PRIVACY POLICY

Privacy Notice 

Last updated: 5 September 2025

This privacy notice is provided pursuant to Regulation (EU) 2016/679 (the “GDPR”) and applicable Italian data protection law. It describes how Tenuta Casati processes personal data of users who visit or interact with the website https://casatilaboratory.it/it (the “Website”).


1. Data Controller

Tenuta Casati
Via Monte del Prete Basso, 730 – 47835 Saludecio (RN), Italy
Contact e-mail: executive@tenutacasati.com
A Data Protection Officer (DPO) has not been appointed at this time. If a DPO is appointed, contact details will be added here.


2. Categories of data processed

  • Dati di navigazione: indirizzi IP, orari di accesso, URI/URL richieste, codice di risposta del server, informazioni sul dispositivo, sul browser e sul sistema operativo; dati raccolti tramite log e sistemi di sicurezza.

  • Cookies and similar technologies: technical and functional cookies and—subject to consent—analytics and profiling cookies, including third-party cookies. See the Cookie Policy for details and consent management.

  • Data you provide voluntarily: name, surname, e-mail address, phone number and other information entered in contact forms, requests for quotes/visits, newsletter sign-ups, or sent via e-mail.

  • Transactional and billing data (if e-commerce or paid bookings are available): address, order data, tax details and payment status. Payment card data are processed directly by the payment service provider and are not stored by the Controller.

  • Social interactions (if social buttons/plugins are used): profiling data collected by the relevant social networks in accordance with their own policies.


3. Purposes and legal bases

PurposesLegal bases (art. 6 GDPR)
Operation of the Website, delivery of content, platform security, fraud preventionLegitimate interests of the Controller to ensure proper operation and security.
Handling requests submitted via forms or e-mail (contacts, quotes, visit bookings)Taking steps at the request of the data subject prior to entering into a contract or performance of a contract.
Administrative, tax and accounting obligations relating to orders/servicesLegal obligation
Sending newsletters and promotional communicationsConsent of the data subject (can be withdrawn at any time).
Aggregate traffic analysis (non-anonymised analytics cookies)Consent
Establishment, exercise or defence of legal claimsLegitimate interests.

Where processing is based on legitimate interests, a balancing test has been carried out to weigh the Controller’s interests against the rights and freedoms of data subjects. Further information is available on request.


4. Necessity of providing data

Providing the data marked as mandatory in forms is necessary to handle your request; failure to provide such data may make it impossible to supply the requested service. Providing data for marketing and non-essential analytics purposes is optional and subject to your consent.


5. Processing methods and security

Data are processed using electronic and paper means by authorised personnel and/or external parties (see section 6) in accordance with the principles of lawfulness, fairness, transparency and data minimisation. Appropriate technical and organisational measures are in place to protect data (e.g., TLS-encrypted communications, authentication and authorisation systems, backups and monitoring).


6. Recipients and categories of service providers

Data may be disclosed to:

  • IT providers (hosting, maintenance, e-mail, CRM, newsletter platforms)

  • Analytics and measurement providers (subject to consent)

  • Payment providers and banks (for payment management, where applicable)

  • Professional advisers (administrative, tax, legal) strictly for the relevant purposes

  • Public authorities, where required by law or pursuant to orders

Depending on the case, these parties act as processors under Art. 28 GDPR or as independent controllers. An up-to-date list of processors is available on request by writing to executive@tenutacasati.com .


7. Transfers outside the European Economic Area (EEA)

Some providers may be located or host data outside the EEA. Where this occurs, transfers take place in compliance with Arts. 44–49 GDPR, on the basis of adequacy decisions issued by the European Commission and/or through Standard Contractual Clauses (SCCs) and additional safeguards. Copies of the relevant safeguards are available on request.


8. Retention periods

  • Dati di contatto e richieste: per il tempo necessario alla gestione della richiesta e fino a 24 mesi dall’ultimo contatto utile.

  • Contract and billing data (if applicable): for 10 years (civil and tax obligations).

  • Dati per finalità di marketing/newsletter: fino a 24 mesi dalla raccolta o fino a revoca del consenso.

  • Security-related data (access logs): up to 12 months, unless longer is required for legal purposes.

  • Cookies: according to the durations indicated in the Website’s Cookie Policy.

When the above periods expire, data will be deleted or anonymised, unless otherwise required by law.


9. Your rights

You may exercise your rights under Arts. 15–22 GDPR at any time: access, rectification, erasure, restriction, portability, objection to processing based on legitimate interests, and withdrawal of consent (without affecting the lawfulness of processing before withdrawal).

To exercise your rights, write to executive@tenutacasati.com with the subject line “Privacy – rights request”. The Controller will respond within the statutory time limits.

You also have the right to lodge a complaint with the Garante per la Protezione dei Dati Personali (the Italian Data Protection Authority, www.garanteprivacy.it ) or with the supervisory authority of your habitual residence or place of work.

 

10. Cookies and tracking technologies

When you access the Website, a consent banner allows you to manage cookies and similar technologies. You can change your preferences or withdraw consent at any time via the dedicated function on the Website and in the Cookie Policy, which details the categories of cookies, third parties involved and their durations.


11. Links to third-party sites and social media

The Website may contain links to third-party sites or social profiles. The Controller has no control over such sites and is not responsible for their data-processing practices. Please refer to the respective privacy notices.


12. Changes to this notice

The Controller may update this notice to reflect legal or technical changes. In case of material changes, users will be informed via a notice on the Website. The current version is shown at the top of this document.


13. Contact

For any enquiries regarding personal data protection and to exercise your rights, please contact:

Tenuta Casati
Via Monte del Prete Basso, 730 – 47835 Saludecio (RN), Italy
E-mail: executive@tenutacasati.com

Version: 1.0 – 5 September 2025