1. What We Need

Our Personal Data Protection Policy regulates the use and storage of your data. You can view our Personal Data Protection Policy at the Full Privacy Policy Link. Valemi Srls, represented by its legal representative, is the Data Controller of the personal data you (data subject) provide to us. We collect the following types of personal data:

  • Personal data (such as Name, Surname, email address, and phone number)
  • Reservation date and number of people

2. Why We Need It

We need your personal data to provide you with the following services:

  • Confirm the table reservation
  • Send information regarding the reservation

3. What We Do with It and Who We May Share It With

Your personal data are processed at the premises of Valemi Srls, Via Cavour, 23 – 06024 – Gubbio (PG). Data hosting and storage take place at Keliweb S.r.l., located at Via B. Diaz, 35 – 87036 Rende (CS).

For each of the purposes described above, we indicate the “legal basis” – that is, the reasons why the processing is permitted – specifying which processing activities are necessary and which depend on your choice.

The described processing activities are necessary to form and execute contracts and to comply with related legal obligations, and in any case to pursue the legitimate interest of our Company in the correct formation and execution of the relationship, as well as to fulfill obligations arising from it and, in any case, to protect its contractual rights. The acquisition of data for the purposes indicated is therefore necessary and constitutes an essential requirement for the conclusion and execution of the contract, without which it would not be possible to provide products and/or perform services.

Regarding the purposes at point 2, we will proceed with sending information only after you have given your consent by clicking in the appropriate space below the form. In any case, for your maximum guarantee, you can inform yourself and/or object at any time to processing for this specific purpose, according to the methods indicated at the bottom of this notice.

No third party has access to your data, unless specifically required by law or necessarily provided as an integral part of our contractual obligations towards you, without which the possibility of providing you with products and/or services would be compromised.

4. How Long We Keep Your Data and How They Are Processed

Under Italian law, we are required to keep documents that are part of legally bound processing activities for a mandatory period defined by the relevant laws, according to our Data Retention Policy. After this period, your personal data will be irreversibly destroyed or pseudonymized or anonymized, based on the best effort judged suitable for the type of personal data provided. All personal data we hold for notifications of updates to our products and services, or for commercial and marketing activities, or for processing activities not subject to legal terms, will be kept for a maximum of 5 years. For more information about our personal data retention program, see our Data Retention Policy.

The data concerning you will be processed both on paper and/or electronically. Security and proper storage of your data are fundamental for us, also to prevent unauthorized or unlawful processing and accidental destruction or loss of data.

This is why processing is carried out respecting adequate security measures, both directly and by possible external Data Processors and by persons under their authority and adequately trained. In case of joint proposals with other entities, these other companies may operate independently as “data controllers” of the processing they carry out, on which they will provide you with a separate privacy notice.

5. Your Rights and Whom to Contact

Rights of Data Subjects

Regarding the processing described in this Notice, as a data subject you may, under the conditions provided by the GDPR, exercise the rights established in Articles 15 to 21 of the GDPR, and in particular the following rights:

  • Right of access – Article 15 GDPR: the right to obtain confirmation whether or not personal data concerning you are being processed and, if so, to access your personal data – including a copy – and to receive, among others, the following information:
    • a) the purposes of processing
    • b) the categories of personal data processed
    • c) the recipients or categories of recipients to whom the data have been or will be disclosed
    • d) the retention period or criteria used
    • e) data subject’s rights (rectification, erasure, restriction of processing, and right to object)
    • f) right to lodge a complaint
    • g) right to receive information about the source of the data if not collected directly from the data subject
    • h) the existence of automated decision-making, including profiling;
  • Right to rectification – Article 16 GDPR: the right to obtain without undue delay the correction of inaccurate personal data concerning you and/or the completion of incomplete personal data;
  • Right to erasure (right to be forgotten) – Article 17 GDPR: the right to obtain without undue delay the deletion of personal data concerning you when:
    • a) the data are no longer necessary for the purposes for which they were collected or otherwise processed;
    • b) you have withdrawn your consent and there is no other legal ground for the processing;
    • c) you have objected successfully to the processing of your personal data;
    • d) the data have been unlawfully processed;
    • e) the data must be erased to comply with a legal obligation;
    • f) personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR. The right to erasure does not apply to the extent that processing is necessary for compliance with a legal obligation, or for the performance of a task carried out in the public interest or exercise of official authority, or for the establishment, exercise, or defense of legal claims.
  • Right to restriction of processing – Article 18 GDPR: the right to obtain restriction of processing when:
    • a) the accuracy of the personal data is contested by the data subject;
    • b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests restriction instead;
    • c) the data controller no longer needs the personal data for processing, but the data subject requires them for the establishment, exercise, or defense of legal claims;
    • d) the data subject has objected to processing pending verification of the legitimacy of the controller’s grounds overriding those of the data subject;
  • Right to data portability – Article 20 GDPR: the right to receive personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format, and the right to transmit those data to another controller without hindrance, when processing is based on consent and carried out by automated means. Furthermore, the right to have your personal data transmitted directly from one controller to another when technically feasible;
  • Right to object – Article 21 GDPR: the right to object at any time to the processing of personal data concerning you based on the legitimate interest condition, including profiling, unless there are legitimate grounds for the controller that override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.
  • Right to lodge a complaint with the Data Protection Authority, Piazza di Montecitorio n. 121, 00186, Rome (RM).

The above rights may be exercised towards the Controller by contacting the references below. The Controller will handle your request and provide information regarding the action taken without undue delay and, in any case, no later than one month from receipt of the request.

Exercising your rights as a data subject is free of charge under Article 12 GDPR. However, in the case of manifestly unfounded or excessive requests, including repetitive ones, the Controller may charge a reasonable fee based on administrative costs or refuse to comply with your request.

Finally, the Controller may ask for additional information necessary to confirm the identity of the data subject. If you want information on how we have managed your personal data, please contact Valemi Srls, data controller, at the email info@osteriadeipriori.it or in writing at Via Cavour, 23 – 06024 – Gubbio (PG) – Italy. Valemi Srls will review your request and make every effort to provide all necessary information.

If you believe that your personal data has not been managed appropriately according to the law, you may also contact Valemi Srls at the above addresses, or file a complaint with the Data Protection Authority at www.garanteprivacy.it.