Privacy Policy



RISTORANTE GALLO NERO, NOVA SNC di Russo L. & C. – Via del Porrione, 65/67 – 53100 Siena (SI), VAT 01483960520 (hereinafter “Data Controller”), as data controller, informs you pursuant to art. 13 of D. lgs. 30.06.2003 n.196 (hereinafter, “Privacy Code”) and art. 13 EU Regulation n. 2016/679 (hereinafter, “GDPR”) that your data will be processed in the following ways and for the following purposes:
  1. Object of processing

The Data Controller processes personal, identifying and non-sensitive data (in particular: name, surname, tax code, p.iva, e-mail, telephone number- later, “personal data” or even “data”) by you communicated during registration in the database hosted at the Italian office of Aruba SpA, within the European Union (hereinafter “database”) at the time of registration to the services offered by the Data Controller (hereinafter “Services”).
  1. Purpose of processing

Your personal data is processed:
A) Without your express consent (art. 24 lett. A,b,c Privacy Code and art. 6 lett. B, and GDPR), for the following Service Purposes:
  • To allow your registration in the database;
  • Register your contact via the appropriate form on the site;
  • Manage and maintain the database;
  • Allow you to register for the Services provided by the Data Controller;
  • To fulfil pre-contractual, contractual and fiscal obligations arising from existing relationships with you;
  • To fulfil the obligations provided for by law, by a regulation, by community legislation or by an order of the Authority;
  • Exercise the rights of the holder, for example the right of defence in court.
B) Only with your specific and distinct consent (art. 23 and 130 Privacy Code and art. 7 GDPR), for the following Marketing Purposes:
  • send you newsletters, commercial communications and/ or advertising material on services offered by the Data Controller. Please note that if you are already our customer, we may send you commercial communications relating to services of the Data Controller similar to those you have already used, unless you disagree (art. 130 c. 4 Privacy Code).
  1. Method of treatment

The processing of your personal data is carried out through the operations indicated in art. 4 Privacy Code and art. 4 n. 2) GDPR and precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, deletion and destruction of data. Your personal data are subject to both paper and electronic and/or automated processing. The Data Controller will process personal data for the time necessary to fulfil the above purposes and in any case for no more than 10 years from the termination of the relationship for the Service Purposes and for no more than 2 years from the collection of data for the Marketing Purposes.
  1. Access to data

Your data may be made accessible for the purposes referred to in art. 2.A) and 2.B):
  • to employees and collaborators of the Data Controller in their capacity as internal processors and/or processors and/or system administrators;
  • to third parties (e.g. suppliers, credit institutions, professional firms) that carry out outsourcing activities on behalf of the Data Controller, in their capacity as external data processors.
  1. Data communication

Without your express consent (ex art. 24 lett. a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR), the Data Controller may communicate your data for the purposes referred to in art. 2.A) to Supervisory Bodies, Judicial Authorities as well as to all other subjects to whom the communication is mandatory by law for the fulfilment of the aforementioned purposes. Your data will not be disseminated.
  1. Data transfer

The management and storage of personal data will take place on a server hosted at the Italian headquarters of Aruba SpA, within the European Union.
  1. Nature of data provision and consequences of refusal to respond

The provision of data for the purposes referred to in art. 2.A) is mandatory. In their absence, we cannot guarantee the Services of art. 2.A).
The provision of data for the purposes referred to in art. 2.B) is optional. You may therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive newsletters, commercial communications and advertising material relating to the Services offered by the Owner. In any case you will continue to be entitled to the Services referred to in art. 2.A).
  1. Rights of the data subject

As data subject, you have the rights referred to in art. 7 Privacy Code art. 15 GDPR and precisely the rights of:
i. obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet recorded, and their communication in an intelligible form;
ii. obtain the indication of: a) the origin of the personal data; b) the purposes and methods of processing; c) the logic applied in the case of processing carried out with the help of electronic tools; d) the identification details of the data controller, the responsible persons and the appointed representative pursuant to art. 5, paragraph 2 Privacy Code and art. 3, paragraph 1, GDPR; e) the subjects or categories of subjects to whom the data may be communicated or who may become aware of it as a designated representative in the territory of the State, of managers or agents;
iii. obtain: a) the updating, rectification or, where it is of interest, the integration of data; b) the deletion, the transformation into anonymous form or the blocking of data processed in violation of law, including those for which storage is not necessary in relation to the purposes for which the data were collected or subsequently processed; c) proof that the operations referred to in paragraphs a) and b) have been brought to the attention of the person concerned, including as regards their content, those to whom the data have been communicated and disseminated, except where such compliance proves impossible or involves the use of means manifestly disproportionate to the protected right;
iv. opporsi, in tutto o in parte: a) per motivi legittimi al trattamento dei dati personali che La riguardano, ancorché pertinenti allo scopo della raccolta; b) al trattamento di dati personali che La riguardano a fini di invio di materiale pubblicitario o di vendita diretta o per il compimento di ricerche di mercato o di comunicazione commerciale, mediante l’uso di sistemi automatizzati di chiamata senza l’intervento di un operatore mediante email e/o mediante modalità di marketing tradizionali mediante telefono e/o posta cartacea. Si fa presente che il diritto di opposizione dell’interessato, esposto al precedente punto b), per finalità di marketing diretto mediante modalità automatizzate si estende a quelle tradizionali e che comunque resta salva la possibilità per l’interessato di esercitare il diritto di opposizione anche solo in parte. Pertanto, l’interessato può decidere di ricevere solo comunicazioni mediante modalità tradizionali ovvero solo comunicazioni automatizzate oppure nessuna delle due tipologie di comunicazione. Ove applicabili, Lei ha altresì i diritti di cui agli artt. 16-21 GDPR (diritto di rettifica, diritto all’oblio, diritto di limitazione di trattamento, diritto alla portabilità dei dati, diritto di opposizione), nonché il diritto di reclamo all’Autorità Garante.
  1. How to exercise your rights

You may at any time exercise your rights by sending:
  • one recommended a.r. to RISTORANTE GALLO NERO, NOVA SNC di Russo L. & C. – Via del Porrione, 65/67 – 53100 Siena (SI), P.IVA 01483960520
  • an e-mail to
  1. Minors

For the Data Controller Services for children under 16 years the Data Controller requires the written consent of the parent or legal guardian.
The over-18s (from the age of sixteen onwards) give their own consent.
  1. Owner, manager and appointees

The Data Controller is RISTORANTE GALLO NERO, NOVA SNC di Russo L. & C. – Via del Porrione, 65/67 – 53100 Siena (SI), P.IVA 01483960520
The Data Processor is RUSSO L.
The updated list of Data Processors is kept at the headquarters of the Data Controller.
  1. Amendments to this Policy 

This Policy may change. We therefore recommend that you regularly check this Policy and refer to the most updated version.
Call Now Button