Private Italian cooking lessons Florence Siena Tuscany


OSTERIA LA GRAMOLA has created this Privacy Notice to inform you about how we collect, use and share your data. This Statement applies to all information collected through the website (the “site”). Otherwise, the Privacy Policy does not apply to information collected through other means, even offline.

ATTENTION: If you give us information on a voluntary basis you consent to the use of your personal data as described in this Privacy Notice. If you do not intend to consent to the processing of personal data, please do not communicate to us.

According to article 13 of the Code and the Regulations, we therefore provide the following information.


Data controller

The data controller is the natural or legal person, public authority, service or other body that, individually or together with others, determines the purposes and means of processing personal data, also dealing with security profiles.

With regard to this website, the owner of the processing of personal data, is  OSTERIA LA GRAMOLA with registered office in:

Via delle fonti, 1
50028 -Barberino Tavarnelle (Firenze)



Partita I.V.A.: 04187540481

Per ogni chiarimento o esercizio dei diritti dell’utente potrai contattarci ai seguenti recapiti:

Phone: +39 Tel.: 055 80 50 321

Mobile: +39 338 60 39 356

Place of data processing

The treatments connected to the web services of this site take place at the aforementioned premises and are only handled by technical personnel, or by any person appointed by the same for occasional maintenance operations.

Minor data processing

The Site is not directed to minor subjects; therefore, we request that these subjects do not provide Personal Data through the Site. If, in any case, the minor is for any reason to provide Personal Data through the site, we comply with the provisions contained in art. 8 of the GDPR, in particular:

– in the case of a minor of at least 16 years of age, the treatment will be carried out according to the rules of lawfulness, correctness and transparency with the consent of the same;

– in the case of a child under 16, the treatment will be carried out according to the rules of lawfulness, correctness and transparency provided that consent is given or authorized by the holder of parental responsibility.


1. Data processing mode

Treatment operations

The processing of your data will be accomplished by completing any operation, or set of operations, indicated in art. 4 n. 2) of the GDPR, consisting of the collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data.

Personal data collected in this way can be processed either in paper form or with the aid of computerized, telematic and automated tools, by means of insertion into archives managed by subjects formally appointed to do so.

The data will be processed for the entire duration of the report and kept for the period of time provided for by Laws, Regulations or by the Community Regulations and, in any case, for a period of time no longer than necessary for the purposes for which they were collected and / or treated.

Access to data

Your data may be made accessible for the purposes referred to in art. 2, paragraph 2, lett. a) and b) of the GDPR:

– to the employees and collaborators of the Owner, in their capacity as agents and / or internal managers;

– to other subjects (eg consultants, suppliers, shippers, etc) who carry out activities on behalf of the Owner, in their capacity as external processors.

Dissemination and communication of data

Your data will not be disseminated and without the need for your express consent – art. 6 lett. b) and c) of the GDPR – may be communicated exclusively to:

– Institutional security control bodies;

– External consultants appointed to provide administrative, accounting, legal and tax services;

– Credit institutes, data processing companies for the temporary management of data only related to the commercial and financial aspect with the OSTERIA LA GRAMOLA Any further communication will take place only after your explicit consent.

2. Purposes of processing and consent

Your data will be processed for the following purposes:

Purposes not requiring the acquisition of a prior consent – art. 6 lett. b), e) of the GDPR:

– to comply with current accounting and tax obligations;

– to fulfill the obligations established by the Law, by a Regulation, by the Community Regulations or by an Order of the Authority (eg in the matter of anti-money laundering);

– to fulfill payment transactions for products on the Site;

– to allow relationships with service providers: like many companies, we could outsource some data processing activities to trusted service providers, with the task of performing functions and providing services, such as, for example, suppliers, shippers, assistance centers;

– for the promotion of contacts with consumers and / or commercial customers, marketing via e-mail (on our sites, through our applications or through other means of communication);

Only subject to your specific consent – art. 7 GDPR for the following marketing purposes:

– to send you, by mail, mail and / or telephone contacts and / or to your home, periodical commercial information and documentation on the updates of prices and offers practiced by the price.

IMPORTANT: If we ask you to tell us your data and decide not to provide it, in some cases we will not be able to make available all the features of our products, services, systems. Furthermore, we may not be able to respond to your requests.

3. Legal basis

In order to be able to process your data, we can rely on different legal bases, including:

– your consent (only when necessary or permitted by law). In the event that we should rely on your consent as a legal basis for the processing of your data, you will have the right to revoke the consent at any time;

– the need to establish a contractual relationship with you and to fulfill our obligations under the contract;

– the need for us to comply with legal obligations and to establish, exercise or defend against legal actions;

– the need to pursue our legitimate interests, including, for example, managing our business;

– the need to respond to your requests;


Data retention times

We retain your data for the time necessary to achieve the purposes for which they were collected. Please keep in mind that, in some cases, a conservation may be requested or permitted by law for longer periods. The criteria adopted to establish the duration of the data retention period are as follows:

– How long is the data necessary to provide you with our products, or to carry out our business?

– Do you have an account with us? In this case, we will retain your data as long as the account is active or as long as it is necessary for the exercise of our activities.

– We are subject to legal obligations, in relation to the conservation of your data in accordance with the relevant legislation.

Protection Mode

To protect your data, we will take appropriate measures in line with the applicable data protection and security laws and regulations, including asking our service providers to use appropriate measures to protect the confidentiality and security of your data. Data. Depending on the technological development, implementation costs and the nature of the data to be protected, we adopt technical and organizational measures to prevent risks, such as the destruction, loss or alteration of your data and the disclosure or unauthorized access to the same. .

Charges of the interested party

We remind you that it is Your duty to ensure, as far as you know, that the Data you provide us are correct, complete and updated. In addition, if you share with us other people’s data, it is your obligation to collect such Data in accordance with legal requirements. For example, you will need to inform other people, whose data you provide us with and obtain their consent.



Exercisable rights

In your quality of interested, at any time you can exercise your rights towards the data controller, pursuant to art. 15 of the GDPR:

– obtain confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communication in an intelligible form;

– obtain the indication:

a) of the origin of personal data;

b) of the purposes and methods of the processing;

c) of the logic applied in case of treatment carried out with the aid of electronic instruments;

d) of the identifying details of the owner, of the responsible and of the designated representative according to the art. 3, paragraph 1, GDPR;

e) of the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the territory of the State, managers or agents;

– get:

a) the updating, rectification or, when there is interest, the integration of data;

b) cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;

c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case in which such fulfillment is it proves impossible or involves a use of means manifestly disproportionate to the protected right;

– object, in whole or in part:

a) for legitimate reasons, the processing of personal data concerning you, even if pertinent to the purpose of the collection;

b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by e-mail and / or through traditional marketing methods by telephone and / or paper mail.

It should be noted that the right of opposition of the interested party, set out in point b) above, for direct marketing purposes through automated methods extends to the traditional ones and that in any case the possibility remains for the data subject to exercise the right of opposition also only partially. Therefore, the interested party may decide to receive only communications using traditional methods or only automated communications or none of the two types of communication.

Where applicable, the rights as per articles 16-21 GDPR:

– Right of rectification (Article 16);

– Right to cancellation – Right to be forgotten (Article 17);

– Right to limit processing (Article 18);

– Obligation to notify in case of rectification or cancellation of personal data or limitation of processing (Article 19);

– Right to data portability (Article 20);

– Opposition law (Article 21);

as well as the right to complain to the Guarantor Authority.

Furthermore, if you have given consent for one or more specific purposes, you have the right to revoke such consent at any time.

How to exercise rights

If it is necessary to modify your personal information, you can correct it, update it or remove it by accessing your Reserved Area or by writing to us at OSTERIA@GRAMOLA.IT . If you are no longer interested in receiving advertisements and other marketing information via email, please send a request toOSTERIA@GRAMOLA.IT including the full name, email address and postal address. In any case, you may always receive communications regarding customer support.


Changes to the information on data processing and Privacy Policy

This document constitutes the information on this site.

It may be subject to changes or updates. In the case of significant changes and updates, these will be notified with appropriate notifications to users.

The document was updated on 25/05/2018 to comply with the relevant regulations, and in particular in compliance with EU Regulation no. 2016/679 For any questions regarding the information on the processing of personal data, contact us atOSTERIA@GRAMOLA.IT


Cookies Policy

Welcome to our website: please read carefully our Privacy Policy (hereinafter “Policy”), which applies in any case when you access the Site and decide to browse within it and / or to use its services, even independently of the purchase of products.

This Privacy Policy describes the personal data collected or generated (processed) when using the Data Controller’s websites, from now on “Sites”). This Policy describes the types of personal data that are collected at the time of use of our Sites and the way in which personal data are collected, shared and protected.

Our website uses cookies to improve the online experience of all our users.

In our Cookie Policy we describe what cookies are and how they are used on our website. We invite you to consult our Privacy Policy for further information on how we use the personal data of users who connect to our websites and the importance with which we consider the protection of your privacy.

Our website and the services contained therein can not be used without the presence of cookies and therefore in using our Web platform, you consent to the use of cookies in accordance with the terms of said policy.

Data controllers

The Data Controller is:


Via delle fonti, 1
50028 -Barberino Tavarnelle (Firenze)



Partita I.V.A.: 04187540481

Per ogni chiarimento o esercizio dei diritti dell’utente potrai contattarci ai seguenti recapiti:

Phone: +39 Tel.: 055 80 50 321

Mobile: +39 338 60 39 356

Purpose of the treatment

Some personal data may be requested in order to provide the requested services. In particular:

navigation data: this is information that is not collected to be associated with identified data subjects, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users who connect to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters related to the operating system and the user’s computer environment,
subscription to our mailing list service to receive commercial information (newsletter), the promotion of our activities and the provision of our services by e-mail,
request for information by completing the contact form or electronically,
prior consent, creation of a consumer database and analysis of consumption habits and choices, market analysis and processing of data for statistical purposes for profiling purposes, in order to improve your browsing experience on the Site, also in order to allow us to send commercial proposals in line with your interests. The aforesaid profiling activity could also be carried out through the use of third-party cookies. In this regard, we invite you to read our Cookie Policy.
We use personal data collected in the following ways:

newsletter subscription: e-mail address or telephone number.
request for information via the contact form: contact details such as name and surname, e-mail address, city and province of residence,
profiling: contact data
We use personal data collected in the following ways:

to communicate information about our services and for other promotional purposes,
to ensure the best functionality of the sites,
to carry out, improve and maintain our business and services.


Sharing of personal data

The personal data you provide will not be disclosed or communicated to third parties, as well as to primary third-party companies (business partners and service providers) if and as legitimately appointed by OSTERIA LA GRAMOLA. to carry out functional activities to achieve the purposes referred to in paragraph 3. In any case, the data will be processed with the same guarantees of security and confidentiality offered by OSTERIA LA GRAMOLA.

More detailed information on the names of internal and external data processors can be sent by writing to

Personal data will not be disclosed, sold or exchanged with third parties, except to the extent necessary to:

(i) comply with a government request, court order, or to comply with applicable laws;

(ii) to prevent illegal use of our Sites;

(iii) defend against third party claims; is

(iv) to facilitate fraud prevention or investigation.

Processing methods and retention times of personal data

International data transfers: the personal data that we collect or produce (process) in the context of our services will be stored exclusively in Italy.

Data retention: the retention of personal data will take place in paper and / or electronic / informatics form and for the time strictly necessary to satisfy the required purposes, respecting your privacy and current regulations.

Newsletter: personal data will be stored until unsubscribed, via a link in each e-mail.

Contact form: personal data will be stored electronically and for the time strictly necessary to fulfill the purposes referred to in paragraph 3, respecting your privacy and current regulations.

Profiling: we keep your data for a maximum period equal to that foreseen by the applicable law, respectively equal to 12 months.

Right to be forgotten: in the case of the exercise of the right to be forgotten through the request for explicit cancellation of personal data processed by the owner, we remind you that such data will be kept, in a protected form and with restricted access, only for purposes of assessment and repression of crimes, for a period of no more than 12 months from the date of the request and will subsequently be securely deleted or anonymised irreversibly.

Telematic traffic: data relating to electronic traffic, excluding communications contents, will be kept for a period of no more than 6 years from the date of communication, pursuant to art. 24 of the Law n. 167/2017, which implemented the EU Directive 2017/541 on anti-terrorism.

Rights relating to personal data

Exercise of rights

You have the right to obtain from the Data Controller confirmation that a personal data treatment is being processed, by sending an email to or by writing to the address of the registered office of the Azienda Agricola San Donatino di Diaz Maria Cristina. In this case he has the right to:

obtain access to personal data, request the correction or deletion of personal data or the limitation of the processing of personal data concerning him or oppose their processing;
to receive personal data relating to him in a structured, commonly used and readable form by automatic device and has the right to transmit such data to another data controller (data portability);
be informed of the existence of an automated decision-making process, including profiling;
if express, withdraw the consent at any time without prejudice to the lawfulness of the treatment based on the consent given prior to the revocation;
propose a complaint to the supervisory authority (Garante Privacy –
Export and cancellation of personal data

The data will be exported within 30 days or, in case the export becomes particularly complex, within three months.

The cancellation will be carried out in the scheduled technical times and in accordance with the retention period explained in paragraph 5.

Nature of the conferment, consequences of refusal to respond to consent

The provision of data is optional and is returned to the user’s will. However, failure to provide the requested data will make it impossible to follow up the specific service requested. The consent to the processing of the aforesaid data is necessary as they are collected outside previous contractual agreements.

To give the correct treatment of the data it is necessary to fill in at least the fields marked with an asterisk, as they are indispensable for the provision of the service.

The consent is also necessary for the completion of the request for information from the contact form, to be subject to profiling and to receive promotional and commercial information from OSTERIA LA GRAMOLA via mail.

Please therefore check the respective authorization boxes for the processing of personal data for specific purposes.

Questions and Feedbacks

We welcome questions, comments and concerns about our Policy. If you wish to provide feedback or if you have any questions or concerns, or if you wish to exercise your personal data rights, please contact the references in the Data Controller section.


The Owner receives and records information from your browser when using our Sites, which may also include personal data. We use cookies to collect this information, which may include among others also:

(i) IP address;

(ii) unique cookie identifier, information about cookies and information about the fact that the device has software to access certain features;

(iii) unique device identifier and device type;

(iv) domain, browser type and language,

(v) operating system and system settings;

(vi) country and time zone;

(vii) websites previously visited;

(viii) information on your interaction with our Sites, such as clicks made, purchases and preferences indicated; is

(ix) access times and reference URLs.

Even third parties can collect information from the Sites via cookies. The third parties collect the data directly from your web browser and the processing and processing of this data is subject to the respective privacy policies.

We use cookies to monitor the use of the Sites by our customers and to understand their preferences (such as the choices of the country and language). This allows us to provide services to our customers and improve their online experience. We also use cookies to obtain aggregate data related to site traffic and interaction on the site, to identify trends and obtain statistics so you can always improve our sites. There are essentially three categories of cookies used on our sites:

Functional: these cookies are necessary for the basic functionality of the Site and are therefore always enabled. These include cookies that allow users to remember when browsing the site in a single session or, if required, from one session to another. They help provide assistance with security issues and regulatory compliance.

Performance: these cookies allow us to improve the functionality of our sites by monitoring their use. In some cases, these cookies improve the processing speed of requests and allow you to store the preferences of the selected site. Refusing these cookies can lead to poorly specific indications and to a slower functioning of the site.

Statistics: The services contained in this section allow the Data Controller to monitor and analyze traffic data and are used to keep track of User behavior.

Shinystat – TRIBOO DATA ANALYTICS S.R.L. – Italy

SHINYSTAT is a web analysis service provided by TRIBOO DATA ANALYTICS S.R.L. – Italy. TRIBOO DATA ANALYTICS S.R.L. – Italy collects Personal Data for the purpose of tracing and examining the use of this Website, compiling reports.

This integration of TRIBOO DATA ANALYTICS S.R.L. – Italy makes anonymous the IP address of any visitor. Anonymisation works by shortening the IP address of the Users within the borders of the Member States of the European Union or in other countries participating in the agreement on the European Economic Area. SEE LINK

Personal data collected: cookies and usage data.

See the Shinystat information:

General Information

Run opt_out: Opt Out

Social media and advertising: cookies related to social media offer the ability to connect to social networks (specifically Facebook, YouTube) and share content on our sites through social media. The advertising cookies (third-party) collect information to help you better tailor the advertising to your interests, both inside and outside our sites. In some cases, these cookies involve the processing of your personal data. Refusing these cookies may result in the display of advertisements of no interest to you or the inability to connect effectively with social networks and / or to share content on social media.

For a complete and updated summary of all the third parties that access the web browser, it is advisable to install a specially designed plug-in web browser. You can also choose to have the computer send a warning each time a cookie is sent, or you can choose to disable all cookies. This can be done in the browser settings on each browser and device that is used. Each browser is partly different, so you will have to consult the browser’s help menu to know the correct way to change cookies. If you disable cookies, you may not have access to many features that make our Sites more efficient and some of our services will not work properly.

How to limit or disable cookies

Be careful, disabling cookies this website may not work properly.

You can select / deselect individual cookies by intervening directly from the browser. Below are the instructions for the most popular browsers.

Each browser offers methods to limit or disable cookies.

For more information on cookie management visit the appropriate links: Internet Explorer- Firefox- Chrome- Safari

Internet Explorer 8.0+:

Click on “Tools” in the menu bar and select “Internet Options”.

Click on the “Privacy” tab at the top.

Drag the slider to “Block all cookies”.

Firefox 4.0+:

Click on “Tools” in the menu bar

Select “Options”

Click on the “Privacy” tab

Check the box “Activate the anti-tracking of personal data” box


Click on the “Chrome Menu” in the browser toolbar

Select “Settings”

Click on “Show advanced settings”

In the Privacy section, click on the “Content settings” button

In the “Cookies” section select “Ignore exceptions and block the setting of third-party cookies”

Safari 5.0:

Click on the Safari menu and select “Preferences”

Click on the “Security” tab.

In the “Accept cookies” section, specify whether to accept cookies always, never or only from the sites visited. For an explanation of the different options, click on the Guide button in the form of a question mark. If Safari is set to block cookies, you may need to accept them temporarily for the page to open. Then repeat the above steps and select “Always”. Once you have finished using the guide, deactivate cookies again and delete them. How to disable third-party cookies

– Google services – Facebook –

How to disable cookies on Smartphone and Tablet


Go to iOS Settings (on the icon on the home screen) and select the Safari icon from the menu that opens. Proceed to Block cookies and check the option Always block to completely disable cookies. To activate the Do Not Track function, go back to the Settings> Safari menu and set the lever for the Do not detect item to ON.

Android – Chrome browser

Go to Menu located at the top right (the icon with the three dots) and select the item Settings from the menu that appears. In the page that opens, click on the item Content settings and remove the check from the option Accept cookies. If you want to activate the Do Not Track function, go to Settings> Privacy, click on the “Do not track” button and move the lever located at the top right to ON.

Android – Firefox browser

Go to Menu, located at the top right (the icon with the three dots) and select the item Settings from the menu that appears. On the page that opens, click on Cookies and put the check mark on Disable if you want to disable them completely or on Active, excluding third parties if you want to disable them only for third-party sites. To activate the Do Not Track function, instead click on the Tracking entry and choose the option Ask the sites to not make any tracing from the box that opens.   

Translate »