Privacy Policy – Information on the processing of personal data

This page describes the methods of managing this website with regard to the processing of personal data of users who consult it. This information notice is provided in accordance with the current legislation on personal data for users who interact with the services of this website within the framework of EU Regulation 2016/679. The information is provided only for this website and not for any other websites that may be consulted by the user through our links.

Types of data processed

  • Browsing data
    The computer systems and software procedures used to operate the website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified individuals, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users who connect to the website, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (successful, error, etc.), and other parameters related to the user’s operating system and IT environment. These data are used solely to obtain anonymous statistical information on the use of the website and to check its proper functioning and are deleted after processing. The data may be used to determine liability in the event of potential computer crimes harming the website.
  • Data voluntarily provided by the user
    The optional, explicit and voluntary sending of emails to the addresses indicated on the website entails the subsequent acquisition of the sender’s address, which is necessary to respond to requests, as well as any other personal data included in the message.
    Specific summary information will be progressively reported or displayed on the pages of the website set up for particular on-demand services.
  • Cookies
    For information regarding the use of cookies, please refer to the Cookie Policy available in the appropriate section of the website.

Purposes of processing and Legal basis of processing

Personal data will be processed, within the normal activities of Elior, for the following purposes:

  • responding to requests or carrying out the service or performance requested by the user;
  • technical management of the website, such as ensuring security and monitoring its proper functioning;
  • processing aggregated statistical data on website usage.

The legal basis for the processing of such data is the necessity to respond to the requests of data subjects and to pursue the legitimate interests of the Controller within the limits established by law.
Apart from these cases, users’ browsing data are retained only for the time strictly necessary for managing the processing activities within the limits established by law.

Optional nature of data provision

Apart from what is specified for browsing data, the user is free to provide personal data to request the services offered by the Controller. Failure to provide such data may result in the inability to obtain the requested service.

Methods of processing and data retention period

Personal data are processed using automated tools for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent data loss, unlawful or improper use, and unauthorized access.

Data are retained for the time strictly necessary for achieving the purposes indicated in this notice and will be deleted at the end of this period, unless the data must be retained to comply with legal obligations or to exercise or defend a right in legal proceedings.

Categories of parties involved in the processing and data disclosure

Individuals whom Elior engages for the management of the website, designated as processors or authorized personnel, may become aware of personal data. Personal data may be disclosed, for the same purposes stated above, to competent public authorities to comply with legal obligations, as well as to other companies within the Elior Group inside the European Union.
Your personal data will not be disseminated.

Rights of data subjects

Under the current data protection legislation, the data subject may exercise his/her rights at any time, including obtaining confirmation of the existence of personal data, knowing their content and origin, verifying their accuracy, requesting their integration, updating or rectification, requesting their deletion, anonymization, or the blocking of data processed unlawfully, and objecting to processing for legitimate reasons, even limited to certain processing methods. The data subject may also request the restriction of processing and exercise the right to data portability. Furthermore, the data subject may lodge a complaint with the Data Protection Authority.

Requests should be addressed to the Controller at the following address: privacy@elior.it.

Data Controller

The Data Controller is Elior Ristorazione S.p.A., headquartered at Via Venezia Giulia 5/A - 20157 Milan. The Data Protection Officer of the Elior Group can be contacted at privacy@elior.it.