Privacy Policy — Agriturismo Millennial

1. Data Controller

The Data Controller for the personal data collected through the website www.millennialagriturismo.com (the "Site") is:

Agriturismo Millennial di Leggieri Jacopo

Via Fontemorana e Spazzavento, 9 — 51039 Quarrata (PT) — Italy

Email: agriturismomillennial@gmail.com

Phone: +39 320 940 7147

VAT / Tax ID: 01989660475

For any request relating to the processing of personal data, please contact the Controller using the details above. The Controller has not appointed a Data Protection Officer (DPO) since this is not required under Article 37 GDPR.

2. Types of data processed

2.1 Browsing data

The IT systems and software procedures of the Site collect, during their normal operation, certain personal data the transmission of which is implicit in the use of Internet communication protocols (e.g. IP addresses, browser type, operating system, requested pages). This data is not associated with identified data subjects, but by its nature it could, through processing and association with data held by third parties, allow users to be identified.

2.2 Data voluntarily provided by the user

The user may choose to contact the Controller through the following tools made available on the Site:

Room booking form and table booking form: the data entered (number of guests, dates, time) are not stored on the Controller's servers, but are sent through WhatsApp by opening a pre-filled message on your device. You will be the one actually sending the message from your device. We do not use an online booking system that stores data.
Contact via WhatsApp, phone or email: sending optional messages involves the communication of personal data (e.g. displayed name, phone number, content of the message, email address), necessary to respond to your request.

2.3 Data processed through cookies and tracking tools

For detailed information about cookies and third-party tools used on the Site, please consult our Cookie Policy.

3. Purposes and legal bases of processing

Your personal data is processed for the following purposes:

To enable navigation and proper operation of the Site — Legal basis: Article 6(1)(f) GDPR (legitimate interest).
To respond to user requests (bookings, information, contact) — Legal basis: Article 6(1)(b) GDPR (pre-contractual measures) and/or Article 6(1)(f) GDPR (legitimate interest in responding to communications).
To comply with legal obligations (e.g. accounting, tax, public security obligations in case of confirmed bookings) — Legal basis: Article 6(1)(c) GDPR.
Loading of third-party content (Google Maps, Google Fonts) — Legal basis: Article 6(1)(a) GDPR (consent).

4. Methods of processing

Personal data is processed by means of IT and electronic tools, as well as in paper form, with logic strictly related to the purposes indicated and with security measures appropriate to protect the confidentiality, integrity and availability of the data, in compliance with Article 32 GDPR. The data is not subject to automated decision-making or profiling.

5. Recipients of the data

Personal data may be communicated to:

Authorized personnel of the Controller, properly trained and instructed;
Third parties acting as Data Processors (Article 28 GDPR), such as providers of technical, hosting and email services;
Judicial and administrative authorities, where required by law.

The data is not disseminated and is not transferred to third parties for marketing purposes.

6. Transfer of data outside the EU

If the user consents to the loading of third-party content (Google Maps, Google Fonts), some data (e.g. IP address) may be transferred to the United States. Such transfers take place in compliance with the EU-US Data Privacy Framework adequacy decision of the European Commission (10 July 2023), with respect to certified providers, and/or on the basis of the Standard Contractual Clauses adopted by the Commission (Decision 2021/914).

7. Retention period

Browsing data: retained for the time strictly necessary, and in any case no longer than 7 days, except for requests from the judicial authority.
Communications via email/WhatsApp: retained for the time necessary to respond to the request and subsequently for the time required by any contractual, accounting or tax obligations (usually 10 years pursuant to Article 2220 of the Italian Civil Code).
Cookie-related data: see Cookie Policy.

8. Rights of the data subject

You may exercise the following rights granted by Articles 15-22 GDPR at any time:

Right of access to data (Article 15);
Right to rectification (Article 16);
Right to erasure (Article 17);
Right to restriction of processing (Article 18);
Right to data portability (Article 20);
Right to object (Article 21);
Right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal (Article 7(3) GDPR);
Right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it) or with the supervisory authority of the EU Member State in which you habitually reside.

To exercise your rights, please write to agriturismomillennial@gmail.com. You will receive a response within one month of the request, extendable by an additional two months in case of particular complexity (Article 12(3) GDPR).

9. Provision of data

The provision of personal data is optional. However, the failure to provide the data necessary to respond to a specific request (for example a booking) may make it impossible to act on it.

10. Changes to this notice

This Privacy Policy may be amended over time. We invite you to consult it periodically. The date of the latest update is shown below.

Last updated: April 2026