Privacy policy for contact form This privacy policy is provided pursuant to art. 13 of EU Regulation 679/2016 by OMPAGRILL S.R.L., VIA G. PUCCINI 9/B, Postcode: 36027, ROSA’ (VI), VAT Number: 01795890241, as Data Controller to those who access our website OMPAGRILL.IT.. (hereinafter only the “Site”) and fill in the “contact” form in order to illustrate the essential elements of the data processing carried out. Personal data processed We will only process data supplied voluntarily. Through the Site you have the opportunity to voluntarily provide personal data, e.g. name and e-mail address to contact us via the “contact” form. We will use these data in compliance with the applicable legislation in force, assuming that they refer to you. In the event that the data refer to a third party, you will act as autonomous data controller for the latter, assuming all legal obligations and responsibilities. In this sense, you hereby grant us the widest possible indemnity with respect to any dispute, claim, request for compensation for damage caused by processing, etc., that we may receive from third parties whose personal data have been processed through your use of the Site in violation of the applicable legislation currently in force. Purposes of processing and legal basis Specifically, your personal data is processed for the following purposes and legal bases:
  • activities related to contact management (examples of activities are: filling in the contact form on the website or, more generally, sending an e-mail involving the processing of personal data such as, for example, name, surname, subject; the legal basis of the above purpose is identified in the contract and pre-contractual measures (art. 6.1, letter b, GDPR);
  • activities related to the execution of the contract to which you are a party, including the pre-contractual phase (examples of activities are: the provision of a service, the response to a request, the request for contact via the “contact” form (etc.); the legal basis of the above purpose is identified in the contract and pre-contractual measures (art. 6.1, letter b, GDPR), but also (where applicable) in the legitimate interest (art. 6.1, letter f, RGDP) insofar as it relates to the need to defend a right and also in the fulfilment of a legal obligation or regulations in force or to fulfil an obligation imposed by the Authorities (art. 6.1, letter c, GDPR);
  • maintenance of computer systems and devices (persons in charge of maintaining and repairing the Site may accidentally access Your personal data. These events are entirely sporadic and unforeseeable and, in any case, have no identification purpose and are limited in duration to the performance of the maintenance/repair work); the legal basis of the above purpose is identified in the legitimate interest (art. 6.1, letter f, GDPR).
None of our processing is based on consent. The legal bases on which we operate are: contract, legitimate interest and legal obligation. We do not carry out processing with automated decision-making processes or profiling. Data retention times Your personal data will be stored for the periods of time strictly necessary to achieve the primary purposes as indicated above, and to comply with the provisions of laws. In particular, for activities related to contact management your personal data are deleted when the purpose of contact, reply or correspondence is finally completed, for activities related to the execution of the contract to which you are a party, (including the pre-contractual phase),your personal data will be kept for the entire duration of the contractual relationship and, once the relationship has ended, they will be kept for any need to ascertain/exercise/defend a right or to fulfil an obligation or regulations in force or to comply with an obligation imposed by the Authorities (art. 6.1, letter c, GDPR), for the activities of maintenance of computer systems and devices, referring to personal data that we have for the other purposes indicated in this Privacy Policy, the retention times will coincide with those identified from time to time for the aforementioned purposes. Consent and optional/compulsory nature of providing data. The processing of your personal data, for the purposes described above, may be carried out without your consent. The provision of your data, which you undertake to provide us with by contract or by law, is compulsory and constitutes a necessary requirement for the conclusion of the contract and failure to provide them will make it impossible for us to execute the contracts and other related obligations. Any other provision of your personal data (e.g. for sending requests that have not yet been contracted or for navigating the site) is merely optional. The only consequence of not providing optional data will be the impossibility of providing or performing the requested services. Categories of recipients Your Personal Data may also be disclosed to third parties for technical and operational purposes strictly related to the purposes set out above and in particular to the following categories of persons:
  • persons necessary for the provision of the services offered by the Site, including, by way of example, the sending of e-mails and the analysis of the operation of the Site, who typically act as our data controllers;
  • persons authorised by us to process data who have committed themselves to confidentiality or have an appropriate legal obligation of confidentiality;
  • judicial authorities in the exercise of their functions when required by applicable law.
Transfer abroad The Data Controller shall not transfer personal data outside the European Economic Area. The Controller, however, reserves the right to use services in the cloud, in which case the service providers will be selected from those who provide adequate guarantees in accordance with applicable law. Data processing procedure Your personal data will be processed both in electronic and paper format. However, the processing will be carried out mainly with computer tools and in any case with the observance of the minimum precautionary measures of security and data confidentiality. In particular, technical, IT, organisational, logistical and procedural security measures have been implemented to prevent the loss, unlawful or irrelevant use of, and unauthorised access to, data. Rights of the data subject and complaints to the Supervisory Authority We inform you that you can exercise the following rights with regard to the processing of your personal data:

a. Right to obtain access to your personal data(Art. 15, GDPR): you can contact us to find out if your personal data is being processed and the information required by law on processing;

b. Right of rectification (Art. 16, GDPR): to obtain the correction of your inaccurate personal data or the integration of incomplete data;

c. Right to cancellation/oblivion (Art. 17, GDPR): obtain the cancellation of your personal data, in the cases provided for by law;

d. Right to the limitation of processing(Art. 18, GDPR): to obtain the submission of your personal data to the storage only, with the exclusion of other activities, in the hypotheses provided for by the law;

e. Right to portability (Art. 20, GDPR): to obtain your personal data in a structured format, of common use and readable by automatic devices and also to obtain the direct transfer to another data controller for the processing, in the hypotheses provided for by the law;

f. Right to oppose (Art. 21, GDPR): right to stop further processing of personal data for reasons related to your particular situation, unless our legitimate reasons prevail, in the cases provided for by law;

g. Right to withdraw consent (Art. 7.3, GDPR): right to withdraw consent at any time in cases where processing is based on consent.

To exercise the above rights, you can use the Controller’s contact details provided in this Policy. The exercise of the rights is not subject to any formal constraint and is free of charge. We also inform you of your right to make a complaint before the competent authority for personal data protection. We remind you that complaints, according to Art. 77.1 of the GDPR, can be filed by data subjects with the Authority of the place where the data subjects habitually reside, where they work or where the alleged violation occurred. Data Controller The Data Controller is OMPAGRILL S.R.L. Contact data of the Data Controller:
  • e-mail:
  • Telephone 0424590800
  • postal address: VIA G. PUCCINI 9/B, Postcode: 36027, ROSA’ (VI)
Amendments This Policy has been in force since 25 May 2018. We reserve the right to modify or simply update the content, in part or in full, also due to changes in the applicable legislation. The updated Policy will be promptly published on this Site. We therefore invite you to visit this page regularly to check for any updates.