Privacy Policy for the website www.osteriadeipriori.it

Respecting the privacy of our visitors is of utmost importance to us; therefore, the number and nature of the data collected during navigation has been reduced to the bare minimum, and all necessary measures have been taken to ensure its security. Please note that this privacy policy applies only to the site www.osteriadeipriori.it and not to other websites that the user might visit via links present on the aforementioned website. In accordance with the provisions of Legislative Decree 196/2003, Code regarding the protection of personal data, and the General Data Protection Regulation – EU Regulation 2016/679, Valemi Srls, represented for this purpose by the current legal representative, as Data Controller, wishes to inform you as follows.

Personal data processed and purposes of processing

Automatically acquired data

The IT systems used for the operation of this site acquire, during normal navigation, some personal data whose transmission is connected to the use of Internet communication protocols (IP addresses, domain names of the computers used by users connecting to the site, time of the request, method used to submit the request to the server, size of the file obtained in response, numeric code indicating the status of the server’s response, etc.) and other parameters related to the user’s operating system and IT environment. These data are used solely to obtain anonymous statistical information on site usage and to verify its correct functioning. The collected data may be used to ascertain liability in the event of hypothetical computer crimes against the site.

Data voluntarily provided by users

Personal data voluntarily provided by users through filling out contact forms or through other communication methods possibly provided on our site are used solely to respond to requests submitted and, with your consent, for all other purposes that require it. For example, entering an email address in the contact form entails its acquisition, necessary to respond to the requests made, as well as the acquisition of any other personal data included in the message. Your personal data may be communicated for the indicated purposes to our collaborators specifically authorized within their respective roles. For the same purposes, if necessary, collected data may be transferred outside the national territory where the conditions required by law are met.

Processing methods and retention times

Processing will be carried out using paper and electronic means by the data controller and authorized subjects, observing all precautionary measures ensuring security and confidentiality. Your personal data submitted via forms and contact modules will be stored for the time necessary to fulfill your requests. Personal data related to navigation will be stored to ensure checks concerning the management and security of the site for the necessary period, which is, except for particular cases, 6 months.

Optional nature of providing personal data

Except for navigation data which are recorded automatically, users are free to provide personal data (e.g., name, surname, address, email, etc.) requested in the forms on the site. Failure to provide them may result in the inability to obtain what is requested.

Communication of collected data

For the pursuit of the purposes described above, your personal data will be known by employees, assimilated personnel, and collaborators of the Data Controller, who will operate as authorized data processors. Moreover, your personal data will be communicated and processed by third parties belonging to the following categories:

  • a) subjects employed by the Controller for site management;
  • b) companies managing the Controller’s IT system;
  • c) companies and consultants providing legal and/or tax advisory services;
  • d) authorities and supervisory bodies, and generally public or private subjects with public functions.

The subjects belonging to the categories above may act, in some cases, independently as distinct Data Controllers, or in other cases as Data Processors specifically appointed by the Controller in compliance with Article 28 GDPR. The complete and updated list of subjects to whom your personal data may be communicated can be requested at the Controller’s registered office (info@osteriadeipriori.it).

Rights of the data subjects

Regarding the processing described in this Privacy Policy, as a data subject, you may, under the conditions provided by the GDPR, exercise the rights established by Articles 15 to 21 of the GDPR, and specifically the following rights:

• Right of access – Article 15 GDPR: the right to obtain confirmation whether or not a personal data processing concerning you is ongoing, and, if so, to access your personal data – including a copy – and receive information such as:

  • a) purposes of the processing;
  • b) categories of personal data processed;
  • c) recipients to whom the data were or will be communicated;
  • d) retention period or criteria used;
  • e) data subject’s rights (rectification, erasure, restriction of processing, and the right to object to processing);
  • f) right to lodge a complaint;
  • g) information about the source of data if not collected directly from the data subject;
  • h) existence of automated decision-making, including profiling;

• Right to rectification – Article 16 GDPR: the right to obtain without undue delay the correction of inaccurate personal data concerning you and/or the completion of incomplete personal data;

• Right to erasure (right to be forgotten) – Article 17 GDPR: the right to obtain without undue delay the deletion of personal data concerning you when:

  • a) the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • b) you have withdrawn your consent and there is no other legal ground for the processing;
  • c) you have objected successfully to the processing of your personal data;
  • d) the data have been unlawfully processed;
  • e) the data must be erased to comply with a legal obligation;
  • f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR. The right to erasure does not apply to the extent that processing is necessary for compliance with a legal obligation, or for the performance of a task carried out in the public interest or exercise of official authority, or for the establishment, exercise, or defense of legal claims.

• Right to restriction of processing – Article 18 GDPR: the right to obtain restriction of processing when:

  • a) the accuracy of the personal data is contested by the data subject;
  • b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests restriction instead;
  • c) the data controller no longer needs the personal data for processing, but the data subject requires them for the establishment, exercise, or defense of legal claims;
  • d) the data subject has objected to processing pending verification of the legitimacy of the controller’s grounds overriding those of the data subject;

• Right to data portability – Article 20 GDPR: the right to receive personal data concerning you, which you have provided to a controller, in a structured, commonly used, and machine-readable format, and the right to transmit those data to another controller without hindrance, when processing is based on consent and carried out by automated means. Furthermore, the right to have your personal data transmitted directly from one controller to another when technically feasible;

• Right to object – Article 21 GDPR: the right to object at any time to the processing of personal data concerning you based on the legitimate interest condition, including profiling, unless there are legitimate grounds for the controller that override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.

• Lodging a complaint with the Data Protection Authority, Piazza di Montecitorio n. 121, 00186, Rome (RM). The above rights may be exercised towards the Controller by contacting the references in the “Controller and Processors” paragraph. The Controller will handle your request and provide information regarding the action taken without undue delay and in any case no later than one month from receipt of the request. The exercise of your rights as a data subject is free of charge under Article 12 GDPR. However, in the case of manifestly unfounded or excessive requests, including repetitive ones, the Controller may charge a reasonable fee based on administrative costs or refuse to comply with your request. Finally, the Controller may ask for additional information necessary to confirm the identity of the data subject.

Controller and Processors

The data controller and processor is Valemi Srls represented by its pro tempore legal representative. For any information concerning the processing of your personal data carried out through this site, you may contact the Data Protection Officer at the email address info@osteriadeipriori.it.

Cookie Policy