This Privacy Policy describes how we collect, use, protect and share the personal information of users who visit our website and use our online booking system.
1. Data Controller
The Data Controller is Matilde Pettini, owner of Thanks Mom S.r.l. (Via della Chiesa 16/r, 50125, Florence, Italy), contact e-mail: book@dallalola.it.
2. Types of Data Collected
When making a reservation via our Resdiary booking system, we collect the following personal data:
- First and last name
- Email address
- Phone number
- Reservation details (date, time, number of people, special requests, if any)
3. Purpose of Data Processing
Your personal data is processed for the following purposes:
- Managing the reservation via Resdiary
- Sending confirmation and reminder emails regarding the reservation
- Complying with legal and fiscal obligations related to reservation management
Legal Basis for Processing
The processing of your personal data is based on the following legal grounds:
- Contract: the processing is necessary for the performance of the reservation contract between you and us
- Legal obligations: in some cases, data may be processed to comply with legal obligations, such as fiscal requirements
5. Data Retention
Data is processed and retained for as long as necessary to fulfill the purposes for which it was collected. Therefore:
- Personal Data collected for the execution of a contract between the Data Controller and the User will be retained until the completion of that contract.
- Personal Data collected for purposes related to the legitimate interests of the Data Controller will be retained until that interest is satisfied. The User can obtain further information about the legitimate interest pursued by the Data Controller in the relevant sections of this document or by contacting the Data Controller.
- When processing is based on the User's consent, the Data Controller may retain the Personal Data longer until that consent is withdrawn. Additionally, the Data Controller may be required to retain the Personal Data for a longer period to comply with a legal obligation or by order of an authority.
- After the retention period expires, the Personal Data will be deleted. Therefore, upon the expiration of this period, the rights of access, deletion, rectification, and data portability can no longer be exercised.
6. Data Sharing
The personal data collected may be shared with Resdiary, the booking system used, which acts as a data processor. Resdiary processes personal data on our behalf, ensuring it is protected in compliance with GDPR.
7. Data Transfer Outside the EU
Resdiary may transfer your personal data to servers located outside the European Union. In such cases, we will ensure that appropriate safeguards are adopted to ensure your data is processed in accordance with GDPR.
8. User Rights
Users can exercise certain rights regarding the data processed by the Data Controller. Specifically, the User has the right to:
- Withdraw consent at any time: The User may withdraw their previously given consent for the processing of their personal data.
- Object to the processing of their data: The User can object to the processing of their data when it is based on a legal ground other than consent. Further details on the right to object are outlined in the section below.
- Access their data: The User has the right to obtain information about the data processed by the Data Controller, about specific aspects of the processing, and to receive a copy of the data processed.
- Verify and request rectification: The User can verify the accuracy of their data and request its update or correction.
- Obtain limitation of processing: When certain conditions apply, the User can request the limitation of the processing of their data. In such a case, the Data Controller will not process the data for any other purpose other than its storage.
- Request deletion or removal of their personal data: When certain conditions apply, the User can request the deletion of their data from the Data Controller.
- Receive their data or have it transferred to another controller: The User has the right to receive their data in a structured, commonly used, and machine-readable format and, where technically feasible, to obtain its transfer to another controller without hindrance.
- File a complaint: The User can file a complaint with the relevant personal data protection authority or take legal action.
Details on the right to object
When personal data is processed in the public interest, in the exercise of public powers vested in the Data Controller, or for the pursuit of a legitimate interest of the Data Controller, Users have the right to object to processing for reasons related to their particular situation. It is noted that if the User’s data is processed for direct marketing purposes, they can object to the processing without providing any justification.
How to exercise rights
To exercise the User's rights, Users can send a request to the contact details of the Data Controller provided in this document. Requests are free of charge and will be processed by the Data Controller as soon as possible, in any case within one month.
9. Third-party services
The services in this section allow the Data Controller to monitor and analyze traffic data and track the behavior of the User.
ResDiary (Google Inc.)
ResDiary is an online booking management web-app developed by The Access Group.
This integration of Google Analytics anonymizes the IP address. The anonymization works by shortening the IP address within European Union member states or other countries that are party to the European Economic Area agreement. Only in exceptional cases will the full IP address be sent to Google servers and shortened in the United States.
Personal Data collected: Cookies and Usage Data.
Place of processing: UK
Google Analytics with anonymized IP (Google Inc.)
Google Analytics is a web analytics service provided by Google Inc. (“Google”). Google uses personal data collected to track and examine the use of this website, compile reports on activity, and share them with other services developed by Google. Google may use personal data to contextualize and personalize ads in its advertising network.
This integration of Google Analytics anonymizes the IP address. The anonymization works by shortening the IP address within European Union member states or other countries that are party to the European Economic Area agreement. Only in exceptional cases will the full IP address be sent to Google servers and shortened in the United States.
Personal Data collected: Cookies and Usage Data.
Place of processing: USA
Google Analytics (Google Inc.)
In addition to the anonymization of the IP, Google Analytics collects information about user behaviors on the website, such as the number of visitors, session duration, geographic origin, and viewed pages. This data is used exclusively for statistical purposes and to improve the user experience.
Personal Data collected: Cookies and Usage Data.
Place of processing: USA
10. Defense in Legal Proceedings
The User's personal data may be used by the Data Controller in legal proceedings or in the preparatory phases of such proceedings to defend against abuse in the use of this website or the connected Services by the User.
11. Changes to the Privacy Policy
The Data Controller reserves the right to make changes to this privacy policy at any time by informing Users on this page and, if possible, on this website, as well as, when technically and legally feasible, by sending a notification to Users via one of the contact details the Data Controller has. Please regularly check this page, referring to the date of the last modification shown at the bottom. If changes affect treatments based on consent, the Data Controller will collect the User's consent again if necessary.
12. Definitions and Legal References
- Personal Data (or Data): Personal data is any information that, directly or indirectly, including in combination with other information, including an identification number, makes a physical person identified or identifiable.
- Usage Data: Information automatically collected through this website (also by third-party applications integrated into this website), including: IP addresses or domain names of computers used by Users connecting to this website, URI (Uniform Resource Identifier) addresses, request time, method of request submission to the server, file size received in response, numerical code indicating server response status (successful, error, etc.), country of origin, browser and operating system features used by the visitor, various temporal aspects of the visit (e.g., the time spent on each page), and details about the browsing path within the website, particularly regarding the sequence of pages visited, operating system parameters, and the User’s computing environment.
- User: The individual using this website, unless otherwise specified, coinciding with the Data Subject.
- Data Subject: The natural person to whom the Personal Data refers.
- Data Processor: The natural or legal person, public authority, agency, or other body that processes personal data on behalf of the Data Controller, as described in this privacy policy.
- Data Controller: The natural or legal person, public authority, service, or other body that, individually or together with others, determines the purposes and means of the processing of personal data and the tools adopted, including security measures related to the operation and use of this website. The Data Controller, unless otherwise specified, is the owner of this website.
- Website: The hardware or software tool by which the User's Personal Data is collected and processed.
- Service: The service provided by this website as defined in the relevant terms (if available) on this website.
- European Union (or EU): Unless otherwise specified, any reference to the European Union in this document refers to all current EU member states and the European Economic Area.
Legal References
This privacy notice is drafted based on multiple legislative frameworks, including Articles 13 and 14 of Regulation (EU) 2016/679.
Unless otherwise specified, this privacy notice applies only to this website.
Last modification: March 2025
