Dear “DATA SUBJECT”,
European and national privacy regulations establish the protection of natural persons with regard to the processing of their personal data, as well as the free movement of such data, as a fundamental right.
We therefore inform you of the following.
1) “DATA CONTROLLER”
The “RESTAURATEUR,” Inn Milano Srl, email ristocortevecchia@gmail.com, is the sole “DATA CONTROLLER.”
PLATEFORM SRL, email amministrazione@plateform.app, hereinafter referred to as “SERVICE PROVIDER,” is the “DATA PROCESSOR” as it processes data in the interest and on behalf of the “RESTAURATEUR.”
The “SERVICE PROVIDER” has developed and owns the hardware and software that serve the operation of a booking and marketing platform for the restaurant industry.
The “SERVICE PROVIDER” is also the owner of the duly registered trademark "PLATEFORM"[1].
From here on, the term "PLATEFORM" will refer to the platform and its offered services.
The “RESTAURATEUR” is the sole “DATA CONTROLLER,” as the “SERVICE PROVIDER” only processes data in the interest and on behalf of the “RESTAURATEUR.”
The “RESTAURATEUR” is the “DATA PROCESSOR” only concerning the processing that it carries out directly.
The “SERVICE PROVIDER” has no interest in personal data, while the “RESTAURATEUR” does.
When the contractual relationship between the “SERVICE PROVIDER” and the “RESTAURATEUR” ends, the “SERVICE PROVIDER” retains only “ANONYMIZED” data that do not refer to any natural person (simple anonymized statistical data), while the “RESTAURATEUR” reserves the right to retain all data but must provide the “DATA SUBJECT” with a new privacy notice indicating that the “SERVICE PROVIDER” no longer plays any role.
The burden of providing a new privacy notice lies solely with the “RESTAURATEUR.” The “SERVICE PROVIDER” has no way of knowing whether the new privacy notice has been sent to the “DATA SUBJECT” and cannot be held responsible for the lack of such communication.
PROFILING[2]
"PLATEFORM" does not provide for any automated processing of personal data.
2) “DATA PROTECTION OFFICER”
In this case, the law does not require the appointment of a data protection officer.
3) METHODS OF DATA COLLECTION
a) Paper forms, at the “RESTAURATEUR.” The data subsequently flow into "PLATEFORM."
b) Wi-Fi access forms, through "PLATEFORM."
c) Online forms, via the “RESTAURATEUR’s” website or "PLATEFORM."
d) Table reservations / delivery orders, via "PLATEFORM," either directly or through links on the “RESTAURATEUR’s” web page, other platforms (e.g., Facebook), or apps installed on the “DATA SUBJECT’s” devices.
e) Other platforms: for instance, Reserve with Google or integrated POS management software.
4) “PROCESSING ACTIVITIES”
In General
These include collected data, their nature, source, purpose, legal basis, and duration.
Deletion
After the indicated retention period, the data will be deleted or anonymized, in accordance with technical deletion and backup procedures.
a) Freebies
- Data Required: Name, surname, email, and/or phone number.
- Source: The “DATA SUBJECT.”
- Purpose: To allow the “DATA SUBJECT” to receive freebies.
- Legal Basis: Consent. Without consent, the service cannot be accessed.
- Duration: 12 months.
- The “DATA SUBJECT” can unsubscribe at any time.
The processing involves “DIRECT MARKETING”, requiring separate and explicit consent:
- Legal Basis: Consent.
- Duration: 12 months.
- The “DATA SUBJECT” can unsubscribe at any time.
- Without consent for both purposes, the freebie will not be provided.
b) “Salotto Buono” Subscription
- Data Required: Name, surname, email, phone number, date of birth, home address.
- Source: The “DATA SUBJECT.”
- Purpose: To allow the “DATA SUBJECT” to access and enjoy exclusive experiences tailored for a selected clientele.
- Legal Basis: Consent. Without consent, the service cannot be accessed.
- Duration: 12 months.
- The “DATA SUBJECT” can unsubscribe at any time.
- Subscription to “Salotto Buono” is by the explicit invitation of the “RESTAURATEUR” and is never automatic.
The processing involves “DIRECT MARKETING”, requiring separate and explicit consent:
- Legal Basis: Consent.
- Duration: 12 months.
- The “DATA SUBJECT” can unsubscribe at any time.
- Consent for both processing activities is required to access the “Salotto Buono.”
c) Wi-Fi Subscription
- Data Required: Name, surname, email, phone number.
- Source: The “DATA SUBJECT.”
- Purpose: To allow the “DATA SUBJECT” to access the service.
- Legal Basis: Consent. Without consent, the service cannot be accessed.
- Duration: 24 months.
- The “DATA SUBJECT” can unsubscribe at any time.
The processing involves “NEWSLETTER SUBSCRIPTION”, requiring separate and explicit consent:
- Legal Basis: Consent.
- Duration: 24 months.
- The “DATA SUBJECT” can unsubscribe at any time.
- Without consent for both purposes, the service cannot be accessed.
d) Newsletter Subscription
- Data Required: Name, surname, email, phone number.
- Source: The “DATA SUBJECT.”
- Purpose: To allow the “DATA SUBJECT” to receive communications about events and other activities, via automated or traditional methods.
- Legal Basis: Consent, except for “Soft-Spam”[3], which is based on legitimate interest.
- Duration: 24 months.
- The “DATA SUBJECT” can unsubscribe at any time.
e) Reservations and Takeaway
- Data Required: Name, surname, email, phone number.
- Source: The “DATA SUBJECT.”
- Purpose: To allow the “DATA SUBJECT” to access the service.
- Legal Basis: Contractual.
- Duration: The duration of the relationship.
The processing involves “DIRECT MARKETING”, requiring separate and explicit consent:
- Legal Basis: Consent.
- Duration: 12 months.
- The “DATA SUBJECT” can unsubscribe at any time.
- Consent is NOT required for both processing activities to access the reservation service.
f) Delivery
- Data Required: Name, surname, email, phone number, delivery address.
- Source: The “DATA SUBJECT.”
- Purpose: To allow the “DATA SUBJECT” to access the service.
- Legal Basis: Contractual.
- Duration: The duration of the relationship.
The processing involves “DIRECT MARKETING”, requiring separate and explicit consent:
- Legal Basis: Consent.
- Duration: 12 months.
- The “DATA SUBJECT” can unsubscribe at any time.
- Consent is NOT required for both processing activities to access the delivery service.
The “DATA SUBJECT” may provide, whether requested or not, data belonging to ‘THIRD PARTIES’. For such data, the “DATA SUBJECT” assumes all responsibility, in particular guaranteeing that the data has been acquired in full compliance with the current regulations and that consent has been obtained for processing, providing full indemnification, by way of example, for any dispute, claim, or request for compensation.g) Archiving
The “SERVICE PROVIDER” retains only consumption data in an “ANONYMIZED” form. As these are no longer personal data, no consent is required, and they may be retained indefinitely.
h) Rights Defense
- Data Collected: Those used for the processing activities.
- Source: The processing activities themselves.
- The “DATA CONTROLLER” and the “DATA PROCESSOR” retain an interest in storing data concerning the operations performed to protect their rights if necessary.
- Legal Basis: Legitimate interest.
- Duration: The general statutory limitation period, i.e., 10 years from the last processing activity.
5) THIRD-PARTY SERVICE PROVIDERS
"PLATEFORM" may integrate with third-party software providers (e.g., POS management software), provided they offer adequate data confidentiality guarantees.
The responsibilities of “PLATEFORM” and third-party providers remain separate and independent.
6) DATA DISCLOSURE
Outside the above cases, your data will not be shared with partners, consulting firms, or private companies.
7) DATA TRANSFER ABROAD
Collected data will not be transferred to third countries. Currently, "PLATEFORM" stores data on servers located in EU countries.
If in the future servers outside the EU are used, they will ensure adequate security measures (e.g., United States – Privacy Shield).
8) RIGHTS OF THE “DATA SUBJECT”
By simple written request via email to the “SERVICE PROVIDER” or the “RESTAURATEUR,” the “DATA SUBJECT” is entitled to:
- Request access
- Request rectification
- Request deletion
- Request limitation of processing
- Object to processing
- Request data portability
- Withdraw consent to processing
- File a complaint if their rights are violated.
9) MINORS’ DATA
No data is collected from individuals who have not reached the age of majority. All our forms include the following statement: “DO NOT COMPLETE IF YOU ARE NOT OF LEGAL AGE.”
10) ONLINE PAYMENTS
Online payments will be handled via PAYPAL, SATISPAY, or other platforms, which will be solely responsible for processing those data. For online payments, PLATEFORM SRL uses their systems.
PLATEFORM SRL cannot be held liable for any damage arising from the use of services provided by PAYPAL, SATISPAY, or other platforms.
11) NAVIGATION DATA, COOKIES, AND OTHER TECHNOLOGIES
"PLATEFORM" does not release cookies.
[1] The trademark is registered in Italy for categories 9, 16, 35, 38, 41, 42.
[2] "PROFILING" allows the “DATA CONTROLLER,” through algorithms, to perform automated analyses to evaluate personal aspects of a natural person, particularly to analyze or predict preferences, habits, or other characteristics as outlined in Recital 71 and Article 4 No. 4 of the GDPR.
[3] Soft-spam requires:
1) The user is already a customer;
2) Emails only;
3) Using an email provided during service/product acquisition;
4) Direct sales only;
5) For similar products or services;
6) No prior refusal to promotional communications;
7) Simple opt-out options.