Privacy Policy

1. Introduction

Piazza Italiana (“we”, “our”, “us”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect personal data when you interact with us, whether through our website, social media channels, advertising campaigns (including LinkedIn), email communications, reservation systems, or in person at our restaurant.

We are a restaurant located in London’s City financial district and operate in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

The data controller responsible for your personal data is:

Piazza Italiana

Piazza Italiana

38 Threadneedle Street, EC2R 8AY

London, United Kingdom

Email: [email protected]

Phone: +44 (0) 20 7256 7223

3. Information We Collect

We may collect and process the following categories of personal data depending on how you interact with us:

3.1 Information You Provide Directly

• Full name
• Email address
• Phone number
• Company name and job title
• Dietary requirements or food allergies
• Reservation and event details
• Payment information (processed securely via third-party payment providers)
• Any other information you choose to share with us via enquiry forms, emails, or in person

3.2 Information Collected via LinkedIn Advertising

When you submit a lead generation form through our LinkedIn advertising campaigns, we may collect personal data including your name, email address, phone number, company name, and job title. This data is pre-populated by LinkedIn from your LinkedIn profile and submitted to us with your explicit consent when you click “Submit” on the lead generation form.

3.3 Information Collected Automatically

• IP address and approximate location
• Browser type and device information
• Pages visited on our website and interaction data
• Referral source and advertising campaign data
• Cookies and similar tracking technologies (see Section 11)

4. How We Use Your Information

We use the personal data we collect for the following purposes:

• To process and manage table reservations, private dining, and event bookings
• To respond to enquiries and requests for information
• To send you marketing communications about our restaurant, menus, special offers, events, and promotions (where you have opted in or where we have a legitimate interest)
• To facilitate corporate catering and group dining arrangements
• To personalise your experience and tailor our communications to your preferences
• To manage and administer our business relationship with you
• To analyse the effectiveness of our advertising campaigns, including LinkedIn Ads
• To comply with legal and regulatory obligations
• To improve our services, website, and overall customer experience

5. Legal Basis for Processing

We process your personal data on one or more of the following legal bases:

• Consent: Where you have given explicit consent for us to process your data, such as when submitting a LinkedIn lead generation form or signing up for marketing communications. You may withdraw consent at any time.
• Contractual necessity: Where processing is necessary to fulfil a reservation, booking, or service you have requested.
• Legitimate interest: Where it is in our legitimate business interest to process your data, such as for marketing our services to existing and prospective customers, provided this does not override your fundamental rights and freedoms.
• Legal obligation: Where processing is necessary to comply with applicable laws and regulations.

6. Marketing Communications

We may send you marketing communications by email, SMS, or other channels where you have consented to receive them or where we have a legitimate interest in doing so (for example, if you are an existing customer).

Every marketing communication we send will include a clear and easy option to unsubscribe or opt out. You can also contact us at any time to update your marketing preferences or request to be removed from our mailing lists.

7. Data Sharing

We do not sell, rent, or trade your personal data to third parties. We may share your data with the following categories of recipients:

• LinkedIn: As the platform through which certain data is collected via advertising campaigns. LinkedIn processes data in accordance with its own privacy policy.
• Service providers: Trusted third-party providers who assist us with email marketing, customer relationship management, website hosting, analytics, and IT services, all operating under strict data processing agreements.
• Payment processors: Secure third-party providers who process payments on our behalf.
• Reservation platforms: Third-party booking systems we use to manage reservations.
• Professional advisors: Including accountants, lawyers, and auditors where necessary.
• Legal and regulatory bodies: Where required by law, regulation, court order, or legal proceedings.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Lead generation and marketing data: Retained for up to 24 months from the date of collection, unless you request earlier deletion or withdraw consent.
• Reservation and booking data: Retained for up to 24 months after your last interaction with us.
• Financial and transaction records: Retained for up to 7 years as required by UK tax and accounting regulations.
• Website analytics data: Retained in anonymised or aggregated form.

When personal data is no longer required, it will be securely deleted or anonymised.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include secure storage systems, encrypted communications, access controls, and regular security reviews.

While we take all reasonable steps to protect your data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to maintaining the highest practicable standards.

10. International Data Transfers

Some of our service providers, including LinkedIn, operate outside the United Kingdom. Where your personal data is transferred to countries outside the UK, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses, adequacy decisions, or other approved mechanisms, to protect your data in compliance with UK GDPR.

11. Cookies and Tracking Technologies

Our website and advertising campaigns may use cookies and similar tracking technologies to enhance your experience, analyse website traffic, and measure the effectiveness of our advertising.

Specifically, our LinkedIn advertising campaigns may use LinkedIn’s tracking technologies (such as the LinkedIn Insight Tag) on our website to measure campaign performance and deliver relevant advertising to you on the LinkedIn platform.

You can manage your cookie preferences through your browser settings. For more information about how LinkedIn uses cookies, please refer to LinkedIn’s Cookie Policy at linkedin.com/legal/cookie-policy.

12. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of any inaccurate or incomplete data.
• Right to erasure: Request deletion of your personal data (“right to be forgotten”).
• Right to restrict processing: Request that we limit how we use your data.
• Right to data portability: Request your data in a structured, commonly used, machine-readable format.
• Right to object: Object to the processing of your data, including for direct marketing purposes.
• Right to withdraw consent: Withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
• Rights related to automated decision-making: You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal or similarly significant effects.

To exercise any of these rights, please contact us using the details provided in Section 2. We will respond to your request within one month, as required by law.

13. Third-Party Links

Our website and communications may contain links to third-party websites, including social media platforms, reservation systems, and review sites. We are not responsible for the privacy practices of these external sites and encourage you to read their respective privacy policies.

14. Children’s Privacy

Our services and marketing activities are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will take steps to delete it promptly.

15. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the UK’s supervisory authority:

Information Commissioner’s Office (ICO)

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Helpline: 0303 123 1113

Website: ico.org.uk

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. Any updates will be posted on our website with a revised effective date. We encourage you to review this policy periodically.

17. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at:

Piazza Italiana

38 Threadneedle Street, EC2R 8AY

London, United Kingdom

Email: [email protected]

Phone: +44 (0) 20 7256 7223