Privacy & Cookie Policy

This legislation describes the information we process to provide our services or to guarantee the maximum useful service to our customers


The correct management of your data and the trust you place in our products and services are a priority for us. To give you the best in everything we do, we are committed to continuous improvement and with this in mind we wish to inform you in a complete and transparent way on how we process and protect your personal data.

This document (“disclosure”) intends to provide information exclusively regarding the processing of information relating to users who use the services of the Hotel Duca della Corgna website accessible at the address Such data will be collected and processed by Hotel Duca della Corgna and/or by other subjects identified for the purposes indicated below.

The Information, in particular, is provided pursuant to articles 13 and 14 of Regulation (EU) 2016/679 (GDPR) and concerns only the aforementioned website: therefore it does not concern any other websites accessible by the user through the links on the same.

1. The owner and manager of data processing.
The owner and manager of data is Hotel Duca della Corgna, via Bruno Buozzi 143 – 06061 Castiglione del Lago (PG) – Tel. +39 075 953238 –

2. What data we process
The owner collects and/or receives information concerning the interested party, such as: Personal data Name, surname, physical address, nationality, province and municipality of residence, landline and/or mobile phone, tax code, e-mail address(es), social network contacts Social data of companies, associations, public bodies, freelancers , contact emails, telephone number(s), social network contacts Traceable traffic data Log, IP address of origin, generic statistical data, social network connection data

The Data Controller does not require the interested party to provide data c.d. “particular”, i.e., according to the provisions of the GDPR (art. 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, data biometrics intended to uniquely identify a natural person, data relating to health or sex life or sexual orientation of the person.

3. Why we need your data
The data we request from you are used for these purposes:

follow up on the registration request and the contract for the supply of the selected Service and/or the purchased Product

The processing of the personal data of the interested party, in this case, serves us to register you in our list of customers and to comply with the legal obligations to which we must comply. These data will also be used to send invoices or other documents necessary for the correct performance of our task as suppliers of services or products. These data will be entered into our management database and will be used only and exclusively to continue our relationship with the interested party

manage and execute contact requests forwarded by the interested party and provide assistance

The processing of such data takes place at your explicit request and consent to answer your questions. These are data that are processed only following a request from the interested party. The legal basis of such processing is the fulfillment of the services inherent in the request for registration, information and contact and/or sending of informative material and compliance with legal obligations .

Provide suggestions on additional activities regarding Services/Products similar or complementary to those purchased by the Data Subject (art.47 GDPR)

The data controller, even without the explicit consent of the interested party, may use the contact details communicated only for Services/Products similar to those being sold, unless the interested party explicitly objects.

Provide suggestions on additional activities different from the services/products purchased

In this case, the data will be processed only and exclusively if the interested party has given consent. The treatment can take place through automatic systems for sending emails, sms or telephone contact – !!! Identification data not provided (Art. 13 GDPR) !!! — If the interested party does not provide the identification data necessary to follow up on the requests received or following the completed form, the Data Controller will not be able to follow up on the treatments related to the management of the services requested and/or the contract and the Services/Products to it connected, nor to the obligations that depend on them. — Consent denied for other uses other than those relating to the management of the contractual relationship — If the interested party does not give his consent to the use of the data in order to receive information or specifications on promotional activities, the consent remains for the performance of those activities necessary for the management of the contractual relationship.

The data provided by the interested party will not be disclosed to third parties

4. How we collect data
The Data Controller collects personal data in several ways:

  • Through automatic data collection systems that track information on the navigation of our website in an aggregate manner. We need this to carry out statistics and analyzes on all those who are interested in our services. This information can also be collected through software or plugins external to our website (so-called “Cookies” -> See point 9 of this text)
  • Through forms that the user of the site can freely decide to leave in order to be contacted or informed
  • Through the modules necessary for our ecommerce to be able to best carry out our online sales activity
  • Through the collection forms for requests for estimates
  • Through one-to-one meetings at fairs, events, initiatives or contacts
    In all these modalities, explicit consent is requested. In the case of offline data retrieval, the consent will be countersigned, in the case of online data retrieval, the consent takes place when you click on the “Submit” link (or similar words)

5. Where this data is stored
The data being processed is stored in two ways:

  • The data collected through our website will be entered into a database within the website and on servers provided by Aruba Business srl (Read the Aruba Business privacy policy here .pdf)
  • The data collected offline will be stored in special folders kept within the registered or operational headquarters of our company

6. How this data is protected

Data collected from the website

The data collected by us through the Internet site are protected by access passwords of the Internet site administrators only. The website itself has two protection systems. The first is an Internet site encryption system using the https protocol. The protection certificate is provided by Let’s Encript, supplied by the company Aruba Business Spa. The second is an Internet site protection system supplied by WordFence, which:

  1. It prevents entry to any unauthorized person
  2. Block access in case of use of “banned” passwords because they are considered “hacked”

The data is all located on the Aruba Business Spa servers

Data Collected Offline

The data collected offline are all located in special folders located within the company headquarters. The company is always manned during the appropriate working hours, while during closing hours it remains closed and accessible only with an access key. The folder in which the data is kept is anonymous.

7. How long we keep the data
In general, the personal data of the interested party will be kept for as long as they are necessary with respect to the legitimate purposes for which they were collected, except for legitimate and specific requests for cancellation. In particular, they will be kept for 20 years in the case of personal data collected for the purpose of carrying out activities related or similar to the services or products sold.

8. Rights of the interested party (articles 15 – 20 GDPR)
The interested party has the right to obtain from the data controller, if requested, the data available to the owner regarding the interested party (so-called right to data “portability”) Furthermore, the interested party can request to be canceled from any database or other data storage location, or the eventual correction of some of these data, at any time and without having to provide any justification for this request. For any information or need, however, the interested party can directly contact the Data Controller or the Data Processing Manager at the addresses referred to in point 1 of this document. The maximum times established by the legislation for the Data Controller to fulfill requests in this sense are 1 month. The interested party can also file a complaint with the competent supervisory authority in Italy (Authority for the protection of personal data) or to the one that performs its duties and exercises its powers in the Member State where the violation of the GDPR occurred.

9. Cookies and services provided by third parties
The Data Controller makes use of third parties for the performance of certain functions and activities specifically requested by third parties In particular our Hosting, Database and Email service associated with the purchase of domains and Internet sites are provided to us by Aruba Business srl. These services are therefore performed through this supplier whose Privacy Policy is visible at this link
This operator was chosen for its particular characteristics of reliability, security and service. In other cases we could use Servers and services (hosting, Database and Email) provided by other suppliers. In this case, the Data Controller will inform the interested party of the specific choice of supplier. If the interested party wishes to assert his rights on the information present on these servers, he has the right to do so and can directly contact the contact persons indicated in point 1 of this Policy. Privacy.

The cookies present on our website are as follows

General information on the management of Cookies

Cookies are data that are sent from the website and stored by the internet browser on the user’s computer or other device (for example, tablet or mobile phone). The interested party can manage and disable the management of cookies directly from the browser he uses. Below you can see how to manage the cookies of the main most popular browsers on the net:

Internet Explorer:
Google Chrome:
Mozilla Firefox:

Technical cookies and third-party cookies may be installed from our website or its subdomains. In any case, the user can manage, or request the general deactivation or cancellation of cookies, by changing the settings of his internet browser. However, this deactivation may slow down or prevent access to some parts of the site. Three types of cookies: technical cookies, third-party cookies, profiling cookies

Technical cookies
These are all those cookies that allow the safe and efficient use of our site. In fact, technical cookies are essential for the correct functioning of our website and are used to allow users to navigate normally and to use the advanced services available on our website. The technical cookies used are divided into session cookies, which are memorized exclusively for the duration of navigation until the browser is closed, and persistent cookies which are memorized in the user’s device until they expire or are canceled by the user same.

Third party cookies


Other types of Cookies or third-party tools that may use them
Some of the services listed below collect statistics in aggregate form and may not require the User’s consent or may be managed directly by the Owner – depending on what is described – without the aid of third parties. If among the tools indicated below there were services managed by third parties, these could – in addition to what is specified and also without the knowledge of the Owner – perform User tracking activities. For detailed information on this, it is advisable to consult the privacy policies of the services listed.

Interaction with social networks and external platforms
These services allow interaction with social networks or other external platforms directly from the pages of this Application. The interactions and information acquired by this Application are in any case subject to the User’s privacy settings relating to each social network. In the event that an interaction service with social networks is installed, it is possible that, even if the Users do not use the service, the same collects traffic data relating to the pages in which it is installed.

Facebook Like button and social widgets (Facebook, Inc.)
The Facebook “Like” button and social widgets are services allowing interaction with the Facebook social network, provided by Facebook, Inc. Personal data collected: Cookies and usage data . Place of processing: USA –

Twitter Tweet button and social widgets (Twitter, Inc.)
The Twitter Tweet button and social widgets are services allowing interaction with the Twitter social network, provided by Twitter, Inc. Personal data collected: Cookies and usage data. Place of processing: USA –

Google Analytics (Google Inc.) Google Analytics is a web analytics service provided by Google Inc. (“Google”).
Google uses the Personal Data collected for the purpose of tracking and examining the use of this Application, compiling reports and sharing them with other services developed by Google. Google may use the Personal Data to contextualize and personalize the ads of its advertising network. Personal data collected: Cookies and usage data. Place of processing: USA – The user can selectively disable the action of Google Analytics by installing the opt-out component provided by Google on his browser. To disable the action of Google Analytics, please refer to the link indicated below

Widget Google Maps (Google Inc.)
Google Maps is a map visualization service managed by Google Inc. that allows this Application to integrate such contents within its pages. Personal data collected: Cookies and usage data. Place of processing: USA –

YouTube (Google Inc)
YouTube is a map visualization service managed by Google Inc. which allows this Application to integrate such contents within its web pages. Personal Data collected: Cookies and Usage Data. Place of processing: USA – -guidelines Instructions for managing or disabling cookies: answer/61416?hl=it

Facebook Pixel (Facebook Ireland Limited)
The Facebook Pixel is a widget that allows the tracking of visits and activities carried out by the user within the website, when access to the Facebook APP is open. This widget allows you to analyze the data in an aggregate way and create targeted advertising campaigns Personal data collected: Cookies and usage data. Place of processing: Ireland To set your privacy on Facebook in a different way, just click here

Profiling cookies
They can be installed by the Owner(s), using so-called software. web analytics, profiling cookies, which are used to prepare detailed and real-time analysis reports relating to information on: visitors to a website, search engines of origin, keywords used, language used, most visited pages. They can collect information and data such as IP address, nationality, city, date/time, device, browser, operating system, screen resolution, navigation source, pages visited and number of pages, duration of visit, number of visits made.

Notwithstanding the foregoing, the Owner informs that the User can use Your Online Choices from this link Through this service it is possible to manage the tracking preferences of most of the advertising tools. The Owner therefore advises Users to use this resource in addition to the information provided in this document.