Pursuant to Legislative Decree no. 196/2003 and Regulation (EU) 2016/679 (hereinafter referred to as the "Regulations"), this page describes the methods for processing personal data of users consulting the website of Azienda Agricola Agrituristica di Maria Ciannamea accessible by electronic means at the following address:

We inform the user that following consultation of this site, data relating to identified or identifiable persons may be processed.
This information does not concern other sites, pages or online services that can be reached through hypertext links that may be published on the site.

Identity of the Data Controller
The data controller is Azienda Agricola Agrituristica di Maria Ciannamea, with registered office in Ostuni (BR), S.S. 16
KM 874 - c.a.p. 72017, (Email:, PEC:, Tel.: +39 0831330276).

Data source and type of data collected

1) Data provided by the User

The Controller collects personal data provided by users
a) when sending a message using the addresses and/or contact forms present on the site, including those relating to the booking of a service.
The optional and voluntary sending of messages to the contact addresses, as well as the completion and forwarding of the forms present on the site, entail the acquisition of the sender's contact data necessary to provide feedback, as well as all the personal data included in the communications.
The data provided will be used with computer and telematic tools for the sole purpose of providing the requested service.

2) Navigation data

The Data Controller collects data relating to the use of the website by the user. This information is acquired by the computer systems and software procedures used to operate the online portal, in the course of their normal operation; moreover, the transmission of such data is connected and inherent to the use of Internet communication protocols.
This category of data includes the IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server and other parameters relating to the user's operating system and computer environment.
These data, necessary for the use of web services, are also processed in order to
- obtain statistical information on the use of the services (most visited pages, number of visitors per time slot or per day, geographical areas of origin, etc.)
- checking the correct functioning of the services offered.
Browsing data do not persist for more than seven days and are deleted immediately after their aggregation (except in the event of the need to ascertain crimes by the judicial authorities).

3) Cookies and other tracking systems

In order to make its services as efficient and user-friendly as possible, this Site makes use of cookies.
Therefore, when you visit the Site, a small amount of information is placed on your device, as small text files called "cookies", which are saved in the directory of your web browser. There are different types of cookies, but basically the main purpose of a cookie is to make the Site work more efficiently and to enable certain features.
For more information on the cookies used by this website, you can view the cookie policy at the following link.

Purpose of processing

Depending on the type of processing to be carried out, the Data Controller uses the data collected and/or provided by the User for the following purposes:

1) to provide feedback to any communications, requests for information and/or services from Users by sending a message using the addresses and/or contact forms present on the site including those relating to the booking of a service;
2) manage and control risks, prevent possible fraud, insolvency or default; prevent and manage possible litigation, take legal action if necessary.
Legal basis for processing

With reference to the purposes indicated in the preceding paragraph, the legal basis of the same is, with regard to point:
1) the need to perform a contract to which the data subject is party or pre-contractual measures taken at the data subject's request;
2) the need to pursue the legitimate interest of the data controller (in particular with regard to the prevention of fraud and insolvency).

Recipients of the data
The personal data processed by the Data Controller are not disclosed, i.e. they are not given to unspecified persons, in any possible form, including making them available or simply consulting them.
They may, on the other hand, be communicated to workers employed by the Data Controller, or to persons authorised to process the data because they work under the authority of the Data Controller. On the basis of the roles and work duties performed, these workers have been authorised to process personal data, taking into account their respective competences and in accordance with the instructions given to them by the Controller.
The Controller has appointed third-party service providers in connection with the operation of the website, such as hosting service providers, Siro Web service providers, IT maintenance service providers, as well as service providers that enable the integration of other functions into the website that the user may use at his/her discretion.
These service providers, designated as Data Processors, are only provided with the personal data necessary to provide the corresponding services and are not permitted to use or disclose the personal data of data subjects for other purposes without the prior consent of the data subject.
The data may also be disclosed, to the extent strictly necessary, to parties who, for the purpose of fulfilling orders or other requests or services relating to the transaction or contractual relationship with the Controller, must supply goods and/or perform services on behalf of the Controller.
Lastly, the data may be communicated to the subjects entitled to access them by virtue of provisions of the law, regulations, and EU legislation.

Transfer of data
Under no circumstances does the Data Controller transfer personal data to third countries or international organisations.
However, it reserves the right to use cloud services. In which case, the service providers will be selected from among those who provide adequate guarantees, as provided for in Article 46 of EU Regulation 2016/679.

Data retention
The Data Controller shall retain and process personal data for the time necessary to fulfil the stated purposes. Thereafter, the personal data will be retained and not further processed, for the time stipulated by current civil and tax law provisions.
In the case of data provided for purposes of commercial promotion for services other than those already acquired by the Data Subject, for which he/she initially gave his/her consent, these will be kept for 24 months, unless the consent given is revoked.

The data collected at the time of creating an account will be kept for the entire duration of your registration and in any case no longer than a maximum period of 12 (twelve) months of inactivity, that is if, within this period, no Services are associated and/or products are purchased through the same registration.
It is also necessary to add that, should a user provide the Owner with personal data that are not requested or not necessary for the performance of the service requested or for the supply of a service strictly connected to it, Azienda Agricola Agrituristica di Maria Ciannamea shall not be considered the owner of such data and shall delete them as soon as possible.

Rights of the data subject
In relation to the data subject to the processing referred to in this information notice, the data subject has the right at any time to
- request from the Controller access to your personal data and information relating to the same (art. 15 of the GDPR); rectification of inaccurate data or integration of incomplete data (art. 16 of the GDPR); deletion of personal data relating to you (on the occurrence of one of the conditions indicated in art. 17, par. 1 of the GDPR and in compliance with the exceptions provided for in paragraph 3 of the same article); restriction of the processing of your personal data (on the occurrence of one of the cases indicated in art. 18, par. 1 of the GDPR);
- request and obtain from the Controller - where the legal basis of the processing is a contract or consent, and where the processing is carried out by automated means - your personal data in a structured, machine-readable format, also for the purpose of communicating such data to another data controller (so-called right to data portability - Article 20 of the GDPR)
- object at any time to the processing of your personal data in the event of special situations concerning you (Art. 21 of the GDPR);
The appropriate request is made by contacting the Data Controller by PEC at, e-mail
at or registered letter with return receipt to the address Ostuni (BR), S.S. 16 KM 874 - c.a.p. 72017. If you believe that your data is being processed in violation of the provisions of the Regulation, you may lodge a complaint with a supervisory authority (Autorità Garante per la protezione dei dati personali -, as provided for by Art. 77 of the GDPR, or take legal action (Art. 79 of the GDPR).

Refusal to provide data
In the event that the interested party does not provide the data identified as necessary for the performance of the service requested, the Data Controller will not be able to carry out the processing related to the management of the aforesaid service, nor the fulfilments that depend on it.
In the event that the Interested Party does not give consent to the processing of personal data for the activities that require it, said processing will not take place for the same purposes without affecting the provision of the other services requested, nor for those for which he/she has already given his/her consent. In the event that the data subject has given consent and subsequently withdraws it or objects to the processing, his or her data will no longer be processed for such activities, without this having any detrimental consequences or effects on the provision of any other services requested.
Automated decision-making processes
The Controller does not carry out processing operations that consist of automated decision-making processes on the data of natural persons.


All Offers