and/or experiences at our facilities;
c. make online payments;
d. for shipping of goods/products purchased;
e. acquire and examine spontaneous applications for collaboration;
Legal basis of the purposes: execution of a contract in which you are a party/execution of pre-contractual terms. Personal data retention period: for the purposes of items a. to f., for the entire duration of the contractual relationship and subsequently on the basis of the legal limitation periods. For the purpose of item e., the data will be kept for a period of 2 years from the time of application.

Marketing and/or profiling purposes
Direct marketing (including subscriptions to newsletters): merely as an example, sending – with automated methods of contact (such as SMS, MMS, e-mail, also through the subscription to newsletter services that have purely promotional and commercial content, instant messaging and social apps) and traditional methods of contact (such as telephone calls with operators and traditional mail) – promotional and commercial communications relating to services/products offered by the Company or concerning corporate events, as well as carrying out market studies and statistical analysis. Legal basis of the purpose: consent of the interested party (optional, free and revocable at any time). Retention period of personal data: until consent is revoked

Profiling: by way of example, analysis of your preferences, habits, behaviours, and interests in order to send you personalised commercial communications, targeted promotions/actions/offers and services suited to your needs/preferences. Legal basis of the purpose: consent of the interested party (optional, free and revocable at any time). Retention period of personal data: for a maximum of 24 months from the collection of each datum or until consent is revoked

Communication/transfer of personal data to third parties and in particular to partner companies or companies connected with Il Borro S.r.l. (Osteria del Borro S.r.l., Dal Borro S.r.l., Viesca S.r.l.) for marketing purposes pertaining to the products and/or services of each third party.

Purposes related to a legal obligation The data provided directly by the user are used to fulfil obligations set out by regulations and all applicable national and supranational legislation (e.g. for tax compliance). Legal basis of the purpose: need to fulfill legal obligations Retention period of personal data: Duration set out by the law (10 years for administrative-accounting compliance)

Purposes related to a legitimate interest of the Data Controller
The data provided directly by the user may be used to ascertain, exercise or defend the rights of the Data Controller both in and/or out of a court of law. Legal basis of the purpose: legitimate interest of the Data Controller (judicial and/or extrajudicial protection) Retention period of personal data: for the entire duration of the dispute, up to the expiry of appeal terms.

The personal data connected to spontaneous applications will be kept for two years as the candidates may be evaluated for possible future recruitment. Legal basis of the purpose: legitimate interest of the Data Controller (judicial and/or extrajudicial protection) Retention period of personal data: 2 years

At the end of the aforementioned retention period, your personal data will be destroyed, cancelled or made anonymous.

With the exception of browsing data, which are necessary to implement IT and telematic protocols, the provision of personal data by users is optional. However, failure to provide the data requested and marked as mandatory will render the provision of the services requested by the user impossible

Your data may be communicated to subjects operating as Data Controllers (such as, by way of example, supervisory and control authorities and any public entity entitled to request them) or processed, on behalf of the Company, by subjects designated as Data Managers, who will also be provided with adequate operating instructions. In particular, the data may be disclosed to the following categories of subjects:
a) partner companies or companies connected to Il Borro Srl, which act as independent Data Controllers (subject to your consent for communication) or External Data Managers;
b) natural and/or legal persons who provide various types of services in favour of the Company (e.g. service providers for the management of the Website, such as system outsourcers; companies that deal with connectivity services to the internet network; e-mail service providers; companies providing technical assistance, companies that offer support in carrying out market studies, companies that deal with online booking solutions). These subjects may also operate as Data Managers;
c) subjects and/or public/private bodies to whom the data will be communicated in order to fulfill or to demand the fulfillment of specific obligations established by the law, regulations and EU legislation. These subjects act as independent data controllers.

The data will be processed by in-house employees, Company collaborators or external subjects who perform tasks of a technical and organizational nature related to the Website, on behalf of the Company.

Some data browsing-related may be transferred abroad to non-European countries, particularly to the USA, a country whose level of data protection has been deemed adequate by the European Commission – pursuant to Article 45 of the GDPR (Privacy Shield) The European Commission’s decision concerning such adequacy can be consulted at the following link:

By contacting the Company by email at, interested parties can ask the Data Controller to access the data concerning them, as well as demand their cancellation, correction in case of inaccuracy, integration of incomplete data, limitation of processing in the cases provided for by Article 18 GDPR, as well as opposing their processing in the hypothesis of legitimate interest of the owner. Whenever the processing is based on consent or contract and it is carried out with automated tools, data subjects have the right to receive the data in a structured, commonly used, machine-readable and inter-operable format, in addition, if technically possible, to transmit them to another controller without hindrance. 

Data subjects have the right to revoke the consent given for marketing and/or profiling purposes at any time, as well as to object to the processing of data for marketing purposes, including profiling connected to direct marketing. 

Data subjects who prefer to be contacted for the aforementioned purpose exclusively via traditional methods may express their objection solely for the reception of communications via automated systems. Withdrawal of consent shall not affect the lawfulness of the processing based on consent prior to withdrawal. 

Data subjects have the right to lodge a complaint with a supervisory authority in the Member State of their habitual residence, place of work or place where the alleged infringement occured.