Privacy Policy

pursuant to Article 13 of Regulation (EU) 2016/679 (GDPR)

Website: www.guicciardinistrozzi.it

Last updated: June 16, 2026

1. Data Controller

The Data Controller for the processing of personal data is:

Tenuta di Cusona Srl Societa Agricola
Loc. Cusona, 5
53037 San Gimignano (SI), Italy
VAT No.: 14227050961
Email: info@guiciardinistrozzi.it

2. Types of Data Collected

2.1 Navigation Data

The computer systems and software procedures used to operate this website automatically acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.

This category of data includes:

  • IP addresses or domain names of the computers and terminals used by users
  • URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources
  • the time of the request
  • the method used to submit the request to the server
  • the size of the file obtained in response
  • the numerical code indicating the status of the server response
  • other parameters relating to the operating system and the user’s computing environment

These data, which are necessary for the use of web services, are also processed in order to check that the services offered are functioning correctly and for cybersecurity purposes.

2.2 Data Collected via Analytics Tools

The website uses Google Analytics, a web analytics service provided by Google LLC, to collect anonymous statistical information about how the site is used. Google Analytics uses technical and analytics cookies to collect information about user behaviour during browsing. The data collected is aggregated and does not allow individual visitors to be identified.

Google Search Console is also used to monitor the website’s performance in Google search results. Google Search Console does not collect personal data from website users.

2.3 No Direct Collection of Personal Data

This website does not have contact forms, registration forms, newsletter subscriptions or other tools that directly collect users’ personal data. Consequently, no personal details, email addresses or other identifying data are collected from users, except as indicated in the preceding sections.

3. Purposes of Processing and Legal Basis

Navigation data are processed for the following purposes:

  • Technical purposes: to ensure the correct operation of the website (legal basis: legitimate interest of the Data Controller, pursuant to Article 6(1)(f) of the GDPR)
  • Statistical analysis: to understand how the website is used through aggregated and anonymous data, in order to improve the user experience (legal basis: legitimate interest of the Data Controller, pursuant to Article 6(1)(f) of the GDPR, subject to obtaining consent for non-essential cookies)
  • Cybersecurity: to prevent fraudulent activity and ensure the security of the website (legal basis: legitimate interest of the Data Controller, pursuant to Article 6(1)(f) of the GDPR)

4. Methods of Processing

Personal data are processed using automated tools for the time strictly necessary to achieve the purposes for which they were collected. Data are processed by adopting adequate technical and organisational security measures to prevent loss, unlawful or improper use, and unauthorised access.

5. Data Retention Period

Navigation data are retained for the time strictly necessary for the purposes for which they were collected:

  • Server technical logs are retained for a maximum of 12 months
  • Data collected via Google Analytics are retained according to the settings configured in the account, with a default period of 26 months

After the retention period, data are deleted or irreversibly anonymised.

6. Disclosure of Data to Third Parties

The personal data collected may be disclosed to the following categories of third parties:

  • Google LLC, as the provider of Google Analytics and Google Search Console, on the basis of the contractual terms entered into with the Data Controller and in accordance with its own privacy policy (https://policies.google.com/privacy)
  • Providers of hosting and technological infrastructure services for the website

Data are not disclosed to unidentified third parties nor sold to third parties for commercial purposes.

7. Transfer of Data Outside the EU

Some data (in particular those processed via Google Analytics) may be transferred to countries outside the European Economic Area. Google LLC ensures an adequate level of data protection through Standard Contractual Clauses approved by the European Commission and in accordance with the EU-US Data Privacy Framework.

8. Rights of Data Subjects

Pursuant to Articles 15-22 of the GDPR, users have the right to:

  • Access: obtain confirmation as to whether or not personal data concerning them are being processed and, if so, to obtain access to such data (Article 15)
  • Rectification: obtain the rectification of inaccurate personal data or the completion of incomplete personal data (Article 16)
  • Erasure: obtain the erasure of their personal data (Article 17)
  • Restriction: obtain the restriction of processing (Article 18)
  • Portability: receive their data in a structured, commonly used and machine-readable format (Article 20)
  • Objection: object to the processing of their personal data (Article 21)
  • Withdrawal of consent: withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal (Article 7)

To exercise these rights, please send a written request to the Data Controller at: info@guiciardinistrozzi.it

Data subjects also have the right to lodge a complaint with the competent Supervisory Authority. In Italy, the supervisory authority is the Garante per la Protezione dei Dati Personali (Italian Data Protection Authority) at www.garanteprivacy.it.

9. Cookies

For detailed information on the use of cookies by this website, please refer to the Cookie Policy available at www.guicciardinistrozzi.it.

10. Changes to this Privacy Policy

The Data Controller reserves the right to make changes to this policy at any time, by publishing the updated version on the website. In the event of substantial changes, the Data Controller may provide additional notices to users. Users are invited to periodically consult this page.