The legally binding document is the Italian version, as the English version may be subject to misinterpretation or incorrect translation.

This General Privacy Policy, provided pursuant to art. 13 and 14 of EU Regulation 2016/679, as well as Legislative Decree 196/2003 as amended by Legislative Decree 101/2018, aims to describe the methods by which Caterina Guggiari, as Data Controller, manages the personal data of individuals who book a stay at “Villa Noseda” through the website and third-party sites.

The Data Controller collects, stores, manages, uses, and discloses users’ personal data and, as Data Controller, provides the following information:


The Data Controller company may collect, for the purposes described in this Policy, the following categories of personal data:

Identifying information and contact details (such as name, address, telephone number, or email address) provided by Users to book a stay at Villa Noseda;

Specifically, this may include:

a) Payment information: such as credit card details, bank account number, PayPal account details, or other payment information provided by the User to receive the requested services;

b) Demographic information such as gender and date of birth;

c) Information disclosed or published on our social media pages or websites, such as for reviewing a service.


The Data Controller company may collect, for the purposes described in this Policy, the following categories of personal data:

Identifying information and contact details (such as name, address, telephone number, or email address) provided by Users to book a stay at Villa Noseda;

Specifically, this may include:

a) Payment information: such as credit card details, bank account number, PayPal account details, or other payment information provided by the User to receive the requested services;

b) Demographic information such as gender and date of birth;

c) Information disclosed or published on our social media pages or websites, such as for reviewing a service.


The legal basis for processing the personal data in question, pursuant to Article 6(1) of EU Regulation 679/2016, is identified in the consent voluntarily provided by the data subject (letter a) of Article 6 of EU Regulation 679/2016) for the aforementioned profiling purposes and for the preferences expressed regarding cookies, as well as in the performance of services or activities requested (letter b) of Article 6 of EU Regulation 679/2016).

If you decide not to provide the personal data necessary for the performance of a contract or prescribed by law, you will not be able to benefit from the requested services and activities.

The information is collected for the following purposes:

a) To provide services, process requests, respond to your inquiries or questions. Additionally, your data may be used to send you requested information;

b) For marketing purposes: the information may be used to contact you, after obtaining your consent (where applicable), and inform you of new services and special offers that we believe may be of interest to you.

c) Other purposes: We may use the information to keep track of transactions and other necessary documents for legal, administrative, and audit purposes. Additionally, we may use the information to comply with legal, insurance, and processing requirements.


Personal data will be processed with and without the aid of automated means. It is possible to provide, with tools and procedures ensuring the security and confidentiality of the data, for their collection, recording (for specific, explicit, and legitimate purposes; of accurate and updated data; of relevant, complete, and not exceeding the purposes of the processing), storage, organization, processing, profiling for organizational purposes, selection, extraction, comparison, interconnection, communication, blocking, deletion, destruction, even if not recorded in a database.


For the purposes indicated above, your personal data may be communicated within the data controller company to all authorized personnel and outside the company to:


a) Service providers and activities providers who offer services on behalf of the Data Controller: for example, we share information with providers who handle sending emails on behalf of the Data Controller company as well as with website management service providers;

b) Service providers or activities accessible through the use of the website;

c) Banks or other online payment service companies;

d) With your consent, to business partners;

e) Third parties for accounting, tax, legal, insurance needs, or in the case of police checks or as required by law;

f) Public and private entities authorized to access your data by law, secondary or community regulations;

g) Entities to whom the communication of your personal data is necessary or functional to the management of the service offered;

h) Natural or legal persons appointed by the Data Controller and/or the data processor, including commercial, legal, and consulting professional firms;

Your personal data will not be transferred to third countries outside the European Union.


The Data Controller may collect certain information through cookies, web beacons, and other automated means. Cookies are typically text strings that websites visited by the User or different websites or web servers place and store within a terminal device available to the User. Similar functions can be performed by other tools that, while analyzing a different technology, allow processing similar to that carried out through cookies. Specifically, this involves a text file stored in a specific area of the hard disk of a device, for example, during the visit of an online service, reading an email, or the installation or use of a mobile app. The cookie allows its manager to identify the device on which it is stored during the period of validity of the consent, which does not exceed 13 months.

What types of cookies do we use?

a) Some functional cookies collect information that will enable the Data Controller to facilitate navigation, such as language preferences, storing login data, or storing the contents of the cart or wish list. These technical cookies are used for the transmission of a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the contracting party or the User to provide such service.

b) With prior consent, other cookies collect information about your behavior and specifically about the pages of the services or activities viewed and the duration of visits. This information will allow the Data Controller to improve the Villa Noseda website, better understand the services and activities preferred by you, and offer personalized content;

c) Cookies for web analytics, in order to evaluate website activity and identify the most visited areas of the sites, thereby improving the visibility of our content;

d) Cookies to ensure the security of online transactions/purchases through device fingerprints, which allow for identifying some aspects of the devices used to purchase a service or activity;

e) With prior consent, third-party cookies (delivered by service and activity providers, etc.) that allow for collecting browsing information on your Devices. Third-party cookies are regulated by the privacy policies of the respective third parties. With this Policy, we inform you, to the extent we are aware, of the purposes of these cookies and how you can manage them;

Social networks offering such features may also identify you even if you have not used these functions on our website. In fact, these features allow social network platforms to track browsing information through our site whenever a social network account is active during the visit to our site. We do not control how these platforms collect your personal data during your visit to our website. We encourage you to read the privacy policies of social networks to understand how they use browsing information collected (also for advertising purposes) through these buttons. Privacy policies should contain information on how to manage your preferences regarding a social network account.


Acceptance of cookies

Except for technical and security cookies set by default as allowed, the use of cookies on a device depends on the choices of the User, which can be made and modified freely at any time either from the banner on the homepage of the site or by accessing the cookies section accessible by clicking at the bottom of the website page.

Specifically, closing the banner (e.g., by selecting the appropriate command marked with the X inside it at the top right) results in the persistence of default settings and thus the continuation of browsing in the absence of cookies or other tools other than technical ones.

The chosen settings may change your browsing capabilities on the internet and may sometimes change the ability to access some services that require the use of cookies.

This is the case when the site is no longer able to recognize the type of browser used by your device, such as language, screen settings, or country/region of connection. We cannot be held responsible for reduced access to the site due to previous deletions or deactivations of cookies.

Managing cookies on your browser

Each browser has its own cookie management system – as indicated in the “Help” section of the same browser, where you can find all the information on how to set your preferences. If you share your device with others or if the Device uses different browsers, we cannot guarantee that personalized services and advertisements, designed to respond to the personal use of the Device (where such personalized services and advertisements are available), correspond to your use rather than someone else’s.


Your personal data will be retained for the time strictly necessary to achieve the purposes described in this Privacy Policy. After this period, your personal data will be retained only to comply with legal and regulatory obligations or to allow Villa Noseda to maintain evidence of respective rights and obligations, or in accordance with any terms provided by specific regulations on data retention and documentation, and in any case for the limitation period applicable to the respective processing purpose. In the event of legal action, personal data may be retained until its conclusion, including any period for appeal, and then deleted or archived as permitted by applicable law.


Your data is processed lawfully and fairly, adopting appropriate security measures to prevent unauthorized access, disclosure, alteration, or unauthorized destruction of data. The Company, specifically, has implemented suitable measures to protect your personal data from accidental loss and unauthorized access, use, alteration, and disclosure.

In the unlikely event that the Data Controller believes that the security of your personal data has been or may have been compromised, it will inform you of the incident in accordance with the methods prescribed by applicable law, using the methods prescribed by it.


It is specified that the Data Controller, concerning the personal data provided, holds the following rights under Articles 15 to 22 of EU Regulation 679/2016, (all compatible with the purposes of the processing itself):


– Request from the Data Controller access to personal data, their rectification or erasure, or restriction of processing. Rectifications, erasures, or restrictions of processing made at the data subject’s request, unless this proves impossible or involves a disproportionate effort, will be communicated by the data controllers to the recipients to whom the personal data have been transmitted (Articles 15, 16, 17, 18 EU Regulation 679/2016);

– Object in whole or in part: a) for legitimate reasons to the processing of personal data concerning him/her, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning him/her for the purpose of sending advertising material or carrying out market research or commercial communication, using automated calling systems without the intervention of an operator, via email and/or through traditional marketing methods by phone and/or postal mail. Please note that the data subject’s right to object, as set out in the previous point b) for direct marketing purposes through automated means, also extends to traditional means, and that the data subject retains the possibility to exercise the right to object only in part. Therefore, the data subject may decide to receive communications only through traditional means or automated communications or neither of the two types of communication (Article 21 EU Regulation 679/2016);

– Request the Data Controller to transmit the data to another data controller (data portability as regulated by Article 20 of EU Regulation 679/2016);

– Withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal (it is clarified that the right to withdraw consent cannot obviously apply in cases where the processing, for example, is necessary to fulfill a legal obligation to which the Data Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller) (Article 7 EU Regulation 679/2016);

– Lodge a complaint with the Data Protection Authority, following the procedures and instructions published on the official website of the Authority (Article 77 EU Regulation 679/2016) if you believe that there is a problem in the way personal data are handled.


To exercise these rights, you can send a request by contacting the Data Controller at the following email address:  When contacting the Data Controller, you should ensure to include your name, email address, postal address, and/or phone number(s), as well as a copy of a valid identification document, to ensure that the Data Controller can correctly handle your request. Villa Noseda is required to provide a response within one month of the request; this deadline may be extended up to three months in case of particular complexity of the request.


For the purposes of this privacy policy and the processing described herein, it is specified that any personal data provided or collected will be processed by the “Data Controller,” which refers to Ms. Caterina Guggiari, Tax Code: GGGCRN67R43C933D domiciled in Italy, Moltrasio (CO) 22010, Via Regina 27, tel. +39 339 788 2165 email:


The list of data processing managers and any authorized persons is kept at the Data Controller’s headquarters and made available upon request by the data subject.


For any comments or questions about this Privacy Policy and to speak with authorized persons to handle data processing requests, you can write to the following email address or call the following phone number +39 339 788 2165.