Data Protection Statement
in accordance with EU regulation n. 679/2016
Information about our Data Protection Policy
Dear Data subject,
Our company takes your personal data seriously and guarantees to protect data we collect from any risk of violation.
This policy statement, in accordance with guidelines published in EU regulation 679/2016, (hereinafter referred to as ‘the GDPR'), describes the types of data and scope for which they are collected and processed.
Data Controller
The Data Controller is Ristorante Preludio S.r.l. Unip.
Any questions regarding protection of your data should be directed to the following email address: info@ilpreludio.net.
Ristorante Preludio S.r.l. Unip. has nominated a Data Protection Officer who may be contacted at any time by email at info@ilpreludio.net.
General data collection
We collect the following data:
- Navigation data
Data pertaining to data subject navigation on our website, such as IP address, browser type and version, log, etc.
- Personal data
Personal data such as name, address, province or municipality of residence, telephone number, email address/es, etc.
- Information provided by the data subject
Our website may contain contact forms where the data subject requests contact or assistance. We request you refrain from entering any sensitive personal data listed in article 9 of the EU regulation or any bank or credit card details.
SENSITIVE PERSONAL DATA
The company refrains from requesting sensitive personal data listed in GDPR article 9 concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, as well as genetic data, biometric data for the purpose of uniquely identifying a physical person, data concerning health or data concerning the data subject's sexual life or orientation.
Transferring personal data outside of the EU
No personal data will be transferred, copied and/or recovered outside of the EU by us.
Scope
Data provided by the data subject enables the company to offer content and services chosen and/or purchased, to manage and process requests for information, provide assistance and comply with laws the company is subject to. Under no circumstances will the company sell personal data to third parties or use it for any unnamed scope.
Personal data is processed for:
- Online registration and requests for information and/or to be contacted
Personal data is used to register data subject, give data subject requested information and/or brochures and for fulfilment of any other related obligation.
- Contract data management
Personal data may be used to initiate purchases of products or services, process an order, erogate a service and/or produce and/or ship of a purchased product, deal with invoicing and payment processing, process complaints and/or customer service claims, and fulfil any other such obligation deriving from the contract.
- Security of personal data
As outlined in article 49 of the GDPR the Data Controller processes data subject's personal data across suppliers (third parties and/or recipients), insofar as is strictly and proportionately necessary to guarantee network and information security. The Data Controller will promptly inform data subject when a data violation occurs as outlined in article 33 of the GDPR concerning notification of a personal data breach.
- Promotional activity for Services/Products similar to those purchased by data subject
With specific consent from the data subject, the Data Controller can process data provided by the data subject for direct sales of products/services similar to those purchased, unless data subject specifically objects to such processing.
- Promotional activity for Services/Products different from those purchased by data subject
Data subject’s personal data may be processed for promotional campaigns, for market research on a Service/Product that the company offers only where the data subject has given consent and does not object to it.
Processing methods may be automated through:
whereby the data subject has not revoked consent for personal data usage.
Lawfulness of processing
- Consent
The Data Controller processes the data subject’s personal according to consent given through acceptance of this privacy policy and to the above-mentioned scope.
- Registration and contact and/or information request
Processing shall be lawful whereby the data subject has given consent to the processing of personal data for registration, request for information, contact, and/or brochures and where processing is necessary for compliance with a legal obligation.
- Performance of a contract
Processing shall be lawful whereby it is necessary for the performance of a contract and in compliance with a legal obligation
- Systems security
Processing shall be lawful where it is in compliance with legal obligations provided for in article 32 of the GDPR, and to protect the vital interests of company assets and systems security.
- Promotional activity for Services/Products similar to those purchased by data subject
Processing personal data for Promotional activity for Services/Products similar to those purchased by data subject shall be lawful where data subject consent is specifically given as outlined in article 6 of the GDPR, which may be freely revoked by the data subject at any time.
- Promotional activity for Services/Products different from those purchased by data subject
Processing shall be lawful where data subject consent for personal data usage is given prior to processing, which may be revoked by the data subject at any time.
Data Storage
Personal data is processed in accordance with principles pertaining to privacy, fairness, necessity, pertinence, lawfulness, and transparency imposed upon in the GDPR for the amount of time necessary to exercise the scope for which data is collected and in any case, not longer than 10 years from initial collection for the Service or, in the case of a Service/Product purchase, the amount of time necessary for completing the purchase.
Data subject rights
Right of access by the data subject are outlined in article 15 of the GDPR and at any time, the data subject may:
- receive confirmation whether personal data is being processed and access information regarding the purposes of processing or disclosure recipients, and access that information;
- update, modify, and/or correct personal data;
- request erasure, pseudonymisation, blockage for unlawful violation or restriction;
- oppose processing for legitimate reasons, including profiling;
- oppose personal data processing for the scope of direct sales or advertising or market research or any commercial communications;
- revoke consent, where given, without prejudice for lawful processing based on prior consent;
- receive a copy of personal data and request they be transferred to another environment.
In the event there is a violation of data subject rights, in accordance with art. 77 of the GDPR the data subject may contact the supervisory controller or file for judicial remedy.