Privacy Policy
In compliance with Regulation (EU) 2016/679 (General Data Protection Regulation, hereinafter “GDPR”), we provide you with the necessary information regarding the processing of personal data provided. This information is provided pursuant to Article 13 of the GDPR and is not applicable to other websites that may be accessed via links.
Personal Data Processed
"Personal Data": any information relating to an identified or identifiable natural person (“data subject”); a natural person is considered identifiable if they can be identified, directly or indirectly, with reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity (Recitals 26, 27, 30 of GDPR).
Browsing Data
The IT systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected to be associated with identified individuals, but due to its nature, it could allow users to be identified through processing and association with data held by third parties. These data include IP addresses or domain names of the computers used by users, URIs (Uniform Resource Identifiers) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server's response (success, error, etc.), and other parameters relating to the user's operating system and IT environment. These data are used exclusively to obtain anonymous statistical information about site usage and to verify its correct functioning and are deleted immediately after processing. Data may be used to ascertain liability in case of hypothetical cybercrimes against the site.
Data Provided by the User
The voluntary, explicit, and optional sending of messages to the contact addresses listed on this site and/or the completion of data collection forms involves the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included.
Specific Information
Specific information may be provided on the pages of the website in relation to particular services or data processing.
1. Who is the Data Controller? How can they be contacted?
The Data Controller is Da Guido srl. All company contact details are available on the contact page. The criteria used for data management comply with privacy regulations (Legislative Decree 196/2003 "Privacy Code" and Regulation EU 679/2016 "GDPR" Articles 4 and 24) and, more generally, the principles of transparency, confidentiality, and correctness. You can express your preferences regarding the processing of your data by writing to info@ristorantedaguido.com.
2. Purpose of Processing, Legal Basis, Data Retention Period, and Nature of Data Provision
Purpose A) Website Navigation
Legal Basis: Legitimate interest (Art. 6, para. 1, lett. f, and Recital 47 GDPR): processing is necessary for the legitimate interest of the data controller or third parties, provided that such interests do not override the data subject’s rights and freedoms. This includes activities strictly necessary for the site's operation and navigation services. Retention Period: Until the end of the browsing session. Refer to the cookies policy for more details. Nature of Data Provision: Necessary to enable website navigation.
Purpose B) Contact and Information Requests
Through the contact details provided or by completing forms on the website, collecting and responding to user inquiries and purposes connected to the request. Data are stored in email archives (Google Mail) and will not be shared with third parties unless explicitly authorized by the data owner. Legal Basis: Execution of pre-contractual measures adopted at the data subject’s request (Art. 6, para. 1, lett. b GDPR). Retention Period: 1 year. Nature of Data Provision: Necessary. Failure to provide data will make it impossible to fulfill the request and use the services of the Data Controller.
Purpose C) Direct Marketing
With your consent, until its withdrawal, your data will be used for direct marketing, promotional purposes, and general commercial communications through subscription to newsletters/mailing lists. Legal Basis: Consent (Art. 6, para. 1, lett. a GDPR). Retention Period: Until consent is revoked (opt-out). Nature of Data Provision: Optional. Failure to provide data will not affect other purposes listed above.
Purpose D) Job Applications
Submitting a spontaneous application through the “Work with Us” form for job search and selection processes, including data storage for future selections. Legal Basis: Execution of pre-contractual measures adopted at the request of the data subject (Art. 6, para. 1, lett. b GDPR). Retention Period: 24 months. Nature of Data Provision: Necessary. Failure to provide data will make it impossible to participate in the selection process.
Purpose E) Monitoring Website Interactions via Microsoft Clarity
Microsoft Clarity is used to analyze website interaction and identify areas of interest. Legal Basis: Consent expressed via cookie banner (Art. 6, para. 1, lett. a GDPR). Retention Period: 12 months. Nature of Data Provision: Optional. Non-consent will not affect browsing but may limit analysis tools' effectiveness.
3. Cookies
Refer to the cookies policy for more information.
4. Who will receive the personal data provided?
Data may be communicated to parties acting as processors (Art. 28 GDPR) or under the authority of the Controller (Art. 29 GDPR) for purposes listed above. Categories of recipients include:
- IT and communication service providers.
- Consultants and professionals offering assistance and consultancy services.
- Competent authorities for compliance with legal obligations.
- Distributors and logistics services supporting the commercial office.
An updated list of processors is available by writing to info@ristorantedaguido.com or at the legal office of the Controller.
5. Will data be transferred outside the EU?
For technical or operational reasons, personal data may be transferred to non-EU countries (e.g., cloud storage with servers outside the EU). In such cases, transfers will comply with GDPR Chapter V, based on:
- Adequacy decisions by the European Commission.
- Appropriate safeguards per Article 46 of the GDPR.
- Binding corporate rules.
6. Is there an automated decision-making process?
We do not use automated decision-making processes, including profiling.
7. What are your rights? How can you exercise them?
You may exercise your rights under Articles 15-22 of the GDPR by contacting the Controller at info@ristorantedaguido.com. These rights include access, rectification, deletion, restriction, portability, objection, and withdrawal of consent.
For marketing communications, you may unsubscribe via email at info@ristorantedaguido.com or by using the footer link in our newsletters.
Additionally, if you believe your rights have been violated, you may file a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).
8. Further Information
The Controller reserves the right to modify this Privacy Policy at any time. Updates will include the modification date for easy verification.