Privacy Policy

Privacy Protection


On these pages, we describe how the website handles the personal data of users who consult it. This information is provided in accordance with EU Regulation 2016/679 on the protection of personal data GDPR and request for consent for the treatment of personal data collected from the interested party, to those who interact with the web services of Castello San Marco s.r.l., which can be accessed electronically at the address: This information is provided exclusively for the website and not for other sites accessed through links on this page.

This Privacy Notice is provided to inform you about the processing of your personal data.

1-Identity and contact details of the Controller
The Controller of the data is Castello San Marco s.r.l., with registered office in Via San Marco 6, 95011 Calatabiano (CT), email:, hereinafter “HCSM”, Hotel Castello di San Marco.

2-Purposes and legal basis of the processing
Your personal data will be processed for the following purposes:

a) provision of services requested by you;

b) direct marketing and market research;

The processing referred to in letter a) is necessary for the provision of the service requested by you, while the processing referred to in letter b) requires your express consent by ticking the appropriate “flags”.
Please note that the direct marketing activity (carried out by HCSM) aims to collect and use pertinent and limited data as necessary with respect to the purposes for which they are processed, to carry out studies, market research, market statistics, send advertising and informative material, carry out direct sales or placement of products or services, send commercial information, make interactive commercial communications to customers who have expressed specific consent.

With regard to marketing activities, it should be noted that, in the absence of specific consent to the processing by the user, the aforesaid activities cannot be carried out.

3-Recipients of personal data
Within the scope of the purposes indicated, your data may be communicated to:
companies and professional operators who provide services for electronic data processing and consultancy for software and IT as well as management of information services relating to the foregoing;
For the indicated parties, only the category of the recipients is indicated, as it is subject to frequent updates. Therefore, Data Subjects may request an updated list of recipients by contacting the Controller through the channels indicated in art. 1 of this Notice.

4-Period of retention of data
Personal data will be stored for the period of time strictly necessary to pursue the specific purposes of the processing for which you have given your consent and, specifically:

– for the purposes indicated in letter a) of art. 3 for the time necessary to fulfil contractual obligations and, in any case, not more than 10 years from the time of collection of your data for compliance with legal obligations and, in any case, not more than the terms set by law for the limitation of rights;

– for the purposes indicated in letter b) (i.e. for direct marketing and market research purposes) of art. 3 for 24 (twenty-four) months from the time of consent to the processing;

5-Rights of Data Subjects

You may exercise the following rights at any time.

a. Access to personal data: receive confirmation as to whether or not personal data concerning you is being processed and, where that is the case, access to the following information: the purposes, the categories of data, the recipients, the period of retention, the right to lodge a complaint with a supervisory authority, the right to request rectification or erasure or restriction of processing or to object to processing as well as the existence of an automated decision-making process;

b. Request for rectification or erasure or restriction of processing concerning him/her; with “restriction of processing” meaning the flagging of stored personal data with the aim of limiting their processing in the future;

c. Objection to processing: object for reasons related to his/her particular situation to the processing of personal data relating to him/her for the performance of a task carried out in the public interest or for the purposes of the legitimate interests pursued by the Controller;

d. Portability of data: in case of processing carried out automatically based on consent or in performance of a contract, receive the personal data concerning him/her in a structured, commonly used and machine-readable format, in particular, such data will be provided to you by the Controller in .xml or similar format;

e. Withdrawal of consent to processing for direct marketing purposes, both direct and market research; the exercise of this right does not affect the lawfulness of processing carried out prior to withdrawal;

f. Lodge a complaint pursuant to Art. 77 GDPR with the competent supervisory authority based on his/her habitual residence, place of work or place of the alleged infringement; the competent authority in Italy is the Garante per la protezione dei dati personali (DPA), contactable through the contact details on the website

The aforementioned rights may be exercised by sending a request to the Controller through the contact channels indicated in Art. 1 of this Notice.

Requests relating to the exercise of the rights of Data Subjects will be processed without undue delay and, in any case, within one month of the request; only in cases of particular complexity and number of requests may this period be extended by an additional 2 (two) months.

6-Communication and provision of data
The provision of data by you is mandatory as it is necessary for the provision of the requested service. Therefore, any refusal by you to provide the data may result in the failure to provide the service, to the extent that such data are necessary for such purposes.

No personal data of users is acquired by the site in this regard.
No cookies are used for the transmission of personal information, nor are c.d. persistent cookies of any kind, i.e. systems for tracking users.
The use of session cookies (which are not stored persistently on the user’s computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (comprised of random numbers generated by the server) necessary to permit secure and efficient browsing of the site.
The session cookies used on this site avoid the use of other potentially prejudicial computer techniques for the confidentiality of user navigation, and do not permit the acquisition of the user’s personal identification data.

Logotipo Castello di San Marco

Castello di San Marco

Charming Hotel & SPA

Via San Marco, 40
95011 Calatabiano (Catania)
Sicilia, ITALIA



+39 095 641181
+39 095 649181


+39 095 642635