Book Now

Privacy Policy

Last updated:

This Privacy Policy explains how Relais Borgo Taurino ("we", "us") collects and processes personal data of visitors to borgotaurino.it, in compliance with Regulation (EU) 2016/679 ("GDPR") and Italian Legislative Decree 196/2003 as amended by Legislative Decree 101/2018.

1. Data Controller

Relais Borgo Taurino
Via Fasol e Menin, 20 — 31049 Valdobbiadene (TV), Italy
Email: info@borgotaurino.it
Phone: +39 0423 188 0149

2. Categories of data processed

  • Data provided voluntarily: name, email, phone, subject and message through the contact form; email address, preferred language and consent status through the newsletter form.
  • Navigation data: IP address, user agent, pages visited, referrer, access timestamp — collected in aggregate form and kept only as long as strictly necessary for technical, security and anti-abuse purposes.
  • Cookies and similar technologies: see the dedicated Cookie Policy.

3. Purposes and legal basis

PurposeLegal basis
Responding to contact-form inquiries Art. 6(1)(b) GDPR — pre-contractual measures
Newsletter dispatch (prior explicit consent) Art. 6(1)(a) GDPR — consent
Website security, abuse prevention, anti-bot (Turnstile) Art. 6(1)(f) GDPR — legitimate interest
Anonymous analytics (GA4 via Google Tag Manager) Art. 6(1)(a) GDPR — consent (via cookie banner opt-in)
Legal obligations (accounting, tax, authority requests) Art. 6(1)(c) GDPR — legal obligation

4. External processors

The following third parties act as Data Processors under Art. 28 GDPR:

  • Brevo (Sendinblue SAS) — transactional emails and newsletter list management. Based in Paris, France. Processing within the EEA.
  • Cloudflare Inc. — hosting, CDN, DDoS protection, Turnstile anti-bot. Based in San Francisco, USA. Extra-EEA transfers under the EU-US Data Privacy Framework and EU Standard Contractual Clauses.
  • Google Ireland Ltd. — Google Tag Manager and Google Analytics 4 for aggregated, pseudonymized navigation analytics (IP anonymization enabled, Google Consent Mode v2). Based in Dublin, Ireland. Extra-EEA transfers covered by the DPF and SCC.

5. Retention

  • Contact-form data: 24 months from the last exchange unless longer retention is required by law.
  • Newsletter subscription: until consent withdrawal (unsubscribe).
  • Navigation logs: up to 30 days, then deleted or anonymized.
  • Analytics data (GA4): 14 months.

6. Your rights

You may exercise the rights under Art. 15-22 GDPR (access, rectification, erasure, restriction, portability, objection, consent withdrawal) by writing to info@borgotaurino.it.

You also have the right to lodge a complaint with the Italian Data Protection Authority (garanteprivacy.it).

7. Extra-EEA transfers

Transfers to the United States are performed under the EU-US Data Privacy Framework and/or Standard Contractual Clauses approved by the European Commission, with supplementary measures where required.

8. Minors

This website is not intended for children under 16. We do not knowingly collect personal data from minors without parental consent.

9. Changes

We reserve the right to update this Policy to reflect legal or organizational changes. The date of last update is shown at the top of this page.