This Privacy Policy aims to describe the management methods of the website https://granducato.eu (hereinafter, the “Site”) concerning the processing of users’ personal data.

This information is provided in accordance with Art. 13 of Regulation (EU) 2016/679 regarding the protection of individuals concerning the processing of personal data and the free movement of such data (hereinafter, for brevity, the “Regulation” or the “GDPR”) to all users who interact with the Site owned by Eurotime Horeca S.r.l., with registered office at Viale Giorgio Ribotta, 21, 00144 Roma RM Italy, VAT number 16969321005 (hereinafter, the “Controller” or the “Company”).

In this statement, we will illustrate the purposes and methods by which the Controller collects and processes your personal data, what categories of data are subject to processing, what the rights of the data subjects are, and how they can be exercised.

This information is provided exclusively for this Site; therefore, the Controller assumes no responsibility for other websites that may be accessed via hyperlinks on the site itself. Nevertheless, the information also includes any other Internet domains that replicate the Site.

By using this Site, users accept this information and are therefore invited to review it before providing any personal information of any kind.

  1. Categories of personal data Navigation data The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. These are pieces of information that are not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters relating to the user’s operating system and computer environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and is deleted immediately after processing. The data may be used to ascertain responsibility in case of hypothetical computer crimes against the site.
  2. Purposes and legal basis of processing a) For the provision of requested services pursuant to Art. 6, paragraph 1, letter b) of the GDPR The data voluntarily provided by the user will be processed by the Controller to allow them to use the Site. The data will therefore be processed for the performance of the legal relationship in place with the Controller. The provision of such data is necessary to access the requested services.
  3. Recipients to whom personal data may be disclosed and purposes of disclosure The Controller may also communicate, for the same purposes, some of your personal data to third parties, who will process them as Data Processors. The list of Data Processors can be requested from the Controller at any time, by writing to Eurotime Horeca S.r.l., with registered office at Viale Giorgio Ribotta, 21, 00144 Roma RM Italy, VAT number 16969321005 or at the email address amministrazione@granducato.eu.
  4. Data retention period and duration of processing Your data will be stored for the entire duration of your stay on the Site. Subsequently, the data will be kept for the strictly necessary period, which in no case may exceed 12 months.
  5. Transfer of personal data abroad Your personal data will not be transferred outside the European Union or the European Economic Area.
  6. Rights of data subjects In accordance with current legislation, we inform you that the Regulation grants you the following rights: Access (Art. 15 GDPR): the right to obtain from the Controller confirmation as to whether or not personal data concerning you are being processed and, where that is the case, access to the personal data processed and to a series of other information (for example, the categories of data processed, the purposes of the processing, the retention periods, the existence of automated decision-making). Rectification (Art. 16 GDPR): the right to have your personal data processed by the Controller corrected and, if necessary, updated. Erasure (Art. 17 GDPR): the right to obtain the erasure of your personal data processed by the Controller in certain circumstances (e.g., when the Controller has achieved the purpose for which such data were collected and, therefore, has no reason to retain them further). Restriction of processing (Art. 18 GDPR): the right to obtain from the Controller that the processing of your personal data be restricted in certain cases (e.g., when the data subject disputes the accuracy of the personal data; when the processing is unlawful and the data subject opposes the erasure of the personal data; when the personal data are necessary for the data subject for the establishment, exercise, or defense of legal claims; when the data subject has objected to processing based on the legitimate interest of the controller because he/she considers his/her rights, interests, and freedoms prevail over such interest, and the controller needs to assess such prevailing interests). Portability (Art. 20 GDPR): the right to receive your personal data processed by the Controller in a structured, commonly used, and machine-readable format, and the right to have such data transmitted directly to another controller, where the processing is based on consent or on a contract, and is carried out by automated means. Objection (Art. 21 GDPR): the right to object at any time, for reasons related to your particular situation, to the processing of personal data concerning you when such processing is based on the legitimate interest of the controller (which must prevail over the rights, freedoms, and interests of the data subject), or is carried out in the performance of a task carried out in the public interest. Automated decision-making (Art. 22 GDPR): the right not to be subject to decisions based solely on automated processing of personal data (e.g., through algorithms/artificial intelligence and without human intervention), including profiling, where such decision produces legal effects or similarly significantly affects you. You can exercise your rights, within the limits and in the manner provided for in Articles 12 and 23 of the GDPR, by writing to the following email address: amministrazione@granducato.eu We also inform you that, under current regulations, you can lodge any complaints regarding the processing of your personal data with the Garante per la protezione dei dati personali (Italian Data Protection Authority).
  7. Modification of the information The Controller reserves the right to modify or update, partially or entirely, the content of this information, also in order to adapt it to the reference legislation. Such changes or updates will be effective from the date of publication on the Site. Users are therefore invited to periodically consult the Privacy Policy on the Site.