Privacy Policy

In compliance with the requirements of the national regulation (Italian Legislative Decree no. 196 of 30 June 2003, Code on the protection of personal data) and EU regulation (General Data Protection Regulation (GDPR) Reg. 196/2016) as amended, this page contains details on how the website (henceforth, “Site”) is managed and how the personal data of those using it is processed.

The information is intended for anyone who accesses, through the internet, the web services available at the address (henceforth, “Site”), pursuant to articles 13 and 14 of EU Reg. 2016/679 (General Data Protection Regulation) on the protection of personal data.

The present policy concerns all data that Campeggio Puntala S.r.l. (henceforth, “Campeggio” or “Company”) collects and processes through the Site, except by the use of cookies. For details on the use of cookies, please refer to the specific, extended policy on cookies (Cookie Policy, in accordance with EU Reg. 2016/679) by clicking the link.

This policy only covers the Site It does not cover any other websites that you, as a user, may access from the Site via links.

By visiting the Site, you provide your consent to the practices described in the present Privacy Policy.

Navigation data

The IT systems and software procedures designed to enable to Site to function may, in their normal course of exercise, acquire personal data. The transfer of such data is implicit in the use of internet communication protocols. The data is not collected in order to be linked to identifiable data subjects but, by its very nature and in the course of it being processed and merged with data held by third parties, it may be possible to identify you.

This type of data includes the IP address or computer domain name with which you connect to the Site, the URI (Uniform Resource Identifier) addresses of the resources you request, the time at which the request is made, the method by which you place the request on the server, the size of the files received in response to the request, the numerical code indicating the server response status (successful, error, etc.) and other parameters relating to your operating and IT systems.

Such data is only used to gather anonymous statistical data on how the Site is being used and to ensure the Site functions correctly. It is erased immediately after it is processed.

The data may be used to establish liability in the event of a cybercrime that causes damage to the Site.

Voluntarily provided data

The Data Controller processes personal identification particulars (e.g. one’s name, surname, business name, address, telephone number, e-mail address, bank and payment details) which you communicate when contracts are entered into for the Data Controller’s services.

After the optional, explicit and voluntary sending of electronic mail to the addresses listed on the Site, the Site acquires your email address, as the sender of such mail, for the purpose of responding to the request, as well as any other data included in the message sent.

Purposes of data processing, communication and access to data

The personal data which you provide will be processed in accordance with the legality conditions of Article 6 of Regulation (EU) 2016/679 for the following purposes:

1. without your express consent (Article 24(a), (b), (c) of the Personal Data Protection Code, as amended (provisions adapting domestic legislation to the provisions of the EU Regulation 2016/679) and Article 6(b) and (e) of the General Data Protection Regulation (GDPR), for the following Service Purposes:

a) for technical Site administration purposes;

b) to perform the service or performance requested, to enter into contracts for the Data Controller’s services;

c) to fulfil pre-contractual, contractual and tax obligations associated with ongoing dealings with you;

b) to fulfil obligations associated with applicable legislative and regulatory provisions, EU rules or an order of the Italian Data Protection Authority (e.g. on anti-money laundering);

e) to exercise the rights of Data Controller, such as the right to defence in court.

Your data may, for the aforementioned purposes, be communicated to the judicial authorities and to those in respect of whom the communication is required by law in order to carry out those purposes. These persons/entities will process the data in their capacity as independent data controllers. Your information will not be disseminated.

2. without your express consent in advance, as provided by Article 130 paragraph IV of the Personal Data Protection Code, as amended (provisions adapting domestic legislation to the provisions of the EU regulation 2016/679), for the following Marketing Purposes:

f) to process the e-mail addresses which you provide when purchasing a product and/or service offered and sold on the Website directly from Campeggio Puntala, to enable the latter to engage in direct sales of similar products or services (and therefore to send the user by email promotional communications for those products and/or services), on condition that you do not exercise your right of objection in accordance with the procedures indicated below (“soft-spam”).

You may object to receiving soft-spam communications:

  • by contacting Campeggio Puntala S.r.l. at:;
  • using the link provided in any promotional communication sent by Campeggio Puntala S.r.l.

3. only if you specifically consent (Articles 23 and 130 of the Personal Data Protection Code, as amended – provisions adapting national legislation to the provisions of EU regulation 2016/679 – and Article 7 of the GDPR), for the following Marketing Purposes:

g) to send you – using communications means that are automated (e.g. email and/or sms and/or instant messaging) as well as traditional (e.g. normal postal services and/or telephone contact using an operator) – newsletters, commercial communications and/or advertising material for products or services offered by the Data Controller which are different from products or services for whose supply the data were gathered, and customer satisfaction surveys on the quality of the services provided;

h) to send you (by email, normal post and/or sms and/or instant messaging and/or telephone contact) newsletters, commercial and/or promotional communications of third parties (e.g. business partners);

i) to analyse consumer choices and habits in order to improve the offer of services during subsequent stays, in order to send you personalised commercial communications/perform targeted promotions, business intelligence;

l) to implement bonus transactions and customer loyalty programs.

4. only if you specifically consent (Articles 23 and 130 of the Personal Data Protection Code, as amended – provisions for the adaptation of national legislation to the provisions of EU regulation 2016/679 – and Article 7 of the GDPR), for the following Marketing Purposes:

m) the communication of your personal data for their promotional purposes to the companies Ma.To S.r.l. (VAT No. – Tax Code 01467010532), Cla.To S.r.l. (VAT No. – Tax Code 01468080534), Centro Velico Punta Ala A.s.d. (VAT No. – Tax Code 01356920536), I-MTB Asd (VAT No. – Tax Code 01454330539), all based in Punta Ala – c/o Campeggio Puntala – 58043 Castiglione della Pescaia (GR); GRAVITY di Giorgia Volta, based in Via degli Affitti 9 – 57021 Venturina (Li), VAT No. 01783740499; Silverfield S.r.l., with offices in Via Fra Silvestro Maruffi, 3 – 50132 Florence, VAT No. 0648800484 and, as necessary, to suppliers of catering and recreational services hosted in the territory where our structure is located.

Your data may be made accessible for the purposes referred to in 1., 2., 3. and 4.:

– to employees and collaborators of the Data Controller or of partner companies and/or entities in Italy and abroad, in their capacity as data processing operators (i.e. the persons in charge of the processing) and/or internal data processors and/or system administrators;

– to third-party companies or other subjects (e.g. credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.) who carry out outsourced activities on behalf of the Data Controller, acting as external data processors.

Legal basis of data processing

The provision of data for the purposes indicated in subsection 1. is mandatory. Without such data, we cannot guarantee the Services referred to in subsection 1. The legal basis of the processing of such data is the execution of a contract to which you are party or the requirement to comply with specific legal obligations.

The legal basis of the processing of data for the purposes referred to in subsection 2 above is Article 130 paragraph IV of the Personal Data Protection Code, as amended (provisions to adapt domestic legislation to the provisions of the EU regulation 2016/679), which specifically permits the data processing in question.

The provision of data for the purposes indicated in subsections 3. and 4. above is, by contrast, optional. You may therefore decide not to provide any data or subsequently revoke your consent to the processing of data already provided: in this case, you will not receive newsletters, commercial communications and advertising material related to the Services offered by the Data Controller. However, you will continue to be entitled to the Services referred to in point 1. The legal basis for such data processing is the data subject’s consent (which is optional and revocable at any time).

The personal data are not, however, processed for more than 10 years from the termination of the relationship for the Service Purposes.

Personal data processed for Marketing Purposes will be retained until the data subject’s consent is revoked.

The Site processes some personal data for the Data Controller’s legitimate interests.

Methods of processing

The data in question shall be processed:

– in any type of paper and electronic format;

– by subjects authorised for the purpose, who shall always be identified, suitably trained and made aware of the relevant legal obligations and implications;

– for the period of time strictly necessary to fulfil the purposes for which the data was collected;

– with a commitment to always keep the data up-to-date, including the removal of any data that is obsolete, not necessary or not relevant;

– with a commitment to adopting all legally required organisational and security measures, in order to preserve the data subject’s confidentiality and avoid the data being accessed unnecessarily by third parties or at all by unauthorised persons.

Duration of processing

The personal data collected shall be stored, within the limitations of art. 5, paragraph 1, letter e) of EU Reg. 2016/679, in a format that allows the data subject to be identified for a period of time no longer than necessary for the fulfilment of the purposes for which the data is being processed, however not for more than 10 years from the termination of the relationship for the Service Purposes.

Personal data processed for Marketing Purposes will be retained until the data subject’s consent is revoked.

Data Controller, data processors operators, data processor

The Data Controller for the personal data in question is Campeggio PuntAla S.r.l., Tax Code 01233070539, headquartered in 58043 Punta Ala, Castiglione della Pescaia, Grosseto, Italy tel. +390564922254 fax. +390564920379, e-mail:

The data processors are Campeggio PuntAla S.r.l. employees and/or partners. Data may be processed by employees and/or non-company collaborators of company departments responsible for fulfilling the purposes indicated above, who have been expressly authorised to process the data and who have received adequate operating instructions.

GP Dati Hotel Service S.p.a., Tax Code 01560290270, headquartered in Via Paganello, 22/A, 30172 – Venezia, Italy is Data Processor, which processes personal data on behalf of the Controller.

The updated list of data processors and data processing operators is kept at the Data Controller’s registered office.

Rights of the data subject

Pursuant to EU regulation 196/2016 (GDPR) and the national regulation you, as a user, may, by the methods and within the limitations set forth in the regulations in force, exercise the following rights:

– to request from the controller confirmation as to whether or not personal data concerning you are being processed (right of access);

– to know what the data source is;

– to receive intelligible communications;

– to receive information concerning the logic, methods and purposes by or for which the data is being processed;

– to update, rectify, erase or pseudonymise your personal data; to block the processing of personal data being processed in breach of the Law, including where the processing of such data is not necessary for the purpose for which it was collected;

– where the basis for processing is your consent, to receive the personal data you have provided to the Data Controller in a structured, commonly used and machine-readable format, without prejudice to paragraphs 3 and 4 of art. 20 of EU Reg. 2016/679), at no more than the cost price for this to be done;

– if you believe that the processing of your personal data breaches the provisions of EU Reg. 2016/679, pursuant to art. 15, letter f) of the same regulation, to lodge a complaint with the Garante Privacy (Italian Data Protection Authority) pursuant to art. 6, paragraph 1, letter a) and art. 9, paragraph 2, letter a), as well as the right to withdraw your consent at any time;

– should the data processing have for a legal basis legitimate interests, your legitimate interests as the data subject are guaranteed (with the exception of the right to data portability, for which the regulations do not provide), with particular regards to your right to object which may be exercised by sending a request to the Data Controller.

– the data subject’s right to object to the processing of his/her personal data for marketing purposes through automated means of contact, extends to traditional contact means and, in any case, the data subject can still exercise said right also in part, by e.g. objecting only to the transmission of promotional communications by automated means;

– as well as, more generally, to exercise any rights awarded to you under the Laws in force.

As a user, you may exercise your rights pursuant to articles 15, 16, 17, 18, 19, 20, 21, 22 of EU Regulation 2016/679 by contacting the Data Controller (Campeggio Puntala S.r.l.) with your request, by telephone (+390564922254), fax (+390564920379) or email ( You have a right to receive a response regarding the decision reached in processing such a request.