Privacy Policy

Privacy Policy

This document describes how to manage the website (“Site”), with reference to the processing of personal data of Users (“User / Users”) who consult it.

It is a disclosure statement pursuant to article 13 of Regulation (EU) 2016/679 (“GDPR”) and of the national legislation on privacy and protection of personal data applicable to all those who visit the Site.

It is a disclosure statement pursuant to article 13 of Regulation (EU) 2016/679 (“GDPR”) and of the national legislation on privacy and protection of personal data applicable to all those who visit the Site.

The User is informed that this website is owned by the Tre Stelle S.S.A.

1. Data controller

The data controller is BOSIO FAMILY ESTATES srl, with registered office in Frazione Valdivilla, strada Borelli, 10 – 12058 Santo Stefano Belbo (CN) – ITALY, in the person of its pro tempore legal representative,  (“Owner”). Email:

2. Type of data collected

2.1 Browsing data

During their normal operation, the IT systems and software procedures used to operate the Site acquire some personal data whose transmission is implicit in the use of internet communication protocols.

This is information that is not collected to be associated with identified subjects, but which by its very nature could allow users to be identified.

This includes, for example: (i) the IP addresses or domain names of the computers used by the Users who connect to the Site, (ii) the URI (Uniform Resource Identifier) ​​notation addresses of the requested resources, (iii) the time of the request, (iv) the method used to submit the request to the server, (v) the size of the file obtained in response, (vi) the numeric code indicating the status of the response given by the server (successful, error) and (vii) other parameters relating to the User’s operating system and IT environment.

2.2 Data provided voluntarily by the User

Contact form:

The Data Controller processes personal and identification data (name, surname, address, email) following “personal data”. Users are free to provide their personal data to make requests for information. As far as data is concerned, there is no automated decision-making process, nor any processing involving user profiling. If the User provides personal data of third-party Users, he must be sure that these subjects have been adequately informed and have given their consent.

2.3 Cookie

Technical cookies are installed on the site for the proper functioning of the site and anonymized Google Analytics cookies for [*]. Please read the relevant Cookie policy.

3. Purpose and legal basis of the processing

3.1 Browsing data

The navigation data are used to obtain statistical information on the use of the Website, for the purposes of site security and to check its correct functioning and could be used to ascertain responsibility in case of any computer crimes against the Website. The legal basis of the processing of such data is the legitimate interest of the Data Controller and in the case of requests by the Judicial Authority, the legal obligation.

3.2 Data provided voluntarily by the User

Form di contatto:

The personal data entered in the contact form will be processed exclusively to respond to the request, or for the provision of the service. Personal data will be processed to fulfill pre-contractual, contractual or tax obligations.

Personal data are processed for marketing purposes (sending newsletters relating to products and services offered by the Data Controller), only with the express consent of the User. The User will have the right to withdraw the given consent at any time. The User’s personal data may be processed to fulfill the obligations established by law, by a regulation, by comunity legislation or by an order of the Authority and to pursue a legitimate interest of the Data Controller or to exercise of the rights of the Data Controller, for example the right of defence.

4. Subjects who may process the personal data

Personal data may be accessed by third parties belonging to the following categories:

  • freelancers, firms or companies in the context of assistance and consultancy relationships;
  • subjects that provide services for the management of the activities indicated above in the purposes (subjects for communication, press);
  • subjects that provide services for the management of the information system and telecommunications networks;
  • platform managers for the services listed above (site hosting, management software);
  • competent authorities for compliance with legal obligations and / or provisions of public bodies, upon request.

The subjects belonging to the aforementioned categories act as Data Processors pursuant to art. 28 GDPR. Personal data will be processed only by persons authorized by the Data Controller, pursuant to art. 29 GDPR, due to their job or corporate role.

5. Data retention

The User’s personal data will be processed by the Data Controller for the only period of time necessary to achieve the purposes of the processing, after which they will be kept only in compliance with the legal obligations in force, for administrative purposes and/or to assert or defend one’s right. Personal data processed for marketing purposes will be stored for a period not exceeding five years. Personal data processed for navigation purposes will be stored for a period not exceeding 14 months. The data provided directly by the interested party are stored for the time strictly necessary to process the requests and then canceled.

6. Security measures

Personal data are collected electronically, recorded in digital format, through the use of organizational and technical security measures to ensure the protection of confidentiality and to avoid risks of loss or destruction, unauthorized access, treatment not allowed or not in accordance with the aforementioned purposes.

7. Data transfer to a third country

Personal data provided will not be transferred abroad to non-EU countries or to an international organization. The Data storage and processing take place in on servers within the European Union. It is understood that, the Data Controller, if necessary, will have the right to move the location of servers in Italy and / or European Union and / or non-EU countries.

In such a case, the Data Controller shall ensure that the transfer of Data in non-EU countries will take place in accordance with applicable law by stipulating, where necessary, agreements ensuring an adequate level of protection and/or adopting the standard contractual clauses as provided by the European Commission.

8. Minors

This Site is not intended for use by minors and no child data is collected or processed knowingly. In accordance with applicable laws, the parent’s responsibility provider must provide consent to the collection of the child’s personal data. In the case in which the data of the minors were involuntarily treated, the Data Controller will delete them in a timely manner, upon written request of the parental responsibility.

9. Right of users

The User can assert rights as expressed in articles 15, 16, 17, 18, 19, 20, 21, 22 of EU Regulation 2016/679, by contacting the Data Controller, by writing an email to or the User can submit a written request by sending a registered mail to a/r a BOSIO FAMILY ESTATES srl., Frazione Valdivilla, strada Borelli, 10 – 12058 Santo Stefano Belbo (CN) – ITALY.

The User has the right, at any time, to ask the Data Controller to access his/her personal data, to rectify it, to erasure it or limit its processing. Furthermore, in the cases provided for, it has the right to object, at any time, to the processing of data (including the existence of automated decision-making, e.g. profiling), and to withdraw the consent given without prejudice to the lawfulness of the processing of the consent previously granted. If the User considers that its rights have been infringed by the Data Controller, has the right to lodge a complaint with the Italian Supervisory Authority ( or any other Supervisor Authority in the European Union. The User shall have the right to receive the personal data concerning him or her, which he or she has provided to a Controller, in a structured, commonly used and machine-readable format (data portability).

10. Changes to this privacy policy

The Data Controller reserves the right to modify, update, add or remove parts of this privacy statement at its discretion. Any updates will be published on this page.