PRIVACY AND COOKIES POLICY
I.- PRIVACY STATEMENT
This Privacy Policy (hereinafter, the “Policy”) sets out how we use and process your personal data in connection with browsing our Website, including, among others, placing your orders through the Website, creating and operating your user account, and responding to your queries, complaints and suggestions, including marketing information that we may send you. This Policy also includes information about your rights regarding the processing of your personal data and how to exercise them.
II.- DEFINITIONS
Data controller/Controller and/or Us: Pastificio Service, S.L.U. with registered office in Madrid, Paseo de la Castellana 163 planta 6ª (28046), which operates the La Tagliatella brand in Spain.
Personal data: any information relating to an identified or identifiable natural person, who can be identified by one or more specific factors that determine the physical, physiological, genetic, mental, economic, cultural or social identity, including the IP of the device, the location data, the Internet identifier and the information collected through cookies and other similar technologies.
Policy: this Privacy Policy.
LOPD: Constitutional Law on Personal Data Protection
User and/or you: a natural person who visits the Website using mobile applications or features outlined in the Policy.
Website/Site/Web Page: La Tagliatella’s Website developed by Pastificio Service, S.L.U.
III.- PERSONAL DATA IN CONNECTION WITH BROWSING OUR WEBSITE
When you browse our Website, we collect the data necessary for providing tailored services through the Website and information concerning your activity.
Detailed provisions and purposes of the processing of personal data collected are outlined below:
The purposes of processing said data are the following:
Additionally to the personal data outlined in Section A above, we shall process the following personal data when you create an account on the La Tagliatella Website:
The purposes of processing said data are the following:
Aside from the personal data outlined in point A above, we shall process the following personal data when you reserve a table at a restaurant, or request a take away order.
The purposes of processing said data are the following:
Additionally, we may process personal data related to your order (including the data provided in the query, complaint or suggestion, where applicable) and also the user account data (where applicable) for the following purposes:
We may continue to process said data until you cancel your user account on the Website. If you send a request to unsubscribe as a User and make reservations at our restaurants in the future, we shall store the personal data relating to said reservation, which we shall consider valid unless stated otherwise.
We will process your personal data for marketing activities, which may consist of:
Behavioural advertising
Analysis and profiling for marketing purposes. To identify your personal preferences and behaviours to send you information about products, news and promotions that we believe may interest you, tailored to your needs, and create your customer profile (profiling). To this end, our trusted partners and we shall process the personal data you provided us directly or inferred from your activities on the Websites).
Section VI below includes a list of our trusted partners, a description of the tools, and links to their privacy policies.
The legal grounds for processing the data mentioned above are the legitimate interest in identifying your preferences and behaviours to prepare and deliver information about our products, news and promotions that we think are of interest to you and tailored to your needs (profiling), and also for the direct marketing of our products and services (Article 6(1)(f) of the LOPD).
Marketing communications
We shall send you marketing communications about products, news, and promotions through our communication channels (email, SMS, WebPush, mobile push).
The legal grounds for processing data are our legitimate interest in providing you information about our products, news and promotions that we think are of interest to you, and also the direct marketing of our products and services (Article 6(1)(f) of the LOPD) relating to your consent for sending marketing information.
Social Networks
The Data Controller may process, where appropriate, the personal data of users who visit the Data Controller’s social network profiles (Facebook, YouTube, Twitter, Instagram) or make comments on the Data Controller’s activity on other sites, for example, Google’s review service.
These data are processed exclusively for profile management and also to
IV. COOKIES AND SIMILAR TECHNOLOGY
Cookies are small text files placed on your device by the websites you visit. Cookies collect information that makes it easier to use the channels mentioned above; for example, they store information about the User’s visits to the Website and the activities carried out. A detailed description of the cookies used is available in the cookie management tool (the link is at the bottom of the Website under “Cookie settings”).
This is an overview of the different types of cookies used:
V.- COOKIES MANAGEMENT.
Your consent is needed to install cookies to collect data, including access to data stored on the User’s device. The Website shows the User a cookie consent banner. This consent may be withdrawn at any time per the rules described below.
Consent is not required for strictly necessary cookies to render a telecommunications service on the Website (data transmission of the content). Aside from giving your consent to the installation of cookies by clicking on the cookie consent banner, you must also adjust your browser settings to enable Website cookies on your device.
The consent to allow Website cookies may be withdrawn through the cookie consent banner. You can enable the banner by clicking on the button labelled “Manage cookies”, which appears on all subsites of the Website. After the banner appears, you can withdraw your consent by clicking the “Manage Cookies” button. Next, you must drag the slider next to the selected cookie category and press the “Save settings and close” button.
The process to disallow, disable, or block cookies on different web browsers is provided below:
Changing your browser settings may restrict the use of essential and optional cookies. However, you should be aware that this might significantly hinder or prevent the use of the Website.
VI.- ANALYTICAL AND MARKETING TOOLS USED BY THE DATA CONTROLLER
Our partners and we use various solutions and tools for analytical and marketing purposes. Essential information about these tools is provided below. Detailed information is also provided on each partner’s privacy policy.
https://es-es.facebook.com/business/help/742478679120153?id=1205376682832142
VII.- PURPOSES AND LEGAL GROUNDS OF OTHER PROCESSING EVENTS
EMAILS AND POSTAL COMMUNICATIONS
When you contact the Data Controller via email or post, and said communication is not related to the services provided on behalf of the sender, the personal data contained in the communication shall be processed solely for the purpose of communicating and addressing the issue referred to in said communication. The legal grounds for such processing are the legitimate interest (Article 6(1)(f) of the LOPD) of the Data Controller in maintaining and managing the communications addressed to him regarding the business activity.
The Data Controller only processes personal data relevant to the case to which the communication refers. All communications are stored in such a way as to ensure personal data security (as well as any other type of information) and shall only be disclosed to authorised persons.
TELEPHONE CONTACT
If you contact the Data Controller by telephone regarding matters not related to the contractual agreement or services provided, the Data Controller may ask you to provide your personal data, if necessary, to manage the case discussed during the phone call. In this case, the legal grounds are related to the legitimate interest (Article 6(1)(f) of the LOPD) of the Data Controller to resolve the case related to its business activity.
SECURITY
The Data Controller shall process your personal data in a strictly confidential manner. Likewise, the Controller shall have implemented adequate technical and organisational measures to guarantee its security and prevent its destruction, loss, unlawful access or unlawful modification. Criteria such as scope, context and purposes of the processing have been taken into account to determine these measures; technical state of the art and existing risks (Article 6(1)(f) of the LOPD).
DATA COLLECTION FOR PROVIDING SERVICES OR EXECUTING OTHER CONTRACTS
When collecting data for purposes related to signing or executing a particular contract, the Data Controller shall provide the data subject with detailed information about this data processing at the time of the performance of the contract. The legal grounds for data processing are related to the signing or execution of the contract (Article 6 (1) (b) of the LOPD).
VIII.- PERSONAL DATA RETENTION PERIOD
The data retention period for processing by the Data Controller depends on the type of service provided and the purpose of the processing. As a rule, the data may be processed (a) for the duration of the service or the fulfilment of the order, (b) until the consent is withdrawn or (c) you have registered your objection to the data processing. In such cases, the legal grounds for data processing are related to the Data Controller's legitimate interest.
The data processing period may be extended if the processing is necessary to establish and enforce possible claims or defend ourselves against them and, once this time has elapsed, only if required by law and to the extent provided therein. The data is irreversibly deleted or anonymised at the end of the processing period.
Details about the data retention period may be requested from the contact person specified in Section XIV of this policy.
IX.- RIGHTS CONCERNING THE PROCESSING OF PERSONAL DATA
We undertake to respect the confidentiality of your personal data and guarantee the exercise of your rights. You can exercise them for free by contacting us by email at protecciondedatos@amrest.eu and simply stating your reasons and the right you wish to exercise. We may request a copy of an identity document if we consider it necessary to identify you.
In particular, regardless of the purpose or legal grounds on which we process your data, you have the right to:
Additionally, when the processing of your data is based on our legitimate interest, you shall also have the right to object to the processing of your data.
Lastly, we inform you of your right to file a claim with the relevant data protection control authority, particularly with the Spanish Data Protection Agency (https://www.agpd.es/portalwebAGPD/index-ides-idphp.php).
X.- DO YOU HAVE TO PROVIDE US WITH YOUR PERSONAL DATA?
You need to provide us with your personal data to use the Website’s features, such as signing and executing a contract related to the User’s account, ordering food, or using the Website’s contact form. If you do not provide us with this information, you cannot make a full use of the relevant Website.
XI.- EXCHANGE OF PERSONAL DATA
Your personal data shall be transferred to third parties that provide us various services, including IT system and IT service providers, administrative support providers, marketing and media agencies, delivery companies, accounting and administrative entities, customer satisfaction polling companies or customer service support providers (for example, call centres). We may also share your personal data with affiliates, including companies belonging to our Group (AmRest Group). In some instances, data may also be shared due to potential business transactions, for example, business restructuring, acquisition or sales of any business or assets; in these cases, we may share your data with the potential buyer or seller.
When we share your data with third parties or other entities belonging to the AmRest Group, the data shared with the third party or entity shall be limited to those items strictly necessary for the operation. In these cases, your personal data is protected by Data Controller Agreements, whereby the subcontracted service providers undertake to process your personal data for specific purposes, according to our instructions, comply with the Constitutional Law on Personal Data Protection, and apply appropriate security measures to protect your personal data in line with our internal policies.
XII.- AUTOMATED DECISION-MAKING
We shall not make any decision about you based solely on the automated processing of your data, which could have legal consequences for you or significantly affect you in a similar way.
XIII.- CONTACT DETAILS
We have appointed a data protection officer whom you may contact for all matters related to processing your personal data and exercising your personal data processing rights.
You may contact the data protection officer as follows:
XIV.- CHANGES TO THIS PRIVACY POLICY
We may modify the information contained in this Privacy Policy when deemed appropriate. In such cases, we shall notify you through different channels on the Platform (for example, a banner or pop-up). In any case, we advise you to review this Privacy Policy from time to time, just in case minor changes or interactive improvements have been introduced, given that this Policy is the permanent point for information on our Website.
The current version of the Policy has been adopted and has been in force since April 2022.