In carrying out our activities, we pay the closest attention to the security and confidentiality of the personal data of our users and customers, in compliance with the applicable data protection legislation and according to the principles of necessity, fairness, lawfulness, proportionality, and transparency.
You will find information below on how we process your personal data. Please note that this Privacy Statement does not apply to data processing carried out by or through third-party web pages linked to this application mobile, as we have no influence or control over their configuration and content. We therefore recommend that you consult the relevant privacy and cookie policies.
- Who is the Data Controller and Data Processors? How to contact them?
The Data Controllers of the processing of your personal data carried out through this application mobile is Temakinho S.p.A., with registered office at Via Francesco Petrarca, 6 - 20123 Milan (hereinafter also “Temakinho Italia”).
In order to use the app on the English territory, Temakinho Uk Ltd. is appointed as Data Processor, with registered office in The Meads Business Center Hampshire, C / O Solution4Caterers Ltd, GU147SR, London, UK (hereinafter also “Temakinho UK”).
Temakinho España SL., With registered office in Puerto Deportivo Marina Botafoch, local 113, Bajos, 07800, Ibiza, Baleares, España (hereinafter also “Temakinho España”) is appointed as Data Processor for the treatment on Spanish territory.
You can contact each of the aforementioned subject by ordinary mail, by writing to the address of their respective registered offices, or by general email address at firstname.lastname@example.org.
- Which categories of personal data do we process? And what methods do we use to process them?
For the “Book a table” service, we process the following categories of personal data:
- first name, surname;
- phone number;
- email address;
- the information you would like to freely communicate to us;
- geolocation data about the user's location (in the application download phase with optional activation or when opening the application at any time);
- any payment details;
Your data may be processed with manual or IT tools, able to ensure security, confidentiality, and prevent unauthorised access.
If you provide us with personal data on someone else's behalf, you must first ensure that the Data Subjects have read this Privacy Statement.
We ask you to help us to keep your personal data up to date, informing us of any changes that may occur and we ask you not to include in your messages to us personal data concerning third parties or 'sensitive' data (meaning those that could reveal your racial or ethnic origin, your political opinions, religious or philosophical beliefs, your trade union membership, your genetic, biometric or health data, or data about your sex life or sexual orientation). Should you send such data, we will delete this information.
Please note that the device detects the language used by the user and the application and booking web widget are set accordingly: this is a feature of the app and booking web widget that improves and personalizes the service offered.
- When do we collect your personal data?
We collect your personal data when you:
- download for the first time and install Termakinho’s mobile application;
- any time you open the application or booking web widget;
- request our table booking service, indicating the establishment, day, time and number of people, in the 'Book a table' section of the mobile application or booking web widget;
- subscribe to our newsletter though an express consent;
- For what purposes can we process your data? What is the legal basis for each of these purposes? And what happens if you don't give us your data?
The processing of personal data must be legitimised by one of the legal requirements (so-called 'legal basis') provided by current data protection legislation, as described below:
- purposes related to the reservation of the table in the establishment, day and time preferred through the “Book a table” section: pre-contractual purposes (when choosing the establishment, choice of the preferred date and time, specification of the number of persons and, if necessary, payment of a deposit). Legal basis of the processing: implementation of pre-contractual measures. The communication of your data is optional but necessary to achieve these purposes: Therefore, if you do not provide us with your data, you will not be able to use the table booking service;
- purpose of allowing the visualization of the restaurants closest to you (in the phase of identifying the restaurant). Legal basis of the processing: your express consent; failure to provide it does not have consequences on contractual relationships. You can always withdraw consent as per paragraph 9, using the app or phone settings;
- sending of newsletters, containing news or information, initiatives and activities, carried out using remote communication tools (such as email). Legal basis of the processing: your express consent; failure to provide the same does not have consequences for contractual relationships. You can always withdraw consent as per paragraph 9. In the absence of consent or the event of its withdrawal, commercial communications will not be sent.
- Sending push notifications (concerning news, various information, initiatives). Legal basis of the processing: your express consent; failure to provide the same does not have consequences for contractual relationships. You can always withdraw consent as per paragraph 9. In the absence of consent or the event of its withdrawal, commercial communications will not be sent. In relation to the push notification, your consent is required when registering with the mobile application and any time you open it. You can change or revoke it at any time;
- performance of activities functional to any sales of companies and business units, acquisitions, mergers, demergers, transformations, and the performance of such operations. Legal basis of the processing: our legitimate interest in carrying out such operations. Processing for this purpose is not mandatory and you can oppose it in the manner referred to in paragraph 9 below. In the latter case, we will not be able to process your personal data for this purpose, unless we can show that there are overriding legitimate reasons;
- fulfilment of legal obligations or orders of public authorities, concerning, and based on, the data you provide for the pursuit of the above purposes. Legal basis of the processing: fulfilment of a legal obligation. If you do not provide us with your data, we will not be able to carry out the main purpose (among those listed above) for which your data have been requested;
- to defend our rights before the judicial authorities. Legal basis of the processing: our legitimate interest in asserting and defending our rights. Processing for this purpose is not mandatory, and you can oppose it in the manner referred to in paragraph 9 below. In the latter case, we will not be able to process your personal data for this purpose, unless we can prove that there are overriding legitimate reasons.
- To whom may we disclose your data?
- Our employees assigned specifically to process your data, in particular for customer service purposes and employees in our restaurants;
- providers of legal advice and assistance services;
- providers of IT services including software support, or archiving;
- any company used to provide us with a service;
- the police, government agencies, regulatory bodies, courts or other public authorities authorised by law;
- third parties or bodies to which the communication of data is required by law.
In addition, for the purposes referred to in letter f) of paragraph 4 above (carrying out of company transfers and extraordinary transactions), we disclose your data to transferee companies or company branches, potential purchasers of Data Controllers or Processors and companies involved in, or resulting from, any mergers, demergers, transformations.
The subjects mentioned above may act, depending on the case, as data controllers or autonomous data controllers. Other than to these subjects, your data will not be disclosed.
It should be noted that the IT systems and software procedures used to operate the App [such as the Apple store, Google Play or Windows Phone Store] acquire, during their normal operation, some data however referable to the User whose transmission is implicit in the use of internet communication protocols, smartphones and devices used. This category of data includes, but is not limited to, the language and the geolocation data.
The User can consult the privacy information available on the following sites:
- Apple http://www.apple.com/legal/privacy/it/
- Google play https://www.google.it/intl/it/policies/privacy/
- Windows Store: https://privacy.microsoft.com/it-IT/privacystatement
- We transfer your data outside the European Union and the European Economic Area?
We also transfer your data to US service providers to perform the table booking service.
The transfer of your data to this country takes place in any case in compliance with the applicable regulations and international treaties. In particular, the suppliers to whom we transfer your data have subscribed to the so-called 'Privacy Shield' (https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/5306161).
You have the right to obtain a copy of the data held abroad and to obtain information on the place where such data are kept by expressly requesting it from us at the addresses indicated in paragraph 1 above.
- How long do we retain your data?
- to allow you to book your table online at one of our restaurants: we retain your data until the day of your requested table booking and, for the sole purpose of protecting our rights in the event of disputes, for the next 10 years, unless retention for a longer period is required for any disputes, requests by the competent authority or under applicable law;
- to allow the display of the restaurants closest to you: the geolocation data are used to offer the closest restaurant to the user by default but are never saved. They are used in real time only to order the list of restaurants from the closest to the farthest. In no case they are sent to the server. There is therefore no continuous tracking, but a precise detection of user’s position (which can also be disabled by the user at any time), carried out exclusively by the device, without the possibility for Temakinho to have access to location data and therefore to know the customer’s location;
- for sending our newsletter: for 24 months including the day you gave us your details;
- for sending push notifications: for 24 months, unless withdrawal of consent;
- to comply with legal obligations or orders from public authorities: for as long as the legislation in force allows;
- solely to defend and assert our rights also before the judicial authorities: from the day you provided us with your data, for the next 10 years, unless retention for a longer period is required for any disputes, requests by the competent authority or under applicable law;
- for the performance of activities functional to any sales of companies and business units, and to extraordinary operations (such as acquisitions, mergers, etc.): the retention periods indicated above shall apply according to the corresponding purpose concretely pursued.
- What are your rights concerning the processing of your personal data?
We guarantee that you can exercise your rights under Article 12.2 of EU Regulation No. 679/2016 (so-called 'GDPR') at any time. In particular, you have the right to:
- to have access to your data;
- request the rectification of your inaccurate personal data or the integration of incomplete data;
- obtain the erasure of your personal data in the presence of one of the reasons envisaged by the GDPR;
- request to limit the processing only to specific personal data, if one of the reasons provided for in the Regulation occurs;
- if we process your personal data using automated systems based on your consent or a contract, to request to receive your personal data in a structured, commonly used and readable format from an automatic device or to request their transmission to another data controller without hindrance;
- object in whole or in part to the processing of your personal data;
- withdraw your consent to the processing at any time if it is based on consent, without prejudice to the lawfulness of the corresponding processing until the time of withdrawal.
You can exercise these rights by sending us the appropriate communication at the addresses indicated in paragraph 1 above.
Furthermore, you always have the right to lodge a complaint with the national Data Protection Authority, i.e., UK National Security Authority (UK NSA), that you can contact through https://www.gov.uk/government/publications/uk-national-security-authority-privacy-notice/uk-national-security-authority-privacy-notice#contact-details.