viesca-toscana-logo-bianco
Book

Privacy Policy

PRIVACY POLICY

Pursuant to Regulation (EU) 2016/679 (General Data Protection Regulation – hereinafter “GDPR”), this page describes the methods of personal data processing for the user (hereinafter “data subject”) who consults the website of “Il Borro S.r.l.” (hereinafter, also “Il Borro” or “Data Controller”), electronically available at the following address: Home – Viesca.

The present information does not concern other websites, pages or online services that can be reached through hypertext links eventually published in the websites but refer to resources outside the domain of the Data Controller.

We inform you that, regarding the processing of Personal Data, the legislation mentioned regulates the obligations envisaged for those who “process” information referring to other subjects, in order to ensure their confidentiality in accordance with the general principles of fairness, lawfulness and transparency. Among the obligations envisaged is that of informing the person to whom Data are referred about the purposes and methods of use made for the relevant information, the security measures adopted to protect and safeguard the Data collected, and the methods for exercising the rights recognized by the regulations in force.

“Processing” of Data means its collection, recording, organization, storage, consultation, deletion and destruction or the combination of two or more of these operations.

  1. THE DATA CONTROLLER

The Owner processes Personal Data as part of the use of the website as well as those used for the provision of information related to services provided by:

  • Il Borro S.r.l;
  • Il Borro Tuscan Bistro S.r.l.
  • From Borro S.r.l;
  • Osteria del Borro S.r.l.;
  • Pinino S.r.l.
  1. PURPOSE AND LEGAL BASIS FOR PROCESSING

Your Data is processed for the following purposes:

  1. a) to allow you to access the services made available by the Joint Controllers through their website (e.g. booking a stay, accessing the information material available, subscribing to the Newsletter);
  2. browsing on this website;
  3. in order to comply with the obligations provided for by laws, regulations, contract and Community legislation as well as provisions issued by authorities empowered to do so by law and by supervisory and control bodies and which, therefore, in accordance with the Privacy Code and the GDPR do not require consent for their processing;
  4. where you consent, for Marketing purposes, relating to the sending of promotional material or communications concerning the goods and services offered by the Joint Controllers;
  5. profiling activities, meaning the analysis of your preferences, inclinations and behaviour, in order to offer you products or services in line with your needs.

Specifically, for the above purposes, data are processed on the basis of the following lawfulness assumptions:

  • Art.6, par. 1. (B) of the GDPR , since, with reference to the purposes a), b), c), of the preceding paragraph, the processing is necessary for the implementation of contractual or pre-contractual measures;
  • Art.6, par. 1. (C) of the GDPR , given that, in relation to the purpose referred to in section (f), the processing is necessary for the purpose of fulfilling obligations of a legal nature incumbent on the Data Controller of the Processing;

It follows that, in relation to the aforementioned purposes, the processing is mandatory. Failure, inexact or incomplete provision of data will result in the Data Controller being unable to allow you to access the purchase of products and the expected information services.

  • Art. 6, par. 1 Lett. A) of the GDPR, in that, with regard to the marketing and profiling purposes under (d) and (e), processing is only possible where you consent.

It follows that, for these purposes, the provision of data is optional and failure to provide them does not affect the possibility of accessing the services offered by the Site.

3. TYPES OF DATA PROCESSED

Browsing data

The computer systems and software procedures used to operate this site acquire, during their normal functioning, some personal data whose transmission is implicit in the use of Internet communication protocols.

This category of data may include technical data (e.g. IP addresses or domain names of computers and terminals used by users, URI/URL notation addresses of requested resources, time of request, method used in submitting the request to the server, size of the file obtained in response, numerical code indicating the status of the response given by the server) and other parameters relating to the user’s operating system and computer environment.

Data provided by the user

The optional, explicit and voluntary sending of messages to the contact addresses, as well as the completion and submission of the forms on the site, imply the acquisition of the sender’s contact data, necessary to reply, as well as all personal data included in the communications.

Cookies and other tracking tools

With respect to which you are advised to take a look at the Cookie Policy.

4. METHODS OF PROCESSING

Your Data will be processed:

  1. both manually and electronically and will be stored both within a paper archive and through the use of a digital database;
  2. by individuals authorized to perform these tasks, who are constantly identified, properly trained and made aware of the constraints imposed by the GDPR and the Privacy Code;
  3. with the use of appropriate security measures (technical and organizational) to ensure a level of security appropriate to the risk of processing, in accordance with Article 32 GDPR.

5. DATA RETENTION PERIOD

In compliance with the provisions of Article 5, paragraph, 1 letter e) GDPR, the personal data collected will be stored in a form that allows the identification of data subjects for a period of time not exceeding the achievement of the purposes for which the personal data are processed. The retention of data of a personal nature provided depends on the purpose of the processing referred to in point 2.

In the specific case of data processing for recruitment and selection purposes, the data will be processed for the time needed to contact you and the subsequent interview, or for future recruitment needs, for up to 2 years.

All other data retention periods are stipulated by current legislation or existing best practices. For any doubts, you may contact the Data Controller in the manner described in section 8 below.

6.SUBJECTS TO WHOM THE DATA MAY BE DISCLOSED

Data for exclusive functional, managerial, fiscal and legal reasons, as part of the execution of the purposes referred to in section 3 may be communicated to subjects and companies related to the activity. These subjects will operate as Data Processors ex art. 28 GDPR, whose names may be made known to the interested party through an express request to be forwarded to ilborro@ilborro.it.

However, data will not be transferred to countries outside the EU.

7. RIGHTS OF THE DATA SUBJECT

We inform you that, in relation to the aforementioned processing operations, you may exercise the rights set forth in Articles 15-21 of the GDPR and, specifically, you have the right to obtain from the Data Controller confirmation as to whether or not personal data concerning you are being processed and, if so, to obtain access to the personal data and the following information:

  1. the purposes of the Processing;
  2. the types of personal data involved
  3. The recipients or categories of recipients to whom the personal data have been or will be disclosed;
  4. The planned retention period of personal data;
  5. the existence of the data subject’s right to request from the Data Controller the rectification, erasure, or restriction of the Processing of personal data concerning him or her or to object to its Processing;
  6. if data are not collected from the data subject, all available information about their source;
  7. the existence of automated decision-making, including profiling, and, at least in such cases, meaningful information about the logic used, as well as the significance and expected consequences of such processing for the data subject.

8. METHODS FOR EXERCISING THE RIGHTS

You will be able to exercise your rights under Articles 15-21 of the GDPR at any time (including by using the application form made available by the Guarantor at www.garanteprivacy.it) by sending e-mail to at: ilborro@ilborro.it.

9. CLAIM

We would like to remind you that if you believe that the processing of data about you has violated the provisions of the GDPR Regulations, you can always lodge a complaint with the Data Protection Authority or with the authority of the country in which you habitually reside, work, or the place where the alleged violation would have occurred.

10. CHANGE

This policy is subject to changes and updates. The version published is the version in effect on the date of update indicated. Therefore, please check this policy periodically to be informed of any changes.

Last update: March 2025.

viesca-toscana-logo-bianco

Join the Viesca Tuscany family

Sign up for our newsletter to find out what’s new on our estate and experience the most authentic Tuscany together.

Via Pistelli, 75 Loc. Viesca – Reggello 50066 (FI) – T +39 055 8615537T +39 366 7709600T +39 345 6605513 F +39 055 8615552 E info@viescatoscana.com

© 2025 Viesca | p. iva 01261410516 | web design and development Estrogens&Partners

follow us on

Facebook-f Instagram
Book
viesca-toscana-logo-bianco
Facebook-f Instagram

Upsell con sconti e garanzia della migliore tariffa.
Più flessibilità nel processo di prenotazione.
Esperienza per gli ospiti più personalizzata

Prenota il tuo soggiorno

Modifica prenotazione

viesca-toscana-logo-bianco
Facebook-f Instagram

Upsell with discounts and best rate guarantee.
More flexibility in the booking process.
More personalized guest experience

Book your stay

Edit reservation