Arrival
Departure
Adults
Room
Children
Cancel/modify reservation
menu
altlogo
Book Now
Close
eng
GPS
Book
Call
Privacy Policy 1

Privacy Policy

Privacy Policy and Data Protection Information

This privacy notice describes the processing of personal data entered or collected on the website www.ristorantecastellodisantavittoria.it and is provided pursuant to Article 13 of EU Regulation No. 679/2016 (hereinafter “GDPR”) and the applicable national legislation on privacy and personal data protection.

1. IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER
In the event that the Data Controller makes use of processors or sub-processors pursuant to art. 28 GDPR, the updated list of processors and data handlers is kept at the Data Controller’s registered office.

2. WHAT TYPES OF PERSONAL DATA WE PROCESS
The types of personal data we collect depend on the purpose for which they are collected.
In general, we may collect directly from you the following types of personal data

  • contact personal data, such as name, surname, email address, address, city, phone number;
  • personal data directly provided by you through communications or attachments to communications (e.g., bank details, company data);
  • usage, viewing, and technical data, including the device identifier or the user’s IP address, the time when the user visits the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the server’s response (success, error, etc.), and other parameters related to the operating system and the user’s IT environment, hereinafter referred to as “Personal Data.”


The processing also concerns the operations, or the set of operations, relating to data collected also through the use of cookies.

3. WHY WE PROCESS YOUR PERSONAL DATA AND THE LEGAL BASIS
The processing of your Personal Data by the Data Controller takes place:
A) without your explicit consent (art. 6 lett. b) - f) GDPR), for the following purposes:
- to conclude contracts with the Data Controller;
- to fulfill pre-contractual, contractual, and tax obligations arising from existing relationships;
- to comply with obligations provided by law, regulations, EU legislation, or an order of the Authority;
- to pursue a legitimate interest of the Data Controller or third parties, provided that your interests or fundamental rights and freedoms requiring the protection of personal data do not prevail (e.g., the Data Controller’s right of defense in court).

4. HOW LONG WE KEEP AND PROCESS YOUR PERSONAL DATA
Your Personal Data will be processed by the Data Controller only for the period necessary to achieve the purposes of the processing referred to in the previous article 3, after which it will be retained solely to comply with legal obligations, for administrative purposes, and/or to assert or defend a right, and in any case not beyond the time limits set by law for the statute of limitations.
In particular, Personal Data sent for information requests by the User will be kept by the Data Controller for a maximum of one year.
Browsing data will be processed for a period not exceeding 14 months.

5. HOW WE PROCESS YOUR PERSONAL DATA
Personal Data are processed both on paper and electronically and/or automatically for the time necessary to achieve the purposes for which they are collected by the Data Controller or by duly authorized and/or appointed persons tasked with these duties, constantly identified and/or named, properly instructed, and made aware of the obligations imposed by law, as well as through the use of security measures to ensure confidentiality and prevent risks of loss or destruction, unauthorized access, or processing not permitted or not consistent with the purposes above.

6. TO WHOM WE MAY DISCLOSE YOUR PERSONAL DATA
For the purposes indicated above, your collected data may be made accessible or communicated to:

  • employees and collaborators of the Data Controller, in their capacity as authorized data processors, within the scope of their duties and in accordance with instructions received. These individuals are in any case subject to confidentiality obligations;
  • third-party entities performing outsourcing activities on behalf of the Data Controller to whom certain activities, or parts thereof, are entrusted for the provision and distribution of services offered through the site (e.g., hosting companies, programmers, system administrators and database administrators, technical support centers, Internet and telecommunications operators, or whose activities are connected, instrumental, or supportive to those of the Data Controller (e.g., cloud management and/or marketing software));
  • all those public and/or private entities, natural and/or legal persons (legal, administrative, and tax consulting firms, debt collection companies, Courts, Chambers of Commerce, Labor Offices, etc.) where the disclosure is necessary or functional to the correct fulfillment of contractual obligations, as well as obligations imposed by law;
  • all those entities (including Public Authorities) who have access to personal data by virtue of statutory or administrative provisions;


In any case, your collected personal data will not be resold or transferred to third parties for marketing purposes and will not be disseminated.

7. TRANSFER OF PERSONAL DATA OUTSIDE THE EU AREA
The management and storage of your Personal Data will take place in Europe. It is understood that, if necessary, the Data Controller may have your Personal Data processed outside the EU (EEA). In such case, the Data Controller ensures that the transfer of data outside the EU will comply with applicable legal provisions, entering into agreements that ensure an adequate level of protection and/or adopting the standard contractual clauses provided by the European Commission if necessary.

8. MINORS
This website and the Data Controller do not intentionally collect Personal Data relating to minors under 18 years of age. In accordance with applicable laws, parental responsibility must provide consent for the collection of the minor’s Personal Data. In the event that Personal Data of minors are inadvertently recorded, the Data Controller will promptly delete them upon request of the person exercising parental responsibility.

9. YOUR RIGHTS
Pursuant to Articles 15 et seq. of the GDPR and applicable national legislation on privacy and personal data protection, you have the right to:
Obtain from the Data Controller confirmation as to whether or not processing of personal data concerning you is taking place and, if so, to access the personal data and the following information:

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients are third-country recipients or international organizations;
  • where possible, the envisaged period of retention of personal data or, if not possible, the criteria used to determine that period;
  • the existence of the right of the data subject to request from the data controller the rectification or erasure of personal data, the restriction of processing of personal data concerning them, or to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • where the data are not collected from the data subject, all available information as to their source;
  • the existence of automated decision-making, including profiling.

Obtain from the Data Controller the rectification of inaccurate personal data concerning you without undue delay. Considering the purposes of the processing, the data subject has the right to obtain the completion of incomplete personal data, including by providing a supplementary statement.

Obtain from the Data Controller the deletion of personal data concerning you without undue delay and the Data Controller is obliged to delete personal data without undue delay within the limits and cases provided by applicable law.

Obtain from the Data Controller the restriction of processing.

Receive in a structured, commonly used, and machine-readable format the personal data concerning you provided to the Data Controller, and have the right to data portability and thus to transmit such data to another data controller without hindrance from the controller to whom the data were provided, where the processing is based on consent or a contract and the processing is carried out by automated means.

Object at any time, for reasons related to your particular situation, to the processing of personal data concerning you if the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller, or if the processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or third parties.

If you believe that your rights have been violated by the Data Controller, lodge a complaint with the Italian Data Protection Authority (Piazza Montecitorio 121, 00186 Rome (RM) - garanteprivacy.it) and/or with any other supervisory authority competent under the GDPR.

Following the exercise of the rights under points 2), 3) and 4), the Data Controller communicates to each recipient to whom personal data were transmitted any corrections, deletions, or restrictions on processing within the limits and forms provided by applicable law.

To exercise the rights listed above towards the Data Controller, you must submit a written request by sending a registered letter with return receipt