Privacy policy

This policy is addressed to those who connect to the website and describes the methods of management of the site with reference to the processing of personal data of the users who consult it or interact with Ristorante Berton by sending forms, communications, e-mail or through telephone contacts.

Information on the processing of personal data pursuant to articles 13-14 of the GDPR (General Data Protection Regulation) 2016/679

Interested parties are hereby informed that Legislative Decree no. 196/2003 (the "Personal Data Protection Code" - hereinafter, for brevity, the "Code") and EU Regulation no. 2016/679 (hereinafter, for brevity, the "GDPR") provide for the protection of the Processing of Personal Data.

In accordance with the provisions of the Code, the GDPR and the applicable legislation in force, the Data Processing by Ambrosia Srl owner of Ristorante Berton shall be based on the principles of fairness, lawfulness and transparency in respect of the fundamental rights and freedoms, the dignity of the Data Subject, with particular reference to confidentiality, personal identity and the right to protection of Personal Data.

This information is subject to updates, which are published on this site. It is therefore advisable to check the information regularly and to refer to the most up-to-date version.

Data controller

Ambrosia Srl, the data controller, with registered office in Via Mike Bongiorno 13, 20124 Milan, guarantees compliance with the regulations on the protection of personal data by providing the following information on the processing of data communicated or in any case collected during navigation on this site or issued in the event of bookings for services at Ristorante Berton or following telephone enquiries made to the restaurant's secretary.

Data generated by accessing the site

The computer systems and software procedures used to operate the website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
These data (such as domain names, IP addresses, operating system used, type of browser device used for connection) are not accompanied by any additional personal information and are used to
(i) obtain anonymous statistical information on the use of the site;
(ii) to manage control requirements on how the site is used.
The legal basis legitimising the processing of such data is the need to make the site's functionalities usable following user access.

Data provided voluntarily by the customer

Personal data provided through forms, email communications or by telephone are collected and processed for the following purposes
a) to carry out the activities of providing catering services to the customer in accordance with the customer's requests and contractual and/or pre-contractual agreements;
b) for administrative purposes and for fulfilment of accounting, tax or legal obligations in general;
c) in the presence of specific consent, for the periodic sending, by e-mail, of newsletters and advertising material;
d) in the presence of specific consent, to receive updates on our activities and reports on the publication of blog posts;
e) with specific consent, to receive promotional communications and invitations to special events and promotions.
The legal basis legitimizing the processing is the performance of a contract to which the data subject is party or the performance of pre-contractual measures adopted at the request of the same. In the cases expressly indicated, the legal basis is instead the consent freely given by the data subject.
The provision of data with reference to the purposes under letters a), b) is optional, but refusal will make it impossible for Ambrosia Srl to provide the services and/or the contractual commitments undertaken.
The conferment of data with reference to the purposes under c), d) and e) is also optional; their use is conditional on the granting of explicit consent.
Any refusal will make it impossible for Ambrosia Srl to send newsletters and advertising material or invitations to events and initiatives.

Data processing methods and retention times

The data collected will be processed by means of electronic or in any case automated, computerized and telematic instruments, or by means of manual processing with logic strictly related to the purposes for which the personal data were collected and, in any case, in such a way as to guarantee the security of the same. The data are kept for the time strictly necessary to manage the purposes for which the data are collected in compliance with current regulations and legal obligations.
In any case Ambrosia Srl practices rules that prevent the storage of data indefinitely and therefore limits the storage time in compliance with the principle of minimization of data processing.

Persons authorised to process, responsible for and communication of data

The processing of the collected data is carried out by Ambrosia Srl's internal staff identified for this purpose and authorised to process them according to specific instructions given in compliance with the regulations in force.

The collected data, if necessary or instrumental to the execution of the above-mentioned purposes, may be processed by third parties appointed as external data processors, or, as the case may be, communicated to the same as autonomous data controllers, namely
1. persons, companies, associations or professional firms that provide assistance and consultancy to our Company, for administrative/accounting/fiscal purposes;
2. companies, bodies, associations that perform services connected and instrumental to the execution of the above-mentioned purposes (banking services, credit card payment management, market analysis and research service, computer system maintenance).

Place of data processing and transfer

Data processing and storage take place on servers located within the European Union, including at third party companies appointed and duly appointed as Data Processors. Currently, the servers are located in Italy. Data are not transferred outside the European Union.

Rights of the Data Subject

Pursuant to Article 15 et seq. of the GDPR, the data subject/user has the right to request, at any time, access to his/her personal data, the rectification or erasure thereof, the restriction of processing in the cases provided for by Article 18 of the GDPR, to obtain in a structured, commonly used and machine-readable format the data concerning him/her, in the cases provided for by Article 20 of the GDPR. At any time, the user may revoke pursuant to Article 7 of the GDPR the consent given; lodge a complaint with the competent supervisory authority pursuant to Article 77 of the GDPR (Garante per la Protezione dei Dati Personali) if he or she considers that the processing of his or her data is contrary to the legislation in force.
The user may make a request to object to the processing of his or her personal data pursuant to Article 21 of the GDPR in which he or she shall give evidence of the reasons justifying the objection.
Requests should be addressed in writing to the Data Controller at the following address:

Effective September 2019; Policy updated September 2023.