Corporate Information

Company Name: Società Agricola San Michele Srl Legal Address: Via Virgilio, 38 00193 Rome (Rm) VAT Number: 08291391004

Privacy Policy

In compliance with articles 13 and 14 of EU Regulation 2016/679, the following information is provided to users of the website, which is owned by Società Agricola San Michele Srl. The policy applies only to the Tenuta Ponziani – Griffin’s Resort website and not to any other websites that may be accessed through links.

Data Controller

During their visit to this website, users’ personal data may be collected and processed. The data controller is Tenuta Ponziani – Griffin’s Resort, located at Località San Faustino, 24, 05018 Orvieto, and can be contacted via email at The company’s legal name is Società Agricola San Michele Srl and its legal address is Via Virgilio, 38 00193 Rome (Rm).

Data Processing Location and Recipients

Data processing connected to the web services of Tenuta Ponziani – Griffin’s Resort takes place in Italy at DATA4 GROUP’s Server Farm, located at Via Monzoro, 101-105, 20007 Cornaredo (MI). These entities are sub-suppliers of Titanka! spa (primary data processor) located at Strada degli Angariari, 46 47891 Falciano RSM and perform maintenance and management of the website.

Data Types Processed

Navigation Data: The software applications used to operate this website acquire some personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could allow users to be identified through processing and association with data held by third parties. This category of data includes IP addresses or domain names of computers used by users connecting to the website, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters related to the user’s operating system and computer environment.

Data Provided Voluntarily by Users: The optional, explicit and voluntary sending of emails to the addresses listed on this website entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message.

Cookies: No personal user data is acquired by the website in this regard. We do not use cookies to transmit personal information, nor are persistent cookies of any kind used, or systems for tracking users. The use of session cookies (which are not stored permanently on the user’s computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe and efficient exploration of the website. Session cookies used on this website avoid the use of other computer techniques that are potentially prejudicial to the privacy of users’ browsing and do not allow the acquisition of personal identification data.

Optional Data Provision

Apart from what specified for navigation data, users are free to provide personal data contained in the application forms or indicated in contacts with the office to request delivery of services or other communications. Their absence can make it impossible to obtain what is required.


Methods and security of treatment

The processing of personal data takes place through computer tools that ensure the security and confidentiality of the data themselves and in any case in compliance with the adequate security measures as required by Art. 32 GDPR, through secure communication protocols with SSL encryption algorithms. Your personal data will be treated in accordance with the legislative provisions of the above-mentioned regulation and the confidentiality obligations provided for therein. “Good practices” are considered the provv. of the Italian Privacy Guarantor “Guidelines for promotional activities and anti-spam – July 4, 2013 (Published in the Official Gazette no. 174 of July 26, 2013), the Guidelines for the processing of personal data for online profiling – March 19, 2015, and the Guidelines for automated decision-making and profiling – WP251, defined on the basis of the provisions of Regulation (EU) 2016/679.

Transfer of data to countries outside the EU and adequacy guarantees

The service provider that deals with the hosting, maintenance and management services of the Tenuta Ponziani – Griffin’s Resort website is Titanka! spa a web agency that guarantees GDPR compliance located in San Marino, a country outside the EU that has adopted the European regulation on personal data processing, through the adoption of Law 21 December 2018 no. 171 with the same guarantees provided by the GDPR itself. Pending the start of procedures for an adequacy decision by the European Commission, data processing is allowed if the interested party is party to a contract or pre-contractual measures, or has given consent, informed about the possible risks of said data transfer. (art. 49 GDPR – exceptions in specific situations)
Further transfer of data to countries outside the EU may take place as a result of the use of Facebook, Google and other possible Social or external treatment providers, located in the USA. This data treatment is guaranteed by the “Privacy Shield” agreements signed by the individual companies.


For the performance and to provide support for the operation and organization of the activity, some data may be made known or communicated to recipients. These subjects are distinguished in: Third parties, Responsible and sub-responsible for the treatment, and authorized personnel under the authority of the owner or the responsible.


Third parties Are defined as physical or legal persons, public authorities, service or other organizations that are not the interested party, the data controller, the data processor, and authorized personnel responsible for processing. For data processing related to administrative, accounting, legal obligations, customer management, contracts, data can be communicated to:

  • Companies that manage traditional or computerized postal services.
  • Domain name registration companies
  • Any other subjects whose communication of data is necessary for the achievement of the above-mentioned purposes, or for a legal obligation; Responsible and sub-responsible for processing Are defined as physical or legal persons, public authorities, service or other organizations that process personal data on behalf of the data controller
  • Titanka! spa as the primary processor, and other sub-processors for the technological infrastructure, connectivity, and hosting services: Semplify srl c/o Republic of San Marino. Semplify srl avails of further sub-processors for the provision of services such as: Server Farm DATA4 GROUP Via Monzoro, 101-105 – 20007 Cornaredo (MI) – Italy, where the data are located.
  • Any other providers of IT services necessary for the provision of the service possibly located in the USA with the guarantee of the “Privacy Shield” adequacy agreement. Inside our business structure
  • Your data will be processed exclusively by personnel specifically authorized by the Data Controller, with assurance of adoption of appropriate instructions, training, confidentiality agreement and, in particular, by the following categories of staff:
  • Administrative personnel.


Your personal data will not be disseminated in any way.

Rights of data subjects

Data subjects (people to whom the personal data refers) can at any time exercise the rights provided for by the Regulation, through a dedicated personal area. It is possible to access this area by requesting the link through the appropriate procedure at the bottom of this information. An additional method for exercising the rights of the Regulation, in the event that the user has used the newsletter service, is available through the appropriate link at the bottom of the received email. In particular, the subjects can legitimately request the rights from art. 15 to art. 23, and specifically: 1. The deletion of all data. 2. Correction/modification. 3. Limitation. 4. Portability. 5. The right to object to automated decision-making (profiling). Any additional requests can be reported in the notes field. Data subjects, if the conditions are met, also have the right to file a complaint with the Guarantor as the control authority according to the procedures provided. For any further information, and to assert the rights recognized to you by the European Regulation, you can contact the data controller at the above references.

The exercise of the rights of the data subjects requests can also be addressed using the following contacts: Data controller: Tenuta Ponziani – Griffin’s Resort – Località San Faustino, 24 – 05018 – Orvieto – email:, Company name: Società Agricola San Michele Srl with registered office at Via Virgilio, 38 00193 Rome (Rm).

Notice and consent form for data processing

The undersigned interested party, having acquired the information provided by the data controller in accordance with articles 13-14 and the GDPR, confirms that they have read this notice regarding the processing of data, for the purposes necessary to provide the service, and to allow Tenuta Ponziani – Griffin’s Resort to properly manage and treat the data. This notice also takes into consideration that the processing controller used by Tenuta Ponziani – Griffin’s Resort for managing the website is Titanka! spa, located in the Republic of San Marino, a country outside the EU that has adopted Law 171/2018 in compliance with the GDPR, pending the initiation of procedures for a decision of adequacy by the European Commission.


As proof of their explicit and unambiguous consent, we will record the time, date, IP address, and email address. We remind you that at any time you may exercise your rights (as mentioned above) through the link provided at the bottom of communications received, or through the contact channels.