{"id":3,"date":"2026-01-13T10:06:24","date_gmt":"2026-01-13T10:06:24","guid":{"rendered":"https:\/\/saturniadayspa.com\/?page_id=3"},"modified":"2026-04-13T10:59:18","modified_gmt":"2026-04-13T08:59:18","slug":"privacy-policy","status":"publish","type":"page","link":"https:\/\/saturniadayspa.com\/en\/privacy-policy\/","title":{"rendered":"Privacy Policy"},"content":{"rendered":"
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Privacy Policy<\/h2>\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

INFORMATION NOTICE PURSUANT TO ARTICLES 13-14 OF THE GDPR (GENERAL DATA PROTECTION REGULATION) 2016\/679<\/strong><\/p>

In accordance with the legislation indicated, this processing will be based on the principles of correctness, lawfulness, transparency and protection of your privacy and rights.<\/p>

Pursuant to Article 13 of GDPR 2016\/679<\/strong>, We therefore provide you with the following information:<\/p>

A - Personal information (such as name, surname, details of identity document and a copy thereof, telephone number, email address, etc.) will be requested at the time of your membership, depending on the type of association you require.<\/strong><\/p>

In accordance with the\u2019Article 28 of the General Data Protection Regulation (GDPR) 2016\/679<\/strong>, the Data Processor of data relating to bookings made through the company's official website, using the https:\/\/be.synxis.com platform, is the company\u00a0The Leading Hotels of the World, Ltd.<\/strong>, located at 485 Lexington Avenue, Suite 401, New York, NY 10017.<\/p>

Leading Hotels of The World, Ltd relies on the assistance of Sabre Hospitality Solutions GmbH for this purpose.<\/p>

Also in accordance with Article 28 of GDPR 2016\/679, the Data Processor of data relating to bookings for access to swimming pools, wellness club, spa and gift vouchers is the company\u00a0WooCommerce<\/strong>, with headquarters for European countries at Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland.<\/p>

The Company, as the controller of your personal data, provides you with information on the use of such data and your rights, so that you can knowingly give your consent, if necessary, and assert your rights under the General Data Protection Regulation (European Regulation 679\/2016, hereinafter: \u201cthe Regulation\u201d). Your personal data (provided by you, by third parties or collected, within the limits of the law, from public sources) may be processed for the following explicitly stated purposes: fulfilment of a contract, fulfilment of an obligation outside the contract, fulfilment of a legal obligation, protection of your own rights or those of third parties. The legal basis for the processing may be:<\/p>

A - Obligation by law or regulation,
B - Contract with the person concerned or performance of contracts,
C - Legitimate interest of the controller or a third party,
D - Vital and urgent interest of the person concerned,
E - Explicit consent of the person concerned,
F - Performance of a task in the public interest.<\/p>

Below, we explain in detail the meaning of the different purposes:<\/p>

  1. Legal purposes<\/strong>This category includes the fulfilment of obligations laid down by law, regulations, European Union legislation and the provisions of legally authorised authorities or competent supervisory or control bodies (in these cases, your consent is not required as the processing of the data is linked to the fulfilment of such obligations\/provisions). Data processed for legal reasons include those related to tax regulations and anti-money laundering registers.<\/li><\/ol>
    1. Contractual and administrative-accounting purposes<\/b>This type of processing relates to the performance of obligations arising from contracts to which you are party or the execution of specific requests made by you prior to the conclusion of the contract. This may include the use of distance communication techniques, such as a dedicated telephone call centre. In these cases, your consent is not required as the processing of your data is for the purpose of managing the relationship or executing your requests. These processing operations also include the mutual protection of interests in legal disputes, tax purposes and other legal obligations, such as anti-money laundering record keeping, if applicable.<\/li><\/ol>
      1. Direct commercial purposes<\/b>This type of processing concerns the sending of information and informative, commercial and advertising material about products, services or initiatives of the company, in order to promote them, carry out direct sales, conduct market research and verify the quality of the products or services offered. Data may be processed with your voluntary consent or on the basis of the legitimate interest of the company, provided that it does not conflict with your rights.<\/li><\/ol>
        1. Profiling<\/b>The purpose of such processing is to optimise commercial offers, carry out targeted commercial communications, conduct statistical research and create profiles based on your personal preferences, behaviour and attitudes, in order to make appropriate commercial decisions or analyse and predict your preferences for commercial purposes. In these cases, your consent is optional and does not affect your relationship with the company.<\/li><\/ol>
          1. Indirect commercial purposes<\/b>This category includes the sharing of your data with third parties who carry out autonomous business activities, as described in the previous section. Again, your consent is optional and does not affect your relationship with the company.<\/li><\/ol>
            1. Post-commercial purposes<\/b>: this processing concerns the investigation of the reasons for the termination or revocation of relations with the company, after their conclusion. Again, your consent is optional and does not affect your relationship with the company.<\/li><\/ol>
              1. Training purposes of an Artificial Intelligence algorithm<\/b>We also inform you that your personal data will also be processed for the purpose of training and operating an Artificial Intelligence system within the Controller's organisation. This processing respects the principles of lawfulness and transparency as required by the Regulation. The choice to process data from the facility's customers reflects the need to obtain training, validation and testing datasets that are: relevant, sufficiently representative and, as far as possible, error-free and complete in view of the intended purpose of the system, as required by Recital 67 of the AI Act.<\/li><\/ol>

                Particular data,\u201c also known as \u201dsensitive data,\u201c are personal data that may reveal ethnicity, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data used to uniquely identify an individual, data relating to a person's health, sex life or sexual orientation (Art. 9 of the Regulation), or data relating to criminal convictions and offences or related security measures (Art. 10 of the Regulation). This data can only be processed with your explicit written consent or if one of the reasons listed in Art. 9 para. 2 and Art. 10 of the Regulation is applicable. Consent is optional, but refusal to give consent could jeopardise the performance of one or more activities required of the company, which specifically concern matters requiring the processing of such data.<\/p>

                Consent to the processing of your data may be binding for the conclusion of contracts with the Controller or third parties. Only data whose processing is essential for the conclusion of the contract are binding for the conclusion of the contract, whereas you can freely give or withhold consent for non-essential data, in particular for profiling, commercial communications and marketing purposes.<\/p>

                The Data Controller collects and processes your data in order to protect your vital interests if you are under 18 and over 14 years of age. Your data will be treated with the utmost confidentiality and only for the time strictly necessary to provide the requested services to the Controller, excluding any other purpose beyond the ongoing relationship between you and the Controller.<\/p>

                Your data may be shared with third parties for the purposes stated by the Controller. In particular, it may be transferred to third countries subject to an adequacy finding or, failing that, subject to your explicit consent.<\/p>

                B - DATA PROCESSING METHODS.<\/strong><\/p>

                Your data is processed by means of manual\/paper filing and electronic and automated means, in accordance with the above-mentioned purposes. If you have given your consent, the processing may include profiling or comparison of data. The Company has implemented technical and organisational measures to prevent and limit the risk of loss, deterioration or theft of your data, and to ensure timely recovery in the event of a data breach.<\/p>

                The processing is designed to ensure the security, protection and confidentiality of your data. Within the company, staff responsible for or in charge of the processing may have access to your personal data, including employees, managers, directors or partners of the company who occupy administrative, collaborative or commercial positions with self-employment contracts within the company structure. These persons have received appropriate training from the Company to ensure the storage, updating and security of your data, so consent is not required from these individuals, as it is required by law.<\/p>

                Outside the company, your data may be processed by collaborators with self-employment contracts operating outside the company's structures, as well as by consultants of various kinds (lawyers, accountants, engineers, architects, labour consultants and other professionals registered or not registered with professional bodies). These consultants perform technical, support and control tasks on behalf of the company. Data transfers are carried out using instruments that protect the data from external intrusion. Your data will not be disclosed to parties who may wish to communicate with you, unless you expressly authorise this.<\/p>

                Your data may be transferred abroad. If the transfer takes place within the European Union, your data will be processed in accordance with the same regulations as in Italy. If the data is transferred outside the European Union, your rights under the European Regulation will be respected. It is possible to request a list of third parties to whom the data is transferred.<\/p>

                Public bodies or administrations may receive the data in fulfilment of legal obligations. Since the data provided may be considered \u201cspecial\u201d or \u201csensitive\u201d data within the meaning of the European regulation, processing may only take place with your prior written consent and only for the purposes specified in this processing form, except in cases where processing is permitted by law.<\/p>

                The company may only process data relating to criminal convictions or offences involving security measures to the extent permitted by law. Since the data you provide may include \u201cbiometric data,\u201d such as fingerprints, handprints, facial features or signatures acquired by technological means, they will be processed in accordance with applicable laws, subject to your consent where necessary, and only for the purposes specified in this processing form.<\/p>

                To protect your data, the Data Controller has appointed a Data Protection Officer, identified as Luca Rampazzo.<\/b><\/p>

                The data controller undertakes to limit the use and handling of personal data, such as storage and archiving on our servers, to countries within the European Union. In the case of data transfer to countries outside the European Union, the parties involved may ensure compliance with the rights under the European Regulation through voluntary compliance and appropriate security measures to protect the data from unauthorised access. The transfer of such data to countries outside the European Union is prohibited, unless adequate protections are ensured or security measures have been taken in accordance with EU Regulation 2016\/679 - CHAPTER V.<\/p>

                For further details and clarifications, please contact the Data Protection Officer (DPO) of Terme di Saturnia.<\/p>

                This information notice, drawn up in compliance with Article 13 of the General Data Protection Regulation (GDPR) 2016\/679, is also applicable by Terme di Saturnia on the occasion of advertisements published on websites or portals for personnel recruitment that are not directly managed by the company itself.<\/p>

                The company will treat the\u00a0curricula vitae<\/b>\u00a0received by e-mail or through third-party companies specialised in personnel selection (such as advertisements published on portals, etc.) to assess possible applications within the company or in view of future opportunities.
                Processing is mainly done electronically, with the exception of CVs sent by traditional mail.
                CVs deemed \u201cinteresting\u201d will be stored at the company's premises for a period of 12 months and will be processed in accordance with the security measures prescribed by Article 32 of GDPR 2016\/679.
                CVs deemed irrelevant or those whose retention period exceeds 12 months will be removed.
                CVs will be stored in the human resources office of Terme di Saturnia and will not be disclosed to unauthorised third parties.
                They may be assessed by departmental managers of the spa appointed as authorised persons for processing, in accordance with Articles 29 and 32(4) of GDPR 2016\/679 and Article 2-quaterdecies of Legislative Decree 196\/2003.
                For the compilation of resumes, please kindly follow the following guidelines:
                Use the European format for the CV;
                Please send your CV in PDF format;
                Avoid including special categories of personal data, as defined in Article 9(1) of GDPR 2016\/679 (e.g. health information, religious, philosophical or political beliefs), unless they are directly relevant to the job position offered.<\/p>

                The company reserves the right to delete CVs that do not meet these requirements.<\/p>

                The processing of data in connection with the handling of CVs will be mainly for the purpose of evaluating, recruiting or selecting personnel, with the aim of collaboration, recruitment on a fixed-term or open-ended basis, internships or to enable the successful candidate to prepare his\/her dissertation at our premises.<\/p>

                In accordance with Article 111-bis of Legislative Decree 196\/2003, the information required by Article 13 of the GDPR is provided at the time of the first significant contact following the sending of the curriculum vitae, in the case of spontaneous applications for the establishment of an employment relationship.<\/p>

                In accordance with the specified objectives and on the basis of Article 6(1)(b) of the GDPR, the data subject's consent to the processing of personal data contained in CVs is not required.<\/p>

                Information on your Personal Data:<\/b><\/p>

                If our company has obtained data about you from third parties. In this form, we provide you with the following information:<\/p>

                • \u00a0 Who is the data controller and who is the representative, if applicable.<\/li>
                • \u00a0 Who is the Data Protection Officer, if applicable.<\/li>
                • \u00a0 The purposes and legal bases of data processing.<\/li>
                • \u00a0 The categories of data we collect.<\/li>
                • \u00a0 Who are the recipients of the data.<\/li>
                • \u00a0 The possibility of transferring data abroad.<\/li>
                • \u00a0 The data retention period or the criteria for determining this period.<\/li>
                • \u00a0 Your rights, including access, revocation, correction, cancellation, portability, restriction.<\/li>
                • \u00a0 The possibility of filing complaints with the supervisory authority.<\/li>
                • \u00a0 The source of your data.<\/li>
                • \u00a0 The use of automatic decision-making processes and your right to intervene.<\/li><\/ul>

                  Terme di Saturnia will only store personal data for as long as is necessary to achieve the purposes described in this notice.<\/p>

                  By way of example,\u00a0in case of subscription to the newsletter service<\/b>, Terme di Saturnia will retain your details until you decide to unsubscribe from the service, which you can easily do by clicking on an unsubscribe link in the email you receive. Any request sent will be deleted within 30 days of receipt.<\/p>

                  With the exception of the above, Terme di Saturnia will retain your personal data for as long as is required by Italian law to protect its interests, as stipulated in Article 2947(1)(3) of the Italian Civil Code.<\/p>

                  Data not subject to specific legal obligations will be deleted within 10 years.<\/p>

                  The data controller does not use automated procedures, including profiling and all detailed evaluations based on personal data collected via forms on this website. It is important to note that when you provide preferential information via contact forms, this is not binding and serves only organisational purposes.<\/p>

                  Regarding any profiling activities involving the use of cookies, please consult our Cookie Policy for further details.<\/p>

                  Rights of the Data Subject:<\/b><\/p>

                  You have several rights under the Regulation, including:<\/p>

                  • \u00a0 The right to lodge complaints with the national authority (Data Protection Authority) if you feel your rights have been violated.<\/li>
                  • \u00a0 The right to accurate and up-to-date data.<\/li>
                  • \u00a0 The right to withdraw consent to data processing.<\/li>
                  • \u00a0 The right to access your data.<\/li>
                  • \u00a0 The right to request correction of data.<\/li>
                  • \u00a0 The right to request deletion of data, except where there are legal obligations to keep them.<\/li>
                  • \u00a0 The right to retain data if you contest the accuracy or lawfulness of the processing.<\/li>
                  • \u00a0 The right to be informed if your data is modified or deleted.<\/li>
                  • \u00a0 The right to transfer your data to another operator, within the limits provided by law.<\/li>
                  • \u00a0 The right to object to data processing, profiling and the use of data for direct marketing.<\/li>
                  • \u00a0 The right to request a human review of decisions based on automated decision-making processes.<\/li><\/ul>

                    The company may use automated procedures to make decisions about you, but you have the right to request a human review before making binding decisions.<\/p>

                    Persons Involved in Data Processing:<\/b><\/p>

                    Here is who might process your data:<\/p>

                    • [Owner]: Our company.<\/li>
                    • [Representative]: Not applicable.<\/li>
                    • [Responsible persons]: The CEO and department heads.<\/li>
                    • [RDP\/DPO]: Luca Rampazzo.<\/li><\/ul>

                      Ways to Exercise Your Rights:<\/b><\/p>

                      You can make written requests by sending them to the company address, Terme di Saturnia S.p.a. - Localit\u00e0 Saturnia - 58014 Manciano (GR) or by e-mail to dpo@termedisaturnia.it. Alternatively, if available, you can do this yourself in the online personal area using a unique identifier.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"

                      INFORMATIVA RESA AI SENSI DEGLI ART. 13-14 DEL GDPR (GENERAL DATA PROTECTION REGULATION) 2016\/679 Secondo la normativa indicata, tale trattamento sar\u00e0 improntato ai principi di correttezza, liceit\u00e0, trasparenza e di tutela della Sua riservatezza e dei Suoi diritti. Ai sensi dell\u2019articolo 13 del GDPR 2016\/679, pertanto, Le forniamo le seguenti informazioni: A \u2013 Le informazioni […]<\/p>","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"open","template":"","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","footnotes":""},"class_list":["post-3","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/saturniadayspa.com\/en\/wp-json\/wp\/v2\/pages\/3","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/saturniadayspa.com\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/saturniadayspa.com\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/saturniadayspa.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/saturniadayspa.com\/en\/wp-json\/wp\/v2\/comments?post=3"}],"version-history":[{"count":21,"href":"https:\/\/saturniadayspa.com\/en\/wp-json\/wp\/v2\/pages\/3\/revisions"}],"predecessor-version":[{"id":4543,"href":"https:\/\/saturniadayspa.com\/en\/wp-json\/wp\/v2\/pages\/3\/revisions\/4543"}],"wp:attachment":[{"href":"https:\/\/saturniadayspa.com\/en\/wp-json\/wp\/v2\/media?parent=3"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}