Last updated: December 2025
This Privacy Policy describes how the website www.innbufalito.it (hereinafter "Website") manages the personal data of users who visit it, in accordance with Regulation (EU) 2016/679 (GDPR) and Italian Legislative Decree 196/2003 as amended by Legislative Decree 101/2018.
The Data Controller for personal data processing is:
The following categories of personal data may be collected during Website navigation:
Navigation data: The computer systems and software procedures used to operate the Website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses, domain names of computers used by users, URI addresses of requested resources, time of request, method used to submit the request to the server, size of the file obtained in response, numerical code indicating the status of the server response, and other parameters related to the user's operating system and computing environment.
Data voluntarily provided by the user: The optional, explicit, and voluntary sending of messages to the contact addresses indicated on the Website, as well as the completion and submission of any forms on the Website, involves the acquisition of the sender's contact data necessary to respond, as well as all personal data included in the communications.
Reservation data: The Website uses the Covermanager reservation service for table booking management. Data entered by the user in the reservation widget (such as name, phone number, email, reservation date and time, number of guests, and any special requests) are processed by Covermanager as Data Processor. For information on data processing by Covermanager, please consult their privacy policy available at www.covermanager.com.
Personal data are processed for the following purposes:
a) Website navigation: Navigation data are used solely to obtain anonymous statistical information on Website usage and to verify its proper functioning. Data may be used to ascertain responsibility in case of hypothetical computer crimes against the Website.
b) Responding to user requests: Data voluntarily provided by users are used to respond to information requests or other communications sent through the Website's contact channels.
c) Reservation management: Data provided through the Covermanager reservation system are used to manage table reservations at the restaurant.
d) Statistical analysis: Data collected through Google Analytics are used in aggregate and anonymous form to analyze Website usage and improve its content and functionality.
e) Compliance with legal obligations: Data may be processed to comply with obligations required by law, regulation, EU legislation, or authority orders.
The processing of personal data is based on the following legal grounds:
For navigation data: legitimate interest of the Controller to ensure proper Website functioning and IT security (Art. 6, par. 1, lett. f) GDPR).
For voluntarily provided data and reservations: execution of pre-contractual measures taken at the request of the data subject (Art. 6, par. 1, lett. b) GDPR).
For analytical cookies: consent of the data subject (Art. 6, par. 1, lett. a) GDPR).
For legal obligations: compliance with a legal obligation to which the Controller is subject (Art. 6, par. 1, lett. c) GDPR).
Personal data are processed using automated tools for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent data loss, unlawful or improper use, and unauthorized access.
Personal data will not be disclosed, meaning they will not be made known to unspecified parties in any possible form, including making them available or simply allowing consultation. They may be communicated to third parties only in cases expressly provided by law, or when processing is necessary for activities connected to Website use, such as:
The hosting provider for technical Website management.
Covermanager for table reservation system management.
Google LLC for Google Analytics and Google Maps services.
Personal data are stored on servers located in the European Union. Some data may be transferred to the United States in connection with services provided by Google. Such transfer takes place on the basis of Standard Contractual Clauses approved by the European Commission and in accordance with the EU-US Data Privacy Framework.
Navigation data are deleted immediately after processing, except for possible use in ascertaining computer crimes. Data voluntarily provided by users are retained for the time necessary to provide the requested service and subsequently for the period prescribed by applicable legal provisions. Reservation data are retained according to Covermanager policies and for the time necessary for tax and accounting compliance.
Pursuant to Articles 15-22 of the GDPR, the data subject has the right to:
Obtain confirmation of whether personal data concerning them exist and their communication in an intelligible form.
Obtain information about the origin of the data, the purposes and methods of processing, the logic applied in case of processing carried out with the aid of electronic tools.
Obtain updating, rectification, or integration of data, deletion, transformation into anonymous form, or blocking of data processed in violation of law.
Object, on legitimate grounds, to the processing of data.
Withdraw consent at any time, without affecting the lawfulness of processing based on consent given before withdrawal.
Lodge a complaint with the Data Protection Authority.
Requests may be addressed to the Data Controller at the contact details indicated above.
The Controller reserves the right to make changes to this Privacy Policy at any time, giving notice to users on this page. Please consult this page frequently. In case of non-acceptance of changes made to the Privacy Policy, the data subject may request that the Controller delete their personal data.
For information on cookie usage, please consult our Cookie Policy.