Dear Sir/Madam,

We wish to inform you that the European Regulation 2016/679 (hereinafter GDPR) establishes rules relating to the protection of individuals with regard to the processing of personal data, as well as rules relating to the free circulation of such data aimed at protecting the rights and freedoms fundamental rights of natural persons, in particular the right to the protection of personal data. The free flow of personal data in the Union cannot be restricted or prohibited for reasons relating to the protection of natural persons with regard to the processing of personal data. We therefore point out that "personal data" means, pursuant to the aforementioned GDPR, any information that concerns you directly or indirectly as an interested party, with particular reference to an identifier such as the name, an identification number, data relating to location, an online identifier or one or more characteristic elements of your physical, physiological, genetic, psychic, economic, cultural or social identity. The management methods of the site are also described here with reference to the processing of personal data of users who consult it and who have access to the reserved area. This information is also provided pursuant to articles 13-14 of the GDPR to those who interact with the web services of the company CISTOLA ANGELO (hereinafter the Data Controller), accessible electronically at the address(es):

This information is provided only for sites referring to the Data Controller and not for other websites that may be consulted by the User via links. Following consultation of this site, data relating to identified or identifiable persons may be processed. The information has the purpose of identifying some minimum requirements for the collection of personal data online (and not), and, in particular, the methods, times and nature of the information that the data controllers must provide to users when they link to web pages, regardless of the purpose of the link.


The identity of the Data Controller and his references, also shown in the header, are as follows:
• Address: Via Olimpica, 1 - 64011 Alba Adriatica (TE)

• Email:

• PEC:

• Telephone: 0861 714477

The Data Controller does not carry out activities that require the mandatory designation of the person in charge of personal data protection.


The processing operations connected to the web services of this site take place at the aforementioned office of the Data Controller, at the office identified by the website manager and are only handled by authorized personnel for processing, or by persons in charge of occasional operations of maintenance. No data deriving from the web service is disclosed. The personal data provided by users who request the dispatch of material regarding the requested service (or even of an informative nature only) are used to follow up on the User's requests and can be communicated to third parties only if necessary and if involved and functional to the satisfaction of the aforementioned requests. The collection and processing of the User's personal data will take place in compliance with the general principles of necessity, correctness, relevance and non-excess and in particular the data processing will take place for:
A. answer questions and provide the information requested by the User (the optional, explicit and voluntary sending of e-mails to the addresses indicated on this site involves the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message), to contact the User regarding the services provided by the Data Controller;
B. the acquisition of curricula, both in paper and electronic format, sent spontaneously by candidates interested in collaborating with the Data Controller;
C. the necessary and indispensable processing of an operational, managerial, accounting and other nature, in particular some data will be used for registrations and communications required by law;
D. with the «consent of the interested party»[1]
The legal basis of the treatment can be identified in the Civil Code and in the Consumer Code. [1] any manifestation of free, specific, informed and unequivocal will of the interested party, with which the same expresses his assent, by unequivocal declaration or positive action, that the personal data concerning him are object of treatment.


The processing is lawful if at least one of the conditions is met:
▪ by art. 6 co. 1 lit. a) b), c), f)
a) the interested party has given consent to the processing of personal data for one or more specific purposes (C42, C43);

b) the processing is necessary for the execution of a contract of which the interested party is a part or for the execution of pre-contractual measures adopted at the request of the same;

c) the processing is necessary to fulfill a legal obligation to which the data controller is subject;
f) the processing is necessary for the pursuit of the legitimate interest of the data controller (such as, for example, the prevention of fraud or abuse to the detriment of our website: It can be considered legitimate interest to process personal data for direct marketing purposes as highlighted in recital n.47 of the GDPR ) or by third parties, provided that the interests or fundamental rights and freedoms of the data subject who require the protection of personal data do not prevail, in particular if the data subject is a minor.


The communication to the identified recipients will take place only if they are involved and functional to the achievement of the purposes referred to in point 2 above, therefore the personal data collected and processed may be:
a) used anonymously for statistical purposes;
b) made available to the Data Controller's Collaborators, as Managers or persons authorized to process personal data;
c) disclosed to natural or legal third parties, public administrations, professionals, law enforcement agencies, government bodies, regulatory bodies, courts or other public authorities authorized by law;
d) communicated to commercial partners, only in case of prior and express consent of the User.
e) if necessary, transferred to another Data Controller in accordance with the provisions of the GDPR, also with regard to the right to data portability;
The list of personal data processors is available at the headquarters of the Data Controller.


No special categories of personal data are processed. The personal data that can be processed are identification, contact and payment data (name, surname, address, telephone, e-mail, tax data, bank details, credit cards, etc.). and in any case only and exclusively those necessary and functional for browsing the site, accessing the reserved area, subscribing to the Newsletter and filling in the contact forms.


The data provided for the purposes referred to in point 2 will be kept:
• For administrative/accounting purposes: for the period envisaged by tax and civil law; Personal data will not be disclosed and will be destroyed when we no longer need or are required to keep them.


The computer systems and software procedures used to operate the platform of this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes IP addresses (for verifying user reliability and for security purposes) or domain names of the computers used by users who connect to the site, addresses in URI notation (Uniform Resource Identifier) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and others parameters relating to the operating system and the user's IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site: except for this eventuality, the data on web contacts do not currently persist for more than seven days. The personal data being processed will be processed:
• manually and/or electronically and will be stored in special paper and/or electronic archives. Paper and electronic documentation will be correctly maintained and protected for as long as necessary for processing using appropriate security measures, so as to minimize the risk of destruction or loss, unauthorized access or processing that does not comply with the purposes of collection;
• There is no automated decision-making process and no profiling is performed.


The c.d. cookies which are small files stored on your computer's hard drive and are used to provide services and/or information. Most cookies are "session cookies" and are therefore deleted from your hard drive at the end of the session (when you log out or close your browser). They can be present on some pages of the site to be able to analyze access to web pages, customize their services, content and advertising messages, measure the effectiveness of promotions and guarantee trust and safety. The so-called Session cookies used on this site avoid the use of other IT techniques potentially prejudicial to the privacy of users' browsing and do not allow the acquisition of personal identification data of the User. The policy relating to the use of cookies on our site can be consulted below.


Apart from that specified for navigation data, the user is free to provide the personal data requested through special forms relating to services, products and any other kind of request that the site manager, or his commercial partners, I can offer.
Failure to provide such data may make it impossible to obtain a response to any requests or to use the services or products that the site manager, or its commercial partners, are able to provide.


We inform you that, as an interested party, you have all the rights provided for by articles 15-16-17-18-20-21-22 of the GDPR, including:
▪ the interested party has the right to obtain confirmation from the data controller as to whether or not personal data concerning him is being processed and, in this case, to obtain access to personal data and the following information: the purposes of the treatment; b) the categories of personal data in question; c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients from third countries or international organizations; d) when possible, the envisaged retention period for personal data or, if this is not possible, the criteria used to determine this period; e) the existence of the right of the interested party to ask the data controller to rectify or cancel personal data or limit the processing of personal data concerning him or to oppose their treatment; f) the right to lodge a complaint with a supervisory authority; g) if the data are not collected from the interested party, all the information available on their origin; h) the existence of an automated decision-making process, including the profiling referred to in Article 22, paragraphs 1 and 4, and, at least in such cases, significant information on the logic used, as well as the importance and envisaged consequences of such processing for the interested party.
▪ the existence of the right of the interested party to ask the data controller to access personal data and to correct or cancel them or limit their processing or to oppose their processing, in addition to the right to data portability data, including all available information about their origin; to also obtain the cancellation of personal data concerning him without unjustified delay pursuant to art. 17 ("right to be forgotten").
▪ if the treatment is based on article 6, paragraph 1, letter a), or on article 9, paragraph 2, letter a), the existence of the right to withdraw consent at any time without prejudice to the lawfulness of the treatment based on the consent given before the revocation;
▪ the right to lodge a complaint with a supervisory authority;
▪ have a copy of the personal data being processed from the data controller, provided that it does not harm the rights and freedoms of others; in the event of further copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs. If the request is received by electronic means, unless otherwise indicated, the information is provided in a commonly used electronic format;
The above information will be provided:
▪ within a reasonable time after obtaining the personal data, but at the latest within one month, taking into account the specific circumstances in which the personal data are processed;
▪ in the event that the personal data are intended for communication with the interested party, at the latest at the time of the first communication to the interested party; or if communication to another recipient is envisaged, no later than the first communication of personal data.
All the rights of the interested party provided for by the GDPR are exercised with a request addressed informally to the Data Controller, also through a person in charge, to which a suitable response is provided without delay.

This privacy policy is updated on 06/06/2023 and may undergo changes over time - also connected to the possible entry into force of new sector regulations, to the updating or provision of new services or to technological innovations - for which the user/visitor is invited to periodically consult this page.

Date of last update: 06/06/2023

Company data

Hotel Joli di Cistola Angelo
Via Olimpica, 1
64011 - Alba Adriatica (TE)
P.IVA 00821550670