Read me
Privacy Policy
INFORMATION ON THE PROCESSING OF PERSONAL DATA - USERS OF THE SITE:
pursuant to Articles 13 and 14 of the European General Data Protection Regulation 2016/679 - GDPR
Data controller:
MOMENTO S.r.l.
Legal Address : TURIN (TO) VIA CABOTO 35 – CAP 10129
Fiscal Code/ VAT No. 01973370545
REA number TO –1253965
e-mail: info@momentofood.it
The purpose of this notice is to explain how the Data Controller collects, uses and stores your personal data. For the purposes of this notice, "personal data" is defined as any information relating to an identified or identifiable natural person; "processing" is defined as any operation of collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or interconnection, restriction, erasure or destruction, of personal data.
- SOURCE OF PERSONAL DATA AND CATEGORIES OF DATA:
Your personal data is collected through the website (Es. through the forms and email, for example those for the booking of the rooms ecc.), through direct sending of an email from you, through social media.
The personal data to be processed are as follows:
-
identification (first name, surname, company name, references to identity document, etc.);
-
contact addresses (physical and electronic addresses);
-
computer (e.g. log-in);
- PURPOSE AND LEGAL BASIS OF THE PROCESSING OF PERSONAL DATA:
The Controller primarily processes your personal data for the fulfillment of contractual and legal obligations:
a) in order to process your direct request for information or to be able to formulate commercial proposals; Legal basis of the processing: pre-contractual;
b) to manage your restaurant reservations; Legal basis of the processing: contractual. c) for administrative and tax purposes; Legal basis of the processing: contractual; d) to evaluate any of your applications, upon your explicit request; Legal basis of the processing: contractual;
e) for the performance of all activities instrumental and ancillary to the main ones and in any case necessary for the pursuit of the aforementioned purposes (such as registration, data processing, also for accounting purposes, archiving, consultation and conservation;
The processing of personal data for the afore-mentioned purposes is necessary, and any refusal will result in the non-provision of the service.
On a secondary basis, the controller may collect and process:
The data controller may process your personal data based on the legitimate interest of ensuring the security and confidentiality of processing operations, also taking into account voluntary regulations (such as ISO 27001) that the data controller adopts, and also in fulfillment of further legal obligations, when he carries out:
- the control and monitoring of the hw and sw systems, applications and IT equipment used to process personal data, and also when
- he implements personal data breach detection and notification procedures (personal data breach)
- CATEGORIES OF RECIPIENTS : to whom can the data be provided?
Your personal data may be earmarked for structures, including external ones, which perform, on behalf of the Data Controller, commercial, MKTG, technical services (e.g. IT, server farm, cloud, for the operation and maintenance of the IT platform and the website). These suppliers will be appointed as data processors. The full list of data processors is available from the data controller and can be consulted where there is an explicit request. In addition, your data may be communicated to the competent authorities in order to comply with legal obligations, regulations, including those of EU origin, and provisions issued by authorities empowered to do so by law or by supervisory and control bodies or in the public interest.
- DATA TRANSFER ABROAD AND OUTSIDE THE EU : Can your data be transferred abroad? Or outside the European Union? The Data Controller processes data within the European Union or in third countries for which the European Commission has issued an adequacy decision or for which adequate guarantees exist.
DATA RETENTION PERIOD: How long are your data retained for? a/b) pre-contractual purposes: 2 years; c) for administrative and fiscal purposes: 10 years; d) evaluation of applications: 2 months (time required for evaluation);
After the deadline, the data may be anonymised and retained for statistical purposes only.
-
PROFILING: No profiling is carried out.
-
RIGHTS OF THE DATA SUBJECT: what are your rights in relation to the processing of your data? You may exercise the following rights:
-
Right of access to retained data, which implies the possibility of obtaining confirmation or otherwise that personal data is being processed;
-
Right to rectification of data if it is believed that the data is incomplete or inaccurate.
-
Right of erasure which may be exercised if personal data is no longer necessary in relation to the purposes for which it was collected or processed, if the data subject objects to the processing, if the personal data is unlawfully processed, if the personal data must be erased in order to comply with a legal obligation under Union law or the law of a Member State to whose law the data controller is subject;
-
The right to restrict processing which may be exercised when the data subject contests the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of said personal data, when processing is unlawful and the data subject objects to the erasure of their personal data and requests instead that its use be restricted when, although the data controller no longer needs the personal data for the purposes of the processing, the personal data is necessary for the data subject to ascertain, exercise or defend a right in court, when the data subject has objected to the processing pending verification as to whether the data controller's legitimate reasons prevail over those of the data subject.
-
Right of portability, which means the right of the data subject to receive personal data concerning them in a structured, commonly used and machine-readable format, including for the purpose of transmitting them to another data controller, provided that the processing is based on consent or on a contract, the data has been provided by the data subject and the processing is carried out by automated means.
-
Right of objection and withdrawal of consent: for reasons relating to your particular situation, you may object at any time to the processing of your personal data if it is based on a legitimate interest, by sending your request to the controller at the addresses below.You are entitled to the deletion of your personal data if there is no legitimate reason overriding the one that led to your request.
The aforementioned rights may be exercised by means of a written request addressed to info@momentofood.it or directly to the data controller using the contact details above.
You also have the right to lodge a complaint concerning the processing of your data with the Italian Personal Data Protection Authority (https://www.garanteprivacy.it).