Castello della Paneretta

privacy policy


According to article 13 of Regulation (EU) 2016/679



According to Regulation (EU) 2016/679 (hereafter “Regulation”), this page describes the methods of processing personal data of users who consult the websites of Castello Della Paneretta Di Musso Maria Carla accessible electronically at the following addresses:

This information does not concern other sites, pages or online services accessible through hypertext links possibly published on the sites but referring to resources external to the domain of the Data Controller. This Policy also applies as information for the processing of cookies in compliance with the Provision of the Guarantor n.229 of 08/05/2015


Following consultation of the sites listed above, data relating to identifiable or identifiable natural persons may be processed. In this regard, we inform you that the Data Controller is Castello Della Paneretta Di Musso Maria Carla with headquarters in Strada Della Paneretta, 35 – 50021 Barberino Val D’Elsa (FI) which can be contacted at the following numbers: Telephone +39 055 8059003 email


The Data Controller in accordance with the Art. 5.1 e) of the GDPR will process the data you provide for the duration of the execution of the requested services and their conservator for the next 12 months for the purpose of completing the administrative activities, in addition to the terms necessary to fulfill legal obligations.


The treatments carried out by the owner with the data collected from this site using the forms prepared or sent voluntarily take place at the aforementioned headquarters of the owner and are only handled by personnel in charge for this purpose or by any person in charge of occasional maintenance operations. Your personal data will also be processed within the territory of the European Union. If for technical and / or operational reasons it is necessary to make use of subjects located outside the European Union, or it is necessary to transfer some of the data collected to technical systems and services managed in the cloud and located outside the area of the European Union, the treatment will be regulated in accordance with the provisions of Chapter V of the Regulation and authorized on the basis of specific decisions of the European Union. Therefore, all necessary precautions will be taken in order to guarantee the most complete protection of personal data by basing this transfer: a) on adequacy decisions of the recipient third countries expressed by the European Commission; b) on adequate guarantees expressed by the recipient third party pursuant to art. 46 of the Regulation; c) on the adoption of binding corporate rules, the so-called Corporate binding rules.


The collection of information through the site can be done in one of the following ways:

  1. a) Explicit procedure
  2. b) Implicit mode
  3. c) Information sent voluntarily by the interested party


This information is collected through an explicit request when the user uses the website and may include: the name, address, telephone number, e-mail address etc. This information is required when you order a product, request a service, participate in promotional activities, fill in questionnaires, join the virtual community etc. Where the user visits a part of the web site that requires the acquisition of personal data, an explicit request appears in this regard and the user is invited to express his consent if required.


5.2.1. Navigation data

During their normal operation, the IT systems and software procedures used to operate this site acquire some personal data whose transmission is implicit in the use of Internet communication protocols and which are in no way used or managed by the Holder of the treatment.

This is information that is not collected to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified.

This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters relating to the operating system and the user’s computer environment.

Other information collected in this way may concern: the “Uniform Resource Locator” (URL) of the site from which the user comes, which pages of the Site were visited, what is the next URL to which the user has connected , which browser was used to reach the web site.

These data, necessary for the use of web services, are also processed, in aggregate form, for the purpose of:

  • obtain statistical information on the use of the services (most visited pages, number of visitors by time or day, geographical areas of origin, etc.);
  • check the correct functioning of the services offered.

The navigation data do not persist and are deleted immediately after their aggregation (except for any need for the detection of crimes by the judicial authority). See the table below to check the storage times.

5.2.2. COOKIES

What cookies are

Cookies are information entered on your browser when you visit a website or use a social network with your PC, smartphone or tablet. Each cookie contains different data such as, for example, the name of the server from which it originates, a numeric identifier, etc. Cookies can remain in the system for the duration of a session (i.e. until the browser used for browsing the web is closed) or for long periods and may contain a unique identification code.

What are they for

Cookies are used to perform computer authentication, session monitoring and storage of specific information on users who access a web page. They are often useful, because they can make browsing and using the web faster and faster, because for example they intervene to facilitate certain procedures when shopping online, when authenticating to restricted access areas or when a website automatically recognizes the language you usually use.

How cookies are classified

Cookies are classified into:

  • Technical: these are the cookies that are used to navigate or provide a service requested by the user. They are not used for other purposes and are normally installed directly by the website owner. Without the use of these cookies, some operations could not be carried out or would be more complex and / or less secure, such as home banking activities (display of the bank statement, bank transfers, payment of bills, etc.), for such as cookies, which allow you to make and maintain user identification during the session, are indispensable. The use of these cookies does not require the prior consent of the user;
  • Profiling: These are the cookies used to track the user’s browsing on the net and create profiles on his tastes, habits, choices, etc. With these cookies, advertising messages can be transmitted to the user’s terminal in line with the preferences already expressed by the same user when browsing online. The use of these cookies requires the prior acquisition of the user’s free informed consent.


Third-party cookies: It may also happen that a web page contains cookies from other sites and contained in various elements hosted on the page itself, such as advertising banners, images, videos, maps or specific links to web pages of other domains that they reside on servers other than the one on which the requested page is located. In other words, these cookies are set directly by website managers or servers other than this website. We speak, in these cases, of the so-called third-party cookies, which are usually used for profiling purposes. The use of these cookies requires the prior acquisition of the user’s free informed consent. Cookies and other tracking systems present

On the websites managed above, cookies are not used for user profiling, nor are other tracking methods used. Only session (non-persistent) cookies are used strictly limited to what is necessary for safe and efficient navigation of the sites. The storage of session cookies in terminals or browsers is under the user’s control, Pursuant to the Provision of the Privacy Guarantor of 08/05/2015 Published in GU No. 126 of 03/06/2014, cookies cannot be freely installed on users’ terminals, but a series of requirements are required. In the table below we communicate the types of cookies used on our website:

COOKIES PRESENT IN THE SITE AND SUBJECT THAT MANAGES THEM In this table we point out the various types of cookies on our site and for each of them we indicate whether they are managed directly by us or by third parties. If the cookie is managed by third parties we not only do not see the stored data, but we have no possibility of intervention. For this reason you will find a link to their information and their consent forms.
Consent Type Subject that releases cookies Name and type of cookies Functionality of cookies Link to the information and consent forms of third parties Deadline
Tecnici Profilazione Third party Owner
NO X 1P_JAR “Third party” Analytics cookies This cookie is used by Google to display personalized advertisements on Google sites, based on recent research and previous interactions. 1 mounth
NO X CONSENT “Third party” Analytics cookies Cookie used by youtube – google to monitor the use of its services. The data are used only in aggregate and anonymous form. 20 years
NO X _utma Google Inc. It keeps track of how many times a user has visited the site Persistent
through the domain Expires after 2 years
NO X _utmc It tracks when a user leaves the site The user can selectively disable the action of Google Analytics by installing the opt-out component provided by Google on his browser. To disable the action of Google Analytics, please refer to the link below: Expires at the end of the session
Third party analysis (end of session)
NO X _utmz It tracks the origin, the search engine used, the links visited and the keywords used by the user Persistent
It expires after 6 months
NO X _utmt Used to limit the frequency of requests Expires after 10 minutes
A Google Analytics
NO X cookie_notice_accepted “Third party” cookies Generated upon acceptance of the Cookie Policy banner. 1 month
NO X _icl_current_language “Third party” Analytics cookies This cookie stores information relating to the selected language. Expires when the browser window is closed


In addition, you also have other options to navigate without cookies by acting directly on your browser.

Block third-party cookies Third-party

cookies are generally not essential for browsing, so you can reject them by default, through specific functions of your browser.

Enable the Do Not Track option

The Do Not Track option is present in most of the latest generation browsers. Websites designed to comply with this option, when activated, should automatically stop collecting some of your browsing data. As said, however, not all websites are set up to respect this option (discretionary). Activate “anonymous browsing” mode With this function you can navigate without leaving a trace in the browser of the navigation data. The sites will not remember you, the pages you visit will not be stored in the history and the new cookies will be deleted. However, the anonymous browsing function does not guarantee anonymity on the Internet, because it only serves to not keep browsing data in the browser, while instead your browsing data will continue to be available to website managers and connectivity providers. Delete cookies directly There are special functions to do this in all browsers. Remember, however, that every time you connect to the Internet, new cookies are downloaded, so the deletion operation should be performed periodically. If desired, some browsers offer automated systems for periodic deletion of cookies. Configure the management of cookies in the browser The main browsers allow you to change the settings for managing cookies. It is possible to decide to: allow saving by websites, completely deny the saving of cookies, decide from time to time which cookies to accept. These settings vary depending on the browser used to navigate, below are the links to the information pages of the most popular:

For further information on the use of cookies by third-party services and further instructions on the management of cookies in the browser, consult the following address:

If you decide to set your browser to refuse cookies from this site, we remind you that some features may not be available and access to some sections may be limited.


The optional, explicit and voluntary sending of messages to the owner’s contact addresses, as well as the compilation and forwarding of the forms on the sites, entail the acquisition of the sender’s contact data, necessary to reply, as well as all data personal data included in the communications. Specific information will be published on the pages of the owner’s sites prepared for the provision of certain services.


There is a possibility that the site contains links to third party sites. When the user uses these links, it is forwarded to environments not controlled by our organization which is not responsible for the related contents in which the user could encounter nor the privacy procedures adopted therein. This information does not extend to the procedures on privacy adopted by linked sites. It is advisable to carefully examine the procedures of each site that is visited. Furthermore, those sites, completely independently, can send their cookies to users, collect data or request personal information.



The purpose of the processing is the reason, the purpose for which the data are collected. Depending on these purposes, in certain cases it is necessary to obtain your prior consent in order to proceed with their collection and subsequent processing. In the case of its necessity it will be explicitly requested so that you can grant it for all or only for some treatments.

6.1. Purposes for which consent is not required

  1. Navigation data

These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.

2. Personal data provided voluntarily by users processed following requests for a service or other kind

These data will be used for the sole purpose and for the time strictly necessary to perform the service or provision requested and may, for this reason, be communicated to third parties (e.g. couriers for the shipment of the requested products, other consultants necessary to respond to Your requests etc.) or to subjects belonging to our organization (e.g. office employees, production workers, etc.).

3. Processing of traffic information (which do not allow personal identification)

they are used on an aggregate and never personalized basis, to analyze user behavior in order to understand how visitors use the site and to measure the interest found on the various pages. This allows to improve the content of the website, to simplify its consultation;



The data collected following the consultation of the sites listed above are recipients of the following subjects designated by the Data Controller, pursuant to Article 28 of the Regulation, as data processors:

  • + Communication relating to the websites as a provider of development and maintenance services for the web platform and / or as a provider of development, delivery and operational management services for the technological platforms used.

Furthermore, personal data will not be disclosed, but may be communicated where necessary for the provision of the service to third parties (such as third party technical service providers, postal couriers, hosting providers, IT companies) appointed, if necessary, Data Processors by of the Data Controller for technical or organizational tasks instrumental to the provision of services.

Access to data is also allowed to categories of data controllers involved in the organization for data processing (administrative, commercial, marketing, customer service, system administrators). The updated list of Managers can always be requested from the Data Controller.

The right to communicate to third parties remains subject to specific and optional consent.



The Data Controller guarantees you that you can exercise your rights under art. 12 of the GDPR. In particular, you have the right:

– to know if the Data Controller holds and / or processes personal data relating to your person and to access it in full even by obtaining a copy (art. 15 Right to access),

– the correction of inaccurate personal data or the integration of incomplete personal data (Art. 16 Right of rectification);

– the cancellation of personal data held by the Data Controller if one of the reasons provided for by the GDPR (Right to Cancellation, Art. 17) exists;

– to ask the Data Controller to limit the processing to only some personal data, if one of the reasons provided for by the Regulation exists (Art. 18 Right to limit the processing);

– to request and receive all your personal data processed by the owner, in a structured format, commonly used and readable by an automatic device or request transmission to another owner without impediments (Art. 20, Right to Portability);

– to object in whole or in part to the processing of data for the purpose of sending advertising materials and market research (so-called Consent) (art.21 Right to object)

– to object in whole or in part to the processing of data in automatic or semi-automatic mode for profiling purposes (so-called Consent)

The exercise of these rights can be exercised by communicating to the Data Controller whose contact details are indicated in the appropriate section of this information.



Interested parties who believe that the processing of personal data referred to them through this site occurs in violation of the provisions of the Regulation have the right to lodge a complaint with the Guarantor, as required by art. 77 of the Regulation itself, or to apply to the appropriate judicial offices (art. 79 of the Regulation) which can be contacted at the address or through the website