Protecting the privacy of our website users is a top priority for us. ADELANTE ESPJ., therefore, pursuant to articles 13 and 14 of EU Regulation 2016/679 (so-called “GDPR” – General Data Protection Regulation), wishes to inform you regarding the processing of your personal data operated through our site, premising that it is aimed at users over the age of 14, pursuant to art. 8, par. 1 GDPR and art. 2-quinquies of Legislative Decree no. 196/2003. By connecting to the site and, possibly, providing personal data or expressing consent to their treatment (when requested, for specific purposes), the User declares to be over 14 years old.
A) SUBJECTS INVOLVED IN THE PROCESSING OF THE DATA
The Data Controller is the natural or legal person, public authority, service or other body which, individually or together with others, determines the purposes and means of processing personal data. This subject is also required to identify and adopt the appropriate technical and organizational measures to guarantee a level of security of the personal data processed by it which is adequate for the risk generated by the processing operations carried out.
The data controller is ADELANTE ESPJ. VAT. E16565616, with Headquarters: Paseo Maritimo local 2 ed.Sharq – Santa Eulalia des Riu 07840 Baleares Tel: +34871046976 Email: ohmplazabooking@gmail.com, The Data Processor is the natural or legal person, public authority, service or other body that processes personal data on behalf of the Data Controller. With reference to the processing of personal data of Users operated through the site, pursuant to art. 28 GDPR, the Data Controller may appoint one or more Managers – for example – among the suppliers who provide hosting services, domain management, IT maintenance, etc. to the owner.
The updated list of data processors is available at the headquarters of the Data Controller.
B) PERSONAL DATA SUBJECT TO PROCESSING
By means of our site, the following personal data of Users may be collected and processed by the Owner (as well as by any Managers):
Common personal data of the User, suitable for allowing his identification: name and surname, e-mail address, telephone number, tax data (where invoice issuance is necessary), data relating to the means used for payment (where carried out through the site), additional identification data whose transmission to the competent Police Headquarters is mandatory pursuant to art. 109 Royal Decree no. 773/1931 (Consolidated Text of Public Security Laws) and art. 2 of the Technical Annex to the D.M. 076.01.2013, as well as any additional personal data provided voluntarily by the User. Particular data: data relating to health, relating to food allergies or intolerances, as well as further data connected to particular diets followed by the User.
C) PURPOSE, LEGAL BASIS AND MANDATORY OR OPTIONAL NATURE OF THE TREATMENT
The purposes for which the data referred to in the previous point are processed by the Data Controller are as follows:
1. Management of reservation requests at the Restaurant;
2. Fulfillment of the obligations imposed by current legislation (accounting, tax, etc.);
3. Sending newsletters containing commercial offers relating to the activities of the Data Controller;
4. Sending newsletters containing commercial proposals relating to the activities of partner companies of the Data Controller;
5. Management of site statistics based on non-anonymous data.
The legal bases for the processing of personal data connected to the pursuit of the aforementioned purposes are those listed below.
For the purposes indicated above in numbers 1 and 2, the legal basis is constituted by the execution of a contract of which the User is a party or by the execution of pre-contractual measures adopted at the request of the same, pursuant to art. 6 par. 1 lit. b) GDPR; for the same purposes, the legal basis for the processing of any particular data is constituted by the free, specific, informed and unequivocal consent of the User, pursuant to art. 6 par. 1 lit. a) GDPR.
For the purposes indicated above in numbers 3 and 4, the legal basis is constituted by the fulfillment of a legal obligation to which the Data Controller is subject in accordance with current legislation on the subject, pursuant to art. 6 par. 1 lit. c) GDPR.
For the purposes indicated above in numbers 5, 6 and 7, the legal basis is constituted by the free, specific (i.e. relating to a single purpose), informed and unequivocal consent expressed by the User, pursuant to art. 6 par. 1 lit. a) GDPR.
For the purposes indicated above in numbers 1 and 2, the User has a contractual obligation to provide the data: failing this, the Data Controller will not be able to stipulate the contract with the User and execute it, providing the provision or service requested by him .
For the purposes indicated above in numbers 3 and 4, the User has a legal obligation to provide the data: failing that, the Data Controller will not be able to fulfill the obligations imposed on it by current legislation and the User will be able to use the service or of the service requested.
For the purposes indicated above in numbers 5, 6 and 7, the provision of data is optional: failing that, depending on the purpose, the User will not be able to receive the newsletters and the Data Controller will not be able to collect statistics based on non-anonymous data.
D) RECIPIENTS
The data processed through this site, and exclusively for the purposes indicated above, may be communicated to subjects external to the Data Controller (external collaborators, suppliers, etc.) appointed as Data Processors.
For the purpose referred to in n. 4 the data is also communicated to the Bodies identified by current legislation
E) TRANSFERS
Data transfers will never be made to third countries that do not comply with the conditions set forth in articles 45 et seq. – in particular the art. 46 – of the GDPR.
F) DATA CONSERVATION
The personal data collected or in any case processed through this site will be processed in compliance with the principles set forth in art. 5 GDPR (lawfulness, correctness and transparency; purpose limitation; minimization; accuracy; conservation limitation; integrity and confidentiality; accountability) in paper or electronic form, exclusively for the pursuit of the purposes indicated above.
Personal data will be stored for a period of time not exceeding that strictly necessary to achieve the purposes indicated, unless further storage is imposed by current legislation or permitted by the legitimate interest of the Data Controller.
In particular, for the purposes indicated in numbers 1 and 2, the data will be kept for the time necessary to execute the contract, as well as – on the basis of the legitimate interest of the Data Controller in any defense in court – until the expiry of the statute of limitations of the any actions based on the contract.
For the purposes indicated in numbers 3 and 4, the data will be kept for the time required by current legislation (e.g. accounting records, invoices, letters and telegrams received and sent must be kept for 10 years pursuant to Article 2220 of the Civil Code).
For the purposes indicated in numbers 5, 6 and 7, the data will be kept until the single purpose is pursued or, if prior, until the consent is revoked by the User.
Once the retention period has ended, personal data will be deleted or radically anonymised, in order to prevent any re-identification of the User. The computer systems used to manage the collected data are configured, already originally, in such a way as to minimize the use of the data, when they are not absolutely necessary for the achievement of the purpose pursued from time to time.
G) YOUR RIGHTS
The Owner informs the User about the rights granted to him by the articles 13, par. 2, letters b) and d), 15, 16, 17, 18, 19 and 21 GDPR and precisely the rights of: access to data (art. 15 GDPR); rectification (art. 16 GDPR), cancellation (art. 17 GDPR), limitation of data processing (art. 18 GDPR); data portability (art 20 GDPR); opposition to the treatment (art. 21 GDPR); withdraw at any time any consent given (Article 13, paragraph II, letter c GDPR).
Requests can be addressed to the Data Controller, without formalities or, alternatively, using the model provided by the Guarantor for the Protection of Personal Data, by sending a registered letter with return receipt. to the Data Controller at the addresses indicated above or an e-mail to the address: ohmplazabooking@gmail.com
If the treatment is based on the User’s consent, the latter has the right to revoke it at any time without prejudice to the lawfulness of the treatment carried out before the aforementioned revocation.
At the same time, if the User believes that the current legislation has been violated with the processing of personal data operated by this site, he has the right to lodge a complaint with the competent Supervisory Authority (in Italy the Guarantor for the protection of personal data) .