This Privacy Statement describes our handling of Personal Information in connection with your use of our websites, mobile apps and the services we provide. By using our websites and services, you hereby consent to these terms.
“Personal Information” refers to information that identifies you as an individual. This Privacy Statement describes how we collect, use, share, and protect, your Personal Information, and choices you have regarding your Personal Information treatment. We encourage you to read this Privacy Statement, drawn in compliance with art. 13 GDPR 2016/679 and with Recommendation n°2/2001 issued by European Autorities on May 17th 2001: personal data protection of users connecting to www.ristorantessentia.it Is described, with a focus on minimum requirements related to nature of collected data, ways and timing of data collection during web connectionn, referring to Measures issued by Italian DPA on May 8th 2018.
The Controller of your data is:
Ristorante Essentia – GIBEST Srl
A list of External and internal Responsible of data processing is available on request.
GENERAL PRINCIPLES OF PERSONAL DATA PROCESSING
Your personal data will be collected, stored, treated and sent complying with Controller’s criteria, law’s and regulations in force.
Data treatment is based on following principles:
- Lawfulness, fairness and transparency: Tell the subject what data processing will be done. What is processed must match up with how it has been described. Processing must meet the tests described in GDPR [article 5, clause 1(a)].
- Purpose limitations: Personal data can only be obtained for “specified, explicit and legitimate purposes”[article 5, clause 1(b)]. Data can only be used for a specific processing purpose that the subject has been made aware of and no other, without further consent.
- Data minimization: Data collected on a subject should be “adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed” [article 5, clause 1(c)]. In other words, no more than the minimum amount of data should be kept for specific processing.
- Accuracy: Data must be “accurate and where necessary kept up to date” [article 5, clause 1(d)]. Baselining ensures good protection and protection against identity theft. Data holders should build rectification processes into data management / archiving activities for subject data.
- Integrity and confidentiality: Requires processors to handle data “in a manner [ensuring] appropriate security of the personal data including protection against unlawful processing or accidental loss, destruction or damage” [article 5, clause 1(f)].
- Storage limitations: Regulator expects personal data is “kept in a form which permits identification of data subjects for no longer than necessary” [article 5, clause 1(e)]. In summary, data no longer required should be removed
TYPE (NATURE) OF DATA COLLECTED
When you access to our web site, different information may be collected.
Any information concerning natural persons that are or can be identified also by way of other items of information – e.g., via a number or an ID code. For instance, personal data is one´s first or last name, address, Tax ID, telephone number, e-mail address.
The Controller will not treat nor process sensitive data, as described by art. 9 GDPR 679/2016, such as a personal data requiring special precautions on account of its nature. A sensitive data is any data that can disclose a person´s racial origin or ethnicity, religious or other beliefs, political opinions, membership of parties, trade unions and/or associations, health, sex life or crime sentences (art. 10 GDPR 679/2016).
Unless specifically requested, we kindly ask to users not to submit us, nor to broadcast personal sensitive data, on or through our web site. If we ever will ask such data from users, we will firstly obtain their explicit consent.
Our web site also uses log files in order to count visitors and evaluate technical skills of web site itself. We use all these information to know how many visitors we have on our site, to better organize our pages, to easy surfing on our web site and make its pages more useful.
We collect information on web site traffic, but not on single visitors. For example, we may record web site area visited, IP address, Type of browser, operative system, date and time: therefore, we won’t be able to collect or store any information directly related to you. These data are used only to gather anonymous statistic information and control web site functioning: in fact, abovementioned data are cancelled right after processing. Data might be used in order to assess responsibility in case of violation to the detriment of the web site.
For further information please check our cookies policy.
DATA PROCESSING PURPOSES
We collect, store and process your personal data in order to provide you services through our website, in compliance with law prescriptions.
Data will be collected exclusively for the following purposes:
-For an effective management of reservation incoming from the web site
-In order to provide services offered and handle daily company needs
-Contact users (e.g. Via e-mail) following web enquiries
-To comply with law
– Newsletter subscription;
A part from what described above, referring to web surfing data, you are free to provide your personal data possibly required to fill different forms (related to enquiries on products information or their availability, newsletter subscription, informative material, information or communication request). Please keep in mind that lack of data conferral will make impossible to answer to your enquiries.
PROCESSING PROCEDURES AND DATA SAFETY
Your personal data will be collected and processed, electronically or through papers, exclusively for the purposes described herein, and record retention will last no longer than required or, up to when the Controller will receive your request of cancellation for treatment related to optional consent.
Your personal data will be stored in our server, and will be processed mainly automatically.
Your personal data are processed according to confidentiality principles listed in the measures issued by the Italian DPA. Collected data are processed by authorized personnel. All the personnel accessing to data has been previously authorized through official designation, as foreseen by law. Collected data could be periodically updated with information provided later.
We use controls, technical and managerial measures in order to protect user’s personal data from unauthorized access, loss or abuses. Unfortunately, data on the Internet can’t be 100% safe. Thus, even if we protect all the personal information, we can’t be sure or warranty that these information will be completely protected by hackers or other criminal acts, or in case of fail/damages to software, hardware and web. The Controller will inform users whenever acknowledges security violation (data breach), related to users personal data under his control. If the users is willing to communicate us his/her personal e-mail address, he/she gives express consent to receive electronical warnings in case of security violation.
PERSONAL DATA COMMUNICATION
Without prejudice to mandatory communication, your data might be communicated to:
- Third Parties which we rely on for services provision and related activities, designated by the Controller.
- Delegates in charge for technical maintenance (included web maintenance), designated by the Controller.
Anyhow, just strictly needed data, related to tasks they are in charge for, will be communicated to the abovementioned.
Personal data will not be broadcasted.
The Controller cooperate with Law Enforcement and Authorities to make users respect rules, other users and third parties rights, included intellectual property rights. Therefore your personal data might be communicated to Authorities whenever needed in case of defense, prevention, verification or repression of crimes in compliance with related laws and regulations.
Authorities will have the rights to ask and obtain your personal information also in relation to verification or investigation on swindle, web fraud, rights or intellectual property violation, hacking or other illicit actions which might involve us or our users in legal issues entailing civil or criminal responsibility.
RIGHT AND RIGHTS EXERCISE
Complying with law in force, at any time you might:
- Be informed regarding your data presence
- Know origin, content, goals and process pattern.
- Logic underlying electronic treatment
- Details of Controller, Processor, Parties whom your data have been communicated to
Moreover you have the right of:
- Update, integrate, correct your data and rights of portability
- Cancellation, anonymization, block of your data processed against law
- Opposition to data processing, for legitimate reason, pertinent to processing
- Opposition to data processing for marketing
According to GDPR 2016/679, you have the rights to complain to Authority.
In order to exercise your right you can contact:
Ristorante Essentia – GIBEST Srl
Headquarters: San Felice del Benaco (BS), Via Zublino, 8
Branch: Sirmione (BS), Via Catullo, 31.
E-mail: email@example.com – T.: +39 030 2053239
In case the user will ask to access to his/her personal information or cancel them from our system and registers, we will to any possible extent, within timing foreseen.
We inform our users that, due to technical limits and to the back up system, their information might be retained in our system for a certain length of time following cancellation.
All rights are due to the Controller for refuse personal data access or cancellation request, if access or cancellation are not foreseen by law. In order to safeguard from illicit requests, all rights are due for collecting sufficient information aimed to verify the identity of the applicant, before correcting or granting access.
Subscribing to our newsletter, you consent to provide your personal data in order to receive notice regarding communication, offers, events. Such data are those needed to receive abovementioned information. You can subscribe during registration process or, once registered, in your personal area.
To suspend the service, you can at any time communicate us your unsubscription. To do so, follow the “unsubscribe” instruction found at the bottom of each e-mail.
Minor using web site
Our web site is not addressed to minors (younger than 18 y.o.) We do not intentionally collect nor ask information related to minors.
Your data will be stored in database on our server or on our entrusted provider’s server, in Italy, or in EU Countries or in Switzerland, where clauses for a safe transfer of data are in force.
What are cookies?
Cookies are usually small text files stored on your computer when you visit some web sites. While surfing the web, you may receive on your computer also cookies coming from other sites (so called “third parties” cookies) on which may be present some elements of the web site. If you decide not to accept or to disable some cookies, some pages of our web site may not properly work or not be accessible. Cookies will not damage your device.
OUR WEB SITE USES TECHNICAL AND SYSTEM COOKIES
Session cookies: needed to use the web site and surf through it; used to handle log in and access to some specific reserved areas. Disabling these, some part may not be accessible or may not correctly function. Moreover these cookies are related to preferences saving (Language session, etc.)
Performance cookies: used byt web site Holder in order to monitor performances and improve the web site. These cookies wont’ collect information which may identify you. All the nformation collected are aggregated anonymously and used exclusively to improve web site performances.
Third part cookies:
Used to share activities promoted by the Company and “likes”. For more information https://it- it.facebook.com/about/privacy
Used to share activities promoted by the Company
How to disable cookies
You may deny your consent to cookies by selecting on your browser the matching setting. You can follow instruction found for each different browser, at following links:
Internet Explorer: http://windows.microsoft.com/it-IT/windows-vista/Block-or-allow-cookies
Please keep in mind that by disabling cookies or future cookies you may not be able to access to some web site pages or functions.
All rights are due to the Controller for changing web site and Policy at any time.
User must always refer to on line policy. Changes will be in force from the moment they will be published on the web site. If the user will keep using the web site after any change, this will be considered as an acceptance of such changes.