INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ARTICLES 13-14 OF THE GDPR (GENERAL DATA PROTECTION REGULATION) No. 2016/679
The parties concerned are informed that Italy’s Legislative Decree no. 196/2003 (the “Personal Data Protection Code” – hereinafter referred to as the “Code”) and the EU Regulation no. 2016/679 (hereinafter, for the sake of brevity, “GDPR”) provide for the protection of the processing of personal data.
In compliance with the provisions of the Code, the GDPR, as well as the applicable legislation on the matter, the processing of data by Ambrosia Srl, owner of ‘Ristorante Berton,’ shall be based on the principles of fairness, lawfulness and transparency, while respecting fundamental rights and freedoms, and the dignity of any interested party, with particular reference to confidentiality, personal identity and the right to personal data protection.
This information may be subject to periodic updates, which are advertised on this website. It is therefore advisable to check the information on a regular basis and to refer to the latest version of this document.
Ambrosia Srl, the data controller, with registered office in Via Mike Bongiorno 13, 20124 Milan, Italy, guarantees compliance with the legislation regarding the protection of personal data by providing the following information about the processing of data transferred or collected during the navigation on this website or submitted when making a reservation for any services provided by ‘Ristorante Berton’ or asking the restaurant reception for information over the telephone.
DATA GENERATED WHEN ACCESSING THE WEBSITE
The computer systems and software procedures used to operate the website www.ristoranteberton.com normally acquire certain personal data, the transmission of which is inherent to the use of Internet communication protocols.
This data (such as domain names, IP addresses, operating system, type of browser device used for connection) does not entail the transfer of any additional personal information and is used to: i) obtain anonymous statistical information on the use of the website; ii) comply with control requirements as concerns how the website is used. The need to make the website functionalities usable after user access is the legal basis legitimising the processing of such data.
DATA VOLUNTARILY SUBMITTED BY CUSTOMERS
Personal data submitted through forms, e-mail communications or by telephone are collected and processed for the following purposes:
a) provision of catering services to the customers on the basis of customer requests and contractual and/or pre-contractual arrangements;
b) administrative purposes and accounting, tax or legal obligations in general;
c) with specific consent, periodically deliver newsletters and advertising material by e-mail;
d) with specific consent, send updates on our activities and notifications on new blog posts;
e) with specific consent, send promotional communications and invitations to special events and promotions.
The legal basis for the processing is the compliance with the agreement to which the data subject is a party or the compliance with pre-contractual measures adopted at the request of the latter. On the other hand, in the cases expressly specified, the legal basis is formed by the consent freely given by the data subject.
The submission of data with reference to the purposes specified in letters a), b) is optional, however any refusal shall make it impossible for Ambrosia Srl to provide the services and/or fulfil contractual obligations.
The submission of data with reference to the purposes specified in letters c), d) and e) is also optional; the use of such data is subject to the provision of explicit consent.
Any refusal shall make it impossible for Ambrosia Srl to send newsletters and advertising material or invitations to events and initiatives.
PROCESSING METHODS AND PERIOD OF DATA RETENTION
The data collected shall be processed using electronic or automated, computerised and telematic means, or through manual procedures according to logics strictly related to the purposes for which the personal data was collected and, in any case, in such a way as to guarantee the security of the same. The data is retained for the time strictly necessary for the purposes for which the data is collected in compliance with the applicable regulations and legal obligations.
In any case, Ambrosia Srl implements rules that prevent the retention of data for an indefinite period of time, and therefore limits the retention time in compliance with the principle of data processing minimisation.
DATA PROCESSORS AND TRANSFER OF DATA
The processing of the data collected is carried out by Ambrosia Srl internal members of staff, identified and authorised for such purpose according to specific instructions given in compliance with the applicable legislation.
If necessary or instrumental to the fulfilment of the purposes specified, the data collected may be processed by third parties appointed as external data processors or, depending on the case, may be transmitted to those third parties in their capacity as independent entities, namely:
1. individuals, companies, associations or professional firms that provide assistance and advice to our company for administrative/accounting/tax purposes;
2. companies, organisations, associations that provide services connected and instrumental to the fulfilment of the aforementioned purposes (banking services, management of payments by credit card, market analysis and research, maintenance of computer systems).
LOCATION OF DATA PROCESSING AND TRANSFER
Data processing and storage occur on servers located within the territory of the European Union, including at third-party companies duly appointed as Data Processors. Currently, the servers are located in Italy. Data are not transferred outside the European Union.
RIGHTS OF THE DATA SUBJECTS
Pursuant to articles 15 and following of the GDPR, any interested customer/user has the right to request – at any time – access to the personal data, the rectification or erasure of such data, as well as the restriction of processing in the cases provided for by article 18 of the GDPR. In addition, the data subject shall have the right to obtain the personal data concerning him or her, in a structured, commonly used and machine-readable format, in the cases provided for by article 20 of the GDPR. Users may – at any time – revoke the consent given pursuant to article 7 of the GDPR, as well as lodge a complaint with a supervisory authority pursuant to article 77 of the GDPR, should they think that the data processing is in violation of the legislation in force.
Users can submit a request for objection to the processing of their personal data pursuant to article 21 of the GDPR, specifying on which grounds they intend to object.
Requests must be sent in writing to the Data Controller to the following address: