Privacy Policy


Information Notice pursuant to art. 13 of the EU Regulation 2016/679 – art. 13 of Legislative Decree 196/2003 (Personal Data Protection Code) and subsequent amendments.

Last updated May 2018.

In compliance with EU Regulation No. 679 of 2016 and Legislative Decree No. 196 of 2003 regarding the protection of personal data, we inform you that the Data Controller is Daniela Varona / Barbera e Tulipani (hereinafter referred to as “the Data Controller”).

Personal data are processed in full compliance with EU Regulation 679/2016 and Legislative Decree 196/2003 and subsequent amendments.

The data provided by you (hereinafter referred to as “the Data Subject”) will be used solely to respond to your requests and may be disclosed to third parties only if necessary for this purpose or with your explicit consent.

Data processing will be carried out by personnel appointed by the Data Controller, using suitable procedures, technical, and computer tools to protect the confidentiality and security of the Data Subject’s data. It involves the collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, deletion, and destruction of such data, including the combination of two or more of the above-mentioned activities.

Data will be stored for the time strictly necessary to provide the requested services to the Data Subject and will be deleted upon the Data Subject’s request, subject to additional retention obligations required by law.

The Data Subject’s data will not be disclosed.

In the course of its activities and for the above-mentioned purposes, the Data Controller may use services provided by third parties who operate on behalf of the Data Controller and according to its instructions as data processors. These may include suppliers, commercial and production partners, intermediaries, technical consultants, and other similar entities that collaborate with our organisation to fulfil the contractual commitments undertaken with you. This includes entities that provide services strictly and necessarily related to the Data Controller’s activities, such as tax consultants, banks, shippers, insurers, public and private entities, including inspections or verifications, and entities that may access the data in accordance with legal provisions.

The data may also be communicated to all those subjects authorised by law to collect them (e.g., provincial health service companies, tax authorities, etc.).

The Data Subject may request a complete and updated list of the data processors by contacting the contact below.

Data Subject’s Rights

Right of access (Art. 15 GDPR): The Data Subject has the right to access their data and file a complaint with the supervisory authority.

Right to rectification (Art. 16 GDPR): The Data Subject has the right to obtain from the Data Controller the rectification of inaccurate personal data concerning them.

Right to erasure (right to be forgotten) (Art. 17 GDPR): The Data Subject has the right to obtain from the Data Controller the erasure of personal data concerning them without undue delay.

Right to restriction of processing (Art. 18 GDPR): The Data Subject has the right to obtain restriction of processing.

Obligation of notification (Art. 19 GDPR): The Data Controller informs each recipient to whom the personal data have been disclosed of any rectifications, erasures, or restrictions of processing carried out in accordance with Articles 16, 17, and 18.

Right to data portability (Art. 20 GDPR): The Data Subject has the right to receive the personal data concerning them, which they have provided to the Data Controller, in a structured, commonly used, and machine-readable format.

Right to object (Art. 21 GDPR): The Data Subject has the right to object to the processing of their personal data.

Profiling (Art. 22 GDPR): The Data Subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

The Data Controller is [–> Daniela Varona].

Art. 7 – Right of access to personal data and other rights:

The Data Subject has the right to obtain confirmation of the existence of personal data concerning them, even if not yet recorded, and their communication in an intelligible form.

The Data Subject has the right to obtain information about:

a) the origin of personal data;

b) the purposes and methods of processing;

c) the logic applied in case of processing carried out with the aid of electronic instruments;

d) the identity of the data controller, data processors, and the designated representative under Article 5, paragraph 2;

e) the subjects or categories of subjects to whom personal data may be communicated or who may become aware of them in the capacity of designated representative in the territory of the State, data processors, or persons in charge.

The Data Subject has the right to obtain:

a) the updating, rectification, or, when interested, integration of data;

b) the deletion, transformation into anonymous form, or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;

c) certification that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared to the right that is to be protected.

The Data Subject has the right to object, in whole or in part:

a) on legitimate grounds, to the processing of personal data concerning them, even though they are relevant to the purpose of the collection;

b) to the processing of personal data concerning them where it is carried out for direct marketing purposes or for carrying out research or for communication to third parties.

The Data Protection Officer is Daniela Varona.

Data Controller and Data Processor of Personal Data

Pursuant to art. 28 of Legislative Decree 196/2003:

Data Controller of personal data: Daniela Varona

Data Processor of personal data: Daniela Varona

Registered office:  Cascina Madonna No. 4, 14026 Montiglio Monferrato (AT), Italy


Websites to which we redirect, including (but not limited to) secondary sites and third-party service providers, may have a different privacy policy than the one described here. We assume no responsibility for the privacy policies of linked websites and encourage you to be informed.


We do not intend to collect personal information from anyone under the age of 16. If you are under 16, you should not make an online reservation or request for information but should ask a parent to do so on your behalf.

Questions or Concerns

If at any time you believe that the Data Controller has not followed the policy mentioned above, we invite you to notify us by sending an email to, and we will do our best to identify and resolve any issues.

You can also write to us at Barbera e Tulipani, Cascina Madonna No. 4, 14026 Montiglio Monferrato (AT), Italy.

Changes to This Online Privacy Policy

We may change this Privacy Statement from time to time to address changes in regulations, business needs, or to meet the requirements of our visitors, guests, market partners, and service providers. Updated versions will be published on our website, along with the update dates, to inform you of the latest privacy policy updates.