Privacy Policy.
Information notice on the processing of personal data under art. 13 of EU Regulation 2016/679 (GDPR).
Last updated: 9 June 2026
1. Data Controller
The Data Controller for the processing of personal data collected through this site is:
| Legal name | Pinti S.R.L. |
|---|---|
| Registered office | Viale Francesco Lo Re 83, 73100 Lecce (LE) — Italy |
| VAT / Tax ID | 04874180757 |
| Business Register | LE-324979 |
| info@villanticatering.it | |
| Certified email (PEC) | pintisrl@gigapec.it |
| Phone | +39 328 462 5761 |
The Controller has not appointed a Data Protection Officer (DPO), as not required under art. 37 GDPR. For any privacy-related request, please contact the Controller at the details above.
2. Categories of data processed
2.1 Data provided voluntarily
When you fill in the contact / quote form or write to us via email, phone or WhatsApp, we collect the data you provide: first and last name, email address, phone number, type of event, indicative date, number of guests, venue, free-text message and any accessory information (e.g. dietary needs).
2.2 Browsing data
The IT systems supporting this site acquire, during their normal operation, certain data whose transmission is implicit in Internet communication protocols: IP address, browser type, operating system, pages visited, access time. This data is not collected to identify individuals but, by its nature, could allow identification through further processing.
2.3 Cookies
For the cookies used by the site please refer to the Cookie Policy.
3. Purposes and legal basis of processing
Personal data is processed for the following purposes:
- Response to quote and contact requests — Legal basis: pre-contractual measures at the request of the data subject (art. 6(1)(b) GDPR).
- Management of the contractual relationship, if a catering contract is signed — Legal basis: performance of a contract (art. 6(1)(b) GDPR).
- Compliance with legal obligations in tax, accounting and administrative matters — Legal basis: legal obligation (art. 6(1)(c) GDPR).
- Site security and abuse prevention — Legal basis: legitimate interest of the Controller (art. 6(1)(f) GDPR).
- Future commercial communications (newsletter, availability updates, offers) — Legal basis: explicit, revocable consent (art. 6(1)(a) GDPR). This processing is not currently active; if activated, specific consent will be requested.
4. Processing methods
Data is processed using electronic tools, with organisation and processing logic strictly related to the purposes indicated. Appropriate technical and organisational measures are in place to protect the security, confidentiality, integrity and availability of personal data.
5. Data retention
- Data collected to respond to quote requests is retained for the time needed to handle the request and, in the absence of follow-up, for a further 24 months, after which it is deleted.
- Data of clients with whom a contractual relationship has been established is retained for the duration of the contract and afterwards for the time required by tax legislation (generally 10 years).
- Browsing data is retained only for the time strictly needed for processing and security purposes, generally no longer than 7 days, except where necessary for the investigation of offences.
6. Recipients and external processors
Data may be shared with third parties acting as Data Processors under art. 28 GDPR, exclusively for the purposes above. In particular:
- Website hosting provider [hosting provider — to be specified after deployment]
- Email and PEC service providers
- Optional form / CRM provider (e.g. Formspree, Brevo, MailerLite) [to be specified if activated]
- Accounting, tax and legal consultants, for legal compliance
- Competent authorities, upon formal request
The updated list of external processors can be requested from the Controller.
7. Transfers outside the EU
Some technical services used by the site (e.g. Google Fonts, Google Maps) may involve transfers of data to non-EU countries. Such transfers take place only to entities providing an adequate level of protection through Standard Contractual Clauses approved by the European Commission or other safeguards under arts. 44-49 GDPR.
8. Rights of the data subject
At any time you may exercise the following rights under arts. 15 to 22 GDPR:
- Right of access to your personal data
- Right to rectification of inaccurate or incomplete data
- Right to erasure ("right to be forgotten")
- Right to restriction of processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent, where processing is based on consent, without affecting the lawfulness of processing carried out before withdrawal
To exercise these rights, write to info@villanticatering.it or the PEC pintisrl@gigapec.it.
9. Complaint to the Supervisory Authority
You always have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali, Piazza Venezia 11, 00187 Rome — www.garanteprivacy.it) if you believe the processing of your data infringes the GDPR.
10. Nature of data provision
Providing data in the contact forms is voluntary. Refusal to provide data marked as mandatory makes it impossible to process the request.
11. Updates to this notice
This notice may be updated. The last update is shown at the top of the document. In case of substantial changes, registered users will be informed through the available channels.
See also: Cookie Policy · Legal notice.