PRIVACY POLICY pursuant to articles 13 and 14 of Regulation (EU) 2016/679
With this Privacy Policy the Data Controller, as defined below, wishes to inform you about the purposes and methods of processing your personal data and the rights recognized by Regulation (EU) 2016/679 relating to the protection of natural persons, with regard to the processing of personal data and their free circulation (“GDPR”), as well as by the Privacy Code Legislative Decree 30 June 2003, n. 196 and subsequent amendments.
| TITOLARE DEL TRATTAMENTO |
| Ristorante Bistrot Enoteca Bar Caffetteria 0761.435957 / 327.1520845 info@ristobistrot.it Via Santa Maria, 21 – Tuscania (VT) Pi 02204060566 TYPES OF DATA PROCESSED The processing activities carried out are aimed at acquiring the following personal data: Category Type Common data Technical Cookies Common data Navigation log Common data Personal data |
| CATEGORIES OF INTERESTED PARTIES |
| The processing activities carried out are aimed at the following categories of interested parties: Web Users Category |
| PURPOSE OF THE PROCESSING AND CONDITION WHICH MAKES THE PROCESSING LAWFUL 1. SITE – Navigation Data Obtain anonymous statistical information on use, check the correct functioning of the site, ascertain responsibility in case of hypothetical computer crimes against the Owner. The data you provide will be processed for the following purposes: Condition Lawfulness of Processing Purpose Description Legitimate Interest – Art. 6, c.1, let. f. GDPR Technological Maintenance of the site. Data analysis to perform the evolution and maintenance of the website. Legitimate Interest – Art. 6, c.1, let. f. GDPR Illegal use of the site. Ascertainment of responsibility in the event of potential computer crimes to the detriment of the site and/or the data subjects. Legitimate Interest – Art. 6, c.1, let. f. GDPR Statistical Analysis. Anonymous statistical analysis on the use of the site. Nature of the provision: Mandatory. Consequences of refusal to provide data: Failure to provide data will make it impossible for the company to provide the web service provided. Personal data retention period: The data is retained for 30 days. Minimum data protection measures: Standard Protection Measures Processing Method: The processing is carried out using IT tools. |
| SITE – Requests from the Site Requests made by interested parties via the website of the Data Controller. The data you provide will be processed for the following purposes: Condition Lawfulness of Processing Purpose Description Execution of Contract – Art. 6, c.1, let. b. GDPR Sending requests via web platform tools. Sending requests via web platform tools. Nature of the provision: Optional Consequences of refusal to provide data: Failure to provide the data will make it impossible for the Data Controller to respond to the interested party’s requests. Personal data retention period: Processing of the request. Minimum data protection measures: Standard Protection Measures Processing Method: The processing is carried out using IT tools. |
3. SITO – Cookies
In addition to the data expressly provided to the Data Controller, other data deriving from the user’s navigation on the site may be recorded: when the user accesses it, in fact, the site can send the user a “cookie”. A “cookie” is a small text file that the site can automatically send to your computer when you view our pages. “Cookies” are used to make navigation more convenient and allow the operation of some services that require identification of the user’s path through different pages of the site. For any access to the site, regardless of the presence of a “cookie”, the site records the type of browser (e.g. Internet Explorer, Chrome, Firefox), the operating system (e.g. Windows, Macintosh), the host and the URL of origin of the user-navigator, in addition to the data on the requested page. This data can be used in aggregate and anonymous form for statistical analyzes on the use of the site. For complete management of cookies, the user/visitor is invited to consult the “Cookie policy” page of this site. The data you provide will be processed for the following purposes:
| Condition Lawfulness of Processing | Purpose | Description |
| Legitimate Interest – Art. 6, c.1, let. f. GDPR | Technological maintenance of the site. | Data analysis to perform the evolution and maintenance of the website. |
| Legitimate Interest – Art. 6, c.1, let. f. GDPR | Statistical analysis. | Anonymous statistical analysis on the use of the site. |
Nature of the provision: Optional for those not necessary
| SITE – Cookies In addition to the data expressly provided to the Data Controller, other data deriving from the user’s navigation on the site may be recorded: when the user accesses it, in fact, the site can send the user a “cookie”. A “cookie” is a small text file that the site can automatically send to your computer when you view our pages. “Cookies” are used to make navigation more convenient and allow the operation of some services that require identification of the user’s path through different pages of the site. For any access to the site, regardless of the presence of a “cookie”, the site records the type of browser (e.g. Internet Explorer, Chrome, Firefox), the operating system (e.g. Windows, Macintosh), the host and the URL of origin of the user-navigator, in addition to the data on the requested page. This data can be used in aggregate and anonymous form for statistical analyzes on the use of the site. For complete management of cookies, the user/visitor is invited to consult the “Cookie policy” page of this site. The data you provide will be processed for the following purposes: Condition Lawfulness of Processing Purpose Description Legitimate Interest – Art. 6, c.1, let. f. GDPR Technological Maintenance of the site. Data analysis to perform the evolution and maintenance of the website. Legitimate Interest – Art. 6, c.1, let. f. GDPR Statistical Analysis. Anonymous statistical analysis on the use of the site. Nature of the provision: Optional for those that are not necessary. Consequences of refusal to provide data: Failure to provide data will make it impossible for the Data Controller to provide the user with efficient navigation on the site. Personal data retention period: Session Minimum data protection measures: Standard protection measures Processing methods: Processing is carried out using IT tools. |
| RECIPIENTS OF THE TREATMENT |
| Role Recipient or Category Recipient Responsible for Processing Suppliers Hosting Services Responsible for Processing ICT systems maintenance services Person Designated for Processing (Internal) Personnel employed by the Data Controller |
| RIGHTS OF THE INTERESTED PARTY – COMPLAINT TO THE SUPERVISORY AUTHORITY |
| In relation to the processing described in this Information, as an interested party you may, under the conditions established by the GDPR, exercise the rights established by articles 15 to 22 of the GDPR and, in particular, the following rights: right of access – article 15 GDPR : right to obtain confirmation as to whether or not personal data concerning you is being processed and, in this case, obtain access to your personal data; right of rectification – article 16 GDPR: right to obtain, without unjustified delay, the rectification of inaccurate personal data concerning you and/or the integration of incomplete personal data; right to cancellation (right to be forgotten) – article 17 GDPR: right to obtain, without unjustified delay, the cancellation of personal data concerning you. The right to erasure does not apply to the extent that processing is necessary for the fulfillment of a legal obligation or for the performance of a task carried out in the public interest or for the establishment, exercise or defense of a right. in court. right to limit processing – article 18 GDPR: right to obtain limitation of processing, when: a) the interested party disputes the accuracy of the personal data; b) the processing is unlawful and the interested party opposes the deletion of the personal data and instead requests that its use be limited;c) the personal data are necessary for the interested party to ascertain, exercise or defend a right in court; d) the interested party has opposed the processing pending verification regarding the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party. right to data portability – article 20 GDPR: right to receive, in a structured, commonly used and machine-readable format, the personal data concerning you provided to the Data Controller and the right to transmit them to another data controller without impediments, if the processing is based on consent and is carried out by automated means. Furthermore, the right to have your personal data transmitted directly from this owner to another owner if this is technically feasible; right of opposition – article 21 GDPR: right to object, at any time, to the processing of personal data concerning you based on the condition of legitimacy of legitimate interest, including profiling, unless there are legitimate reasons for the Data Controller to continue the processing which prevail over the interests, rights and freedoms of the interested party or for the establishment, exercise or defense of a right in court. right not to be subjected to automated decision-making – Article 22 GDPR: the data subject has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or which significantly similarly significantly on your person, unless this is necessary for the conclusion or execution of a contract or you have given your consent. In any case, an automated decision-making process cannot concern your personal data and you will be able to obtain human intervention from the data controller at any time, express your opinion and contest the decision. right to lodge a complaint with the Guarantor Authority for the protection of personal data:http://www.garanteprivacy.it; revoke the consent given on any occasion and with the same ease with which it was provided without prejudice to the lawfulness of the processing based on the consent given before the revocation. The above rights may be exercised against the Data Controller by contacting the contact details indicated in the DATA CONTROLLER section, in the first section of this information notice. The exercise of your rights as an interested party is free pursuant to Article 12 GDPR. However, in the case of manifestly unfounded or excessive requests, also due to their repetitiveness, the Owner may charge you a reasonable fee, in light of the administrative costs incurred to manage your request, or deny satisfaction of your request. Finally, we inform you that the Data Controller may request further information necessary to confirm the identity of the interested party. The Data Controller is relieved of any responsibility deriving from navigation on websites that can be consulted via links on the website. This information, therefore, is not to be considered valid for other websites that may be the owner’s domain, or the domain of third parties. |