top of page


We respect your privacy in accordance with Regulation (EU) 2016/679 (known as GDPR in English). Based on the provisions of Articles 13 and 14 of the so-called Regulation, we communicate the following:


Data controller: Podere Castellare srl

Based in VIA CASE SPARSE 12, Pelago (FI)


VAT number 05242880481


We are committed to protecting and safeguarding any personal information you provide to us. We also invite you to read the Cookie Policy which explains how we use cookies.


Warning: if you do not agree with this Privacy Policy, we kindly ask you to leave the site.


NB: Our services are intended only for adults (18 years and over).



Personal data: any information that, directly or indirectly, also in connection with any other information, including a personal identification number, makes a natural person identified or identifiable constitutes personal data.


We do not collect your personal data when you browse our site anonymously. If you make a booking, we collect the following information when you fill out our form as part of the booking process:

name and surname

email address

cellphone number

any information disclosed voluntarily (by you in the free text sections) that may contain sensitive data such as disabilities, dietary preferences, etc.

credit card details if you decide to choose this payment option through our booking engine

If you send a request for information by email, the following information is collected to provide you with feedback:

name and surname

email address

any information disclosed voluntarily (by you in the free text sections) that may contain sensitive data such as disabilities, dietary preferences, etc.

We receive bookings from third parties: OTAs, travel agencies, social media sources and more. In these cases, a minimum set of personal data is transmitted to us such as the name and surname of the guest and, in some cases, telephone number and / or e-mail address in line with your settings on third-party services. .



The data you provide through our site and also by telephone, fax, email, chat, personal contact, by third parties such as OTAs, travel agencies, etc., will be processed by our staff for the following purposes (among others): provide a quote; carry out tourist booking services; compile documentation suitable for fulfilling the obligations established by the rules of the Consolidated Law on Public Safety (notification slips to the Public Safety Authority, in fulfillment of the relative obligation of communication referred to in Article 109 of the TULPS) or notifications to ISTAT ( responding to the dictates of Regulation (EU) 692/2011); calculate the tourist tax; prepare invoices or receipts and keep statistics to measure the performance of our structure.


The details of your credit card (name and surname, card number and expiration date) are collected through the Stripe payment system ( The stripe system provides a secure and PCI compliant off-site storage service for credit card data.


To facilitate contact tracing activities (anti-COVID19), we keep the data of customers who come to dinner and do not stay (name, surname, mobile number, date and time) for at least 30 days. Everything remains marked on the reservation book of our restaurant.



The processing operations connected to the web service provided by Ltd take place at the company's headquarters and on the Data Centers of the Register company which are located in Italy.  The Platform may share some of the data collected with services located outside Italy, in particular the Google Analytics service.


Google Analytics is a web analysis service provided by Google Inc. ("Google") with the place of processing in Ireland. Google uses the personal data collected for the purpose of evaluating the use of the site, compiling reports and sharing them with other services developed by Google. This Google Analytics integration makes your IP address anonymous. Anonymization works by shortening the IP address of users within the borders of the member states of the European Union or in other countries adhering to the agreement on the European Economic Area.



We collect, use and share the data in our possession in the manner described based on the following legal bases:

Execution of a contract to which you are a party - the provision of data is mandatory, as it is required for the establishment of the pre-contractual and contractual short-term rental (stay) relationship between us. The legal basis is based on article 6 par. 1 letter f) Regulation (EU) 2016/679.

Purpose based on the consent of the interested party to send commercial and / or marketing communications. The legal basis is based on article 6 par. 1 letter a) of Regulation (EU) 2016/679.

Purposes related to legal obligations - for example, Public Administrations for their institutional purposes; notification slips to the Public Safety Authority in fulfillment of the related communication obligation referred to in Article 109 of the TULPS; for measures to counter the effects of containment and for the recovery and revitalization of the tourism sector - anti-COVID-19 measures. The legal basis is based on article 6 par. 1 letter c) Regulation (EU) 2016/679 as well as - for data relating to the state of health of the interested party falling within the particular categories of data referred to in art. 9, par. 1 of the GDPR - of art. 9, par. 2, lett. g), of the GDPR as specified in the EU Regulation 2021/953.


The Green Pass is a digital and printable (paper) certification, which contains a two-dimensional barcode (QR Code) and a qualified electronic seal. In Italy, it is issued only through the national platform of the Ministry of Health. If the Green Pass is regular and valid, the VerificationC19 app will show "Valid certificate" and the subject's name, surname and date of birth.


From 26.04.21: The activities of the catering services are allowed, carried out by any exercise, with consumption at the table exclusively outdoors, even at dinner. Catering in accommodation facilities is allowed without time limits, limited to its customers, who are accommodated there.


For customers who do not stay in our accommodation, the service takes place all outdoors in our garden. If customers want to consume at the table, indoors, the Green Pass is needed.


From 06.08.21: The control of the Green Pass by our staff through the VerificationC19 app (which avoids showing clear data relating to the health of customers) requires the presentation of an identity document in order to verify that the data personal data (name, surname, date of birth) coincide with those of the person showing the QR CODE. It's just a visual treat. The VerificationC19 app does not store Green Pass data, therefore, in the event of loss or theft, there are no associated risks to the privacy of those whose Green Passes have been verified.


Verification of the validity of the Green Pass is done a few times in paper format. In the case of medical certificates, containing health-related data, the verification is carried out by requiring the presentation of an identity document. It is only a visual treatment, we do not collect any personal data and we do not keep a copy of the document provided.


We have designated the Green Pass verifiers. For more details, you can ask at the reception.



The processing of personal data is carried out mainly using computer media for the time strictly necessary to achieve the purposes for which the data were collected.

Your email address may be stored for commercial and marketing purposes only with express and / or written consent.

We keep your credit card data (name on the card, type and number of card, expiration date, CVC code) for the time necessary to carry out the operations inherent to our business: up to 5 days after check-out. Data relating to compliance with public safety obligations are deleted 5 days after check-out.

We do not collect special categories of personal data. However, if this information is entered in a free text section of our site, such as the request form or the notes field during the booking process, this information will be deleted (if identified and recognized), 5 days after checkout. -out.

For contact tracing activities, we keep the data of customers who come to dinner and do not stay for at least 30 days.


We observe procedures to prevent your personal data from being used improperly or without authorization:

The PMS uses Secure Socket Layer (SSL) technology, which ensures that all communications cannot be intercepted or decrypted. By convention, Internet addresses (URLs) that imply an SSL connection begin with https: // instead of http: //.

Also, in the most common browsers, a green lock icon is shown on the left next to the URL to show that a full SSL connection has been established between the user's browser and our site. If your browser does not support SSL technology, you should upgrade to the latest version.

Access to the PMS hotel management system is allowed only to authorized personnel. Each authorized person has their own login credentials.

Access to the reservations book of our restaurant is allowed only to authorized personnel.


We DO NOT disclose, give or sell your personal data to companies or third parties not directly involved in the main purposes of our business. However, we may be forced to disclose personal data following a request from the Health Authority or Judicial Authority, as well as for the purpose of preventing fraud or crime in general or if we believe that such action is necessary to protect our business.



From our website it is possible to connect through specific links to other third party websites: Google Maps, Facebook and Instagram. We decline any responsibility for any management of personal data by third party sites and for the management of authentication credentials provided by third parties. We invite you to carefully read the privacy policies of these websites as their procedures for the collection, management and processing of personal data may differ from ours.



Pursuant to Regulation (EU) 2016/679, you can exercise the following rights:

access their personal data

withdraw consent for direct marketing purposes

oppose the processing of their personal data (when it occurs on a legal basis other than consent)

verify and request rectification

obtain the limitation of processing (in this case we do not process your data for any other purpose than their conservation)

obtain the cancellation or removal of their personal data

request data portability

propose a complaint.

For any request relating to the processing of personal data, you can send us an email or call us at the number  +39 055 832 6082



This Notice could be modified in the future following changes in the legislation on privacy and protection of personal data. At any time, the most updated information will always be available at this address.

bottom of page