This Privacy Policy describes how VE.GA. di Venturini M. & Gavassa D. S.n.c. (hereinafter the «Controller») processes the personal data of users who visit the website www.ristomacelleria-laresistenza.it or request the services of the restaurant La Resistenza Risto Macelleria, in compliance with Regulation (EU) 2016/679 (the «GDPR») and Italian Legislative Decree 196/2003 as amended by Decree 101/2018.
1. Data Controller
The Data Controller is:
VE.GA. di Venturini M. & Gavassa D. S.n.c.
Registered office: Piazza Matteotti 19, 57036 Porto Azzurro (LI), Italy
Operational office: Via Solferino, 57036 Porto Azzurro (LI), Italy
VAT and Tax Code: 01107750497
Email: foranello69@gmail.com
Phone: +39 328 332 8852
For any request regarding the processing of your personal data you can write to the email address above. The Controller will reply within 30 days from receipt of the request, as required by article 12 GDPR.
2. Categories of data collected
We collect only the data strictly necessary for the purposes described below. In particular:
2.1 Data voluntarily provided by the user
- Table reservation form: first name, last name, email address, phone number, requested date and time, number of guests, optional occasion (birthday, anniversary, etc.) and additional notes.
- Contacts via email, WhatsApp or phone: any data included in the message (name, contact details, content of the request).
2.2 Data automatically collected during browsing
- Connection data: IP address, browser type and version, operating system, date and time of access, pages visited. Collected for technical, security and aggregated statistical purposes.
- Cookies: for details on the cookies used please refer to the Cookie Policy.
3. Purposes of processing and legal basis
| Purpose |
Legal basis |
Provision of data |
| Handling of table reservation requests and related confirmation by email |
Pre-contractual measures at the request of the data subject (art. 6.1.b GDPR) |
Mandatory: without the requested data the reservation cannot be processed |
| Reply to information requests sent via email, WhatsApp or phone |
Legitimate interest of the Controller (art. 6.1.f GDPR) |
Mandatory in order to reply |
| Tax, accounting and administrative obligations related to restaurant activity |
Legal obligation (art. 6.1.c GDPR) |
Mandatory by law |
| Website security, prevention of abuse, fraud and cyberattacks |
Legitimate interest of the Controller (art. 6.1.f GDPR) |
Technically required |
| Anonymous browsing statistics (if consent is given via the cookie banner) |
Consent of the data subject (art. 6.1.a GDPR) |
Optional, can be withdrawn at any time |
4. Methods of processing
Personal data are processed using electronic and paper-based tools, with adequate technical and organisational measures to ensure security, integrity and confidentiality, in accordance with articles 25 and 32 GDPR. In particular:
- Encrypted communications via HTTPS/TLS protocol
- Access to data limited to duly authorised persons
- Periodic backups and protection against unauthorised access
- Internal procedures for the management of any data breach
5. Data retention period
Personal data are kept for the time strictly necessary for the purposes for which they were collected:
- Reservation data: kept for 24 months from the reservation date, unless a longer retention is necessary for legal defence purposes.
- Information requests: kept for 12 months from the last useful contact.
- Tax and accounting data: kept for the period required by Italian tax law (usually 10 years).
- System logs and security data: kept for a maximum of 12 months.
- Cookies: as indicated in the Cookie Policy.
6. Recipients of the data
Personal data may be processed by:
- Internal staff of the Controller, duly authorised and trained.
- External suppliers performing ancillary activities (for example: website hosting, email service, accountant, IT development and maintenance), appointed as Data Processors pursuant to article 28 GDPR.
- Public authorities, when required by law.
Data are never sold, transferred or disclosed to third parties for marketing or profiling purposes.
7. Transfer of data outside the EEA
Data are normally processed within the European Economic Area (EEA). Should any technical services (e.g. CDN, web fonts, any analytics tools) involve data transfer outside the EEA, the Controller ensures that such transfer takes place on the basis of appropriate safeguards pursuant to articles 44-49 GDPR (e.g. EU Commission adequacy decisions, Standard Contractual Clauses).
8. Rights of the data subject
At any time you can exercise the rights granted by articles 15-22 GDPR, and in particular:
- Right of access (art. 15): obtain confirmation that processing of your data is taking place and receive a copy of those data.
- Right of rectification (art. 16): correct inaccurate or incomplete data.
- Right to erasure (art. 17, «right to be forgotten»): obtain the erasure of data in the cases provided for by the regulation.
- Right to restriction of processing (art. 18).
- Right to data portability (art. 20): receive your data in a structured, commonly used and machine-readable format.
- Right to object (art. 21): object to processing for reasons related to your particular situation, where processing is based on legitimate interest.
- Right to withdraw consent at any time (art. 7.3), without affecting the lawfulness of processing carried out before the withdrawal.
To exercise your rights please send a written request to the email address foranello69@gmail.com indicating the right you intend to exercise and, where possible, attaching a copy of an identity document to allow for correct identification.
9. Complaint to the Supervisory Authority
If you believe that the processing of your personal data is carried out in violation of the GDPR, you have the right to lodge a complaint with the competent Supervisory Authority. In Italy: Garante per la protezione dei dati personali, Piazza Venezia 11, 00187 Roma, website www.garanteprivacy.it.
10. Automated decision-making
The Controller does not carry out automated decision-making or profiling activities pursuant to article 22 GDPR.
11. Minors
The website is not directed at minors under 16 and the Controller does not knowingly collect personal data of minors. Should we become aware of the collection of data of a minor without the consent of the parent or guardian, we will delete them promptly.
12. Changes to this Privacy Policy
The Controller reserves the right to amend this Privacy Policy at any time to adapt it to new regulatory or organisational requirements. Any changes will be published on this page with indication of the date of last update. Users are therefore invited to consult this section periodically.