Privacy and Cookie Policy

Last updated: 9 July 2025

Taverna Gambrinus Bellagio (“we”, “our”, “us”) respects your privacy and is committed to protecting your personal data. This Privacy & Cookie Policy is designed to comply with the following legal frameworks:

• GDPR (General Data Protection Regulation) – European Union & United Kingdom
• CCPA/CPRA – California Consumer Privacy Act & California Privacy Rights Act (USA)
• LGPD – Lei Geral de Proteção de Dados (Brazil)
• Other applicable privacy laws and best practices

This policy explains what personal information we collect, how we use it, which third-party services process it, and what your rights are under applicable privacy laws.

Data Controller

Aima Bellagio di Gandola Sara
Piazza dei Canestri 1, 22021 Bellagio (CO), Italy
Email: info@tavernagambrinusbellagio.it
Phone: +39 347 91 29 967

Sara Gandola is responsible for all data processing activities carried out through this website.

1. Personal data we collect

We only collect the personal information you voluntarily submit through our contact form:

• Your name
• Your email address
• The content of your message

We do not actively record, store, or track your IP address, nor do we set cookies for analytics, advertising, or profiling purposes. However, some third-party services integrated into our website (see below) may automatically process technical information such as your IP address, browser type, or set functional cookies as part of their operation.

2. Why we process your data

We use the data you provide exclusively for:

• Responding to your inquiries and communicating with you
• Ensuring the website’s functionality and security (via third-party services)
• Hosting and delivering the website (via SiteGround Spain)

The legal bases for processing your data are:

• Your explicit consent (GDPR Article 6(1)(a), LGPD Article 7)
• Our legitimate interest in maintaining website functionality and security (GDPR Article 6(1)(f))

We do not sell, rent, or share your personal information for advertising purposes. California residents: we do not “sell” or “share” your data as defined under CCPA/CPRA.

3. Hosting provider: SiteGround Spain

Our website is hosted by SiteGround Spain S.L., CIF: B87194171, with servers located in data centers within the European Union.

SiteGround acts as a data processor on our behalf. They:

• Host and store our website and any personal data you submit
• Process your data exclusively in accordance with our instructions
• Implement technical and organizational measures to safeguard your data
• Do not use or access your data for their own purposes

SiteGround’s privacy policy is available at: https://www.siteground.com/privacy.htm

4. Third-party services

We use the following third-party services, which may independently process your technical data and set necessary cookies:

• Google Maps – displays our location on a map. Privacy policy: https://policies.google.com/privacy
• Google reCAPTCHA – protects our contact form from spam and bots. Privacy policy: https://policies.google.com/privacy
• Font Awesome CDN – delivers icon fonts and assets. Privacy policy: https://fontawesome.com/privacy

We recommend reviewing the above policies for more information about how these services process your data.

5. Cookies

Our website only uses cookies set by the above services, strictly necessary for their functionality (e.g., displaying maps, preventing spam). We do not use tracking, analytics, or advertising cookies.

You may control or disable cookies at any time using your browser settings, but some functionality may be impaired.

6. Data retention

We retain the personal data you submit through our contact form for up to 12 months unless a longer retention period is required by law.

7. Your privacy rights

You have the right to access, correct, delete, or restrict the processing of your personal data. Depending on your jurisdiction, you also have the right to:

• Withdraw consent at any time (GDPR & LGPD)
• Request data portability (GDPR & LGPD)
• Know what personal data we collect and request its deletion (CCPA/CPRA)
• Opt-out of the sale or sharing of your data (CCPA/CPRA) – note: we do not sell or share your data
• Lodge a complaint with your local data protection authority

To exercise your rights, please email: info@tavernagambrinusbellagio.it. We may need to verify your identity before fulfilling your request.

8. Security

We implement appropriate technical and organizational measures to secure your personal data. SiteGround also provides server-level security controls. However, no system can guarantee absolute security.

9. International transfers

We store your data on servers located in the EU. Where third-party services transfer data outside the EU/UK, we rely on standard contractual clauses (SCCs) or adequacy decisions to ensure adequate protection.

10. Changes to this policy

We may update this Privacy & Cookie Policy from time to time to reflect changes in law or our practices. Please check this page periodically for updates.