The Data may include:
(i) IP addresses or domain names of the devices utilized by users who use websites, URI addresses (so-called “Uniform Resource Identifier”), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer and other parameters about users’ device operating system and/or IT environment; and/or
(ii) information that identifies or makes identifiable, directly or indirectly, a natural person and that can provide other information on his characteristics, his habits, his lifestyle, his personal relationships, his state of health, his economic situation, etc..
Generally, the data referred to in paragraph (i) above are collected on an automated basis and the data referred to in paragraph (ii) above are collected on a voluntary basis.
2. Collection on an automated basis
Computer systems and software procedures used to operate this Website acquire, during their normal operation, some Data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified parties, but which, by their very nature, could, through processing and association with data held by third parties, allow Users to be identified.
3. Collection on a voluntary basis
Some Data may be collected by the Website when provided voluntarily by Users in order for them to use the services made available by the Website itself. This happens, for example, in the case of use by Users of the table booking service (when provided directly by the Website).
In particular, the Data includes:
– name and surname;
– email account;
– telephone number; and/or
– any additional information provided spontaneously by Users.
With particular reference to the table booking service, Users are reminded that this service is currently provided through OpenTable, which can be used through this Website.
Users are therefore invited to consult the “Politica della Privacy” (https://www.opentable.com/legal/privacy-policy) and the “Condizioni d’Uso” (https://www.opentable.com/legal/terms-and-conditions) of OpenTable.
The use of third-party websites and services linked to this Website is to be considered at the sole risk of the Users.
5. Controller of the data processing
Penelope a Milano S.r.l., with registered office in Pescara, via Armando Caldora 4, tax code and registration number in the Companies’ Register of Chieti-Pescara 02220130682, email account [email protected], certified email account (PEC) [email protected], is the Data controller (the “Controller”), as well as the owner of this Website.
6. Consent to the Data processing
This Website processes Data mainly on the basis of the consent of the Users.
Users can withdraw their consent at any time by leaving this Website.
The Data is mainly processed:
(i) to obtain statistical information on the use of this Website and/or check its regular functioning, also pursuant to art. 6, first paragraph, letter f), of the GDPR;
(ii) for security reasons (spam filters, firewalls, intrusion detection). The Data could be used, in accordance with applicable laws, in order to avoid attempts to damage the Website itself, avoid damage to other Users and/or, in any case, prevent fraudulent activities, also pursuant to art. 6, first paragraph, letter f), of the GDPR;
(iii) provide services on the Website; and/or
(iv) fulfill legal obligations and/or orders by the competent Bodies/ Authorities.
The Data is not used for the identification or profiling of Users (the Controller is unable in any way to identify visitors to this Website) nor is it crossed with other Data and/or provided to third parties.
The Data persists for the time strictly necessary for the technical purposes, except in the case where there is further need for its conservation (for example, communications of offenses, requests from the Judicial Authority, etc.).
The Data processing is carried out with organizational methods and with logic strictly related to the purposes indicated.
In addition to the Controller, in some cases, other subjects involved in the organization of this Website (administrative, commercial, marketing, legal, system administrators) or external subjects (such as suppliers of third party technical services, postal couriers, hosting providers, IT companies, communication agencies) may have, also in the capacity of Data processors appointed by the Controller, if necessary, access to the Data.
The updated list of Data processors can always be requested from the Controller.
8. Place of processing
Data processing is carried out in the European territory pursuant to the GDPR and the Privacy Code.
9. Users’ rights
Users may at any time exercise the following rights provided for by art. 15 and following of the GDPR and the Privacy Code:
(i) right of access to Data and related information (purpose of processing; categories of Data; recipients to whom the Data have been or will be disclosed, Data retention period, used criteria, etc.);
(ii) the right to rectify inaccurate Data and to integrate it if incomplete;
(iii) right to erase the Data (so-called “right to be forgotten”);
(iv) right to restrict the Data processing (in case of disputes or unlawful processing, etc.);
(v) right to lodge a complaint with the Privacy Authority (Garante per la Protezione dei Dati Personali) pursuant to art. 77 of the G.D.P.R. (for more information, please consult the website www.garanteprivacy.it);
(vi) right to data portability;
(vii) right to object to the Data processing; and
(viii) right to withdraw the consent, where given.
10. Exercise of rights
– by certified email (PEC), to [email protected]; or
– by return receipt registered letter, to via Armando Caldora 4, 65129 Pescara.
Users will be informed, no later than 30 days after receipt of the request, of the action taken with respect to the aforementioned request. The aforementioned deadline may however be extended, by giving prior written notice to Users, in case of special needs due to the complexity of the request.