Privacy Policy of “28 Posti”

This Privacy Policy indicates the methods for collecting and processing User Data collected through interactions with Il Luogo di Aimo and Nadia ("Il Luogo", the Data Controller) for the use of our Services – including telephone or e‐mail contacts, access to the website, reservations, Social channels, any app or other digital services (each of them is a "Service", overall they are "The Services").

The methods implemented include the EU 2016/679 Regulation of the European Parliament, known as GDPR (General Data Protection Regulation) – concerning the protection of persons, with particular regard to the processing and transmission of Personal Data. Through the use of the Services, the User consents to the terms of this Policy.

Data Controller

The Data Controller of Personal Data is:

28 Posti
Via Corsico 1
20144 Milano
P.IVA 07922910968

Data collected by the Data Controller

When the User interacts with us through the Services, we may collect data from the User or from other sources.
Data we collect consists of:
· Data provided directly at the time of registration or use of the Services. This data may vary, but typically consists of a name, email address, postal address, telephone number, and other similar contact information.
· Demographic data (country and language).
· Payment details, such as credit card information or billing address.
· Data about the physical device, as device type, Operating System.
· Usage data, such as functionality and services accessed.
· Location data: IP address and geographical macro zone.
· Information on User preferences.
· Third‐party integration. If the User uses the Services through a third party (for example, Social Media or a Booking Platform), this third party may share some Data with us.

The User assumes the responsibility of the Personal Data of third parties published or shared through this Site and guarantees to have the right to communicate or disseminate them, freeing the Data Collector from any liability to third parties.

How the Data Controller uses the collected Data

We treat Users' Personal Data by taking appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data. Processing is carried out using IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated.
In addition to the Data Controller, in some cases, the Data may have access to the data of the persons involved in the organization of the site (administrative, commercial, legal, system administrators) or external subjects (such as third party technical service providers, mail carriers, hosting providers, IT companies, communication agencies) also appointed, if necessary, Responsible for the Processing of Personal Data by the Site.
The updated list of the Managers can always be requested to the Place, Data Controller. We use the collected data for the following purposes:
Provide our Services.
We use the data collected to provide our services. In particular (and in non‐exhaustive terms):
· Register reservations.
· Memorize any specific requests of the User (for example the request for particular menus).
· Issuing invoices.
Communicate with Users.
We use the Data collected to communicate with Users, including answers to questions or requests from the User. In particular:
· Respond to requests from users who contact us for requests, information or reservations.
· Provide information on a User's Personal Data.
· Send newsletters and information on events or initiatives.

We may also use the Data in other ways, indicated at the time of collection, or on which we have received explicit consent. The information in this Statement does not set limits with respect to the treatments we will perform on aggregate, pseudonymised or anonymized data.

How we share data with third parties

The Data we collect may be shared with third parties. When this happens, it is for the following purposes:
Provide the Services.
We collaborate with other companies to manage the Services or perform certain functions on our behalf, for example, maintaining our database, sending newsletters, managing our websites and digital platforms. We may provide these companies with access to User data to enable them to perform these functions in a manner consistent with this Policy.
When necessary in special circumstances.
We may disclose Users' Personal Data when disclosure is necessary for:
· Respect the laws, or against any requests from the Authorities.
· Prevent fraud, abuse or other illegal or unauthorized activities.
· For the defense by the Owner in court, or in the preparatory stages for its eventual establishment.

The User declares to be aware that the Data Controller may have to disclose Personal Data in case of request by public Authorities.

Data Processing Office

Data are processed:
· at the Data Controller headquarter.
· at the (operational) headquarters of any third parties (see the previous Paragraph).

Period of retention of Data

The Data is processed and stored only for the time necessary to perform the service requested by the User, or required by the purposes described in this Policy. The User can always ask for the interruption of treatment or deletion of Data.

Cookie policy

Please refer to the specific Cookie Policy.

Exercise of rights by Users

The subjects to whom the Personal Data refer have the right at any time to obtain confirmation of the existence or otherwise of the same with the Data Controller, to know its content and origin, to verify its accuracy or request its integration , the cancellation, updating, rectification, transformation into anonymous form or blocking of Personal Data processed in violation of the law, as well as to oppose in any case, for legitimate reasons, to their processing. Requests should be addressed to the Data Controller.

Changes to this Privacy Policy

The Data Controller reserves the right to make changes to this Privacy Policy at any time by giving notice to Users on this page. Please therefore consult this page often, referring to the date of the last modification indicated at the bottom. In case of non‐acceptance of the changes made to this Privacy Policy, the User is required to cease using these Services and may request the Data Controller to remove his Personal Data. Unless otherwise specified, the previous Privacy Policy will continue to apply to Personal Data collected until then.

Information on this Privacy Policy

The Data Controller is responsible for this Privacy Policy.