Website privacy policy

This page describes how to manage the site in relation to the processing of personal data of users who consult it.
The information according to Reg. (EU) 2016/679 and of the Recommendation n. 2/2001 of WP29, provides indications for the collection of personal data on-line, and, in particular, the methods, timing and nature of the information that the data controller must provide to users when they connect to web pages of the site, regardless of the purpose of the link.

Data Controller

Following consultation of this site, data relating to identified or identifiable persons may be processed.
The “holder” of data processing is Ristorante Casa Vicina Snc, which is based inVia Nizza 224, 10126 a Torino and in Via Parma 146 / A 10013 Borgofranco Ivrea (TO) .

Place of data processing

The treatments connected to the web services of this site take place at the headquarters ofRistorante Casa Vicina Snc of the site hosting service provider and are only handled by personnel in charge of processing, also for occasional maintenance operations.
No data deriving from the web service is disseminated.
The personal data provided by users are used only to perform the service or provision requested and are communicated to third parties only if this is necessary for this purpose.

Types of data processed

– Navigation data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties. But this information, by their very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes: IP addresses or domain names of the computers used by users connecting to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s computer environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing.
The data could be used to ascertain responsibility in case of hypothetical cyber crimes against the site.

– Data provided voluntarily by the user
The optional, explicit and voluntary sending of data through forms and forms on the site, or via e-mail to the addresses indicated on this site, entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data entered in the missive.

Specific summary information will be progressively reported or displayed on the pages of the site prepared for particular services on request.

Private area
The information (including images) that the user uploads to the private area are protected by encryption and authentication systems and are accessible only to authorized users, i.e. those directly involved and / or the intermediaries involved. This information is not subjected to dissemination operations. The processing of personal data present and downloadable from the  private area complies with the provisions of the law and may require explicit authorization from the data subject to process data after verification of adequate information.

Cookies
No personal data of users is acquired by the site on purpose.
The use of c.d. session cookies (which are not stored permanently on the user’s computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe browsing and efficient site. C.d. session cookies used on this site avoid the use of other technologies that could
compromise the privacy of users' browsing and do not allow the  acquisition of personal identification data. A 6 month permanent technical cookie is also used to store the choice on the cookie banner. Finally, the site incorporates cookies and other elements (tags, pixels, and cc.) Of third parties (autonomous and on which the owner has no responsibility) that also perform
profiling activities and for which you can refer to the respective sites:
Google
Facebook
Wordfence

Newsletter
The e-mail contacts used for sending the periodic newsletter come from voluntary registration by the recipient to whom a confirmation request is always submitted as well as information acquired in a context of sale of products or services of the owner or otherwise similar information for which
exists the legitimate interest of the data controller in sending communications and information on their events, products, services and training courses.
It is emphasized that the contacts are not recovered from public subscriber directories. If communications are not of interest to the recipient, it is possible to avoid any further contact by clicking on the appropriate link contained in each message, or by writing to the addresses below, exercising their right to cancel the newsletter. The newsletter is prepared through the GetResponse service which could include the transfer of personal data in the USA under the
protection of the Privacy-Shield.

E-commerce and Payments
Data can be processed for the management of the carts, the orders, the possible profile of the registered user and include personal data, addresses, invoices, notifications and notes.

Personal data supplied also processed through third parties (company for home delivery, for mailing and for data entry) for the administrative management of orders and purchases; the management of any participations in loyalty programs; the processing of anonymous statistics linked to the detection of purchase behaviour; sending advertising material related to products and offers through use of email or telephone messages.
The payment system transmit data to the banks providing the service (Paypal), autonomous owners.

Optional provision of data
Apart from what is specified for navigation data, the user is free to provide personal data for specific requests on products and / or services.
Failure to provide such data may make it impossible to obtain what has been requested.
For completeness it should be noted that in some cases (not subject to the ordinary management of this site) the Authority can request news and information pursuant to Article 157 of the Legislative Decree no. 196/2003, for monitoring the processing of personal data. In these cases the answer is mandatory under penalty of administrative sanction.

Legal basis. Possible management of consent to treatment
When necessary, beside the cases in which the pre-contractual, contractual or legitimate interest of the owner, as well as third parties, and in any case after reading the information, the interested party is asked to give his consent to the processing and to the disclosure of personal data for the purposes and within the limits described above, otherwise the Data Controller will be unable to
process the data to carry out and implement the services requested by the data subject or offered to him.

Method of treatment
Personal data are processed using automated tools for the strictly necessary amount of time to achieve the purposes for which they have been collected and will be kept, in general, as long as the purposes of the processing persist according to the category of data processed.
Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.

Rights of the interested parties
At any time the interested party may: exercise his / her rights (access, rectification, cancellation, limitation, portability, opposition, absence of automated decision-making processes) when foreseen and where the conditions are met for the data controller, in accordance with Articles 15 to 22 of the GDPR; to propose a claim to the Guarantor (www.garanteprivacy.it); and if the treatment is based on consent, revoke the consent given, taking into account that the withdrawal of consent does not affect the lawfulness of the treatment based on consent before revocation.

Contacts
Requests should be sent to the Data Controller TO BE srl,with legal and physical headquarters atLungo Dora Pietro Colletta 67 10153 a Turin,, through the address  accrediti@tobevents.it  .