privacy policy eng

privacy policy

1. Data Controller

The Data Controller of personal data is:

CREA S.R.L.

Restaurant: Osteria Italiana

Registered and operational office: Via Napo Torriani, 22 – 20124 Milan (MI), Italy

Phone: +39 02 670 4188

Email: info@osteriaitaliana.eu

2. Types of Data Collected

By browsing the website osteriaitaliana.eu, the following personal data may be collected:

a) Data provided voluntarily by the user

  • First and last name

  • Email address

  • Phone number

  • Any information entered in contact forms, information requests, or booking forms

b) Data collected automatically

  • IP address

  • Date and time of access

  • Type of browser and device used

  • Pages visited and browsing paths

  • Technical, analytical, and profiling cookies (subject to consent)

3. Purpose of Processing

Personal data are processed for the following purposes:

  • Responding to information requests sent via forms or email.

  • Managing bookings and requests related to the restaurant and its services.

  • Carrying out anonymous and aggregated statistical analyses on website usage through:

    • Google Analytics

    • Google Tag Manager

    • Meta Pixel

  • Online marketing and remarketing activities (subject to consent), including the personalisation of ads on Google and Meta (Facebook/Instagram).

  • Compliance with legal obligations and protection of the Data Controller’s rights in legal proceedings.

  • Ensuring IT security and preventing unlawful use of the website.

4. Legal Basis for Processing

The processing of personal data is based on:

  • User consent (Art. 6(1)(a) GDPR) for non-technical cookies, analytical cookies, marketing, and promotional activities.

  • Performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR) for managing requests and bookings.

  • Compliance with legal obligations (Art. 6(1)(c) GDPR).

  • Legitimate interest of the Data Controller (Art. 6(1)(f) GDPR) for website security and technical management.

5. Cookies and Tracking Tools

Google Analytics

The website uses Google Analytics, a web analytics service provided by Google LLC, to collect aggregated statistical data on website usage.

Data may be transferred to servers located in the United States, in compliance with the safeguards required by the GDPR.

Google Privacy Policy: https://policies.google.com/privacy

Google Tag Manager

Google Tag Manager is used to manage tracking tags. It does not directly collect personal data but enables the activation of tools that may do so.

Meta Pixel (Facebook / Instagram)

The website uses the Meta Pixel to:

  • monitor conversions;

  • measure the effectiveness of advertising campaigns;

  • create custom audiences (remarketing).

Data are processed by Meta Platforms Ireland Ltd and may be transferred outside the EU in compliance with the GDPR.

Meta Privacy Policy: https://www.facebook.com/privacy/policy

Consent Management

Upon accessing the website, a banner is displayed allowing users to:

  • accept all cookies;

  • reject non-essential cookies;

  • customise preferences.

Consent can be modified at any time through browser settings or the “Cookie Preferences” area, where available.

6. Processing Methods and Data Retention

Data are processed using electronic and manual tools, in compliance with the principles of lawfulness, fairness, transparency, and data minimisation.

Data are stored only for the time strictly necessary for the purposes indicated:

  • Contact form data: up to 12 months from the last communication.

  • Booking data and data related to fiscal obligations: in accordance with legal requirements (up to 10 years).

  • Marketing data: up to 24 months or until consent is withdrawn.

  • Technical and log data: generally up to 6 months, unless required for security purposes.

7. Data Communication and Transfer

Personal data may be communicated to:

  • technical service providers (hosting, maintenance, email, IT services);

  • external consultants (accountants, legal advisors);

  • third-party platforms (Google, Meta) for analytics and marketing;

  • competent authorities, where required by law.

Any transfers to non-EU countries are carried out in compliance with the GDPR through appropriate legal safeguards (e.g. Standard Contractual Clauses).

8. Data Subject Rights

Users may exercise their rights under Articles 15–22 of the GDPR at any time, including:

  • access to data;

  • rectification;

  • erasure;

  • restriction of processing;

  • data portability;

  • objection to processing;

  • withdrawal of consent.

To exercise these rights, users may contact:

info@osteriaitaliana.eu

Users also have the right to lodge a complaint with the Italian Data Protection Authority:

www.garanteprivacy.it

9. Security Measures

CREA S.R.L. adopts appropriate technical and organisational measures to ensure the security of personal data, including:

  • protection and backup systems;

  • restricted access to authorised personnel only;

  • internal procedures for managing potential data breaches.

10. Changes to This Privacy Policy

This Privacy Policy may be updated over time.

Any changes will be published on this page. Users are encouraged to review it periodically.

11. Contact Information

For information regarding the processing of personal data or to exercise your rights:

CREA S.R.L. – Osteria Italiana

Via Napo Torriani, 22 – 20124 Milan (MI), Italy

Email: info@osteriaitaliana.eu

Phone: +39 02 670 4188

book now
prenota ora