GDPR Compliance

Our commitment to the protection of personal data under Regulation (EU) 2016/679.

business 1. Data Controller

The Data Controller for personal data processing under Art. 4(7) of the GDPR is:

Claudio Di Bartolo — Sole Proprietorship

Brand: siMangia?

P.IVA 02172370856

Headquarters: Italy

DPO: [email protected]

gavel 2. Legal Bases for Processing

The processing of personal data is based on the following legal bases, in accordance with Art. 6 of the GDPR:

article

Art. 6(1)(b) — Performance of a contract

Processing necessary to provide the management service requested by the Client (reservations, dynamic tables, AI Voice).

article

Art. 6(1)(a) — Consent

For sending promotional communications and for the use of non-essential cookies. Consent is freely revocable at any time.

article

Art. 6(1)(f) — Legitimate interest

For statistical analysis, service improvement and fraud prevention, subject to balancing with the rights of data subjects.

article

Art. 6(1)(c) — Legal obligation

To comply with applicable tax, accounting and legal obligations.

shield_person 3. Data Subject Rights

Under Articles 15-22 of the GDPR, every data subject has the following rights:

visibility Right of Access (Art. 15)

Obtain confirmation of processing and access to your personal data.

edit Right to Rectification (Art. 16)

Correct inaccurate personal data or complete incomplete data.

delete Right to Erasure (Art. 17)

Request deletion of your personal data when no longer necessary.

download Right to Portability (Art. 20)

Receive your data in a structured, commonly used and machine-readable format.

block Right to Object (Art. 21)

Object to the processing of your data on legitimate grounds.

pause_circle Right to Restriction (Art. 18)

Request restriction of processing in certain circumstances.

To exercise your rights, send a request to [email protected]. A response will be provided within 30 days of receiving the request.

emergency 4. Data Breach Notification

In compliance with Articles 33 and 34 of the GDPR, in the event of a personal data breach:

  • chevron_right The Supervisory Authority will be notified within 72 hours of discovering the breach
  • chevron_right Data subjects will be informed without undue delay if the breach poses a high risk to their rights and freedoms
  • chevron_right Immediate measures will be taken to contain the breach and prevent its recurrence
  • chevron_right A breach register will be updated with all details of the incident

flight_takeoff 5. Cross-Border Transfers

Personal data is stored on servers located within the European Economic Area (EEA). In the event of data transfer to third countries (for example, when using third-party provider services), the transfer takes place exclusively in the presence of:

  • chevron_right An adequacy decision by the European Commission (Art. 45 GDPR)
  • chevron_right Standard Contractual Clauses (SCCs) approved by the European Commission (Art. 46 GDPR)
  • chevron_right EU-US Data Privacy Framework, where applicable

security 6. Security Measures

In compliance with Art. 32 of the GDPR, we adopt appropriate technical and organizational measures to ensure data security:

  • chevron_right Encryption of data in transit (TLS/SSL) and at rest
  • chevron_right Automatic daily backups with encrypted storage
  • chevron_right Role-based access control and secure authentication
  • chevron_right Continuous system monitoring and access logging

contact_mail 7. DPO Contact

For any matter relating to personal data processing or to exercise your rights, you may contact the Data Protection Officer (DPO) at: [email protected]

You also have the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).