Privacy Policy

Privacy Policy

Information on processing of personal data

THEAssociation Milano & Partners, with registered office in Milano, Piazza della Scala 2, VAT number 11016320969, as the data controller (hereinafter, "Holder"), Informs you pursuant to Regulation (EU) 2016/679 (" GDPR ") and the current national legislation on the protection of personal data that your data will be processed in the manner and for the following purposes.

  1. Subject of the processing

The Data Controller processes personal, identifying and non-particular / sensitive data (hereinafter, "Personal data" or also "Data"), Communicated by you during your navigation on the website https://live.yesmilano.it/ (afterwards, "Website"). Particularly:

  • navigation data, such as IP addresses or domain names of the computers used by users who connect to the Site, the addresses in URI (Uniform Resource Identifier) ​​notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment. This information is also collected through the cookies described in the Cookies Policy of the website, to which reference is made.
  • data collected through the technical and analytical cookies described in the Cookies Policy, to which reference should be made for more information;
  • data provided by the user when filling in online forms for registration or newsletter forms, such as name, surname, e-mail address, telephone.
  1. Purpose and legal basis of the processing

Your Personal Data are processed for the following purposes and legal bases:

  1. without your prior consent for the following purposes:
  • the execution of the contract and / or the fulfillment of pre-contractual commitments, in particular for:
  1. manage and maintain the Site and allow you to browse the Site; 
  2. respond to requests sent to the Association Milano & Partners through the Data Controller's contacts on the Site;
  3. allow you to register on the Site to create the Event form which will be visible on the Site following verification by the Association Milano & Partners, where you access the Site as a User-Operator;
  4. allow you to register on the Site until you create a Customer profile, which will allow you to make restaurant reservations, adhere to any promotions, consult previous reservations and take advantage of the functions accessible only to registered users, if you access the Site as a User-Client;
  5. allow you to make restaurant reservations and adhere to any promotions without prior registration on the Site, if you access the Site as a User-Customer; 
  • the fulfillment by the Owner of legal obligations, such as:
  1. compliance with the obligations established by laws, regulations or national and community legislation or imposed by the competent authorities;
  • the pursuit of a legitimate interest of the Data Controller, in particular:
  1. prevent or discover fraudulent activities or abuses harmful to the Site, as well as exercise the rights of the Owner in court and the management of litigation: the interest of the Owner corresponds to the general legitimate, real and current interest in not suffering damage as a result of illegal conduct others, as well as the constitutionally guaranteed right of action (Article 24 of the Constitution) and, as such, is socially recognized as prevailing over the interests of the individual concerned;
  2. manage and maintain the Site: the interest of the Data Controller refers to the general interest of a company in guaranteeing business operations, also through the operation of the Site, and possible efficiency improvements in the service offered.
  1. Method of treatment

The processing of your Personal Data is carried out, both in paper and computerized form, by means of the operations of collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation. and data destruction. 

Your personal data are subjected to electronic and possibly automated processing. Your personal data are protected in such a way as to minimize the risk of destruction, loss (including accidental loss), unauthorized access / use or use incompatible with the initial purpose of the collection. This is achieved with the technical and organizational security measures implemented by the Data Controller.

  1. Data Retention 

The Data Controller processes the navigation data and the data collected through technical and analytical cookies for the time indicated in the Cookies Policy. Personal data:

  • conferred by filling in contact forms or by writing to the Controller's e-mail addresses present on the Site will be processed for the time necessary to process the request and in any case no later than 1 year from the conferment;
  • conferred upon registration on the Site will be processed until the deletion of the profile that the User can request from the Owner at any time through a specific function present in the profile itself.
  1. Providing data 

The provision of navigation data is, in general, necessary to allow you to browse the site. If you decide not to provide the data, we will not be able to guarantee navigation. 

The provision of Data by the User-Operator (name, surname, e-mail, telephone. VAT number) for registration on the Site are mandatory for the creation of the Event form. Failing that, it will not be possible to proceed with the creation of the Event form and to use the services of the Site for which registration is required.

The provision of data by the User-Customer (name, surname and e-mail) for registration on the site are mandatory for the creation of the Customer profile. Failing this, it will not be possible to proceed with the creation of the Customer profile and use the services of the Site for which registration is required.

The provision of Data by the User-Client (name, surname, e-mail and telephone) to book events without prior registration on the Site is mandatory. Failing that, it will not be possible to proceed with the booking of the events and to adhere to any promotions.

  1. Access to Data 

Your data may be made accessible for the aforementioned purposes to:

  • employees and / or collaborators of the Data Controller, in their capacity as persons in charge of the processing and / or internal managers of the processing and / or system administrators; 
  • third parties (for example, IT suppliers, etc.) who carry out outsourced activities on behalf of the Data Controller, in their capacity as external data processors.
  1. Data Communication

Your data may be disclosed, even without your consent, to supervisory bodies, law enforcement agencies, judicial authorities and other competent authorities, upon their express request which will process them as independent data controllers for institutional purposes and / or in force of law in the course of investigations and checks. Your data may also be disclosed to third parties (for example, partners, freelancers, etc.), as independent data controllers, for the performance of activities instrumental to the aforementioned purposes. The details of the subjects involved in the context of cookies are represented in the Cookies Policy.

The Data of the User-Client who makes the restaurant reservations will be transmitted to the Restaurant, which will treat them as an independent data controller.

  1. Data transfer

The data provided will not be transferred outside the territory of the European Union or the European economic area, with the exception of data processed through analytical cookies, as reported in the Cookies Policy.

  1. Rights of the interested party

The Data Controller informs you that, as an interested party, if the limitations provided for by law do not apply, you have the right to:

  • obtain confirmation of the existence or not of your Personal Data, even if not yet registered, and that such data be made available to you in an intelligible form;
  • obtain indication and, if necessary, a copy of: a) the origin and category of personal data; b) of the logic applied in case of treatment carried out with the aid of electronic instruments; c) the purposes and methods of the processing; d) the identity of the owner and managers; e) the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them, in particular if they are recipients of third countries or international organizations; e) when possible, of the data retention period or the criteria used to determine this period;
  • obtain, without undue delay, the updating and correction of inaccurate data or, when interested, the integration of incomplete data;
  • withdraw consent at any time, if given in relation to processing having consent as a legal basis, easily, without impediments, using, if possible, the same channels used to provide them;
  • obtain the cancellation, transformation into anonymous form or blocking of data: a) unlawfully processed; b) no longer necessary in relation to the purposes for which they were collected or subsequently processed; c) in case of revocation of the consent on which the treatment is based and in case there is no other legal basis, d) if you have opposed the treatment and there is no legitimate overriding reason to continue the treatment; e) in case of fulfillment of a legal obligation; f) in the case of data referring to minors. The Data Controller may refuse cancellation only in the case of: a) exercise of the right to freedom of expression and information; b) fulfillment of a legal obligation, performance of a task carried out in the public interest or exercise of public authority; c) reasons of public health interest; d) archiving in the public interest, scientific or historical research or for statistical purposes; e) exercise of a right in court;
  • obtain the limitation of processing in the case of: a) dispute of the accuracy of personal data; b) unlawful processing by the Data Controller to prevent its cancellation; c) exercise of your right in court; d) verification of the possible prevalence of the legitimate reasons of the Data Controller with respect to those of the interested party;
  • receive, if the processing is carried out by automatic means, without hindrance and in a structured, commonly used and legible format, the personal data concerning you to transmit them to another holder or - if technically feasible - to obtain direct transmission by the Data Controller to another owner;
  • object, in whole or in part, for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of the collection;
  • propose a complaint to the Personal Data Protection Authority.

In the cases mentioned above, where necessary, the Data Controller will inform the third parties to whom your personal data are communicated of the possible exercise of the rights by you, with the exception of specific cases (eg when this fulfillment proves impossible or involves the use of means that are manifestly disproportionate to the protected right).

  1. Transfer of data outside the European Union

The Data Controller generally does not transfer Personal Data outside the European Union. The servers used for the management and storage of Personal Data are located in Europe. However, some activities carried out (for example, periodic backups) can be managed by companies established outside the EU (point 2 of the table below), however able to offer guarantees in line with Privacy Shield agreements.

1Server IP LocationNetherlands - Noord-holland - Amsterdam - Siteground Hosting EoodGDPR
2ASNNetherlands AS32475 SINGLEHOP-LLC - SingleHop LLC, US (registered Jul 21, 2005)SingleHop LLC has joined the agreement Privacy Shield EU-US PRIVACY SHIELD FRAMEWORK, therefore offers technical and organizational measures in line with the GDPR.


How to exercise rights

You can exercise these rights at any time: 

  • by sending a registered letter to the address of the Data Controller;
  • by sending an email to info@yesmilano.it.
  1. Owner, data protection officer and data processor

The data controller is the Association Milano & Partners, with registered office in Piazza della Scala n. 2, 20121 Milano (MI), VAT number 11016320969. 

The Data Controller has also appointed a Data Protection Officer (Data Protection Officer) who will monitor the measures taken to protect your data and who can be contacted by writing to dpo@yesmilano.it. 

The updated list of data processors, data processors and system administrators is instead kept at the headquarters of the Data Controller.

Milano, 08 June 2022

Association Milano & Partners

YesMilano Live