Privacy Policy


This privacy policy describes the processing operations performed on personal information collected by Rocca delle Macie S.p.A. and Società Agricola Rocca delle Macie S.r.l. – which operate as Joint Controllers – as a result of your navigation within the website

What is said below is also applicable with reference to the page, which you can consult through the link on the website.

The Data Controllers wish to inform you that they guarantee full protection and security in the collection and use of your personal data. The information acquired will be treated in compliance with the national and European legislation on privacy and in accordance with the principles of fairness, lawfulness, transparency and protection of your privacy and your rights.


The processing of your personal data is based on a joint ownership agreement, signed in compliance with Article 26 EU Regulation 679/2016 by Rocca delle Macie S.p.A., in the person of its p.t. legal representative, with headquarter in Castellina in Chianti, Loc. Le Macie n. 45 (SI), P.Iva 00209800523 and by Società Agricola Rocca delle Macie S.r.l., in the person of its p.t. legal representative, with headquarter in Castellina in Chianti, Loc. Le Macie n. 45 (SI), P.Iva 0126320526.


The Joint Controllers collect the following types of data:

  • navigation data. The computer systems and software procedures used for this web site operation acquire, during their normal operation, personal data, whose transmission is implicit in the use of Internet communication protocols. However, this information is not collected in order to be associated with identified data subjects, but are information which could – through processing and associations with data held by third parties – allow users to be identified. This category of data includes IP addresses or domain names of computers used by users who connect to the website, requested resources addressed in URI (Uniform Resource Identifier) notation, the browser, the time of the request and other parameters relating to the operating system and computer environment of the User. These data are used only to receive anonymous statistical information on the use of the website and to check its proper functioning. They are deleted immediately after processing;
  • common data voluntarily provided by the User. These are your common identification and contact data (e.g. personal data, residential address, telephone number, email address, etc.) as well as any additional data contained in the messages you send to the email addresses (indicated on the website) or through the appropriate form, when requesting:
    • general information;
    • information or booking of tours (consisting of visits and / or tastings) or other “experiences” (such as massages, sightseeing and trekking, bike tours, etc..) organized by the Joint Controllers;
    • purchase of products;
    • information relating to the company’s cinematographic division;
    • reservation at the restaurant located within the Fizzano Relais;
    • information and booking of a stay at the Fizzano Relais.

We inform you that the Joint Controllers, following the booking of a stay at the Fizzano Relais, also acquire your bank details.

  • “special” categories of personal data. The reference is to your personal data, identified by Article 9 EU Regulation 679/2016, concerning, for example, your health conditions, your religious orientation, etc.. possibly communicated at the time of booking a tour, a table at the restaurant, a stay or the organization of an event at the Relais.


The collection of your common personal data, as indicated above, takes place in order to reply to messages received and provide the information requested, as well as to provide and guarantee the services offered. The information may also be used, with your express consent, to send you advertising material and news about initiatives and activities promoted by the Joint Controllers through telephone contact, email address or newsletter.

On the other hand, the processing of your “special” data is aimed at guaranteeing you a personalised service based on your expressed needs.


The provision of your data is mandatory for the information requests marked with an asterisk; in other cases it is optional. In any case, we inform you that not providing all or part of the requested data may make it impossible for the Joint Controllers to provide the requested service or reply to messages received.


The Joint Controllers are entitled to the processing of your personal data because of their legitimate interest in being more efficient, giving information on services and products offered and following up on correspondence received. The processing is also allowed when finalized to the fulfilment of pre-contractual or contractual measures.

Vice versa, your express consent is necessary in order to proceed with the processing for marketing and sponsorship purposes of the activities and products offered, as well as for the processing of your “special” data.


Your personal data will be processed at the locations managed by the Joint Controllers (identified within the website), by internal staff specifically designated for this purpose as authorized subjects, using computer and telematic as well as paper supports.

In any case, we guarantee that the Data Controller adopts adequate security and confidentiality measures in order to reduce the risk of destruction, loss, modification, disclosure or unauthorized access to data or processing not allowed or not in accordance with the purposes of collection.


The information acquired, in compliance with the principles of necessity and proportionality, is processed for the time needed to achieve the purposes of collection.

Therefore, the retention period is linked to the time required to reply to correspondence received or provide the services requested, or it corresponds to the period of execution of the pre-contractual or contractual agreements that have been stipulated.

We inform you that, however, some types of data can be stored for longer periods in order to allow the Data Controller to comply with the legal obligations established in accounting and tax (10 years according to Article 2220 c.c.).

The retention time of information used for marketing and sponsorship purposes is set at 24 months from the last contact day.

Finally, in any case and at any time, you can ask for the processing to be interrupted or for the data to be deleted.


Your personal data won’t in any case be disclosed, but they can be shared with professionals, collaborators, legal persons or third companies that provide outsourced services on behalf of the Data Controller. These subjects receive only the information needed to carry out their activities and act as owners, joint holders or processors specifically designated for this purpose.

We inform you that the updated list of processors is available, on request, at the Joint Controllers’ headquarters.

Finally, the data may be communicated to third parties in order to comply with legal obligations, to comply with orders from public authorities or to comply with requests from judicial authorities.


Your personal data will not be transferred abroad to countries outside the EU that do not ensure adequate levels of data protection.

If necessary, within the limits strictly related to the pursuit of the activities described, we assure you that the transfer of information is carried out only on the basis of standard contractual clauses and decisions of adequacy, in compliance with the prescriptions of articles 44 et seq. of EU Regulation 679/2016.


You have specific legal rights in relation to the personal information we hold about you which are recognized by Articles 15-22 EU Regulation 679/2016. These rights include:

  • accessing your data (in full and by obtaining a copy) and knowing if the Data Controller/ Joint Controller holds and / or processes personal data relating to you. On this occasion you also have the right to obtain access to your personal data and information regarding the processing purposes, the categories of personal data in question, the receivers or categories of receivers to whom the personal data have been or will be communicated;
  • verifying, updating and obtaining the rectification of inaccurate data or the integration of incomplete personal data with no unjustified delay;
  • obtaining the cancellation or removal of your personal data;
  • obtaining the restriction of the treatment;
  • when applicable, receiving the personal data concerning you which you have provided to the Joint Controllers, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Controller without hindrance from the Joint Controllers (right to portability);
  • objecting to the processing;
  • lodging a complaint with the competent data protection supervisory authority or take legal action.

If you wish ask the Data Controller/Joint Controller any of the rights above, or have any other queries, please do not hesitate to contact the Controller at

To know your rights and be always updated on the data protection legislation, we encourage you to visit the Privacy Authority web site at


The services provided through the site are not intended for children under 14 years of age (or the different consent age indicated in the legislation of the country of residence), nor is it accepted that the same send messages and / or requests for information. The Joint Controllers do not allow or conclude transactions of purchase with children under 18 years.


The website uses automatic systems to collect data not directly released by the User, such as cookies. A cookie is a kind of reminder of the Internet page you visit it contains brief information that can be saved on your computer when your browser recalls a particular website.

Through the cookie, the server sends information that will be reread and updated each time the User returns to the site.

In this way, the website can automatically suit the User, for example by sending content in a format compatible with the browser used or with particular display settings (style, colours, etc..).

Only Rocca delle Macie S.p.A. and Società Agricola Rocca delle Macie S.r.l. process the information collected through cookies and only in anonymous and aggregate form to optimize its services and its website in relation to the specific needs and preferences of its users.

In any case, you can manage your cookie preferences directly in your browser and prevent, for example, third parties from installing cookies. You can also use your browser preferences to delete past cookies, including any cookies in which you may have consented to the installation of cookies by this website.

For more information about cookies, please refer to our “cookie policy”.


The site allows you to interact with social networks or other external websites through a direct link to Facebook, Twitter, Instagram and YouTube that allows you to perform actions with their accounts and collect information from them, including personal data.

The basic information of the User registered on these websites normally includes the following data: id, name, image, gender and language of localization. In any case, the interactions and information acquired by this website are subject to the privacy settings of the User relating to the relevant social network.

Since a service of interaction with social networks is installed, it is possible that it collects traffic data relating to the pages on which it is installed, even if Users do not use the service.


The Joint Controllers reserve the right to modify this Privacy Policy at any time, so we advise you to check frequently if any updates or amendments have been made to this page.