Pursuant to art. 13 of EU Regulation 2016/976
Introduction and context
The EU General Data Protection Regulation 679 (GDPR), issued in May 2016, will replace the Legislative Decree no. 196/2003.
This new regulation changes the way in which we treat your Personal Data.
Read on to get all the information you need.
What information do we collect?
When you visit our page you authorize us to process your data. But precisely what kind of data?
Our website collects two types of personal information:
Data provided by our users voluntarily
Data provided by our users unintentionally
The data voluntarily provided are those that you choose to disclose in order to receive our services, that is information about our restaurant, menus or how to make a reservation. These correspond to your name, surname, email address and telephone number which is to say all the data you enter in our form in the “ Contact” section.
The data involuntarily provided are those that we collect through the services you are using such as IP address, browser type and version, time zone setting and location, , information on your computer, data on the current (approximate) position of the devices you are using; in addition, data collected using cookies or similar technologies. For more information, please visit the “Cookies” section.
How do we use the information you provide to us?
The reasons why we use your data are defined as “Purposes” in the EU Regulation, namely the ultimate goal of why we process your personal information.
In our case, we treat your data for two reasons:
- Reply to any question you may ask through our form, particularly to make a reservation for you or to send you the information requested about our menus or the organization of our evenings;
- We may also use your data for advertising purposes. We also need to make ourselves known and nothing succeeds in this like advertising. But, attention!!! We will never allow us to send you any communication if we do not explicitly collect your consent beforehand. By giving us your consent we may communicate with you for promotional, commercial and advertising activities on events, initiatives or partnerships of our restaurant, by e-mail, SMS or push notifications. We also make analysis and reporting activities related to promotional communication systems, such as the detection of the number of emails opened, clicks made on the links within promotional communication systems, the type of device used to read the communication and its operating system or when managing the list of the unsubscribed to the newsletter.
Is the consent mandatory?
The provision of personal data is mandatory only for the processing necessary to manage the requests expressed through our “Contact” form. In fact, when we ask to give your consent by ticking the appropriate box, in case of your refusal you will not be enable to send us your message.
For all that is not closely linked to your requests through our form, your consent is purely optional. Therefore, if you voluntarily consent to receive advertising and commercial materials, you will allow us to keep you updated on our events and promotions, including any discount offers. In short, if you give your consent, we will continuously improve your Contact experience with us.
Who are the subjects of the treatment?
Your data are processed by our restaurant Alessio, who is also the Data Controller. Being the owner, according to the new regulation, means that we are the main responsible for how your data are processed and especially of how they are kept. This is the reason why we have also created a network of internal appointed Managers, duly trained, that will assist the owner, in the management and security of processing your personal information.
Below, for the purpose of completeness, find the data of the owner:
- Ristorante Alessio di SECONDA FASE S.r.l. Registered Office: Via del Viminale 2/g – 00184 Roma. VAT number: 06007461004
The data collected as part of the provision of the service may be communicated but only under certain circumstances.
- In the event that we are able to personally satisfy all your requests, we will not disclose your information to anyone, but will only be used by us and we will comply with all the provisions of the new EU regulation;
- Should it be necessary, we could find ourselves in the position of having to share your information with administrative or judicial organizations and authorities in accordance with legal obligations;
In no case we transfer or sell personal data to third parties, nor we may need to send your data outside the European Union.
In managing our reservations, your data may be included in our management system. This is to ensure, for our part, our best service.
The new EU Regulation 679/2016 introduced and placed particular emphasis on the rights that each individual can exercise at any time.
We list them:
- Art. 15 Right of access by the data subject;
- Art. 16 Right to rectification;
- Art. 17 Right to erasure (‘right to be forgotten’)
- Art. 18 Right to restriction of processing;
- Art. 19 Notification obligation regarding rectification or erasure of personal data or restriction of processing;
- Art. 20 Right to data portability;
- Art. 21 Right to object;
- Art. 22 The right not to be subject to a decision based solely on automated processing
Any request can be sent to: firstname.lastname@example.org
How long will we keep your data?
The retention of personal data will be in paper copy and / or electronic / magnetic form for the time strictly necessary to fulfill the purposes indicated above, in compliance with your privacy and the current regulations.
For the Revenue Service we are also obliged to retain your data for a period of no less than 10 years in order to allow any checks or investigations where required.
For marketing purposes, if you give your consent, your data will be in our systems for a maximum period of 24 months, after which, if we want to continue contacting you, we will have to submit a new consent as done the first time. We reiterate that at any time you can stop these communications.
Finally, we remind you that for the same purposes, the data relating to electronic traffic, excluding the contents of communications, will be kept for a period of no more than 6 years from the date of communication, pursuant to art. 24 of Law no. 167/2017, which implemented the EU Directive 2017/541 on anti-terrorism.
We will begin to count the period from the date you sign your consent and send us your message.
How do we ensure the protection of your data?
We care a lot about your data so we will keep them in accordance with the European Regulation.
Paper-based data are closed in special archives under lock and key and accessible only to the owner and a Responsible specifically appointed; those in electronic format will be stored in dedicated servers, monitored and equipped with the latest protections against the attacks of Malicious viruses or hackers.