Villa Sandi S.p.A. with registered headquarter located in via Erizzo 113 / A, 31035, Crocetta del Montello (TV), VAT no. 00321980260 (hereinafter, “Owner”), owner of the website (hereinafter, the “Site”), as the owner of the processing of personal data of users who browse and who are registered the Site (hereinafter, the “Users”) provides below the privacy policy pursuant to art. 13 of Legislative Decree no. 196/2003 (hereinafter, the “Privacy Code”) and pursuant to art. 13 of EU Regulation 2016/679 of 27 April 2016 (hereafter, “Regulations”, the Regulations and the Privacy Code are together defined as “Applicable Regulations”).

This Site and any services offered through the Site are reserved for individuals who have completed eighteen years of age. The Data Controller therefore does not collect personal data relating to persons under the age of 18. Upon request by Users, the Data Controller will promptly delete all personal data involuntarily collected and related to persons under 18 years of age.

The Owner takes the utmost account of the right to privacy and protection of personal data of its Users. For any information related to this privacy statement, Users may contact the Data Controller at any time, using the following methods:

• By sending a registered letter with return receipt to the registered office of the owner
• By sending an e-mail to the web address;




Users’ personal data will be processed lawfully by the Data Controller pursuant to art. 6 of the Regulations for the following processing purposes:

a) Navigation of the site, in relation to the possibility of detecting data of the User necessary at a technical level, such as e.g. the IP address, while browsing the site.

b) Response to your requests for information regarding the booking of the Locanda Sandi, which we received via the contact form.

c) Obligations of law, or to fulfill obligations under the law, an authority, a regulation or European legislation.

The provision of personal data for the purposes of processing indicated above is optional but necessary, as failure to provide them will make it impossible for the User to browse the site, register with the Site and take advantage of the services offered by the Owner on the Site.
With reference to the purposes set out in points 1 / a and 1 / b, the legal basis of the processing is in fact the execution of the services provided through the Site and requested by you (pursuant to article 6, paragraph 1, letter b of the Privacy Policy 2016/679); with reference to the purposes referred to in paragraph 1 / c of the previous paragraph, the legal basis of the processing is to fulfill a legal obligation to which the data controller is subject (pursuant to article 6, paragraph 1, letter c of the Rules Privacy 2016/679).


2. Processing methods and data retention times


The Data Controller will process the personal data of Users using manual and IT tools, with logic strictly related to the purposes themselves and, in any case, in order to guarantee the security and confidentiality of the data.

The personal data of the Users of the Site will be kept for the time strictly necessary to carry out the purposes described in paragraph 1 above, or however as necessary for the protection in civil law of the interests of both the Users and the Data Controller.




The personal data of the Users may be disclosed to the employees and / or collaborators of the Controller in charge of managing the Site. Those subjects, who are formally appointed by the Data Controller as “processors”, will process the User’s data exclusively for the purposes indicated in this information and in compliance with the provisions of the Applicable Regulations.

The personal data of the Users may also be disclosed to third parties who may process personal data on behalf of the Data Controller as “External Processors”, such as, for example, IT and logistic service providers functional to the operation of the Website. , outsourcing or cloud computing service providers, professionals and consultants.

Users have the right to obtain a list of any data controllers appointed by the Data Controller, upon request to the Data Controller in the manner indicated in paragraph 4 below.




Users may exercise their rights granted by the Applicable Law by contacting the Data Controller in the following ways:

  • By sending a registered letter with return receipt to the registered office of the owner
  • By sending an email to;

Pursuant to Applicable Regulations, the Data Controller informs that Users have the right to obtain indication (i) of the origin of personal data; (ii) the purposes and methods of the processing; (iii) the logic applied in the event of processing carried out with the aid of electronic instruments; (iv) of the identification details of the owner and managers; (v) the subjects or categories of subjects to whom the personal data may be communicated or who may come to know them as managers or agents.

Furthermore, Users have the right to obtain:

a) access, updating, rectification or, when interested, integration of data;

b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;

c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case where such fulfillment is it proves impossible or involves a use of means manifestly disproportionate to the protected right.


a) have the right to withdraw consent at any time, if the processing is based on their consent;

b) have the right to the portability of data (right to receive all personal data concerning them in a structured format, commonly used and readable by automatic device), the right to limit the processing of personal data and the right to cancel ( “Right to be forgotten”);

c) have the right to oppose:

i. in whole or in part, for legitimate reasons, to the processing of personal data concerning them, even if pertinent to the purpose of the collection;

ii. in whole or in part, to the processing of personal data concerning them for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication;

iii. if personal data are processed for direct marketing purposes, at any time, to the processing of their data for this purpose, including profiling in so far as it is related to such direct marketing.

d) if they believe that the treatment that concerns them violates the Regulation, the right to lodge a complaint with a Supervisory Authority (in the Member State in which they usually reside, in the one in which they work or in the one in which the alleged violation has occurred ). The Italian Supervisory Authority is the Guarantor for the protection of personal data, located in Piazza di Monte Citorio n. 121, 00186 – Rome (


Villa Sandi S.P.A. – Via Erizzo 113/A – Crocetta del Montello (TV) Italy – Tel. +39 0423 8607
Cod.Fisc. /P.I. /Nr.reg.impr.Treviso IT00321980260