Il Panoramico, based at Via Nazionale, 2 — 25056 Ponte di Legno (BS), Italy, places great importance on the privacy and protection of personal data of its users and customers.
This Privacy Policy clearly and transparently describes what data we collect through the website ilpanoramico.com, for what purposes we process it, with whom we share it and what rights you may exercise.
This document is drafted pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR) and Italian Legislative Decree 196/2003 as amended by Legislative Decree 101/2018 (Italian Privacy Code).
The Data Controller, with registered office at Via Nazionale, 2 — 25056 Ponte di Legno (BS), Italy — Italian Tax Code and VAT number 03462270988, registered with the REA of Brescia under no. 536136, share capital €40,000 fully paid-in.
The Data Controller has not appointed a Data Protection Officer (DPO), as the conditions for mandatory appointment under Art. 37 GDPR do not apply. For any request concerning the processing of your personal data or the exercise of your rights you may contact the Data Controller at the details shown above.
Through the website we may collect the following categories of personal data:
The IT systems and software procedures responsible for operating the website acquire, during their normal operation, certain data the transmission of which is implicit in the use of Internet communication protocols: IP address, browser type and version, operating system, pages visited, date and time of visit, referrer. These data are used only to obtain anonymous statistical information about website use and to ensure its correct operation and security.
When you fill in the forms on the website you voluntarily provide us with your personal data. In particular:
Name, email address, phone number, subject and message.
Name, phone number, email address, date and time of the booking, number of people and any notes.
First and last name, phone number (verified through an OTP code sent via SMS), email address, delivery address, details of the products ordered, any notes and chosen payment method.
In case of payment by credit card, card details (number, expiry, CVC) are processed directly by Stripe through a secure form hosted on Stripe's servers: such data does not transit nor is it stored on our servers. See section 5 for more information.
The website uses technical cookies (necessary for operation) and, upon consent, experience, measurement and marketing cookies. For full details please see the Cookie Policy.
We process your personal data for the purposes listed below, indicating for each the relevant legal basis under Art. 6 GDPR:
Legal basis: legitimate interest of the Data Controller in ensuring the security and correct operation of the website (Art. 6(1)(f) GDPR) and Art. 122(1) of Italian Legislative Decree 196/2003 for technical cookies.
Legal basis: pre-contractual measures taken at the data subject's request (Art. 6(1)(b) GDPR).
Legal basis: pre-contractual measures and performance of the service requested by the user (Art. 6(1)(b) GDPR).
Legal basis: performance of a contract to which the data subject is a party (Art. 6(1)(b) GDPR), for order intake, preparation, delivery and customer support.
Legal basis: legitimate interest of the Data Controller in preventing fraudulent or erroneous orders and ensuring reliable customer contact during delivery (Art. 6(1)(f) GDPR).
Legal basis: performance of the contract (Art. 6(1)(b) GDPR) and compliance with legal obligations on anti-money laundering and payment traceability (Art. 6(1)(c) GDPR).
Legal basis: compliance with legal obligations to which the Data Controller is subject (Art. 6(1)(c) GDPR), including the retention of accounting and tax records.
Legal basis: consent of the data subject provided through the cookie banner (Art. 6(1)(a) GDPR). Consent may be freely withdrawn at any time through the panel available in the Cookie Policy.
Personal data is processed mainly through electronic tools, according to logic strictly related to the indicated purposes and, in any case, in a way that guarantees security and confidentiality pursuant to Art. 32 GDPR.
We adopt technical and organisational measures appropriate to protect data from unauthorised access, loss, destruction or alteration, including:
Notwithstanding the measures adopted, no IT system can be considered entirely secure: users are required to protect their own credentials and to promptly report any suspicious misuse to us.
Personal data will in no case be disseminated. It may be communicated to the following parties, acting as Data Processors pursuant to Art. 28 GDPR or, where indicated, as independent controllers:
Services: interactive map display on the Contacts page; embedded video playback; web font delivery; aggregate website usage statistics.
Cookie category: Experience (Maps, YouTube) and Measurement (Analytics 4).
Country: Ireland (EU), with possible transfers to the United States.
GDPR safeguard: EU-U.S. Data Privacy Framework + Standard Contractual Clauses (SCC 2021).
Privacy Policy: business.safety.google/privacy
Service: measurement of the effectiveness of advertising campaigns and creation of audience segments for remarketing.
Cookie category: Marketing.
Country: Ireland (EU), with possible transfers to the United States.
GDPR safeguard: EU-U.S. Data Privacy Framework + Standard Contractual Clauses (SCC 2021).
Privacy Policy: facebook.com/privacy/policy
Service: display of videos embedded on event pages.
Cookie category: Experience.
Country: United States.
GDPR safeguard: Standard Contractual Clauses (SCC 2021).
Privacy Policy: vimeo.com/privacy
Service: secure processing of credit card payments for online orders.
Country: Ireland (EU).
Certifications: PCI-DSS level 1 (the highest security standard in the payment card industry).
Privacy Policy: stripe.com/privacy
Service: delivery of the verification code (OTP) to the phone number provided during the online order process.
Purpose: verification of the validity of the phone number provided by the customer only; the number is transmitted to the gateway solely at the time of the code delivery and is not used for any other purpose.
Service: website hosting and data storage on servers located within the European Union.
Note:The provider acts as a Data Processor under Art. 28 GDPR by virtue of a specific service agreement.
In addition to the parties listed above, data may be communicated to tax and legal consultants, banking institutions and public authorities when necessary to comply with legal obligations or to assert or defend a right in court.
Personal data is hosted on servers located within the European Union. Some third-party services (Google, Meta, Vimeo) may involve transfers to countries outside the EU, in particular the United States. Such transfers take place only with the user's consent, where required, and on the basis of adequate safeguards under Chapter V of the GDPR, including:
For more information on the safeguards applied to individual transfers, please refer to the privacy policies of the providers indicated in the previous section or contact the Data Controller at info@ilpanoramico.com.
At any time you may exercise the following rights under Articles 15–22 GDPR:
The event and offer pages contain share buttons that link to third-party platforms (Facebook, Twitter/X, LinkedIn). These buttons are simple hyperlinks: upon clicking, the user is redirected to the selected platform's website, which acts as an independent data controller.
Il Panoramico is not responsible for the processing of personal data carried out by external platforms, nor for the cookies they set once their interface is reached. We invite you to consult the respective privacy policies:
The website uses technical cookies necessary for its operation and — upon the user's consent — experience cookies (Google Maps, YouTube, Vimeo), measurement cookies (Google Analytics 4) and marketing cookies (Meta Pixel).
On first access a banner is displayed allowing users to accept, refuse or customise non-necessary cookies. Preferences can be changed at any time through the Cookie Policy page.
For complete details (types, purposes, duration, recipients) please see the Cookie Policy.
Providing data is optional. However, certain data is required to access specific services:
Failure to provide such data makes it impossible to deliver the relevant service. Providing data for experience, measurement and marketing cookies is always optional and refusal does not affect the use of the website.
The Data Controller does not carry out decision-making based solely on automated processing producing legal effects or similarly significantly affecting data subjects pursuant to Art. 22 GDPR.
Profiling activities for advertising purposes may be carried out, limited to users who have granted consent to marketing cookies, by the third-party providers listed in section 5 (in particular Meta Platforms Ireland Limited) according to their own policies. Without such consent no profiling activity is performed.
Personal data is retained only for as long as strictly necessary to achieve the purposes for which it was collected, in compliance with the principle of minimisation set out in Art. 5 GDPR:
| Data category | Retention period |
|---|---|
| Contact requests through the form | 24 months after request fulfilment |
| Table bookings | Until the booking date + 6 months |
| Online orders and tax-relevant data | 10 years from tax document issuance (Italian Civil Code, Art. 2220) |
| Payment system technical logs | 10 years for anti-money laundering and traceability obligations |
| Browsing logs (IP addresses, user-agent) | 30 days, unless otherwise required by law |
| Phone number verified via SMS | Duration of the order session; not stored separately |
| Consent cookies (cookie_consent, experience_consent, measurement_consent, marketing_consent) | 180 days from last issuance, after which the banner is shown again |
After the indicated retention periods, data is deleted or anonymised, unless otherwise required by law.
The website is not intended for children under 14 years of age (the age threshold applicable under Italian law pursuant to Art. 2-quinquies of the Italian Privacy Code, which is stricter than the general 16-year threshold of the GDPR). The Data Controller does not knowingly collect personal data from children under 14.
If you are a parent or guardian and believe that a minor has provided us with personal data, please contact us at info@ilpanoramico.com: we will promptly delete such information.
For any information, clarification request or exercise of the rights described above, you may write to info@ilpanoramico.com or call +39 0364 1951856.
This Privacy Policy may be subject to updates, in particular in case of regulatory changes, introduction of new services or variations in the processing purposes. We invite you to periodically review this page: in case of substantial changes, we will provide notice through the cookie banner or a dedicated notice on the website pages.