Privacy Policy

Tenuta Carrieri Srl protects the confidentiality of personal data voluntarily provided by its customers and guarantees the processing of the same in accordance with the provisions of current privacy legislation and EU Regulation No. 2016/679. The owner of the processing of personal data is the company Tenuta Carrieri Srl (P.IVA IT08557300723) with registered office in Corso Alcide De Gasperi, 292 – 70124 Bari, pec address:, email:, phone +39 3913512770. 

Tenuta Carrieri Srl, pursuant to Article 37 of the GDPR, has appointed a Data Protection Officer who can be contacted at the email:

Purpose and legal basis of data processing

The provision of data and consent to their processing are voluntary and are necessary to book the stay, tourist activities and hospitality services offered at the Tenuta Carrieri Srl accommodation facilities, as well as, to organize meetings, weddings and receptions. The data collected (name and surname, company name, residential address, telephone number, fax number, tax code, VAT number, e-mail addresses, bank details) are processed exclusively to allow the data controller to fulfill the legal obligations related to the exercise of the activity of providing hospitality services, as well as, to follow up the contract to which the data subject is a party or in execution of pre-contractual measures taken at the request of the same.

The Data Controller, with the express consent of the data subject, also processes contact data (mainly personal data, email and telephone numbers) to send communications, including promotional and commercial to customers (newsletter). Tenuta Carrieri Srl for purposes of protection of the company’s assets acquires data through a video surveillance system of some external areas of the accommodation, identifiable by means of special signs. The consent of the data subjects is not required for such processing, as the data controller pursues the legitimate interest of protecting the company’s assets against possible theft, damage, vandalism.

Type of data collected and mode of processing

Personal data (e.g. first name, last name, address, e- mail, bank details) coming from the booking system set up on the website ( are collected through the External Data Processor appointed for this purpose, Octorate S.r.l. Via Filippo Caruso 23 – 00173 Rome, P.Iva IT13493861002, C.F 13493861002 through the booking engine portal which states its privacy policy at Personal data (first name, last name, address, e- mail, bank details) that come from external websites such as,; are collected by such websites that have their own privacy policy, the contents of which can be easily identified by the individuals concerned within the relevant portals. Common identifying data provided at check-in are sent to the relevant authorities (e.g., Police and Province) as required by law. The common identifying and master data used for billing purposes are stored in the accounting software database located at the registered office of Tenuta Carrieri Srl and communicated to the external Data Processor appointed for this purpose for bookkeeping and tax compliance. In addition to the Data Controller, the personal data collected may also be processed by individuals involved in the organization of Tenuta Carrieri Srl (e.g. administrative and secretarial staff) or by external parties (e.g. company that manages the site, hosting provider, vigilance consultants, accountants and lawyers who provide services functional to the purposes of treatment). These subjects are assigned exclusively to the Data Controller. The list of Data Processors can always be requested from the Data Controller. The processing of collected data is done both in paper form and with the help of computer tools that allow the performance of the operations indicated in Article 4 No. 2 of the GDPR such as collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. The management and storage of personal data will take place on servers located within the European Union of the Data Controller and/or Third Party companies contracted and duly appointed as Data Processors. Currently, the servers are located in Italy. The processing of data from the video surveillance system is carried out in such a way as to limit the visual angle of the area to be protected, avoiding as much as possible the filming of surrounding places and details that are not relevant (streets, other buildings etc.). Recorded images are deleted after 24 hours, except for holidays or other cases of closure of the business. They are not subject to disclosure to third parties, except in cases where it is necessary to adhere to a specific investigative request from the judicial authority or judicial police.

Responsible for data processing: Vito Giannella, 

Retention period

Personal data are kept for a period of time no longer than necessary for the purposes for which they were given. Their deletion is done in a secure manner. Specifically: data collected to fulfill accounting and tax purposes will be kept for a period not exceeding 10 years. Otherwise, data collected for promotional purposes will be kept for a period not exceeding 2 years. Data for sending newsletters will be retained until the user requests deletion. Data acquired from the video surveillance system are deleted within 24 hours.

Rights of the data subject

Each data subject, with reference to the processing of his or her personal data, enjoys the rights set forth in Articles 15 to 22 of the GDPR. As a result of this, he/she may request from the Data Controller access to his/her personal data and the rectification or erasure thereof or the restriction of the processing of personal data concerning him/her or to object to the processing thereof, as well as the right to data portability (where the specific legislation permits). The above requests should be sent to the following pec address:, email: If the data subject believes that his or her data is being processed contrary to the provisions of the GDPR, he or she has the right to lodge a complaint with the Data Protection Authority.

The Data Controller

Vito Giannella