Tutela della Privacy
Last Modified: February 15, 2022
1) Introduction
This Privacy Notice describes how Sant Ambroeus collects and uses Personal Data about you through the use of our Websites, and through email, text, and other electronic communications between you and Sant Ambroeus.
SA Hospitality Group (“Sant Ambroeus” or “we” or “us”) respects your privacy and is committed to protecting it through our compliance with this policy.
This Privacy Notice (our “Privacy Notice”) describes the types of information we may collect from you or that you may provide when you visit the websites https://www.santambroeus.com/, https://sant-ambroeus-sah.myshopify.com/, https://www.casalever.com and https://www.felicenyc.com/, (each, a “Website”) and our practices for collecting, using, maintaining, protecting, and disclosing that information.
See the SA Hospitality Group GDPR Privacy Addendum.
This policy applies to information we collect:
- on our Websites;
- in email, text, and other electronic messages between you and our Websites;
- when you interact with our advertising and applications on third-party websites and services, if those applications or advertising include links to this policy.
It does not apply to information collected by:
- us offline or through any other means, including on any other website operated by Sant Ambroeus or any third-party (including our affiliates and subsidiaries);
- us or any of our affiliates or subsidiaries related to your or any other individual’s employment or potential employment with us; or
- any third party (including our affiliates and subsidiaries), including through any application or content (including advertising) that may link to or be accessible from or on the Websites.
Please read this Privacy Notice carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Websites. By accessing or using these Websites, you agree to this Privacy Notice. This Privacy Notice may change from time to time (see Changes to Our Privacy Notice).
Your continued use of these Websites after we make changes is deemed to be acceptance of those changes, so please check this Privacy Notice periodically for updates.
2) Children Under the Age of 18
Our Websites are not intended for children under the age of 18 and children under the age of 18 are not permitted to use our Websites. We will remove any information about a child under the age of 18 if we become aware of it.
Our Websites are not intended for children under 18 years of age. No one under age 18 may provide any information to or on the Websites. We do not knowingly collect Personal Data from children under 18.
If you are under 18, do not use or provide any information on our Websites or on or through any of its features, including your name, address, telephone number, email address, or any screen name or user name you may use.
If we learn we have collected or received Personal Data from a child under 18 without verification of parental consent, we will delete that information. If you believe we might have any information directly from a child under 18, please contact us at the contact information provided below.
3) Information We Collect About You and How We Collect It
We collect different types of information about you, including information that may directly identify you, information that is about you but individually does not personally identify you, and information that we combine with our other users. This includes information that we collect directly from you or through automated collection technologies.
Throughout this Privacy Notice, the term “Personal Data” means any information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or device. However, Personal Data does not include any deidentified or aggregated information.
Generally We collect several types of Personal Data from and about users of our Websites:
- by which you may be personally identified, such as your name and other contact information as well as your payment card information (solely for payment processing when you place an order on our Websites);
- that is about you but individually does not identify you, such as information about your visit to our Websites, information in cookies, and other analytical information; and/or
- about your internet connection, the equipment you use to access our Websites and usage details.
We collect this information:
- directly from you when you provide it to us;
- automatically as you navigate through the Websites.; and
- From third parties, for example, our business partners.
Information You Provide to Us The information we collect on or through our Websites are:
- information that you provide by filling in forms on our Websites. This includes information provided at the time of creating an account, making a purchase, or making a reservation on or through one of our Websites;
- if you contact us, records and copies of your correspondence (including email addresses);
- details of transactions you carry out through our Websites and of the fulfillment of your orders. You may be required to provide payment card information before placing an order through our Websites;
- your search queries on the Websites.
Information We Collect Through Automatic Data Collection Technologies As you navigate through and interact with our Websites, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns:
- details of your visits to our Websites. We collect traffic data, location data, logs, referring/exit pages, date and time of your visit to our Websites, error information, clickstream data, and other communication data and the resources that you access and use on the Websites; and
- information about your computer and internet connection, i.e., your IP address, operating system, and browser type.
The information we collect automatically may include Personal Data, or we may maintain it or associate it with Personal Data we collect in other ways or receive from third parties. It helps us to improve our Websites and to deliver a better and more personalized service by enabling us to:
- estimate our audience size and usage patterns;
- store information about your preferences, allowing us to customize our Websites according to your individual interests;
- speed up your searches; and
- recognize you when you return to our Websites.
The technologies we use for this automatic data collection may include:
- Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. Our Websites may use both session cookies (which expire once you close your browser) and persistent cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Websites. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Websites. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. However, if you do not consent to our use of cookies or select this setting you may be unable to access certain parts of our Websites. You can find more information about cookies at http://www.allaboutcookies.org and http://youronlinechoices.eu.
- Session Cookies. Our use of cookies also includes “session cookies.” Each time you access the Website, a session cookie containing an encrypted, unique identifier is placed on your browser. These session cookies allow us to uniquely identify you when you use the Website and track which pages of the Website you access. Session cookies are required to use the Website. These cookies are removed once you logout or a short period of time after you leave the Websites.
- Web Beacons. Pages of our Website and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit Sant Ambroeus, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
Information We Collect from Third Parties We may use various third parties to assist with our online store and our reservation system. These third parties provide us with details of your order or reservation, such as your name, contact, order details or reservation request.
Information We Collect from Third Parties Some content or applications, including advertisements, on the Websites are served by third-parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our Websites.
The information they collect may be associated with your Personal Data or they may collect information, including Personal Data, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.
We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For information about how you can opt out of receiving targeted advertising from many providers, see Choices About How We Use and Disclose Your Information.
4) How We Use Your Information
We use your Personal Data for various purposes described below, including to:
- provide our Websites to you;
- provide you with information you request from us;
- enforce our rights arising from contracts;
- notify you about changes; and
- provide you with notices about your account.
We use information that we collect about you or that you provide to us, including any Personal Data:
- to present our Websites and their contents to you;
- to provide you with information, products, or services that you request from us;
- to provide you with notices about your order or reservation;
- to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;
- to notify you about changes to our Websites or any products or services we offer or provide though them;
- in any other way we may describe when you provide the information;
- to fulfill any other purpose for which you provide it; and
- for any other purpose with your consent.
We may also use your information to contact you about our own goods and services that may be of interest to you. If you do not want us to use your information in this way, please click the “unsubscribe” link in any emails we send you or check the relevant box when you provide us your information. For more information, seen or distribution Choices About How We Use and Disclose Your Information.
5) Disclosure of Your Information
We do not share, sell, or otherwise disclose your Personal Data for purposes other than those outlined in this Privacy Notice. We disclose your Personal Data to a few third parties, including:
- our subsidiaries and our affiliates;
- our third-party service providers that we use to support our business;
- to a company we merge, acquire, or that buys us, or in the event of change in structure of our company of any form;
- to comply with our legal obligations;
- to enforce our rights; and
- with your consent.
We do not share, sell, or otherwise disclose your Personal Data for purposes other than those outlined in this Privacy Notice. However, we may disclose aggregated information about our users, and information that does not identify any individual, without restriction.
We may disclose Personal Data that we collect or you provide as described in this Privacy Notice:
- to our subsidiaries and affiliates;
- o contractors, service providers, and other third parties we use to support our business. These entities provide IT and infrastructure support services, as well as services for our online store, deliveries, and our online reservation system. We use Shopify for our online store. Shopify’s privacy notices may be found at https://www.shopify.com/legal/privacy. We use SevenRooms to provide our online reservation system. SevenRooms’ privacy notices may be found at https://sevenrooms.com/en/privacy-policy/. We may also use various delivery services to deliver your order to you, where available;
- to a potential or actual buyer or other successor in the event of a planned or actual merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Sant Ambroeus’ assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Sant Ambroeus about our customers and Websites’ users is among the assets transferred;
- to fulfill the purpose for which you provide it. For example, if you give us your contact information to reserve a table in one of our restaurants, we may disclose that contact information to the restaurant staff so they may call you about availability;
- for any other purpose disclosed by us when you provide the information; and
- with your consent.
We may also disclose your Personal Data:
- to comply with any court order, law, or legal process, including to respond to any government or regulatory request, including laws outside your country of residence;
- to respond to requests from public and government authorities, including public and government authorities outside your country of residence;
- to establish, exercise, or defend any legal claims;
- to enforce or apply our terms of use, reservation terms, and other agreements, including for billing and collection purposes; and
- if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Sant Ambroeus, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
6) Choices About How We Use and Disclose Your Information
We offer you choices on how you can opt out of our use of tracking technology, disclosure of your Personal Data for third-parties to advertise to you, our advertising to you, and other targeted advertising.
We do not control the collection and use of your information collected by third parties described above in Disclosure of Your Information.
When possible, these organizations are under contractual obligations to use this data only for providing the services to us and to maintain this information strictly confidential. These third parties may, however, aggregate the information they collect with information from their other customers for their own purposes.
In addition, we strive to provide you with choices regarding the Personal Data you provide to us. We have created mechanisms to provide you with control over your Personal Data:
- Tracking Technologies and Advertising.
- Promotional Offers from Sant Ambroeus. If you do not wish to have your contact information used by us to promote our own products and services, you can opt-out by checking the relevant box located on the checkout form or by clicking the unsubscribe link at the bottom of a promotional email you receive from us. This opt out does not apply to information provided to Sant Ambroeus as a result of a product purchase, warranty registration, product service experience or other transactions.
We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can learn more about interest-based advertisements and your opt-out rights and options from members of the Network Advertising Initiative (“NAI”) on its website (www.networkadvertising.org) and from members of the Digital Advertising Alliance on its website (www.aboutads.info).
7) Accessing and Correcting Your Information
You can review and change your Personal Data by contacting us, however, we may not always be able to accommodate such a request.
You can review and change your personal information by contacting us through the contact information below to request access to, correct or delete any Personal Data that you have provided to us. We will not delete your data if we require it for recordkeeping or other legitimate purposes or if deleting it would violate any law or legal requirement. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
8) Jurisdiction-Specific Privacy Rights and Information
The law in certain jurisdictions may provide their residents with additional rights and information regarding our use of your Personal Data.
The law in some jurisdictions may provide you with additional rights regarding our use of Personal Data. To learn more about any additional rights that may be applicable to you as a resident of one of these jurisdictions, please see the privacy addendum for your jurisdction that is attached to this Privacy Notice or the information below.
Your GDPR Privacy Rights If you access a Website for one of our restaurants in the European Economic Area you have the additional rights described in our GDPR Privacy Addendum.1
Your California Privacy Rights California Civil Code Section 1798.83 (California’s “Shine the Light” law) permits users of our Websites that are California residents and who provide Personal Data in obtaining products and services for personal, family, or household use to request certain information regarding our disclosure of Personal Data to third parties for their own direct marketing purposes.If applicable, this information would include the categories of Personal Data and the names and addresses of those businesses with which we shared your Personal Data with for the immediately prior calendar year (e.g., requests made in 2021 will receive information regarding such activities in 2020).
You may request this information once per calendar year. To make such a request, please contact us through the contact information below and specifically mention that your request is a “California Shine the Light Request”.
9) Do Not Track Signals
We may use automated data collection technologies to track you across websites. We currently do not honor do-not-track signals that may be sent by some browsers.
We also may use automated data collection technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking). Some web browsers permit you to broadcast a signal to websites and online services indicating a preference that they “do not track” your online activities. At this time, we do not honor such signals and we do not modify what information we collect or how we use that information based upon whether such a signal is broadcast or received by us.
10) Data Security
Information transmitted over the Internet is not completely secure, but we do our best to protect your Personal Data. You can help protect your Personal Data and other information by keeping your password to our Websites confidential.
We have implemented measures designed to secure your Personal Data from accidental loss and from unauthorized access, use, alteration, and disclosure. We also require the providers of our online store and reservation system to implement reasonable security measures. You can read more about Shopify’s security measures at https://www.shopify.com/security.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to our Websites. Any transmission of Personal Data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures deployed on the Websites.
11) Consent to Processing of Personal Data In Other Countries
We may process your Personal Data outside of your home country, including to the United States. We only do this when we are legally permitted to do so and when we have appropriate safeguards in place to protect your Personal Data.
If you are a resident outside of the United States, in order to provide our Websites, products, and services to you, we may send and store your Personal Data outside of your home country, including to the United States.
Accordingly, your Personal Data may be transferred outside the country where you reside or are located, including to countries that may not or do not provide an equivalent level of protection for your Personal Data.
Your information may be processed and stored in the United States and United States federal, state, and local governments, courts, or law enforcement or regulatory agencies may be able to obtain disclosure of your information through the laws of the United States. By using our Websites, you represent that you have read and understood the above and hereby consent to the storage and processing of Personal Data outside the country where you reside or are located, including in the United States.
Your Personal Data is transferred by Sant Ambroeus to another country only if it is required or permitted under applicable data protection law and provided that there are appropriate safeguards in place to protect your Personal Data. To ensure your Personal Data is treated in accordance with this Privacy Notice when we transfer it to a third party, Sant Ambroeus uses Data Protection Agreements between Sant Ambroeus and all other recipients of your data that include, where applicable, the Standard Contractual Clauses adopted by the European Commission (the “Standard Contractual Clauses”). The European Commission has determined that the transfer of Personal Data pursuant to the Standard Contractual Clauses provides for an adequate level of protection of your Personal Data, but may need to be supplemented with additional measures on a case-by-case basis after an analysis that such supplemental measures can provide you with an essentially equivalent level of protection as afforded in the EU. When, as a result of this analysis, we believe this to be appropriate and necessary, these Standard Contractual Clauses have been supplemented in this way. Under these Standard Contractual Clauses, you have the same rights as if your data was not transferred to such third country. You may request a copy of the Data Protection Agreement by contacting us through the Contact Information below.
12) Changes to Our Privacy Notice
We will post any changes to our Privacy Notice on our Websites. If we make material changes to our Privacy Notice, we may notify you of such changes through your contact information and invite you to review (and accept, if necessary) the changes.
We may change this Privacy Notice at any time. It is our policy to post any changes we make to our Privacy Notice on this page with a notice that the Privacy Notice has been updated on the Websites’ home page. If we make material changes to how we treat our users’ Personal Data, we will notify you by email to the email address we have collected and through a notice on the Websites’ home page.
The date this Privacy Notice was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Websites and this Privacy Notice to check for any changes.
13) Contact Information
You may contact our us through the contact information below.
If you have any questions, concerns, complaints or suggestions regarding our Privacy Notice, have any requests related to your Personal Data pursuant to applicable laws, or otherwise need to contact us, you may contact us at the contact information below.
To Contact SA Hospitality Group
SA Hospitality Group
950 Third Avenue, Suite 500
New York, NY 10022
USA
info@santambroeus.com
SA Hospitality Group GDPR Privacy Addendum
Last Modified: February 15, 2022
1) Introduction
This GDPR Privacy Addendum supplements the information in our Privacy Notice if you are located in the European Economic Area, the United Kingdom, or Switzerland.
This GDPR Privacy Addendum (the “GDPR Privacy Addendum”) supplements the information contained in our SA Hospitality Group Privacy Notice (our “Privacy Notice”) and applies solely to patrons of our restaurant at Pasticceria e Confetteria SantAmbroeus Milano Srl- Via Matteotti n° 7 Milano, including our website at https://www.santambroeusmilano.com/en/. We adopt this GDPR Privacy Addendum to comply with the European Union’s General Data Protection Regulation, and any laws implementing the foregoing in Italy (collectively, the “GDPR”). Unless otherwise defined in this GDPR Privacy Addendum, any terms defined in the GDPR or our Privacy Notice have the same meaning when used in this GDPR Privacy Addendum. When this GDPR Privacy Addendum is applicable to you, it takes precedence over anything contradictory in our Privacy Notice.
2) Data Controller, Data Protection Officer, and Representative
Sant Ambroeus is the data controller of the Personal Data you provide on the Websites. Sant Ambroeus has appointed a Data Protection Officer.
Sant Ambroeus is the data controller of your Personal Data. Sant Ambroeus has appointed a Data Protection Officer in compliance with the General Data Protection Regulation.
3) Information We Collect About You and How We Collect It
The Personal Data we collect about you and how we collect it is described in our Privacy Notice.
The Personal Data we collect and the ways in which we collect it is described in our Privacy Notice.
4) Lawful Basis for Processing Your Personal Data
We have a lawful basis for our processing of your Personal Data, including processing for our legitimate interests (when balanced against your rights and freedoms), to fulfill our obligations to you under a contract with you, and required by law, and with your consent.
The processing of your Personal Data is lawful only if it is permitted under the GDPR. We have a lawful basis for each of our processing activities (except when an exception applies as described below):
-
Consent.
By using our Website, registering for our Newsletter, or otherwise providing your Personal Data to us when you make a reservation, you consent to our collection, use, and sharing of your Personal Data as described in our Privacy Notice and this GDPR Privacy Addendum. If you do not consent to the terms of our Privacy Notice and this GDPR Privacy Addendum, please do not use the Website; -
Legitimate Interests.
We will process your Personal Data as necessary for our legitimate interests. Our legitimate interests are balanced against your interests and rights and freedoms and we do not process your Personal Data if your interests or rights and freedoms outweigh our legitimate interests. Our legitimate interests are to: facilitate communication between Sant Ambroeus and you; detect and correct bugs and to improve our Website; safeguard our IT infrastructure and intellectual property; detect and prevent fraud and other crime; promote and market our business; check your credit and perform risk assessments; and develop and enhance our menu and other similar services; -
To Fulfill Our Obligations to You under our Contract.
We process your Personal Data in order to fulfill our obligations to you pursuant to our agreement with you to deliver our goods and services to you, including when you make a reservation for a table at our restaurant or place an order for pickup or delivery; -
As Required by Law.
We may also process your Personal Data when we are required or permitted to by law; to comply with government inspections, audits, and other valid requests from government or other public authorities; to respond to legal process such as subpoenas; or as necessary for us to protect our interests or otherwise pursue our legal rights and remedies (for instance, when necessary to prevent or detect fraud, attacks against our network, or other criminal and tortious activities), defend litigation, and manage complaints or claims.
5) Special Categories of Information
We generally do not request you provide and do not process any special categories of Personal Data.
Sant Ambroeus does not ask you to provide, and we do not knowingly collect, any special categories of Personal Data from you, such as information that reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade unions membership, or personal data concerning your health or data concerning your sex life or sexual orientation or history of criminal convictions.
6) Automated Decision Making
We generally do not use your Personal Data with any automated decision making processes.
Sant Ambroeus does not use your Personal Data with any automated decision making process, including profiling, which may produce a legal effect concerning you or similarly significantly affect you.
7) How We Use Your Information
We only use your Personal Data as described in our Privacy Notice
We will use your Personal Data to send you our newsletter only with your consent. You consent to such use when you register to receive our newsletter and provide us your Personal Data, such as your name and email address. If you wish to change your choice, you may do so at any time by sending us an email stating your request the contact information provided below or by following the unsubscribe instructions in the email containing the newsletter.
8) How We Use Your Information
We only share or disclose your Personal Data to the entities and for the purposes described in our Privacy Notice.
We do not share or otherwise disclose your Personal Data for purposes other than to the entities and for the purposes described in our Privacy Notice.
9) Your Rights Regarding Your Information and Accessing and Correcting Your Information
You have certain rights with respect to your Personal Data under the GDPR, including the right to access and update your Personal Data, restrict how it is used, transfer certain Personal Data to another controller, withdraw your consent at any time, and the right to have us erase certain Personal Data about you. You also have the right to complain to a supervisory authority about our processing of your Personal Data
The GDPR provides you with certain rights with regards to our processing of your Personal Data. These rights replace the similar rights provided in our Privacy Notice or are supplemental to such rights.
-
Access and Update.
You can review and change your Personal Data by sending us a request through the Contact Information below, together with any changes or errors in any Personal Data we have about you to ensure that it is complete, accurate, and as current as possible. We may also not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect. -
Restrictions.
You have the right to restrict our processing of your Personal Data under certain circumstances. In particular, you can request we restrict our use of it if you contest its accuracy, if the processing of your Personal Data is determined to be unlawful, or if we no longer need your Personal Data for processing but we have retained it as permitted by law. -
Portability.
To the extent the Personal Data you provide Sant Ambroeus is processed based on your consent and that we process it through automated means, you have the right to request that we provide you a copy of, or access to, all or part of such Personal Data in structured, commonly used and machine-readable format. You also have the right to request that we transmit this Personal Data to another controller, when technically feasible. -
Withdrawal of Consent.
To the extent that our processing of your Personal Data is based on your consent, you may withdraw your consent at any time by closing your account. Withdrawing your consent will not, however, affect the lawfulness of the processing based on your consent before its withdrawal, and will not affect the lawfulness of our continued processing that is based on any other lawful basis for processing your Personal Data. -
Right to be Forgotten.
You have the right to request that we delete all of your Personal Data. We will only delete your Personal Data when we no longer have a lawful basis for processing your Personal Data or after a final determination that your Personal Data was unlawfully processed. We may not accommodate a request to erase your Personal Data if we believe the deletion would violate any law or legal requirement or cause the information to be incorrect. In all other cases, we will retain your Personal Data as set forth in this policy. In addition, we cannot completely delete your Personal Data as some data may rest in previous backups. These will be retained for the periods set forth in our disaster recovery policies. -
Complaints.
You have the right to lodge a complaint with the applicable supervisory authority in the country you live in, the country you work in, or the country where you believe your rights under applicable data protection laws have been violated. However, before doing so, we request that you contact us directly in order to give us an opportunity to work directly with you to resolve any concerns about your privacy. -
How You May Exercise Your Rights.
You may exercise any of the above rights by contacting us through any of the methods listed under Contact Information below. If you contact us to exercise any of the foregoing rights, we may ask you for additional information to verify your identity. We reserve the right to limit or deny your request if you have failed to provide sufficient information to verify your identity or to satisfy our legal and business requirements. Please note that if you make unfounded, repetitive, or excessive requests (as determined in our reasonable discretion) to access your Personal Data, you may be charged a fee subject to a maximum set by applicable law.
10) Consent to Processing of Personal Data In Other Countries Outside the European Economic Area or the United Kingdom
We may process your Personal Data outside of your home country, including to the United States. We only do this when we are legally permitted to do so and when we have appropriate safeguards in place to protect your Personal Data.
In order to provide our Website, products, and services to you, we may send and store your Personal Data outside of the EEA, including to the United States. Accordingly, your Personal Data may be transferred outside the country where you reside or are located, including to countries that may not or do not provide an equivalent level of protection for your Personal Data. Your information may be processed and stored in the United States and United States federal, state, and local governments, courts, or law enforcement or regulatory agencies may be able to obtain disclosure of your information through the laws of the United States. By using our Website, you represent that you have read and understood the above and hereby consent to the storage and processing of Personal Data outside the country where you reside or are located, including in the United States.
Your Personal Data is transferred by Sant Ambroeus to another country only if it is required or permitted under the GDPR and provided that there are appropriate safeguards in place to protect your Personal Data. To ensure your Personal Data is treated in accordance with our Privacy Notice and this GDPR Privacy Addendum when we transfer it to a third party, Sant Ambroeus uses Data Protection Agreements between Sant Ambroeus and all other recipients of your data that include, where applicable, the standard contractual clauses adopted by the European Commission (collectively, the “Standard Contractual Clauses”). The European Commission has determined that the transfer of Personal Data pursuant to the Standard Contractual Clauses provides for an adequate level of protection of your Personal Data, however, the Standard Contractual Clauses may need to be supplemented in some cases with additional measures on a case-by-case basis after an analysis that such supplemental measures can provide you with an essentially equivalent level of protection as afforded in the EEA. When, as a result of this analysis, we believe this to be appropriate and necessary, the Standard Contractual Clauses have been supplemented in this way. Under these Standard Contractual Clauses, you have the same rights as if your Personal Data was not transferred to such third country. You may request a copy of the Data Protection Agreement by contacting us through the Contact Information below.
11) Data Retention Periods
We retain your Personal Data for as long as you keep your account open. In some instances, we may keep it after you close your account, for example we may keep it:
- on our backup and disaster recovery systems;
- for as long as necessary to protect our legal interests; and
- and to comply with other legal requirements.
Sant Ambroeus will retain your Personal Data for as long as necessary to fulfill the purposes that it was provided for. After this period, we may retain your Personal Data for any of the reasons listed below, whichever is longer:
- for as long as necessary to comply with any legal requirement;
- on our backup and disaster recovery systems in accordance with our backup and disaster recovery policies and procedures; and
- for as long as necessary to protect our legal interests or otherwise pursue our legal rights and remedies
After this time, your Personal Data will be either deleted or aggregated or otherwise rendered anonymous such that you are no longer identifiable. Aggregated or anonymized data is no longer Personal Data and we may retain such data indefinitely.
12) Changes to This GDPR Privacy Addendum
We will post any changes to our GDPR Privacy Addendum on our Website. If we make material changes to this GDPR Privacy Addendum, we may notify you of such changes through your contact information and invite you to review (and accept, if necessary) the changes.
We may change this GDPR Privacy Addendum at any time. It is our policy to post any changes we make to our GDPR Privacy Addendum on this page with a notice that the GDPR Privacy Addendum has been updated on the Website’s home page.
If we make material changes to how we treat our users’ Personal Data, we will notify you by email to the email address specified in your account and/or through a notice on the Website’s home page. The date this GDPR Privacy Addendum was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Website and this GDPR Privacy Addendum to check for any changes.
13) Contact Information
You may contact our Data Protection Officer through the contact information below.
If you have any questions, concerns, complaints, or suggestions regarding our Privacy Notice or this GDPR Privacy Addendum, have any requests related to your Personal Data described in the Privacy Notice or this GDPR Privacy Addendum, or otherwise need to contact us, you can do so at the contact information below or through the “Contact” page on our Website.
To Contact Sant Ambroeus (Controller)
Sant Ambroeus
Confetteria e Pasticceria
Corso Matteotti, 7
20121 Milano
Tel: +39 02 76000540
infomilano@santambroues.com To Contact Our Data Protection Officer
Martin Deda
950 Third Avenue
Ste. 500
New York, NY 10022
USA