Skip to content Skip to sidebar Skip to footer

|

BOOK NOW

|

BOOK NOW
Close

Privacy Policy

REVI HOLDING S.r.l., headquartered at Corso di Porta Nuova 14 – 20121 – Milan (hereinafter, the “Data Controller”), acting as the data controller, informs you, pursuant to Art. 13 of Legislative Decree No. 196 of June 30, 2003 (hereinafter, the “Privacy Code”) and Art. 13 of EU Regulation No. 2016/679 (hereinafter, the “GDPR”), that your data will be processed in the following manner and for the following purposes:

1. Subject of Processing

The Data Controller processes personal, identifying, and non-sensitive data (including but not limited to, name, surname, company name, address, telephone, email – hereinafter, “personal data” or simply “data”) communicated by you during registration on the Data Controller’s website www.tenutaroerosanseverino.it (hereinafter, the “Site”), participation in opinion and satisfaction surveys, completion of registration forms via the Site for events organized by the Data Controller, online requests for clarification or support, and the sending of newsletters.

2. Purposes of Processing

Your personal data are processed: 

A) Without your express consent (Art. 24(a), (b), (c) of the Privacy Code and Art. 6(b), (e) of the GDPR), for the following Service Purposes:

  • to manage and maintain the Site;

  • to allow you to use the Services you may have requested;

  • to participate via the Site in initiatives organized by the Data Controller (e.g., events);

  • to process a contact request;

  • to fulfill obligations established by law, a regulation, EU legislation, or an order of the Authority;

  • to fulfill obligations related to the management of the association and relationships with members;

  • to prevent or detect fraudulent activities or abuses harmful to the Site;

  • to exercise the Data Controller’s rights, such as the right to legal defense in court.

B) Only with your specific and distinct consent (Arts. 23 and 130 of the Privacy Code and Art. 7 of the GDPR), for the following other purposes:

  • to send you via email opinion and satisfaction surveys, newsletters, and/or invitations to events, or to register you for events in which the Data Controller participates or organizes.

3. Processing Methods

The processing of your personal data is carried out through the operations indicated in Art. 4 of the Privacy Code and Art. 4(2) of the GDPR, namely: collection, recording, organization, storage, consultation, processing, alteration, selection, retrieval, alignment, use, interconnection, blocking, communication, erasure, and destruction of data. Your personal data are subjected to both paper and electronic and/or automated processing. The Data Controller will process the personal data for the time necessary to fulfill the above purposes and, in any case, for no longer than 10 years from the termination of the relationship for the Service Purposes, and for no longer than 2 years from data collection for the other Purposes.

4. Security

The Data Controller has adopted a wide variety of security measures to protect your data against the risk of loss, misuse, or alteration. Specifically: it has adopted the measures referred to in Arts. 32-34 of the Privacy Code and Art. 32 of the GDPR; it utilizes data encryption technology established by AES Standards (BCrypt) and secure data transmission protocols known as HL7 and HTTPS; it complies with ISO/IEC 27000, WG3, and WG4 Standards.

5. Access to Data

Your data may be made accessible for the purposes specified in Art. 2.A) and 2.B):

  • to employees and collaborators of the Data Controller, in their capacity as persons authorized to process data and/or internal data processors and/or system administrators;

     

  • to third-party companies or other entities carrying out outsourcing activities on behalf of the Data Controller, in their capacity as data processors.

6. Communication of Data

Without your express consent (ex Art. 24(a), (b), (d) of the Privacy Code and Art. 6(b) and (c) of the GDPR), the Data Controller may communicate your data for the purposes outlined in Art. 2.A) to Supervisory Bodies, Judicial Authorities, as well as to all other subjects to whom communication is mandatory by law for the accomplishment of said purposes. Your data will not be disseminated.

7. Data Transfer

The management and storage of personal data will take place in Europe, on servers located in Italy belonging to the Data Controller and/or to third-party companies appointed and duly designated as Data Processors.

8. Nature of Data Provision and Consequences of Refusal to Answer

The provision of data for the purposes specified in Art. 2.A) is mandatory. In their absence, we cannot guarantee either your registration to the Site or the Services under Art. 2.A). The provision of data for the purposes under Art. 2.B) is instead optional. You can therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive event invitations, newsletters, or opinion and satisfaction surveys via email. In any case, you will continue to be entitled to the Services referred to in Art. 2.A).

9. Rights of the Data Subject

In your capacity as data subjects, you hold the rights set forth in Art. 7 of the Privacy Code and Art. 15 of the GDPR, specifically the rights to:

  • i. obtain confirmation of the existence or non-existence of personal data concerning you, even if not yet recorded, and their communication in an intelligible form;
  • ii. obtain indication of: a) the origin of the personal data; b) the purposes and methods of processing; c) the logic applied in case of processing carried out with the aid of electronic instruments; d) the identification details of the controller, processors, and designated representative pursuant to Art. 5(2) of the Privacy Code and Art. 3(1) of the GDPR; e) the subjects or categories of subjects to whom personal data may be communicated or who may become aware of it in their capacity as designated representative in the territory of the State, data processors, or authorized persons;
  • iii. obtain: a) the updating, rectification, or, when interested, integration of data; b) the erasure, anonymization, or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; c) certification that the operations as per letters a) and b) have been brought to the attention, also regarding their content, of those to whom the data were communicated or disseminated, except where this requirement proves impossible or involves a manifestly disproportionate effort compared to the right protected;
  • iv. object, in whole or in part: a) for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of collection; b) to the processing of personal data concerning you for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by email and/or through traditional marketing methods by telephone and/or paper mail. It should be noted that the data subject’s right to object, as stated in point b) above, for direct marketing purposes via automated methods extends to traditional methods and that, in any case, the possibility remains for the data subject to exercise the right to object even only partially. Therefore, the data subject can decide to receive only communications via traditional methods, only automated communications, or neither of the two types of communication. Where applicable, you also have the rights under Arts. 16-21 of the GDPR (Right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right to lodge a complaint with the Supervisory Authority (Garante).
10. Methods of Exercising Rights

You may exercise your rights at any time by sending:

  • a registered letter with return receipt to Revi Holding S.r.l., Corso di Porta Nuova 1420121Milan;

  • an email to the address reviholding@pec.it

11. Minors

This Site and the Data Controller’s Services are not intended for minors under 18 years of age, and the Data Controller does not intentionally collect personal information referring to minors. In the event that information on minors is involuntarily recorded, the Data Controller will delete it promptly upon request by the users.

12. Data Controller, Data Processor, and Authorized Persons

The Data Controller is Revi Holding S.r.l., with registered office at Corso di Porta Nuova 14 – 20121 – Milan. The updated list of data processors and authorized processing persons is kept at the registered office of the Data Controller.

13. Changes to this Privacy Policy

This Privacy Policy is updated as of March 26, 2026, and is subject to change. Therefore, it is advisable to regularly check this Notice and refer to the most updated version.

Get in touch!

Contact Us for a Tailored Stay.
Every experience at Tenuta Roero San Severino is unique.
Write to us to check availability and plan your stay (minimum 6 nights).


Interested in a stay at Tenuta Roero San Severino (min. 6 nights)?

Get in touch!

Contact Us for a Tailored Stay.
Every experience at Tenuta Roero San Severino is unique.
Write to us to check availability and plan your stay (minimum 6 nights).


Interested in a stay at Tenuta Roero San Severino (min. 6 nights)?