Privacy Policy

Last updated: 08/03/2026

This privacy notice is provided pursuant to Article 13 of Regulation (EU) 2016/679 (“GDPR”) to users visiting and interacting with the website tenutapapale.com.

1. Data Controller

The Data Controller is:

PAPALE MARIA GIOVANNA
Registered office: SP 160, 95032, Belpasso (CT), Italy
Email: tenutapapale@gmail.com
PEC: tenutapapale@legalmail.it

For any information regarding the processing of personal data, users may contact the Data Controller using the contact details above.

2. Types of Data Processed

While browsing or interacting with the website, the Data Controller may process the following categories of personal data:

• identification and contact data, such as first name, last name, email address, phone number, and the content of the message;
• data voluntarily provided by the user through contact forms, email, phone calls, or WhatsApp;
• data relating to requests for information, bookings, tastings, or other services presented on the website;
• technical browsing data, such as IP address, browser type, device used, access logs, and information relating to website usage;
• data collected through cookies and similar tools, within the limits described in this notice and in the relevant cookie policy.

3. Purposes of Processing

Personal data are processed for the following purposes:

a) Managing contact requests
To respond to requests voluntarily sent by the user through the website or through the contact details provided.

b) Managing bookings and tasting requests
To receive, organize, and manage requests relating to tastings, visits, availability, and other services promoted on the website.

c) Managing communications via WhatsApp
To allow users to contact the Data Controller through WhatsApp and receive responses regarding information requests or bookings.

d) Compliance with legal obligations
To comply with obligations arising from laws, regulations, or requests from competent authorities.

e) Website security and protection of the Data Controller’s rights
To ensure the proper functioning of the website, prevent unlawful use, and, where necessary, establish, exercise, or defend the Data Controller’s rights.

f) Technical management of cookies and privacy preferences
To collect and manage user preferences relating to cookies and tracking tools, including through CookieYes.

4. Legal Basis for Processing

The processing of personal data is based on the following legal grounds:

• performance of pre-contractual or contractual measures, for the management of requests, contacts, and bookings requested by the user;
• compliance with legal obligations, where processing is necessary to comply with applicable law;
• the Data Controller’s legitimate interest, for security purposes, protection of rights, and technical management of the website;
• the data subject’s consent, where required, in particular for any non-essential cookies or tracking tools.

5. Nature of Data Provision

Providing personal data is optional. However, failure to provide such data may make it impossible to:

• respond to contact requests;
• manage bookings or tasting requests;
• properly provide the services requested by the user.

6. Methods of Processing

Personal data are processed using electronic, telematic, and, where necessary, paper-based tools, adopting appropriate security measures to ensure the confidentiality, integrity, and availability of personal data.

7. Recipients of Data

Personal data may be processed by persons authorized by the Data Controller or disclosed to third parties acting, depending on the case, as data processors or independent data controllers. These may include, by way of example:

• hosting and website maintenance providers;
• email and communication service providers;
• providers of cookie consent management tools, such as CookieYes;
• messaging service providers, such as WhatsApp, when the user chooses to use that channel;
• technical, tax, legal, or administrative consultants;
• public authorities, where required by law.

8. Transfer of Data to Third Countries

Some technical services used by the website, such as communication tools, cookie management tools, or services connected to third-party providers, may involve the transfer of data to countries outside the European Economic Area. In such cases, data processing will be carried out in compliance with the safeguards provided by applicable law.

9. Data Retention Period

Personal data will be retained for no longer than necessary to achieve the purposes for which they were collected. In particular:

• data relating to contact requests: up to 12 months after the request has been handled;
• data relating to bookings or tasting requests: up to 24 months after the request has been handled, unless longer retention is required to protect the Data Controller’s rights or to comply with legal obligations;
• technical data and browsing logs: for the time strictly necessary for technical, security, and website functionality purposes;
• data processed to comply with legal obligations: for the retention period required by applicable law.

10. WhatsApp

Where the user chooses to contact Tenuta Papale via WhatsApp, the data communicated through that channel will be processed exclusively for the purpose of responding to the request received, organizing bookings, or providing the requested information.

The use of WhatsApp is also subject to the terms of service and privacy policy of the relevant service provider.

11. Cookies and Tracking Tools

The website uses technical cookies and may use, where applicable, additional cookies or tracking tools, including third-party tools. Cookie preferences are managed through CookieYes.

Technical cookies are necessary for the proper functioning of the website and generally do not require consent. For any non-anonymized analytics cookies, profiling cookies, or other non-essential tracking tools, consent must be collected in accordance with applicable law.

For further details on the cookies used, users may consult the website’s Cookie Policy or the cookie preference management panel.

12. Data Subject Rights

Users, as data subjects, may exercise the rights provided for by Articles 15 et seq. of the GDPR, including the right to:

• obtain confirmation as to whether or not personal data concerning them are being processed;
• request access to their personal data;
• request rectification of inaccurate data or completion of incomplete data;
• request erasure of data, where permitted by law;
• request restriction of processing;
• object to processing, where provided by law;
• withdraw consent at any time, where processing is based on consent;
• lodge a complaint with the Italian Data Protection Authority.

To exercise their rights, users may contact:

tenutapapale@gmail.com
or
tenutapapale@legalmail.it

13. Links to Third-Party Websites

The website may contain links to third-party websites, platforms, or services. The Data Controller is not responsible for the content or the data processing practices carried out by such external parties. Users are invited to consult the relevant privacy notices of those third parties.

14. Changes to This Privacy Notice

The Data Controller reserves the right to update this Privacy Policy at any time. Any changes will be published on this page together with the date of the latest update.