INFORMATION ON THE PROCESSING OF PERSONAL DATA SALEN srl

Presented

This information is provided by the company SALEN srl (Tax code 02353510502 VAT number 02353510502), with registered office in San Giuliano Terme (PI), via del Brennero 7/c, (SALEN srl) taking into account:
- Legislative Decree 196/2003 (Italian Privacy Code) as amended by Legislative Decree no. 10 August 2018. 101 for the adaptation of national legislation to the provisions of the European Regulation EU 2016/679 (GDPR).

It is provided in response to the processing of personal data carried out by SALEN srl, also through the platform called “BeMyGuest” for the management of its business, reservations, services offered and contacts of the final customers, Data subjects (singular “User”).
SALEN srl carries out processing operations on personal data of Users, becoming Data Controller pursuant to the provisions of the current regulations, referred to above, regarding the processing of personal data.

The information is provided, through paper forms and/or electronic tools also through any links that can be consulted/consulted by the User on the SALEN srl website that lead back to the Platform itself.
The information is intended for all Users who interact with the Pienissimo Platform and the booking links on the pages of the SALEN srl website, including any paper forms made available by SALEN srl, due to its direct contact with the User, for the collection of specific consents and in particular:
(a) Users who use the Platform from the SALEN srl website;
(b) Users who use the Platform from the application installed on SALEN srl devices (tablets);
(c) Users who use the Platform with paper forms provided by SALEN srl.

Provisions

1. Data Controller
In accordance with the provisions of the current regulations on the processing of personal data, the Data Controller, referred to in this information notice is the company SALEN srl (Tax code 02353510502 VAT number 02353510502), with registered office in San Giuliano Terme (PI), via del Brennero 7/c, email: amministrazione@locandasantagata.it (SALEN srl).

2. Data acquisition
The personal data processed are acquired by SALEN srl, following direct entry of data by the User, in the Pienissimo Platform, for the management of the reservation and/or to take advantage of other services/initiatives of SALEN srl, for example to take advantage of the free wi-fi service within the venue, to take advantage of the fila-fast option, for customer experience questionnaires or to participate in the loyalty program of SALEN srl so as to benefit from the related prizes and discounts.

3. Data subject to processing
Without prejudice to the fact that the expression “common data” means any information regarding an identified or identifiable natural person such as name, surname, tax code, contact details, residence, etc. and that the expression "sensitive/particular data" means any information that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to health or sexual life or sexual orientation of the person; The personal data that will be processed are the common identification and contact data of the User in addition to other data instrumental to the service. In relation to specific requests expressed by the User during the booking phase, the Data Controller may proceed with the collection and processing of sensitive/particular data of the User such as health data or data relating to the health status of the same. In any case, outside of the hypotheses of derogation, such data may be processed only with the written or equivalent consent (equivalent consent is also the manifestation of will online through procedures such as clicking on web pages buttons such as "I accept", "Send", etc. or ticking boxes next to the term "I consent to the processing", etc.) of the User and in compliance with the current regulations on the processing of personal data. The purposes of the processing of sensitive data/special categories are connected only to the management of the reservation (processing of data suitable for revealing racial or ethnic origin in the case of indicating the name of the foreign User who books the table, processing of data suitable for revealing religious, philosophical or health-related beliefs in the case of indication in the notes field of the User who books on the Platform, and similar). In any case, the Data Controller will process - where applicable - only the data essential for the purposes for which processing is permitted and which cannot be fulfilled, case by case, by processing anonymous data or personal data of a different nature.

4. Primary purposes of processing
The primary purpose of processing is to allow the User to book a table or to use the other services offered by SALEN srl such as the free wi-fi service within the premises, the fila-fast option or the loyalty program, using the Platform from the website or the devices (tablets) of SALEN srl itself.
The additional purposes for which the Data Controller collects data are:
a) compliance with legal, accounting, fiscal, administrative and contractual obligations connected to existing relationships, or to be established, or to the provision of the requested services;
b) preparation of measures relating to the protection of SALEN srl staff against any acts carried out by Users and which are illicit or fraudulent or in any case in violation of the service offered or of the law or the principles of correct conduct in commercial relations, including activities and processing aimed at identifying the person responsible for such acts and storing the related information for subsequent determinations of judicial or other types of protection by the Data Controller;
c) collection, storage and processing of the data provided by the User to perform statistical analyses in anonymous and/or aggregate form, without the possibility of identification, aimed at verifying the quality of the services offered;
d) communicate with Users via email or telephone regarding the booking made.

4.1. Communication and dissemination of personal data for the pursuit of the primary purposes of processing The personal data collected will be processed within the activity of SALEN srl by strictly authorized employees who have been appropriately trained in the context of their respective duties. Outside the company, the data may instead be communicated and processed by all those natural and/or legal persons engaged in carrying out, on behalf of SALEN srl, activities necessary and/or instrumental to guarantee the operation of the company. The updated list of Data Processors appointed and authorized to process personal data is kept at the registered office of the Data Controller and can be viewed upon request. The personal data processed will not be subject to dissemination but may be communicated to inspection bodies responsible for checks and controls relating to the regularity of legal compliance. In the event of communication/transfer of data abroad, including to third countries outside the European Union, the related processing will take place in full compliance with the provisions of the current regulations on the matter.

4.2. Mandatory or optional consent for the pursuit of the primary purposes of the processing of personal data The provision of data, although not mandatory, is necessary and essential to manage and finalize the booking, as well as to use the other services described above offered by SALEN srl, therefore the Data Controller is not obliged to acquire the specific consent to the processing of the User as the processing responds to specific requests of the interested party. Where the User does not intend to provide the personal data requested and necessary for the booking with SALEN srl, it would result in the impossibility of using the services offered by SALEN srl itself.

5. Secondary purposes of the processing of personal data for promotional, advertising and marketing purposes
The personal data collected may also be processed, both in paper form (e.g. filling in forms, coupons and similar paper forms at SALEN srl and subsequent use electronically) and in automated/computerised form, for the following purposes which are specified below as required by the current regulations on commercial promotion, advertising communication, solicitation of purchasing behaviour, market research, surveys (including telephone, online or through forms), statistical processing (in identifying form), and marketing in the broad sense, of products and/or services attributable to the Data Controller (hereinafter, collectively, “Processing for Marketing Purposes”).
By granting consent to the processing for Marketing Purposes – based on the procedures available from time to time on the Platform in the appropriate sections or directly at SALEN srl where it will be possible to collect specific informed marketing consent, the user specifically acknowledges such promotional, commercial and marketing purposes. marketing in the broad sense of the processing and expressly authorizes the Data Controller.
Pursuant to the current regulations regarding "Consent to the processing of personal data for "direct marketing" purposes through traditional and automated contact tools", Users' attention is specifically drawn to the fact that:
a) any consent given for the sending of commercial and promotional communications, through the use of email, text messages, automatic systems without operator intervention and similar, including electronic platforms and other telematic means, will imply the receipt of such communications, not only through said automated contact methods, but also through traditional methods, such as communications by paper mail or calls via operator;
b) the User's right to object to the processing of their personal data for "direct marketing" purposes through the aforementioned automated contact methods will in any case be extended to traditional methods and, even in this case, the possibility of exercising this right in part remains intact, as provided for by the current legislation on the matter, both with respect to certain means and with respect to certain treatments;
c) the possibility remains for the User, who does not intend to give consent in the terms indicated above, to express the possible desire to receive communications for the aforementioned marketing purposes exclusively through traditional contact methods, where provided for: this desire may be exercised free of charge by sending a simple email to the address of the Data Controller;
d) for the purposes of the principle of fulfillment of the privacy obligations for the Data Controller, in compliance with the principles of simplification of the same obligations, we inform you that the specific consent formula available based on the consent collection procedure provided for from time to time will be unitary and comprehensive and will refer to all possible means of marketing processing, without prejudice to the possibility for the User to notify the Data Controller's address of a different will regarding the use of certain means and not others for the receipt, with prior consent, of marketing communications. Furthermore, in compliance with the principles of simplification of the same obligations, the Data Controller also informs that the specific consent formula will be unitary and comprehensive and will also refer to all the different and possible marketing purposes explained here (i.e. without multiplying the consent formulas for each distinct marketing purpose pursued by the Data Controller), without prejudice to the possibility for the User to notify the Data Controller, even subsequently, of a different selective will regarding consent or denial of consent for individual marketing purposes.
To proceed with processing for Marketing Purposes, it is mandatory to acquire specific, separate, express, documented, preventive, informed, free and entirely optional consent. Consequently, where the User of the Platform decides to give specific consent, he/she must be previously informed and aware that the purposes of the processing pursued are of a specific commercial, advertising, promotional and marketing nature in the broad sense.
In the spirit of absolute transparency, we therefore inform you that the data will be collected and subsequently processed based on specific provision of consent:
1) to send advertising and information material, of a promotional nature or in any case of a commercial solicitation nature, to the subjects who have given informed consent;
2) to carry out direct sales or placement activities of the Data Controller's products or services;
3) to send commercial information; to carry out interactive commercial communications through the use of email;
4) to develop studies, research, market statistics and to carry out surveys, inquiries, both by telephone and by electronic means of communication; With reference to the sending of newsletters by email to which the User may consent, we also inform you that the electronic contents of such promotional communications could be assisted by software (such as cookies or web beacons) capable of making known to the Data Controller a series of parameters such as, for example: time of opening of the newsletter, pages viewed in the newsletter, links clicked within the newsletter, connections to the Data Controller's sites directly from the newsletter. These parameters, which will not constitute profiling of the recipient, are aimed at making known to the Data Controller some statistical data regarding the bookings of services generated by various sources.
Therefore, by giving optional consent, the interested party specifically acknowledges and authorizes such further, possible secondary processing. In any case, even if the User has given consent to authorize the Data Controller to pursue all the purposes mentioned in points 1 to 4 above, he/she will still be free to revoke it at any time by sending a clear communication to this effect to the Data Controller's contact details without any formalities. Following receipt of such a request, the Data Controller will promptly proceed with the removal and cancellation of the data from the databases used for processing for Marketing Purposes and inform any third parties to whom the data has been communicated for the same cancellation purposes.
The simple receipt of the cancellation request will automatically be considered as confirmation of cancellation.

5.1. Communication and dissemination of personal data for the pursuit of secondary purposes of processing Please note that the data may not be communicated to third-party commercial partners, for the purposes referred to in numbers 1 to 4 of the previous Paragraph 5. The consent to processing for Marketing Purposes by the Data Controller - where provided by the User - does not in fact also cover the different and additional marketing processing represented by the communication of data to third parties for the same purposes. To proceed with such external communication (not carried out by the Data Controller) it is mandatory to acquire from the User a further, separate, additional, documented, express and entirely optional informed consent.

5.2. Mandatory or optional consent for the pursuit of secondary purposes of processing personal data. The provision of personal data to the Data Controller and the granting of consent to processing for Marketing Purposes and with the methods illustrated above are absolutely optional and voluntary (revocable without formalities even after the service by sending a communication to the contact details of the Data Controller). Failure to provide such data will not prejudice the pursuit of the primary purposes of the processing referred to in paragraph 4, but will only determine the impossibility for the Data Controller to proceed with the marketing processing mentioned.

6. Processing of personal data of interested parties for purposes of commercial profiling of interested parties
It is possible that for marketing purposes and to improve the services and functionality of the Platform itself, the Data Controller proceeds with processing of so-called "profiling" data. In accordance with the provisions of the current regulations on the protection of personal data, the profiling activity may concern "individual" personal data or "aggregated" personal data deriving from the User's detailed individual personal data.
To clarify what "profiling" consists of, reference can be made to the following parameters by way of example:
- the data is structured and coordinated based on predefined parameters identified from time to time, depending on the company's needs (regardless of the marketing, contractual, administrative purposes, etc.);
- the starting data, considered individually, may include personal information of a varied type, including contractual data and data relating to consumption, but it is only following profiling (i.e. structuring according to pre-established parameters) that it is possible to deduce further information relating to each User, further information (i.e. the "profile", for example, consumption range, level of expenditure incurred, active services, commercial attitude, etc.) that would not derive from the mere informative attitude of the data individually. or considered separately. In other words, profiling in the strict sense can result in the availability of an information asset that goes well beyond the information considered individually and relating to each interested party;
- furthermore, profiling in the strict sense provides added value given by the multiple correlations that can be established between the individual data collected, in order to obtain additional useful information.
The founding elements of a profiling treatment are therefore:
1) the predetermination of the parameters for the structuring of the data considered individually;
2) the comparison, cross-referencing, relating of such data to each other and the comparative analysis carried out on the basis of the predefined parameters (i.e. the cataloguing of the individual data in clusters);
3) obtaining a profile through the preceding activities and which allows the identification of the Users and the additional analytical indications with respect to the individual data relating to their personal sphere (tastes, preferences, habits, needs and consumption choices) and allows the mapping/segmentation into homogeneous groups of behaviour to be generated (dynamic creation of behavioral profiles).
The treatments illustrated above will hereinafter be collectively defined as “Profiling Treatment”. To proceed with a Profiling Treatment, it is mandatory to acquire a specific, separate consent (also from the marketing consent referred to in paragraphs 5 and 5.1. above), expressed, documented, preventive and entirely optional.
The Data Controller may proceed with the following Profiling Treatments, as in the case of detecting:
- number and type of reservations made in a predetermined time frame;
- frequency of use of services;
- other indices aimed at highlighting tastes and purchasing habits.
Consequently, where the User decides to give specific consent, he/she must be previously informed and aware that the purposes of the processing pursued are of a specific commercial, advertising, promotional and marketing nature in the broad sense based on a Profiling Process. In the spirit of absolute transparency, we therefore inform you that the data collected on the basis of a specific provision of consent may be subject to a Profiling Process for the same purposes as those referred to in paragraphs 5 and 6 of this information notice, while the scope of communication will possibly be the same as that already explained for Marketing Processes in paragraph 5.1. It is specified that currently the Data Controller will not proceed with the communication of common personal data to third parties so that they can carry out a Profiling Process. The provision of the User's personal data to the Data Controller and the release of consent to the Profiling Processing are absolutely optional and optional (and in any case revocable without formalities even after the service by sending a communication to the Data Controller) and failure to provide them will not prejudice the pursuit of the primary purposes of the processing referred to in paragraph 4 but will exclusively determine the impossibility for the Data Controller to proceed with the profiling treatments mentioned.

6 bis.
Possible processing of sensitive data (Covid-19/Green Pass regulations) If the regulations on COVID-19 green certifications (Green Pass) require the display of the customer's Green Pass - or equivalent certification - to allow access to catering services for consumption at the table indoors, the Data Controller, for the sole purpose of facilitating the verification of the requirements and only for those customers who voluntarily give the required consent, will allow the Green Pass or equivalent certification to be uploaded online. Such data will be automatically deleted after 14 days from the customer's visit to the premises, without any possibility of being subsequently recovered. With regard to such data, no transfer, sharing or other type of processing is foreseen, neither directly by the Data Controller nor, even less, by third parties responsible, not even for a fee. Such data will in no case be processed nor communicated to third parties except for any purposes envisaged by the emergency legislation on COVID 19 and in other cases envisaged by the Law.

7. Browsing data
The computer systems and software procedures used to operate the Platform acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified Users, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of computers/terminals used by Users who connect to the Platform, the URI (Uniform Resource Identifier) ​​addresses of the requested resources, the time of the request, the method used to submit the request to the Platform server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the IT environment of the Users. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Platform and to check its correct functioning and are stored for the purposes referred to in Paragraph 4. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the Platform.

8. Possible indication by the User of personal data of third parties (other interested Users)
The User acknowledges that any indication (for example when filling out the booking form using the Platform from the website or from devices - tablets - of the Company Name Restaurateur) of personal and contact data of any third party other than the User represents a processing of personal data with respect to which he acts as an independent Data Controller, assuming all the obligations and responsibilities provided for by the applicable regulations in force. In this sense, the User guarantees to the Data Controller that any data of third parties that will be indicated by the User (and which will consequently be treated as if the third party had provided informed consent to the processing) has been acquired by the User in full compliance with the applicable regulations in force. The User grants the widest indemnity on this point with respect to any dispute, claim, request for compensation for damage from processing, etc. that may be received by the Data Controller from any interested third party due to the provision of the data indicated by the User in violation of the applicable regulations in force on the protection of personal data.

9. Data storage and security measures
The data will be stored for the periods defined by the relevant legislation, on servers located in European Union countries or in any case in countries outside the European Union that guarantee adequate security measures (for example United States of America - Privacy Shield). In any case, the period of storage of the User's data will be exclusively represented by the time necessary to pursue the primary purposes indicated above in paragraph 4, except in the case of express and specific consent also in relation to the operations referred to in paragraphs 5 and 6 (marketing, profiling), in which case the data will be processed until subsequent revocation of consent and in any case no later than two years from when consent was given or renewed for the data provided for marketing activities, no later than one year for the data used for the profiling purposes explained above. As soon as the aforementioned obligations have been fulfilled, the User's data will in any case be deleted, except for the storage based on different legal terms of the deed and/or document containing the data.

10. Exercise of rights by the User/interested party to the processing
At any time the User will be able – without any formality – to exercise their rights established by the current regulations on the matter, as reported below. The exercise of rights is not subject to any formal constraint.
It will be sufficient to send a request to the address of the Owner containing your requests. Rights of the interested party The interested party/User may exercise the right to:
a) request confirmation of the existence or otherwise of their personal data and, where that is the case, obtain access to the same data and to all information relating to the processing itself;
b) obtain the rectification of the data and the erasure of the data;
c) obtain the limitation of the processing;
d) obtain data portability, i.e. receive them from a data controller, in a structured, commonly used and machine-readable format, and transmit them to another data controller without impediments;
e) object to the processing at any time and also in the case of processing for direct marketing purposes;
f) withdraw consent at any time without prejudice to the lawfulness of the processing based on the consent given before the withdrawal;
g) lodge a complaint with a supervisory authority.


11. Changes
In compliance with current regulations on the protection of personal data, the Data Controller reserves the right to make changes to this information at any time, giving appropriate notice to the Users of the Platform and ensuring in any case adequate and similar protection of personal data. In order to view any changes, the User is invited to regularly consult this information, which in any case indicates the date of the last modification.