Privacy Policy of ristoranteofficinadelgusto.it

This Application collects some Personal Data from its Users.

Data Controller

Officina del Gusto di Ursino Giovanni

Via Fortino, 11, 98164 Messina (ME)

Data Controller’s email address: giovanniursino@hotmail.com

Types of Data Collected

Among the types of Personal Data collected by this Application, either independently or through third parties, there are: Cookies, Usage Data, name, phone number, and email.

Detailed information on each type of data collected is provided in the dedicated sections of this privacy policy or through specific information notices displayed prior to the data collection. Personal Data may be freely provided by the User, or, in the case of Usage Data, collected automatically during the use of this Application. Unless otherwise specified, all Data requested by this Application is mandatory. If the User refuses to provide it, it may be impossible for this Application to provide the Service. In cases where this Application indicates some Data as optional, Users are free to refrain from communicating such Data without any consequences on the availability or the operation of the Service. Users who have doubts about which Data is mandatory are encouraged to contact the Data Controller. The possible use of Cookies – or other tracking tools – by this Application or by the owners of third-party services used by this Application, unless otherwise specified, is aimed at providing the Service requested by the User, in addition to the other purposes described in this document and in the Cookie Policy, if available.

The User assumes responsibility for the Personal Data of third parties obtained, published, or shared through this Application and declares that they have the right to communicate or disseminate it, releasing the Data Controller from any liability towards third parties.

Methods and Place of Data Processing

Methods of Processing

The Data Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of Personal Data. The processing is carried out using IT and/or telematic tools, with organizational methods and logic strictly related to the purposes indicated. In addition to the Data Controller, in some cases, the Data may be accessible to other parties involved in the organization of this Application (administrative, sales, marketing, legal staff, system administrators) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communication agencies) appointed, if necessary, as Data Processors by the Data Controller. The updated list of Data Processors can always be requested from the Data Controller.

Legal Basis of Processing

The Data Controller processes Personal Data relating to the User if one of the following conditions applies:

  • The User has given consent for one or more specific purposes; Note: in some jurisdictions, the Data Controller may be allowed to process Personal Data without the User’s consent or another of the legal bases specified below, until the User objects (“opt-out”) to such processing. This is, however, not applicable when the processing of Personal Data is subject to European legislation on the protection of Personal Data;
  • The processing is necessary for the performance of a contract with the User and/or for any pre-contractual obligations;
  • The processing is necessary for compliance with a legal obligation to which the Data Controller is subject;
  • The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
  • The processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party.

“It is always possible to request the Data Controller to clarify the specific legal basis of each processing activity, and in particular, to specify whether the processing is based on law, provided for by a contract, or necessary to conclude a contract.

Location

The Data is processed at the operational offices of the Data Controller and any other location where the parties involved in the processing are located. For further information, contact the Data Controller.
The User’s Personal Data may be transferred to a country different from the one in which the User is located. To obtain further information about the location of the processing, the User can refer to the section detailing the processing of Personal Data.

The User has the right to obtain information regarding the legal basis for transferring Data outside the European Union or to an international organization governed by public international law or established by two or more countries, such as the UN, as well as the security measures adopted by the Data Controller to protect the Data.

Should any of the aforementioned transfers take place, the User can refer to the respective sections of this document or request information from the Data Controller by contacting them at the details provided at the beginning.

Retention Period

The Data is processed and stored for the time required by the purposes for which it was collected.

Therefore:

Personal Data collected for purposes related to the execution of a contract between the Data Controller and the User will be retained until such contract has been fully executed.
Personal Data collected for purposes related to the legitimate interest of the Data Controller will be retained until such interest is fulfilled. The User can obtain further information regarding the legitimate interest pursued by the Data Controller in the relevant sections of this document or by contacting the Data Controller.

When the processing is based on the User’s consent, the Data Controller may retain the Personal Data for a longer period until such consent is revoked. Additionally, the Data Controller might be obliged to retain the Personal Data for a longer period in compliance with a legal obligation or by order of an authority.

At the end of the retention period, the Personal Data will be deleted. Therefore, once this period expires, the right to access, deletion, rectification, and the right to data portability can no longer be exercised.

Purposes of the Data Processing Collected

The User’s Data is collected to allow the Data Controller to provide its Services, as well as for the following purposes:
Interaction with social networks and external platforms, Statistics, Displaying content from external platforms, and Contacting the User.

To obtain further detailed information on the purposes of the processing and the Personal Data specifically relevant to each purpose, the User can refer to the relevant sections of this document.

Details on the Processing of Personal Data

Personal Data is collected for the following purposes and using the following services:

Contacting the User
Interaction with social networks and external platforms
Statistics
Displaying content from external platforms
User Rights

Users may exercise certain rights concerning their Data processed by the Data Controller.

In particular, the User has the right to:

Withdraw consent at any time. The User can withdraw consent to the processing of their Personal Data previously given.
Object to the processing of their Data. The User can object to the processing of their Data when it is done on a legal basis other than consent. Further details on the right to object are provided in the section below.
Access their Data. The User has the right to obtain information about the Data processed by the Data Controller, certain aspects of the processing, and to receive a copy of the Data processed.
Verify and request rectification. The User can verify the accuracy of their Data and request it be updated or corrected.
Obtain the restriction of processing. When certain conditions are met, the User can request the restriction of the processing of their Data. In this case, the Data Controller will not process the Data for any purpose other than storing it.
Obtain the deletion or removal of their Personal Data. When certain conditions are met, the User can request the deletion of their Data by the Data Controller.
Receive their Data or have it transferred to another controller. The User has the right to receive their Data in a structured, commonly used, and machine-readable format and, if technically feasible, to have it transmitted without hindrance to another controller. This provision is applicable when the Data is processed by automated means, and the processing is based on the User’s consent, on a contract to which the User is a party, or on pre-contractual measures connected to it.
Lodge a complaint. The User can lodge a complaint with the competent data protection supervisory authority or take legal action.

Details on the Right to Object

When Personal Data is processed in the public interest, in the exercise of official authority vested in the Data Controller, or for the legitimate interest pursued by the Data Controller, Users have the right to object to the processing for reasons related to their particular situation.

Users are informed that if their Data is processed for direct marketing purposes, they can object to the processing without providing any reasons. To find out if the Data Controller processes data for direct marketing purposes, Users can refer to the relevant sections of this document.

How to Exercise the Rights

To exercise the User’s rights, Users can direct a request to the contact details of the Data Controller provided in this document. Requests are made free of charge and will be processed by the Data Controller as soon as possible, in any case within a month.

Additional Information about Data Processing
Defense in Court

The User’s Personal Data may be used by the Data Controller in court or in the stages leading to possible legal action arising from improper use of this Application or the related Services by the User.
The User declares to be aware that the Data Controller may be required to disclose Data upon request of public authorities.

Specific Information

Upon the User’s request, in addition to the information contained in this privacy policy, this Application might provide the User with additional and contextual information concerning specific Services or the collection and processing of Personal Data.

System Logs and Maintenance

For operation and maintenance purposes, this Application and any third-party services it uses may collect system logs, which are files that record interactions and may also contain Personal Data, such as the User’s IP address.

Information Not Contained in this Policy

More details concerning the processing of Personal Data may be requested from the Data Controller at any time using the contact information provided.

Response to “Do Not Track” Requests

This Application does not support “Do Not Track” requests.
To determine whether any of the third-party services it uses honor “Do Not Track” requests, Users are invited to consult their respective privacy policies.

Changes to this Privacy Policy

The Data Controller reserves the right to make changes to this privacy policy at any time by notifying Users on this page and, if possible, within this Application as well as, if technically and legally feasible, sending a notice to Users via any contact information available to the Data Controller. Please refer to this page regularly, paying attention to the last modification date listed at the bottom.

If the changes affect processing activities carried out on the basis of the User’s consent, the Data Controller will collect new consent from the User, where required.”

Data Breach (Art. 33 and Art. 34)

A data breach is a security violation that accidentally or unlawfully results in the distribution, loss, alteration, unauthorized disclosure, or access to personal data that has been transmitted, stored, or otherwise processed. The website owner does not assume responsibility for any fraudulent access or data breaches perpetrated by third parties using unlawful means.

Health, Genetic, and Biometric Data

In compliance with Art. 9.4 of the GDPR, which identifies a series of specific measures (as they are related to the purposes and categories of data) and appropriate (as they are suitable to provide effective protection) to safeguard the fundamental rights of data subjects and personal data, this website does not collect health, genetic, or biometric data.

Processing of Special Categories

The website ristoranteofficinadelgusto.it does not collect or process personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, nor does it process genetic data, biometric data intended to uniquely identify a natural person, data related to health, or data concerning a person’s sex life or sexual orientation.

Right to Erasure/Right to be Forgotten

The right to erasure of personal data has been introduced by the new European Regulation for the Protection of Personal Data. This is what is referred to as the right to be forgotten and is regulated by Article 17: ‘The data subject shall have the right to obtain from the data controller the erasure of personal data concerning them without undue delay, and the data controller shall have the obligation to erase personal data without undue delay.’ To exercise this right, you can send a data deletion request to the following email: delete@ristoranteofficinadelgusto.it