Notice on the processing of personal data pursuant to EU Regulation 2016/679 on the protection of privacy

Pursuant to the provisions established in the EU 2016/679 European Regulation, we wish to inform you of the necessary information regarding the processing we will carry out of your personal data and, more specifically, the categories of data processed, the purposes, the management methods, the scope of communication and dissemination, the expected retention period, the possibility of data transfer to third countries and the existence of profiling processes that may deal directly with your personal data.


  1. Purpose of the processing

The processing of data, depending on the services provided to you for which you have given us your personal data, will have the following purposes:

  • Purposes related to the processing carried out through our websites:
  1. manage bookings for visits and stays at our estates or reservations at our restaurants
  2. provide answers to requests for information from the interested party
  3. manage the receipt of the curriculum vitae sent by interested parties who wants to apply for a job at our facilities
  4. manage and issue newsletter subscriptions
  • Marketing-related purposes:
  1. sending commercial and promotional information by post, e-mail, telephone contact and SMS
  2. subscription to the newsletter (if commercial content is provided);
  3. market research.
  • Profiling purposes:
  1. analysis on habits, behaviour and consumption choices aimed at defining a profile of the interested party for issuing promotional messages, offers or other commercial notifications that meet the interests of the recipient. The data will be stored for the time that is proportionate to the specific purposes pursued.


  1. Nature of the provision

Your personal data is collected to follow up on your specific request or for providing one of our services which you wish to use. Alternatively, processing will always be based on consent.


Providing your data is necessary whenever you request the prompting/provision/features of a service among those that we offer (that is, for the processing purposes described above and numbered from 1 to 5 and 7).

The processing of personal data for marketing and profiling purposes is carried out only upon receiving the explicit and specific consent by the interested party.


The consent to the processing for profiling purposes implies consent for marketing purposes, as this activity is carried out only after the interested party’s profile has been recorded. No direct marketing activities will be undertaken if the preliminary profiling registration has not been carried out.


The refusal to grant consent to processing regarding marketing and profiling purposes will not entail any consequences for the interested party in relation to the possibility of adhering to the other services offered.

The consent expressed by the user can be freely revoked, at any time, by simply sending an email to the email to


Processing methods

The processing of your data will be based on principles of correctness, lawfulness and transparency and will be carried out using computer tools and also through the use of paper documentation for archiving, managing and issuing purposes. The processing will be carried out by means of suitable tools, as far as is reasonable and in the state of the art, so as to guarantee security and confidentiality through the use of suitable procedures that avoid the risk of loss, unauthorized access, illicit use and dissemination.


  1. Scope and purpose of communication and dissemination

Your personal data may be disclosed to company employees and/or collaborators specifically appointed as data managers and/or processors.


Personal data may be disclosed to third parties in order to comply with legal obligations, or to comply with requests from legitimate public authorities, or to assert or defend a right in the court of law.

Your personal data, for the purposes indicated above, may be made available to:
– The Data Controller’s Sales Network
– Third parties that carry out specific collaborative tasks on behalf of our company regarding consulting, commercial and promotional purposes;
– Companies linked to and controlled by the I Greppi.


Your personal data will not be disclosed or passed on to third parties for purposes other than those mentioned, except where required by a rule of law or regulation or by EU community legislation.


  1. Transfer of personal data outside the European Union

The personal data provided by you and processed for the purposes described above will under no circumstances be transferred to countries outside the European Union. If data transferring becomes necessary in the future, this will only be possible after your informed and explicit consent.


  1. Retention time

Your personal data will be kept only for the time necessary to activate/provide/carry out the service you have signed for, and more generally, as required by law or by specific provisions issued by the National or European Supervisory Authority.


  1. Subjects

The Data Controller is:
I Greppi Bolgheri. Registered Offices: loc. greppi cupi, s.n.c. Castagneto Carducci (Livorno) 57023 Italy. VAT number 05928270486. The Data Processing Manager is Dale Heatley

The complete list of appointed data processors is available from the Data Controller, as specified above.


  1. Exercise of rights

We would like to remind you that you can, at any time, exercise the rights set out in the EU 2016/679 European Regulations as transcribed in the annex. We therefore wish to inform you that:

  • you have the right to ask the Data Controller to access the data that concerns you, its correction or deletion, the integration of incomplete data, the limitation of processing; to receive the Data in a structured format, commonly used and readable by an automatic device; to revoke any consent given regarding the processing of your sensitive data, at any time, and object to, in whole or in part, the use of the Data that concerns you;
  • you have the right to lodge a complaint with the Guarantor for the protection of personal data, following the procedures and indications published on the Authority’s official website:
  • you have the right to withdraw the consent, at any time, without prejudice to the lawfulness of the treatment based on the consent given prior to the revocation;

These rights may be exercised by writing to the Data Controller directly, by mail or by e-mail, at the following e-mail address: You will be able to:

  • Revoke the consent previously granted
  • Change your personal data
  • Request deletion from the Data Controller’s DB (subject to cases where retention is required in compliance with legal obligations)
  • Request data extension
  • Request portability


It is understood that, if the request for data access is put forth via electronic means, the information will be provided in a commonly used electronic format.


The exercise of rights is not subject to any constraint form and is free.


For more details, an excerpt of articles 15 to 23 of the Regulation is provided at this link:

Legislative references of the EU Regulation 679/2016

  • Article 13: Information to be provided if personal data is collected from the data subject
  • Article 15: Right of access of the interested party
  • Article 16: Right of rectification
  • Article 17: Right to deletion
  • Article 18: Right to limit processing
  • Article 20: Right to data portability
  • Article 21; Right to oppose
  • Article 22: Automated decision-making process, including profiling

This is a standard cookie notice which you can easily adapt or disable as you like in the admin. We use cookies to ensure that we give you the best experience on our website.