PRIVACY AND COOKIES POLICY

 

I.- PRIVACY STATEMENT

This Privacy Policy (hereinafter, the “Policy”) sets out how we use and process your personal data in connection with browsing our Website, including, among others, placing your orders through the Website, creating and operating your user account, and responding to your queries, complaints and suggestions, including marketing information that we may send you. This Policy also includes information about your rights regarding the processing of your personal data and how to exercise them.

II.- DEFINITIONS

Data controller/Controller and/or Us: Pastificio Service, S.L.U. with registered office in Madrid, Paseo de la Castellana 163 planta 6ª (28046), which operates the La Tagliatella brand in Spain.

Personal data: any information relating to an identified or identifiable natural person, who can be identified by one or more specific factors that determine the physical, physiological, genetic, mental, economic, cultural or social identity, including the IP of the device, the location data, the Internet identifier and the information collected through cookies and other similar technologies.

Policy: this Privacy Policy.

LOPD: Constitutional Law on Personal Data Protection

User and/or you: a natural person who visits the Website using mobile applications or features outlined in the Policy.

Website/Site/Web Page: La Tagliatella’s Website developed by Pastificio Service, S.L.U.

III.- PERSONAL DATA IN CONNECTION WITH BROWSING OUR WEBSITE

When you browse our Website, we collect the data necessary for providing tailored services through the Website and information concerning your activity.

Detailed provisions and purposes of the processing of personal data collected are outlined below:

  1. Browsing the Website
  1. The following personal data shall be processed when you browse the Website:
  2. Technical Data: we may collect information on the device used to access our Website. Technical information about the browser used shall also be collected.
  3. Usage data: refers to data collected about your browsing activity on our Website, for example, information about pages browsed, when you visit the Website, items clicked on a page, duration of a page visit, etc.
  4. Location data: may only be processed if you consent. Our Online Services and restaurant technology may collect your device’s location data using geolocation. You may disable data collection on most electronic devices and systems through your device settings. If you have any queries about how to prevent the collection of precise geographical location data, we advise you to contact your mobile device service provider, device manufacturer, or browser service provider. Some Online Services and restaurant technology may not function properly without your location data.
  5. Advertising data: refers to online advertisements we have posted or those we tried to show you, e.g. advertising ID, etc.
  6. User data: refers to information collected when you contact us to log a query, a complaint or a suggestion via the contact form on our Website. We shall process your name, surname, email address and, eventually, any other personal information you freely provide us whenever we exchange communications.

The purposes of processing said data are the following:

  1. Provide services electronically, namely, sharing our Website content with users. In this case, the legal grounds for processing data relate to the need to execute the contract (Article 6(1)(b) of the LOPD).
  2. Analytical and statistical purposes. In this case, the legal grounds for processing data relate to our legitimate interest in analysing your activity and preferences to improve the features and services delivered (Article 6(1) (b) of the LOPD).
  3. Manage your queries, complaints or suggestions. In this case, the legal grounds for processing the data mentioned above are the need to execute the contract (Article 6(1)(b) of the LOPD) or our legitimate interest in providing you with a reply (Article 6(1)(f) of the LOPD)
  4. Marketing purposes of the Data Controller and other entities, in particular, for the presentation of behavioural advertising. The provisions for processing personal data for marketing purposes are outlined in the MARKETING section below.
  5. Record user activity on the Web, including your personal data, in system logs (a special computer software used to store a chronological record of information about events and actions that relate to the computer system used to provide our services). The information collected in said records is mainly processed to provide our services. We also process said information for technical and administrative purposes, to guarantee the computer system’s security and its management, and for analytical and statistical purposes. In this case, the legal grounds for the processing are related to our legitimate interest.
  6. Manage your claims (where necessary). The legal grounds for the data processing stem from the Data Controller’s legitimate interest (Article 6(1)(f) of the LOPD) to protect your rights.
  1. Website Registration.

Additionally to the personal data outlined in Section A above, we shall process the following personal data when you create an account on the La Tagliatella Website:

    1. Name, email address and phone number.
    2. Additional information in your account, such as shipping address, etc. These data are provided voluntarily, as they are not required to create an account, and you may delete them at any time.

The purposes of processing said data are the following:

  1. Maintain and operate your Website account according to the provisions laid down in the applicable regulations. The legal grounds for data processing are to execute the contract relating to your account and take action on your request (Article 6(1)(b) of the LOPD). Regarding the optional data, the legal basis for data processing stems relate to consent (Article 6(1)(a) of the LOPD).
  2. Analytical and statistical purposes. The legal grounds for data processing relate to consent (Article 6(1)(a) of the LOPD) to analyse your activity and preferences to tailor the features and services to your needs.
  3. Manage claims (where necessary). The legal grounds for data processing stem from the Data Controller’s legitimate interest (Article 6(1)(f) of the LOPD) to protect your rights.
  4. Marketing purposes of the Data Controller and other entities, particularly for the presentation of tailored advertising. The provisions for processing personal data for marketing purposes are outlined in the MARKETING section below.
  1. Orders and Reservations

Aside from the personal data outlined in point A above, we shall process the following personal data when you reserve a table at a restaurant, or request a take away order.

    1. Name, email address, telephone number, delivery address, order details;
    2. Other data relating to the order (where applicable).

The purposes of processing said data are the following:

  1. Process the order. The legal grounds for data processing stem are to execute the contract (Article 6(1)(b) of the LOPD).
  2. Analytical and statistical purposes. The legal grounds for data processing relate to consent (Article 6(1)(a) of the LOPD) to analyse your activity and preferences to tailor the features and services to your needs.
  3. Fulfil the obligations required by law, for example, the Accounting Law or tax regulations (for example, the issuance and storage of invoices and accounting documents). Both the personal data mentioned above and the user account data (where applicable) shall be processed. The legal grounds stem from Article 6(1)(c) of the LOPD.
  4. Marketing purposes of the Data Controller and other entities, in particular, for the presentation of tailored advertising. The provisions for processing personal data for marketing purposes are outlined in the MARKETING section below.

Additionally, we may process personal data related to your order (including the data provided in the query, complaint or suggestion, where applicable) and also the user account data (where applicable) for the following purposes:

  1. Manage claims (where applicable). The legal grounds for processing stem from the Data Controller’s legitimate interest (Article 6(1)(f) of the LOPD) to protect your rights.
  2. Manage your queries, complaints or suggestions. In this case, the legal grounds for processing the data mentioned above are the need to execute the contract (Article 6(1)(b) of the LOPD) or our legitimate interest in providing you with a reply (Article 6(1)(f) of the LOPD).
  3. Get feedback on your satisfaction and determine the quality of our services. The legal grounds are our legitimate interest in collecting relevant information for improving the quality of our products and services (Article 6(1)(f) of the LOPD).

We may continue to process said data until you cancel your user account on the Website. If you send a request to unsubscribe as a User and make reservations at our restaurants in the future, we shall store the personal data relating to said reservation, which we shall consider valid unless stated otherwise.

  1. Marketing

We will process your personal data for marketing activities, which may consist of:

    1. Showing you marketing content not tailored to your preferences.
    2. Showing you marketing content tailored to your preferences.
    3. Implementing other types of activities related to direct marketing of goods and services (such as sending commercial information electronically), including email notifications about offers or interesting content that, in some cases, may contain commercial information (newsletter service), as well as push notifications.

Behavioural advertising

Analysis and profiling for marketing purposes. To identify your personal preferences and behaviours to send you information about products, news and promotions that we believe may interest you, tailored to your needs, and create your customer profile (profiling). To this end, our trusted partners and we shall process the personal data you provided us directly or inferred from your activities on the Websites).

Section VI below includes a list of our trusted partners, a description of the tools, and links to their privacy policies.

The legal grounds for processing the data mentioned above are the legitimate interest in identifying your preferences and behaviours to prepare and deliver information about our products, news and promotions that we think are of interest to you and tailored to your needs (profiling), and also for the direct marketing of our products and services (Article 6(1)(f) of the LOPD).

Marketing communications

We shall send you marketing communications about products, news, and promotions through our communication channels (email, SMS, WebPush, mobile push).

The legal grounds for processing data are our legitimate interest in providing you information about our products, news and promotions that we think are of interest to you, and also the direct marketing of our products and services (Article 6(1)(f) of the LOPD) relating to your consent for sending marketing information.

Social Networks

The Data Controller may process, where appropriate, the personal data of users who visit the Data Controller’s social network profiles (Facebook, YouTube, Twitter, Instagram) or make comments on the Data Controller’s activity on other sites, for example, Google’s review service.

These data are processed exclusively for profile management and also to

  1. inform the users about the Data Controller’s activity and promote different types of events, services and products. The legal grounds for the processing of personal data by the Controller are the legitimate interest (Article 6(1)(f) of the LOPD ) in promoting the brand;
  2. get feedback on your satisfaction and determine the quality of our services. The legal grounds for the processing of the data mentioned above are our legitimate interest (Article 6(1)(f) of the LOPD) in collecting relevant information to improve the quality of our products and services; and
  3. lodge and enforce our claims and/or defend ourselves against them (where applicable). The legal grounds are our legitimate interest (Article 6(1)(f) of the LOPD) in being able to lodge and enforce our claims or defend ourselves against them.

IV. COOKIES AND SIMILAR TECHNOLOGY

Cookies are small text files placed on your device by the websites you visit. Cookies collect information that makes it easier to use the channels mentioned above; for example, they store information about the User’s visits to the Website and the activities carried out. A detailed description of the cookies used is available in the cookie management tool (the link is at the bottom of the Website under “Cookie settings”).

This is an overview of the different types of cookies used:

  1. ESSENTIAL COOKIES. The Data Controller primarily uses the so-called strictly necessary cookies to deliver electronically provided services to the User and improve the quality of said services. Essential cookies are necessary for a website to function correctly. These files are used, in particular, to remember the login sessions or complete forms and also to manage your privacy settings;
  2. ANALYTICAL COOKIES. Analytical cookies allow us to identify the number of visits and sources of web traffic. They help us know which pages are most and least popular and understand how users browse our Website. This enables us to compile statistics and improve the performance of our channels. The information these cookies collect is aggregated; therefore, they are intended to identify you. If you disable these cookies, we shall not know when you browsed our Website.
  3. FUNCTIONAL COOKIES. Functional cookies are used to remember your preferences, such as language, and tailor the Website to your needs. You can set your browser to block or notify you about essential and functional cookies; however, if you do, certain parts of the Website may not function correctly.
  4. MARKETING AND ADVERTISING COOKIES. Marketing and advertising cookies allow us to tailor the advertising content to your interests on the Website and beyond. Advertising partners may install them through our Website. Your interest-based profile is built on the information collected by these cookies and your activity on other websites. Marketing and advertising cookies do not directly store your personal data but identify your Internet browser and hardware. If you disable these cookies, we may still show you ads, but they shall not be tailored to your preferences.

V.- COOKIES MANAGEMENT.

Your consent is needed to install cookies to collect data, including access to data stored on the User’s device. The Website shows the User a cookie consent banner. This consent may be withdrawn at any time per the rules described below.

Consent is not required for strictly necessary cookies to render a telecommunications service on the Website (data transmission of the content). Aside from giving your consent to the installation of cookies by clicking on the cookie consent banner, you must also adjust your browser settings to enable Website cookies on your device.

The consent to allow Website cookies may be withdrawn through the cookie consent banner. You can enable the banner by clicking on the button labelled “Manage cookies”, which appears on all subsites of the Website. After the banner appears, you can withdraw your consent by clicking the “Manage Cookies” button. Next, you must drag the slider next to the selected cookie category and press the “Save settings and close” button.

The process to disallow, disable, or block cookies on different web browsers is provided below:

  1. Internet Explorer: Tools -> Internet Options -> Privacy -> Settings.
  2. Firefox: Tools -> Options -> Privacy -> History -> Custom Settings.
  3. Chrome: Settings> Advanced Settings > Privacy > Content settings.
  4. Safari: Preferences -> Security.

Changing your browser settings may restrict the use of essential and optional cookies. However, you should be aware that this might significantly hinder or prevent the use of the Website.

VI.- ANALYTICAL AND MARKETING TOOLS USED BY THE DATA CONTROLLER

Our partners and we use various solutions and tools for analytical and marketing purposes. Essential information about these tools is provided below. Detailed information is also provided on each partner’s privacy policy.

  1. Facebook pixel is a tool that enables you to track the effectiveness of the Facebook ad campaigns carried out by the Facebook Manager. The tool enables advanced data analysis to optimise the Controller’s actions, even combined with other Facebook tools. Detailed information on data processing can be found at the following link:

https://es-es.facebook.com/business/help/742478679120153?id=1205376682832142

  1. Social network plugins. The Website uses social network plugins (Facebook, Google, LinkedIn, and Twitter). The plugins enable the User to share the content published on the Website in the social network of choice. Website plugins, which can be assigned to the user profile created in a specific social network, allow the social network to collect information about the user’s activity on the Website. The Data Controller is not aware of the purpose and scope of data collection by social networks. Detailed information can be found at the following links:
  1. Facebook / Instagram: https://es-es.facebook.com/legal/terms
  2. Google: https://policies.google.com/privacy?hl=es
  3. Twitter: https://twitter.com/es/privacy

VII.- PURPOSES AND LEGAL GROUNDS OF OTHER PROCESSING EVENTS

EMAILS AND POSTAL COMMUNICATIONS

When you contact the Data Controller via email or post, and said communication is not related to the services provided on behalf of the sender, the personal data contained in the communication shall be processed solely for the purpose of communicating and addressing the issue referred to in said communication. The legal grounds for such processing are the legitimate interest (Article 6(1)(f) of the LOPD) of the Data Controller in maintaining and managing the communications addressed to him regarding the business activity.

The Data Controller only processes personal data relevant to the case to which the communication refers. All communications are stored in such a way as to ensure personal data security (as well as any other type of information) and shall only be disclosed to authorised persons.

TELEPHONE CONTACT

If you contact the Data Controller by telephone regarding matters not related to the contractual agreement or services provided, the Data Controller may ask you to provide your personal data, if necessary, to manage the case discussed during the phone call. In this case, the legal grounds are related to the legitimate interest (Article 6(1)(f) of the LOPD) of the Data Controller to resolve the case related to its business activity.

SECURITY

The Data Controller shall process your personal data in a strictly confidential manner. Likewise, the Controller shall have implemented adequate technical and organisational measures to guarantee its security and prevent its destruction, loss, unlawful access or unlawful modification. Criteria such as scope, context and purposes of the processing have been taken into account to determine these measures; technical state of the art and existing risks (Article 6(1)(f) of the LOPD).

DATA COLLECTION FOR PROVIDING SERVICES OR EXECUTING OTHER CONTRACTS

When collecting data for purposes related to signing or executing a particular contract, the Data Controller shall provide the data subject with detailed information about this data processing at the time of the performance of the contract. The legal grounds for data processing are related to the signing or execution of the contract (Article 6 (1) (b) of the LOPD).

VIII.- PERSONAL DATA RETENTION PERIOD

The data retention period for processing by the Data Controller depends on the type of service provided and the purpose of the processing. As a rule, the data may be processed (a) for the duration of the service or the fulfilment of the order, (b) until the consent is withdrawn or (c) you have registered your objection to the data processing. In such cases, the legal grounds for data processing are related to the Data Controller's legitimate interest.

The data processing period may be extended if the processing is necessary to establish and enforce possible claims or defend ourselves against them and, once this time has elapsed, only if required by law and to the extent provided therein. The data is irreversibly deleted or anonymised at the end of the processing period.

Details about the data retention period may be requested from the contact person specified in Section XIV of this policy.

IX.- RIGHTS CONCERNING THE PROCESSING OF PERSONAL DATA

We undertake to respect the confidentiality of your personal data and guarantee the exercise of your rights. You can exercise them for free by contacting us by email at protecciondedatos@amrest.eu and simply stating your reasons and the right you wish to exercise. We may request a copy of an identity document if we consider it necessary to identify you.

In particular, regardless of the purpose or legal grounds on which we process your data, you have the right to:

  • Request access to your data.
  • Request the rectification of your data. In any case, please bear in mind that you undertake to ensure that the personal data provided are true and accurate by proactively providing us your personal data through any means. Any loss or damage caused to the Platform or the person responsible for the Platform or any third party due to erroneous, inaccurate or incomplete information in the registration forms shall be the User's sole responsibility. As a general rule, please remember that you should only provide us with your personal data, not that of third parties.
  • Request the deletion of your data to the extent that they are no longer necessary for the purpose they need to be processed as stated above or to the extent that we no longer have the legitimacy to do so.
  • Request the restriction of the processing of your data, i.e. in some instances, you may request us to suspend the processing of the data temporarily or to limit its storage beyond the period necessary.

Additionally, when the processing of your data is based on our legitimate interest, you shall also have the right to object to the processing of your data.

Lastly, we inform you of your right to file a claim with the relevant data protection control authority, particularly with the Spanish Data Protection Agency (https://www.agpd.es/portalwebAGPD/index-ides-idphp.php).

X.- DO YOU HAVE TO PROVIDE US WITH YOUR PERSONAL DATA?

You need to provide us with your personal data to use the Website’s features, such as signing and executing a contract related to the User’s account, ordering food, or using the Website’s contact form. If you do not provide us with this information, you cannot make a full use of the relevant Website.

XI.- EXCHANGE OF PERSONAL DATA

Your personal data shall be transferred to third parties that provide us various services, including IT system and IT service providers, administrative support providers, marketing and media agencies, delivery companies, accounting and administrative entities, customer satisfaction polling companies or customer service support providers (for example, call centres). We may also share your personal data with affiliates, including companies belonging to our Group (AmRest Group). In some instances, data may also be shared due to potential business transactions, for example, business restructuring, acquisition or sales of any business or assets; in these cases, we may share your data with the potential buyer or seller.

When we share your data with third parties or other entities belonging to the AmRest Group, the data shared with the third party or entity shall be limited to those items strictly necessary for the operation. In these cases, your personal data is protected by Data Controller Agreements, whereby the subcontracted service providers undertake to process your personal data for specific purposes, according to our instructions, comply with the Constitutional Law on Personal Data Protection, and apply appropriate security measures to protect your personal data in line with our internal policies.

XII.- AUTOMATED DECISION-MAKING

We shall not make any decision about you based solely on the automated processing of your data, which could have legal consequences for you or significantly affect you in a similar way.

 

XIII.- CONTACT DETAILS

We have appointed a data protection officer whom you may contact for all matters related to processing your personal data and exercising your personal data processing rights.

You may contact the data protection officer as follows:

  1. sending an email to  protecciondedatos@amrest.eu
  2. sending a letter (for the attention of: “Data Protection Officer”) to the Pastificio Service, S.L.U. address Paseo de la Castellana 163, 6º (28046) Madrid.

XIV.- CHANGES TO THIS PRIVACY POLICY

We may modify the information contained in this Privacy Policy when deemed appropriate. In such cases, we shall notify you through different channels on the Platform (for example, a banner or pop-up). In any case, we advise you to review this Privacy Policy from time to time, just in case minor changes or interactive improvements have been introduced, given that this Policy is the permanent point for information on our Website.

The current version of the Policy has been adopted and has been in force since April 2022.