Privacy e Cookie Policy

Data Controller

Our website address is The Data Controller of users’ personal information is the partnership Osteria da Bortolino di Naldini Roberto & C. Snc. Registered office: Via C. Fosse, 3 46019 Viadana (MN), VAT no.: 02322550209 Email:


Data Processor

The Data Processor is the natural or legal person, public authority, service or other entity which processes personal data on behalf of the Controller. As to personal data provided by the user while browsing this website, the partnership Osteria da Bortolino di Naldini Roberto & C. Snc. has not appointed a processor. Thus, data are processed only by the Controller. For further information, please contact the Controller at the following e-mail address:


What types of personal data do we collect and why do we collect them?

Browsing Data

When users leave comments on our website, we collect data provided in the comment form, the IP address and the browser’s user agent string for an easier spam filtering.

During the ordinary course of operations, the IT systems and software procedures for running this website acquire some personal data whose transmission is implied in the use of the communication protocols of the Internet.

This category of data includes IP addresses or domain names of computers used by users that connect to the website, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters regarding the operating system and the user’s IT environment.


Data directly provided by the user

The optional, explicit and voluntary sending of messages and the provision of personal data by the user to the contact addresses involve the subsequent acquisition of the sender’s email address (which is necessary to respond to the requests) as well as any other personal data included in the message. The processing of personal data optionally provided by the user is carried out only for the purpose of fulfilling requests and legal obligations and/or pre-contractual obligations and/or contractual obligations arising from the relationship resulting from the assignment given to the Controller by the user. Thus, the legal basis for processing such data is: the legal obligations to which the Controller is subject and the execution of obligations arising from the pre-contractual and contractual relationship. Specific areas of this website provide the link to more specific information on data processing which the user should consult before providing personal data.


Data Processing

For the purpose of data processing related to the services of this website the Controller uses servers located inside the European territory and IT systems at the registered office of the Controller. The aforementioned data will not be transmitted abroad. Technical and organisational measures shall be taken to ensure an acceptable level of safety for users and prevent loss, illicit or improper use of personal data and unauthorised access. Data directly provided by users are kept for as long as we need it for the purpose of processing their requests. They shall be then deleted, except for cases of assignments (the data shall be kept for the entire duration of the relationship, in compliance with legal obligations) and defensive needs (which may need an extension of the retention period).


Who do we share personal data with?

Personal data are processed only by the Controller and provided to third parties (IT consultants) in charge of the website maintenance and assistance.


Where are personal data processed?

Data are processed at the offices of the Controller and in any other place where the parties involved in data processing are located. For further information please contact the Controller.


How long do we keep personal data?

We keep personal data for as long as we need it for the purpose of processing users’ requests and for the purposes herein described. Users can withdraw consent to data processing or ask for erasure of their data.


What are the data subject’s legal rights?

Data subjects have the right to ask to the Controller to have access to their personal data, as well as for the correction or erasure of the same. They can also oppose and restrict its processing. The rights recognised by the current legislation on personal data protection are given in detail below.

The right to access: the right to ask to the Controller whether personal data are being processed, and if so, to have access to it and the following information: a) the purposes of such processing; b) the categories of personal data; c) the recipients or categories of recipients who received or will receive personal data, particularly in case of third countries or international organisations; d) if possible, the period for which the personal data are stored, if not possible, the criteria to establish such period; e) the existence of the right of the data subject to request from the Controller rectification, erasure or restriction of personal data processing or oppose to it; f) the right to lodge a complaint to a supervisory authority; g) all information available on the origin of personal data, if it has not been obtained from the data subject; h) the existence of an automated decision-making process, including proliferation and, at least in such cases, relevant information on the logic, the significance and the consequences for the data subject of such processing. Where personal data are transferred to third countries or international bodies, the user has the right to be informed about the existence of adequate guarantees with regard to its transfer.

The right to rectification: the right to have incorrect personal data rectified by the Controller without undue delay. Considering the purpose of the processing, the data subject has the right to obtain completion of incomplete personal data, including by way of supplementing a corrective statement.

The right to deletion: the right to have personal data deleted by the Controller without undue delay when: a) personal data are not more necessary with respect to the purpose for which it has been collected or processed; b) the data subject withdraws consent on which the processing is based and if there is no other legal basis for this processing; c) the data subject opposes the processing when it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller or for the purposes of the legitimate interests and there is no other legal ground for the processing, or opposes the processing for direct marketing purposes; d) personal data are processed unlawfully; e) personal data shall be deleted for compliance with a legal obligation in Union or Member State law to which the Controller is subject; f) personal data have been collected in relation to the offering of information society services to children. The request for deletion cannot be accepted if the processing is necessary: a) for exercising the right to freedom of expression and information; b) for compliance with a legal obligation, which requires data processing, in Union or Member State law to which the Controller is subject or the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller; c) for reasons of public interest in the area of public health; d) for purpose of storage in the public interest, scientific or historical research or statistics, to extent that the deletion is likely to make impossible or seriously affect the achievement of the objectives of this processing; or e) for the establishment, exercise or defence of a right before a court.

The right to restriction: the right to have personal data, with the exception of storage, only be processed following the data subject’s consent, or for the establishment, exercise or defence of a right before a court or for the protection of the rights of another natural or legal person or for an objective of public interest of Union or another Member State of: a) their accuracy is contested by the data subject, for a period enabling the Controller to verify the accuracy of the data; b) the processing is unlawful and the data subject opposes their erasure and requests the restriction of their use instead; c) although the controller no longer needs the personal data for purposes of processing, personal data are necessary to the data subject for the establishment, exercise or defence of a right before a court; d) the data subject opposes the processing when it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller or for the purposes of the legitimate interests of the Controller or third parties, while awaiting the Controller’s legitimate reasons (compared to those of the data subject) to be verified.

The right to portability: the right to obtain in a structured, readable and commonly used format from an automatic device the personal data provided to the Controller; the data subject has the right to transfer such data to another Controller without hindrance from the Controller from whom the personal data are withdrawn, directly transfer personal data from a Controller to another, where technically feasible, when the processing is based on consent or on a contract and performed with the aid of electronic means. This right does not affect the right to erasure.

The right to object: the right of the data subjects to oppose at any time, on grounds relating to their particular situation, personal data processing when it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller or for the purposes of the legitimate interest pursued by the Controller or third parties. Where personal data are processed for direct marketing purposes, the data subject has the right to object at any time to personal data processing for such purposes, including proliferation, in as much as it is related to such direct marketing. Data subjects have the right to lodge a complaint with the Guarantor, in agreement with Article 77 of GDPR, and appeal to judicial authorities (Article 79 of GDPR) if they think that the processing of their personal data infringes GDPR. Data subjects can assert their rights at any time by contacting the Controller at, without further formalities.  



The visitors of the website are provided with information about the use and the installation of cookies.


what are Cookies?

Cookies are small text files that are stored on a user’s computer when the user accesses a website. These files store information which will be retrieved by the website when accessing again the website to ensure an optimised browsing experience. Cookies are sent by a web server (that is, the computer used to access the website) to the user’s browser (Internet Explorer, Mozilla Firefox, Google Chrome, etc.) and stored on the user’s computer. They will be sent back to the website when accessing again the website.


Types of Cookies

Two main categories of cookies used on websites can be distinguished: 1) technical cookies, i.e. cookies transmitted by the webmaster for the proper functioning of the website; they can in turn be distinguished in:

  • session cookies: for the normal use of the website and related services, allow to access to private areas, fill more easily forms when accessing again the website or make purchases;
  • functional cookies, although not essential, enhance the functionalities of the website by allowing the users to express their preferences and keeping them persistent regarding certain aspects of browsing (for example, language selection, font size personalisation, or preferred product saving on an e-commerce);
  • analytic (or statistical) cookies are considered as ‘technical cookies’ when they are directly used by the webmaster to collect information, in aggregate form, on the number of users and how they visit the website;
  • profilation cookies: as defined by the Privacy Guarantor, these cookies are intended to create user profiles and used to send advertising messages based on the preferences expressed by the user when browsing the web.

The profilation cookies identified by the Guarantor are:

  • statistical cookies managed by third parties;
  • advertising cookies;
  • retargeting cookies;
  • social network cookies.

According to their intended use, technical and profilation cookies can be further distinguished in:

  • first-party cookies, i.e. cookies directly transmitted by the webmaster;
  • third-party cookies, i.e. cookies transmitted by third-party companies by means of specific codes, for the purpose of adding additional functions to the website (for example, social network widgets such as icons for article sharing).


Cookies used on

Neither user proliferation cookies nor other tracking methods are used on this website. This website uses technical cookies which, on the basis of the current legislation, do not need the authorisation of the data subject. It also uses session cookies (not persistent) only for a safe and efficient web browsing. The storage of session cookies in terminals and browsers is controlled by the user and is equal to the duration of the session. Specifically, this website uses:

  • technical cookies necessary for web browsing;
  • a technical cookie for an easier browsing, thus preventing the cookie policy in the banner from reappearing in case of connections to the website before the deadline. By clicking ‘ok’ on the banner, the user enables this cookie. By deleting such a cookie, the banner will reappear.

Without such cookies, the website will not function properly.


How to disable cookies

By continuing to browse the website or clicking the button ‘Accept’ in the advertising banner, users agree to the use of cookies. The website keeps track of their consent(s) by means of a specific technical cookie, considered as ‘particularly non-invasive’ by the Privacy Guarantor. Users can withhold their consent and/or change at any time their preferences regarding the use of cookies on this website. If users have already given their consent but want to change the authorisations to the use of cookies, they must delete them from their browser. It should be noted that every browser uses different procedures for the management of settings. Please find specific instructions to disable or manage cookies at the links of the following browsers: Google Chrome Mozilla Firefox Apple Safari Microsoft Windows Explorer Notice to mobile users: it should be noted that the system configurations to prevent cookies from being stored and delete them depend on the brand and/or model of your device, you should therefore refer to the manufacturer’s instructions.


Google Web Fonts

For a uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

For this purpose your browser has to establish a direct connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our plugin. This constitutes a justified interest pursuant to Article 6 (1) (f) GDPR.

If the user’s browser does not support web fonts, the computer uses standard fonts.

Further information on data processing can be found at and in Google Privacy Policy at


Legal References

Notice to European users: this privacy policy complies with the obligations under Article 10 of Directive 95/46/CE, as well as with Directive 2002/58/CE, as updated by Directive 2009/136/CE, on Cookie Law.

For further information on the Italian Cookie Law please refer to the use of cookies in Italy