Legal Notices and Data Protection - Tuscan Experience

1. Privacy Policy

Tuscan Experience , with operational headquarters in Montalcino, Località Colombaio Vigne 26, Italy, respects the privacy of its users and is committed to protecting it in accordance with the General Data Protection Regulation (GDPR) and current Italian laws. The Data Controller is Tuscan Experience; for any request regarding this notice or to exercise your rights, you may contact us at the dedicated email address provided in the contact section of the website or via the references at the bottom of the page.
Purposes and Lawfulness of Processing
We process personal data (name, contact details, payment details, and identifiers) for the following purposes:
  • Execution of the contract: Management of bookings, payments, and communications related to the stay or the services of “Tuscan Experience”.
  • Legal obligations: Notification of guest presence to public security authorities, as required by Italian law (Alloggiati Web).
  • Legitimate interest: Improvement of our services, anonymous statistical analysis, and ensuring the security of the managed properties.
Data Sharing
Personal data may be disclosed exclusively to third parties necessary for the fulfillment of the requested services, such as:
  • Operational partners: Property owners, caretakers, reception staff, and providers of excellence services (e.g., private chefs, tour guides).
  • Technical providers: Partners for secure electronic payments, hosting services, and maintenance of the website’s IT systems.
  • Competent authorities: Law enforcement or judicial authorities where required by law.
Rights of the Data Subject
In accordance with Articles 15-22 of the GDPR, the user has the right to request access to their data, rectification, erasure (“right to be forgotten”), restriction of processing, or to object to the processing itself.

2. Data Breach Policy

Tuscan Experience adopts advanced protocols for the detection, management, and notification of any security breaches of personal data (Data Breach).
Prevention and Security Measures
  • Technological Security: Use of SSL encryption for website connections, multi-factor authentication for database access, and constant monitoring against unauthorized intrusions.
  • Organizational Measures: Staff are trained to recognize phishing and hacking attempts. Data is destroyed or anonymized at the end of the legal retention period
Incident Management
In the event of a confirmed breach, Tuscan Experience will immediately activate the emergency procedure:
  • 1. Isolation: Timely technical actions to stop data loss.
  • 2. Assessment: Analysis of the potential impact on the rights of the users involved.
  • 3. Notification to the Authority: Reporting to the Privacy Guarantor Authority within 72 hours if the breach involves risks to physical persons.
  • 4. Communication to Users: Direct and transparent information to data subjects in the case of high risks to their privacy.

3. Cookie Policy

The Tuscan Experience website uses cookies to ensure smooth and personalized navigation:
  • Technical Cookies: Essential for managing user sessions and the booking cart.
  • Analytical Cookies: Used to collect aggregated and anonymous data on website traffic for internal statistical purposes only.
  • Third-Party Cookies: Necessary for the integration of interactive maps or secure payment gateways.
The user can manage, restrict, or block cookies at any time by changing their browser settings.
Corporate References
Tuscan Experience Operational Headquarters: Località Colombaio Vigne 26 Montalcino Website: www.tuscan-experience.com
BOOK NOW