PRIVACY POLICY
In compliance with EU Regulation 2016/679 (“GDPR”), Legislative Decree no. 196 of 2003, as amended by Legislative Decree no. 101 of 2018 (the “Privacy Code”), the users (the “Users”) of this website (the “Website”) are requested to carefully read this privacy policy (the “Privacy Policy”) to understand the ways in which their data (the “Data”) are collected, used and stored.

1. Data

The Data may include:

(i) IP addresses or domain names of the devices utilized by users who use websites, URI addresses (so-called “Uniform Resource Identifier”), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer and other parameters about users’ device operating system and/or IT environment; and/or

(ii) information that identifies or makes identifiable, directly or indirectly, a natural person and that can provide other information on his characteristics, his habits, his lifestyle, his personal relationships, his state of health, his economic situation, etc..

Generally, the data referred to in paragraph (i) above are collected on an automated basis and the data referred to in paragraph (ii) above are collected on a voluntary basis.

2. Collection on an automated basis

Computer systems and software procedures used to operate this Website acquire, during their normal operation, some Data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified parties, but which, by their very nature, could, through processing and association with data held by third parties, allow Users to be identified.

3. Collection on a voluntary basis

Some Data may be collected by the Website when provided voluntarily by Users in order for them to use the services made available by the Website itself. This happens, for example, in the case of use by Users of the table booking service (when provided directly by the Website).

In particular, the Data includes:
– name and surname;
– address;
– email account;
– telephone number; and/or
– any additional information provided spontaneously by Users.

With particular reference to the table booking service, Users are reminded that this service is currently provided through OpenTable, which can be used through this Website.

Users are therefore invited to consult the “Politica della Privacy” (https://www.opentable.com/legal/privacy-policy) and the “Condizioni d’Uso” (https://www.opentable.com/legal/terms-and-conditions) of OpenTable.

The Data Controller declines any responsibility in relation to the collection and processing of Data by websites or services that are not owned by the same or controlled by it. This Privacy Policy, in fact, does not apply to websites and other functions of third parties, subject to the privacy regulations applicable to them.

The use of third-party websites and services linked to this Website is to be considered at the sole risk of the Users.

4. Cookies

This Website uses tracking tools such as cookies. To find out more, Users are invited to consult the Cookie Policy.

5. Controller of the data processing

Penelope a Milano S.r.l., with registered office in Pescara, via Armando Caldora 4, tax code and registration number in the Companies’ Register of Chieti-Pescara 02220130682, email account [email protected], certified email account (PEC) [email protected], is the Data controller (the “Controller”), as well as the owner of this Website.

6. Consent to the Data processing

This Website processes Data mainly on the basis of the consent of the Users.

By using or consulting this Website, Users approve this Privacy Policy by virtue of a conclusive behaviour and consent to the processing of their Data in relation to the methods and purposes described herein.

Users can withdraw their consent at any time by leaving this Website.

7. Purpose

The Data is mainly processed:

(i) to obtain statistical information on the use of this Website and/or check its regular functioning, also pursuant to art. 6, first paragraph, letter f), of the GDPR;

(ii) for security reasons (spam filters, firewalls, intrusion detection). The Data could be used, in accordance with applicable laws, in order to avoid attempts to damage the Website itself, avoid damage to other Users and/or, in any case, prevent fraudulent activities, also pursuant to art. 6, first paragraph, letter f), of the GDPR;

(iii) provide services on the Website; and/or

(iv) fulfill legal obligations and/or orders by the competent Bodies/ Authorities.

The Data is not used for the identification or profiling of Users (the Controller is unable in any way to identify visitors to this Website) nor is it crossed with other Data and/or provided to third parties.

The Data persists for the time strictly necessary for the technical purposes, except in the case where there is further need for its conservation (for example, communications of offenses, requests from the Judicial Authority, etc.).

The Data processing is carried out with organizational methods and with logic strictly related to the purposes indicated.

In addition to the Controller, in some cases, other subjects involved in the organization of this Website (administrative, commercial, marketing, legal, system administrators) or external subjects (such as suppliers of third party technical services, postal couriers, hosting providers, IT companies, communication agencies) may have, also in the capacity of Data processors appointed by the Controller, if necessary, access to the Data.

The updated list of Data processors can always be requested from the Controller.

8. Place of processing

Data processing is carried out in the European territory pursuant to the GDPR and the Privacy Code.

9. Users’ rights

Users may at any time exercise the following rights provided for by art. 15 and following of the GDPR and the Privacy Code:

(i) right of access to Data and related information (purpose of processing; categories of Data; recipients to whom the Data have been or will be disclosed, Data retention period, used criteria, etc.);

(ii) the right to rectify inaccurate Data and to integrate it if incomplete;

(iii) right to erase the Data (so-called “right to be forgotten”);

(iv) right to restrict the Data processing (in case of disputes or unlawful processing, etc.);

(v) right to lodge a complaint with the Privacy Authority (Garante per la Protezione dei Dati Personali) pursuant to art. 77 of the G.D.P.R. (for more information, please consult the website www.garanteprivacy.it);

(vi) right to data portability;

(vii) right to object to the Data processing; and

(viii) right to withdraw the consent, where given.

10. Exercise of rights

In order to exercise the rights referred to in this Privacy Policy, with the exception of the case in which Users intend to bring a claim before the Privacy Authority (Garante per la Protezione dei Dati Personali), Users may send a written request as follows:

– by certified email (PEC), to [email protected]; or

– by return receipt registered letter, to via Armando Caldora 4, 65129 Pescara.

Users will be informed, no later than 30 days after receipt of the request, of the action taken with respect to the aforementioned request. The aforementioned deadline may however be extended, by giving prior written notice to Users, in case of special needs due to the complexity of the request.

11. Changes to the Privacy Policy

This Privacy Policy may be subject to changes, also in consideration of any changes in law relating to the data protection that may occur from time to time.

Changes and updates to the Privacy Policy will be binding as soon as they are published in this Website section. Users are, therefore, invited to regularly access this section to check the publication of the most recent and updated Privacy Policy.

The last update of this Privacy Policy was made on March 1st, 2022.