ITRequest availability

Privacy

Privacy policy

This English notice is provided for convenience. The Italian version is the authoritative text.

Last updated: 17 July 2026

This notice explains, under Article 13 of Regulation (EU) 2016/679 (GDPR), how personal data is processed when people visit this website or submit an availability request.

It applies only to this website. External services and websites reached through their own links have separate privacy notices.

Data controller

The data controller is Stephania Poveda Angel, Via del Colombaio 7b, 53024 Montalcino (SI), Italy.

For questions about data processing or to exercise your rights, email hotellerie@latogata.com or call +39 347 818 3462.

Data we process

When you browse the website, the technical systems may process connection and security data such as IP address, request date and time, requested page, browser and device type, diagnostic information, and data needed to prevent abuse.

When you submit an availability request, we process the selected suite, stay dates, number of guests, name, email address, and form language. Your telephone number and message are optional. Any later communications also include the contents of that correspondence.

Purposes and legal bases

Inquiry data is processed to answer you, check availability, and prepare a possible reservation. The legal basis is taking steps at your request before entering into a contract under Article 6(1)(b) GDPR.

Technical data is processed to provide and secure the website, limit abusive submissions, and diagnose faults, based on the controller’s legitimate interest under Article 6(1)(f) GDPR. Data may also be processed to comply with legal obligations under Article 6(1)(c) GDPR.

Data submitted through the form is not used for newsletters or promotional communications. We do not make automated decisions or carry out profiling.

Providing your data

Fields marked as required are necessary to review and answer your request. Without them, we cannot process it. Telephone and message fields are optional and may be left blank.

Recipients and providers

Data is available to people authorised by the controller and, where necessary, to providers engaged to operate the service: Vercel Inc. for hosting and running the form, and Plus Five Five, Inc. (Resend) for email delivery.

Providers process data under agreements and instructions appropriate to their role. Data is not sold or shared for advertising purposes.

Transfers outside the European Economic Area

Some providers may process data in the United States. Where required, transfers rely on Standard Contractual Clauses approved by the European Commission and/or other mechanisms recognised by the GDPR, including the Data Privacy Framework where applicable.

Resend is configured to dispatch email from its Ireland region. Resend nevertheless stores account data, metadata, API logs, and email data in the United States under its terms and data processing agreement.

Retention

Inquiries and related correspondence are kept for up to 24 months from the last contact, unless a longer period is needed to comply with the law, manage a reservation, or establish or defend a legal claim.

The IP address used by the application to limit submissions operates within a rolling one-hour window and is not stored in a customer database. On the current plan, Vercel runtime logs are available for up to one day. Resend retains email data for 30 days. Providers may retain technical or backup copies for the periods set out in their agreements.

Analytics and cookies

We use Plausible Analytics for aggregate website statistics. Plausible does not use cookies, create persistent identifiers, or store IP addresses, and processes its data on systems in the European Union. The statistics help us understand, in aggregate, which pages are viewed and whether the inquiry journey works.

The website does not use advertising or profiling cookies. It may use a first-party technical cookie to remember your chosen language. This cookie is necessary for the language preference and is not used to track you.

Your rights

Where provided by the GDPR, you may request access to, correction or deletion of your data, restriction of processing, and data portability. You may also object to processing based on legitimate interests.

To exercise these rights, contact the controller using the details above. You also have the right to lodge a complaint with the Italian Data Protection Authority at www.garanteprivacy.it.

Changes

We may update this notice when the website, providers, or processing activities change. The latest revision date appears at the top of the notice.