Privacy Policy

Al Mus C'al Svuale di Johnnyb S.r.l., with registered office at Via XX Settembre 10, 33097 Spilimbergo (PN), Italy, VAT/Tax code 01987280938, is the Data Controller for the personal data collected through the website www.osteriaalmus.it (hereinafter also referred to as the "Site").

For any request or information relating to the processing of personal data and to the exercise of the rights provided for by the data protection legislation, please contact:

Davide De Lucia — Email: info@osteriaalmus.it

Browsing data

During navigation of the Site, the IT systems and software procedures responsible for its operation acquire some data whose transmission is implicit in the use of Internet communication protocols. This includes IP addresses, domain names of the devices used, URI addresses of the requested resources, time of the request, method used to submit the request to the server, size of the file obtained in response, numerical code indicating the status of the response from the server, and other parameters relating to the user's operating system and computing environment. This data is used solely to obtain anonymous statistical information on the use of the Site and to verify its correct functioning, and may be used to ascertain liability in the event of computer crimes.

Data voluntarily provided by the user

The optional, explicit and voluntary sending of email to the contact addresses listed, the use of the contact form, the request for a reservation, and newsletter sign-up entail the subsequent acquisition of the personal data needed to respond to or provide the requested service. In particular, the following may be collected: first name, last name, email address, phone number, date and number of guests for reservations, and any other information voluntarily included in the message.

Data collected through cookies and similar technologies

For a description of the cookies and similar technologies used by the Site, please refer to the Cookie Policy.

Personal data is processed for the following purposes:

• Response to requests: to follow up on information or contact requests submitted through the Site or by email.
• Reservations and restaurant service: to manage table reservations and the provision of restaurant services.
• Marketing and newsletter: subject to explicit and specific consent, to send informational, promotional and advertising communications relating to the osteria's products, services and events.
• Site management and security: to ensure the correct functioning of the Site, prevent abuse, counter fraudulent activities and improve user experience.
• Legal obligations: to comply with obligations imposed by applicable law, including tax and accounting legislation.

The processing of personal data is carried out on the basis of the following lawful conditions (Art. 6 of EU Regulation 2016/679 — "GDPR"):

• Data subject consent (Art. 6(1)(a)): for marketing and newsletter purposes.
• Performance of a contract or pre-contractual measures (Art. 6(1)(b)): for managing reservations and providing the service.
• Legal obligations (Art. 6(1)(c)): for tax, accounting and other obligations imposed by law.
• Legitimate interest (Art. 6(1)(f)): for the technical management of the Site, fraud prevention and IT security.

The provision of data for responding to requests and managing reservations is optional, but failure to provide data marked as mandatory makes it impossible to fulfil such requests. The provision of data for marketing purposes is always optional and in no way affects access to the Site's services.

Personal data is processed using IT tools and, to a residual extent, paper-based tools, with technical and organisational measures appropriate to ensure the security, confidentiality, integrity and availability of the data. Processing is carried out by authorised personnel who have been duly instructed.

Personal data is retained only for the time strictly necessary to pursue the purposes for which it was collected, and in any case according to the following criteria:

• Contact requests: up to 24 months from the last interaction, unless the request gives rise to a contractual relationship, in which case the retention period for reservations applies.
• Reservations: for the time necessary to provide the service and subsequently for the period required by legal obligations (in particular tax and accounting, up to 10 years).
• Newsletter and marketing: until consent is withdrawn by the data subject, which can be done at any time.
• Browsing data: only for the time strictly necessary to enable navigation and anonymous statistical analysis.

Once these periods have elapsed, the data is irreversibly deleted or anonymised.

Personal data may be disclosed to or made accessible to parties acting as:

• External data processors pursuant to Art. 28 GDPR, such as providers of technical services (hosting, Site maintenance, email services, newsletter platforms, anti-spam services such as Cloudflare Turnstile, analytics services such as Google Analytics 4), formally appointed and bound by a specific contract;
• Authorised personnel appointed by the Data Controller to process data within the scope of their duties and duly instructed;
• Public authorities and other parties, exclusively in the cases provided for by law.

Personal data is in no way subject to dissemination.

Some service providers (in particular Google Analytics and Cloudflare Turnstile) may also process data outside the European Economic Area. In such cases, the transfer takes place only to countries that the European Commission has recognised as providing an adequate level of protection, or on the basis of appropriate safeguards pursuant to Articles 45 and 46 of the GDPR (adequacy decisions, standard contractual clauses). A copy of such safeguards may be requested from the Data Controller at the contact details provided above.

At any time, the data subject may exercise the rights provided for by Articles 15-22 of EU Regulation 2016/679, in particular:

• Right of access to their personal data (Art. 15);
• Right to rectification of inaccurate or incomplete data (Art. 16);
• Right to erasure — "right to be forgotten" (Art. 17);
• Right to restriction of processing (Art. 18);
• Right to data portability (Art. 20);
• Right to object to processing (Art. 21);
• Right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal (Art. 7).

The data subject also has the right not to be subject to decisions based solely on automated processing that produce significant legal effects (Art. 22). The Site does not carry out automated decision-making or profiling.

To exercise the rights listed above, simply send a written request to the Data Controller at the email address info@osteriaalmus.it. The Data Controller will respond within one month of receipt of the request, except in cases of particular complexity, in which case this period may be extended by a further two months, with prompt notice given to the data subject. The exercise of these rights is free of charge; the Data Controller reserves the right to charge a reasonable fee only in the cases provided for by Art. 12 GDPR (manifestly unfounded or excessive requests).

If the data subject believes that the processing of their data is in breach of EU Regulation 2016/679, they have the right to lodge a complaint with the competent Supervisory Authority in Italy: the Italian Data Protection Authority (Garante per la protezione dei dati personali) (www.garanteprivacy.it), Piazza Venezia 11, 00187 Rome, Italy, without prejudice to any other administrative or judicial remedy.

The Site uses cookies and similar technologies. For detailed information on the types of cookies used, their purposes, and how to manage your preferences, please refer to the Cookie Policy, which forms an integral part of this Privacy Policy.

The Data Controller reserves the right to amend this Privacy Policy at any time to reflect regulatory, organisational or technical changes, with notice given to users through the Site. The date of the most recent update is shown at the top of the document. Users are invited to consult this page periodically.