Privacy policy

Pursuant to art. 13 of Legislative Decree no. 196/2003 and article 13 and 14 of the GDPR 2016/679 we inform you that the personal data provided by the User by interacting with the aforementioned website will be processed in compliance with the guarantees of confidentiality and security measures provided for by the regulations in force, for the sole purposes of the processing, through IT, telematic and manual tools.

This information concerns the processing of personal data, such as: personal data, tax code, residence or domicile, telephone numbers, e-mail, images, IP addresses, geolocation information, cookies, further information that the User can freely decide to provide and other data which, if cross-referenced with others, can trace the User’s profile.

The privacy policy information is provided only for the aforementioned site and not for others that may be consulted by the User via links contained therein.

Personal data are processed for purposes strictly connected to the services offered by the business, purposes related to the fulfillment of obligations established by law, regulations, community legislation and the protection of public order, the detection and repression of crimes. In particular, the User’s personal data may be used for the following purposes:

Response to requests made by completing forms on the aforementioned website.
Registration on the aforementioned website and the related services offered.
Processing purchases, payments, quotes, analytics and/or invoicing.
Sending technical communications.
Provide targeted, personalized content based on the same data you provide.
The purposes listed above are subject to the explicit consent of the user.
It is possible to refuse to provide the data necessary for the intended purposes in whole or in part, but in this circumstance it may not be possible to provide the complete and correct service.
The consent of minors is valid from the age of 16, under this age it must be provided by the person acting on their behalf.

Subjects to whom the data may be communicated or become aware of them as managers or agents
Locanda Giolica di Veronica Nesti does not transfer personal data to third parties, however it may provide the User’s data to third parties for certain processes, namely:

Professionals, studios, companies and/or others appointed in the context of assistance and consultancy relationships.
Subjects who carry out control, review and certification of activities, also in the interests of the users themselves.
Entities that provide services for credit risk management and fraud control (such as data processing centers, banks, risk centers, debt collection companies and law firms).
Banking institutions, credit card issuing companies and/or digital payment and/or money transfer services.
The information and data that will be communicated to these subjects will be treated with equivalent levels of protection.

Unless otherwise specified by further information and/or specific regulations and contracts which must be signed by the User, the transfer of data outside the EU or to international organizations is not envisaged.

Data controller and data protection officer (DPO)
The Data Controller is Locanda Giolica di Veronica Nesti, in the person of Veronica Nesti, with headquarters in: Via del Macione 10, 59100 Prato (PO), email: (

Methods and storage of data
The data are kept for the time strictly necessary to manage the purposes for which the data are collected, therefore in compliance with current regulations and legal obligations. Specific and suitable security measures are observed to guarantee its safety, for example the protection of information with specific passwords which are never saved in clear text but rather encrypted with specific security measures, as well as the use of protection and security technologies, all suitable for prevent, in addition to the loss of data, also illicit or incorrect use and unauthorized access.
Personal data may be collected, archived and stored not only physically at the Data Controller’s headquarters but also with third parties to whom they may be communicated as managers or agents always and only for the purposes for which they were collected and in compliance with current regulations. and legal obligations. Personal data may also be collected, archived and stored on special servers located in states belonging to the European Union.

Data Breach
The Data Controller will have the legal obligation to disclose data leaks to the national authority and to communicate