Information notice on the processing of personal data

Pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR) and the applicable Italian legislation (Italian Legislative Decree 196/2003 as amended by Italian Legislative Decree 101/2018).

1. Data Controller

The Data Controller is:

Hotel Ristorante Da Santina di Mantua Santina
Via Fosso 19 – 03020 Castro dei Volsci (FR)
VAT no. IT02969960604
Tel. +39 0775 686175
Email: info@dasantina.it

2. Data Protection Officer (DPO)

The Data Controller has not appointed a Data Protection Officer, as the mandatory conditions set out in Article 37 of the GDPR do not apply. For any matter relating to the processing of personal data, you may contact the Data Controller directly using the contact details provided in section 1.

3. Types of data processed, purposes, legal bases and retention

a) Browsing data

The computer systems and software procedures used to operate this website acquire, during their normal operation, certain data whose transmission is implicit in the use of Internet communication protocols (for example, IP addresses, browser and device type, operating system, time of the request, pages visited).

  • Purpose: to ensure the correct functioning and security of the website, to obtain anonymous statistics in aggregate form on usage, and to establish liability in the event of computer crimes against the website.
  • Legal basis: Article 6.1.f GDPR – legitimate interest of the Data Controller in the security and correct functioning of the website; Article 6.1.c GDPR – compliance with legal obligations.
  • Retention period: the time strictly necessary for the purposes indicated and, as a rule, no longer than 12 months, except for the obligation to retain data for a longer period in order to comply with an order from the Authority or for the investigation of crimes.

b) Data provided through the contact form

When the user fills in the contact form, the data provided by the user is collected: first name, last name, email address, telephone number and the content of the message.

  • Purpose: to respond to requests for information, quotations or bookings sent by the user and to manage the resulting contacts.
  • Legal basis: Article 6.1.b GDPR – performance of pre-contractual measures taken at the data subject’s request; concurrently, Article 6.1.a GDPR – consent of the data subject, given by submitting the form.
  • Retention period: the time necessary to handle the request and, subsequently, a maximum period of 24 months useful for following up on any related requests, after which the data is deleted.

The data collected through the form is not used to send commercial communications, newsletters or promotional material.

c) Cookies and third-party tools

The website uses cookies and third-party tools as described in the Cookie Policy (second part of this document).

4. Nature of the provision of data

The provision of browsing data is necessary and inherent to the use of network protocols. The provision of data through the contact form is optional, but it is necessary in order to receive a reply: failure to provide the data marked as mandatory prevents the request from being processed.

5. Recipients of the data and Data Processors

Personal data may be processed by:

  • the Data Controller’s internal staff, authorised and appropriately instructed pursuant to Article 29 GDPR;
  • the provider of hosting and technical maintenance services for the website, acting as Data Processor pursuant to Article 28 GDPR — EvLogica S.r.l.s. (evlogica.com);
  • Google Ireland Ltd. and Google LLC, for the Google Analytics, Google Maps, Google Fonts and reCAPTCHA services (see Cookie Policy).

The data is in no way disseminated or transferred to third parties for their own purposes.

6. Transfer of data to third countries

The use of Google services may involve the transfer of personal data to the United States of America. Such transfer takes place in compliance with Articles 44 et seq. of the GDPR: Google LLC adheres to the EU-U.S. Data Privacy Framework, which is the subject of the European Commission’s adequacy decision of 10 July 2023, and additionally adopts the Standard Contractual Clauses approved by the European Commission.

7. Automated decision-making and profiling

The Data Controller does not carry out any automated decision-making, nor any profiling of users within the meaning of Article 22 of the GDPR.

8. Data of minors

The website and the services offered are not directed at minors under 14 years of age. The Data Controller does not knowingly collect personal data relating to minors of that age. Should the inadvertent collection of a minor’s data be detected, such data will be promptly deleted.

9. Rights of the data subject

In relation to the data processed, the data subject has the right, at any time, to:

  • obtain access to their personal data and information relating to the processing (Article 15);
  • obtain the rectification of inaccurate data or the integration of incomplete data (Article 16);
  • obtain the erasure of data («right to be forgotten») in the cases provided for (Article 17);
  • obtain the restriction of processing (Article 18);
  • receive their data in a structured format and transmit it to another controller (portability, Article 20);
  • object to processing based on legitimate interest (Article 21);
  • withdraw consent at any time, without prejudice to the lawfulness of the processing carried out before the withdrawal (Article 7.3);
  • lodge a complaint with the Italian Data Protection Authority (Garante) (www.garanteprivacy.it).

To exercise these rights, it is sufficient to send a request to the email address info@dasantina.it or to write to the contact details provided in section 1. The Data Controller will respond within the time limits set by law.

10. Changes to this information notice

The Data Controller reserves the right to modify or update this information notice, including as a result of changes in the applicable legislation. Changes will be published on this page.

Last updated: 16 July 2026.


Cookie Policy

Drafted pursuant to the Guidelines of the Italian Data Protection Authority (Garante) on the use of cookies and other tracking tools of 10 June 2021.

What cookies are

Cookies are small text files that the websites visited send to the user’s device, where they are stored to then be retransmitted to the same websites on the next visit. They allow, for example, the website to function correctly, the user’s preferences to be remembered, or statistical information about browsing to be collected. Tools similar to cookies (e.g. web beacons, SDKs, identifiers) are handled under the same rules.

Types of cookies used by this website

1. Technical and necessary cookies

They are essential for the correct functioning of the website and for providing the services requested by the user (e.g. maintaining the browsing session, storing the choices expressed on the cookie banner). They do not require the user’s consent, as they are strictly necessary (Article 122 of Italian Legislative Decree 196/2003).

2. Statistical / measurement cookies

They are used to collect information, in aggregate form, on the number of visitors and how they use the website. This website uses Google Analytics 4 (Google Ireland Ltd.). These cookies require the user’s prior consent and are installed only after the user has given it through the banner.

3. Third-party cookies and tools

The website integrates some Google services that may install cookies or establish connections to their servers:

  • Google Maps – for displaying maps;
  • reCAPTCHA – for protecting forms from spam and abuse;
  • Google Fonts – for the typographic rendering of the pages.

These tools may involve the installation of third-party cookies and the transmission of the user’s IP address to Google’s servers. Where not strictly necessary, they are activated only with the user’s prior consent.

List of cookies

List verified on the website on 16 July 2026. The names and durations of third-party cookies (Google) may change following updates to the respective services. The consent-banner cookies only appear after the relevant plugin has been installed.

Cookie Category Purpose Controller Duration
PHPSESSID Strictly necessary Maintains the browsing session This website Session
_icl_current_language Strictly necessary Stores the language selected by the user (WPML) This website 1 day
cookieyes-consent / cookielawinfo-* Strictly necessary Stores the preferences expressed in the cookie banner (set by the consent plugin once installed) This website (consent plugin) up to 12 months
_ga Statistical Distinguishes users — Google Analytics 4, via Google Tag GT-T5N2PMNL Google 2 years
_ga_<ID> Statistical Maintains the session state (GA4) Google 2 years
_GRECAPTCHA Third party (security) Anti-spam protection of forms — reCAPTCHA v3, active on all pages Google 6 months
NID Third party Google Maps preferences and security (map on the Contact page) Google 6 months

How to manage consent

On first access to the website, a banner is shown that allows the user to:

  • accept all cookies;
  • reject non-necessary cookies;
  • customise their choices by individual category.

Statistical and non-necessary third-party cookies are installed only after the user has given consent. The user can change or withdraw their choices at any time by clicking on the «Cookie preferences» link in the website footer.

Managing cookies through the browser

In addition to the tools described above, the user can manage or disable cookies directly from the settings of their browser. Disabling technical cookies may, however, compromise the correct functioning of the website. Below are the guides for the main browsers:

Third-party information

To learn how Google processes data and to exercise any opt-out options:

Last updated: 16 July 2026.

@