PRIVACY POLICY

(pursuant to EU Regulation 679/2016 GDPR)

Last updated: March 2026

  1. Data Controller

The Data Controller is:

Azienda Agricola Cascina Ponchietta s.s.a. Casali Ponchietta, 17 – Frazione San Vito 12046 Montà (CN) – Italy VAT / Tax Code: 03578390043 Email: info@ponchietta.com

  1. Types of data processed

2.1 Browsing data During website navigation, the following data may be collected automatically: IP address, browser type and version, device parameters, date and time of visit, pages visited and referrer. Such data are processed exclusively for security, website operation and technical management purposes.

2.2 Data provided voluntarily Through the contact form, booking engine, email, WhatsApp or telephone communications, the following data may be collected depending on the request: name and surname, email and/or phone number, stay-related data (dates, number of guests, preferences), data required for the issuance of fiscal or administrative documents, where requested.

2.3 Data required by law (stays: Police Authority / ISTAT) In the event of a stay at the property, personal details and identity document information are processed to fulfil mandatory legal obligations. Data are transmitted via the MyMaisonmanagement system to the following authorities, as required by law: Police Authority (Alloggiati Web – art. 109 TULPS) and ISTAT (mandatory statistical surveys). Data remain archived in the management system for potential future stays. Legal basis: legal obligation.

  1. Purposes of processing and legal bases

Personal data are processed for: handling information requests (legal basis: pre-contractual measures / data subject’s request); managing bookings and stays (legal basis: performance of a contract or pre-contractual measures); fulfilling fiscal and administrative obligations (legal basis: legal obligation); public security and statistical obligations – Police Authority / ISTAT (legal basis: legal obligation); website security and abuse prevention (legal basis: legitimate interest of the Data Controller).

  1. Booking engine and channel manager WuBook

The website uses the online booking system WuBook, used both as a direct booking engine and as a channel manager for availability and reservation management.

Bookings are secured by credit card as a guarantee only. No advance charge is made through the website. Credit card data are not stored by the Data Controller, are not accessible in full by the property, and are managed directly by WuBook through infrastructure compliant with industry security standards (PCI DSS compliance as declared by the provider). The Data Controller does not manually retain or archive complete payment card data.

WuBook acts as Data Processor pursuant to art. 28 of EU Regulation 679/2016 (GDPR) on the basis of a specific contractual agreement with the Data Controller.

WuBook is also used as a channel manager for reservations received through external OTA platforms, including Booking.com, Expedia, Agriturismo.it, Agriturismo.net and Bed-and-Breakfast.it. Guest data transmitted by these platforms are acquired and processed through WuBook in accordance with the stated purposes. OTA platforms act as independent data controllers for the data collection phases within their own competence.

  1. Security tools

The website uses HTTPS protocol and Google reCAPTCHA for anti-spam protection and contact form security. The use of Google reCAPTCHA is based on the legitimate interest of the Data Controller in protecting the website from automated access and fraudulent activity. Its use may involve the transfer of data to the United States, carried out in compliance with the EU-US Data Privacy Framework (in force since July 2023).

  1. Social networks and external platforms

The website contains simple links to social profiles and review platforms: Facebook (Meta Platforms Inc.), Instagram (Meta Platforms Inc.), TripAdvisor, Google (reviews). No social plugins with automatic tracking are used. No data are transmitted to these platforms merely by browsing the website. Any processing occurs only upon voluntarily accessing the external platforms via the links provided. The website may include a direct link to WhatsApp. Use of this channel for communications with the property is subject to Meta Platforms Inc.’s privacy policy.

  1. Cookies

The website uses exclusively the following cookies: technically necessary cookies for website operation; technical cookies related to the booking engine (WuBook); technical cookies of the cookie consent management system; _GRECAPTCHA (www.google.com) — a functional cookie set by Google reCAPTCHA for risk analysis and anti-spam protection of contact forms. Category: functional / third-party technical.

No profiling tools, advertising trackers or Google Analytics are installed. Users may manage their preferences via the cookie banner and the consent withdrawal function available at the bottom of this page.

  1. Processing methods and security measures

Processing is carried out using electronic and/or telematic tools, with organisational and logical procedures strictly related to the stated purposes. Adequate security measures are in place to prevent unauthorised access, disclosure, unauthorised modification or destruction of data.

  1. Data retention

Data are retained for the time necessary to respond to requests and manage pre-contractual/contractual relationships; for fiscal and administrative obligations (generally 10 years); for public security and statistical obligations within the terms provided by applicable law. Data relating to information requests that did not result in a booking are retained for a maximum period of 24 months, unless otherwise required for documentation purposes.

  1. Data communication and transfer

Data are not disclosed publicly. They may be communicated to parties acting as Data Processors or authorised processors (e.g. technical providers, hosting provider, booking engine, management system for legal obligations) exclusively for the stated purposes. Data may be processed by technical service providers acting as Data Processors pursuant to art. 28 GDPR, including the hosting provider HOST S.p.A., Corso Svizzera 185 – 10149 Turin (Italy), with whom a specific contractual agreement is in place. MyMaison acts as Data Processor for administrative management activities and legal obligations related to stays. Processing normally takes place within the European Economic Area. Any transfers to non-EU countries (e.g. the United States for Google reCAPTCHA) are carried out in compliance with the guarantees provided by the GDPR, including adherence to the EU-US Data Privacy Framework where applicable.
This website may share some of the data collected with services and server providers located outside the European Union, particularly in the United States, in particular the following plugins and software:

– WordFence ( privacy policy )
– BackBlaze ( privacy policy )
– DropBox ( privacy policy )
– Google Analytics ( privacy policy )

  1. Data subject rights

Pursuant to articles 15–22 of the GDPR, the data subject may exercise the rights of access, rectification, erasure, restriction, portability, objection to processing, and lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali). Requests should be sent to: info@ponchietta.com

TERMS OF SERVICE

This website is governed by Italian law. Any disputes fall under the jurisdiction of the Court of Turin, without prejudice to the provisions of art. 66-bis of the Italian Consumer Code regarding consumer jurisdiction. The Data Controller reserves the right to update content and conditions without prior notice.

By accessing and using this website, the user declares to have read this privacy policy.

Organize your stay at Cascina Ponchietta

Check availability and rates for our agriturismo in Montà, in the heart of Roero


WE ARE OPEN FROM APRIL 1ST TO DECEMBER 31ST


CHECK AVAILABILITY