Privacy policy

Last updated: 02 March 2026

This Privacy Policy describes how personal data is collected, used, and protected when you visit or interact with the website operated by:

IL GIARDINO DI PORTO SALVO S.N.C. DI LORENZA E GERMANA PETROSINO
Registered Office: Salita Sopramuro, 22 – 84011 Amalfi (SA), Italy
VAT Number: 03888670654
Email: info@donnastellaamalfi.com
PEC: donnastella@pec.it

Hereinafter referred to as “the Company” or “Donna Stella”.

The Company acts as Data Controller pursuant to EU Regulation 2016/679 (GDPR).

1. Types of Personal Data Collected

The Company may collect and process the following categories of personal data:

a) Identification and Contact Data

  • First name and last name

  • Email address

  • Phone number

b) Reservation Data

  • Date and time of booking

  • Number of guests

  • Special requests (if provided)

c) Account Data

  • Login credentials (if user account is created)

d) Payment Data

No advance payment is required for reservations.
Where applicable, payment transactions are processed through secure third-party providers (e.g., Shopify Payments, PayPal, Apple Pay, Google Pay). The Company does not store full credit card details.

e) Marketing Data

  • Newsletter subscription preferences

  • Consent records (double opt-in system active)

f) Technical and Usage Data

  • IP address

  • Browser type

  • Device information

  • Pages visited

  • Cookies and tracking technologies

2. Purposes of Processing

Personal data is processed for the following purposes:

  1. To manage dinner reservations and Cooking Class bookings

  2. To communicate with users regarding bookings

  3. To comply with legal and administrative obligations

  4. To send newsletters and promotional communications (subject to explicit consent)

  5. To improve website performance and user experience

  6. For marketing and remarketing activities (subject to consent)

3. Legal Basis for Processing

Processing is based on one or more of the following legal grounds:

  • Performance of a contract (Art. 6(1)(b) GDPR)

  • Compliance with legal obligations (Art. 6(1)(c) GDPR)

  • Legitimate interest (Art. 6(1)(f) GDPR)

  • Consent of the data subject (Art. 6(1)(a) GDPR), particularly for marketing and cookies

Where processing is based on consent, you may withdraw it at any time.

4. Newsletter and Marketing Communications

The newsletter service is managed through Shopify Email.

A double opt-in procedure is active, meaning users must confirm their subscription via email before receiving communications.

Users may unsubscribe at any time by clicking the “unsubscribe” link included in every marketing email.

5. Image and Video Processing

During experiences (including dinner service and Cooking Classes), photographs and video recordings may be taken for promotional purposes.

Image processing is based on explicit consent provided through the booking form checkbox.

Recognizable images of minors are not published.

Guests may withdraw consent at any time by contacting the Company.

6. Cookies and Tracking Technologies

The website uses:

  • Technical cookies

  • Analytics cookies (Google Analytics 4)

  • Marketing cookies (Meta Pixel, Google Ads, TikTok Pixel)

Marketing and analytics cookies are activated only after user consent through the Shopify cookie banner.

For more details, please refer to the Cookie Policy.

7. Data Retention

Personal data is retained only for as long as necessary to fulfill the purposes described above.

In particular:

  • Reservation data: retained for administrative and legal compliance purposes

  • Marketing data: retained until consent is withdrawn

  • Technical data: retained according to cookie duration settings

8. Data Sharing and Processors

Personal data may be shared with:

  • Hosting and website platform providers (Shopify)

  • Booking system providers

  • Payment service providers

  • Marketing and analytics providers (Google, Meta, TikTok)

  • Professional advisors where required by law

These parties process data as Data Processors under appropriate contractual safeguards.

9. International Data Transfers

Some service providers (e.g., Google, Meta, Shopify) may process personal data outside the European Economic Area (EEA).

Where such transfers occur, they are carried out in compliance with GDPR requirements, including Standard Contractual Clauses or equivalent safeguards.

10. Data Security

The Company implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Secure hosting infrastructure

  • Access controls

  • Encrypted data transmission (SSL)

However, no system can guarantee absolute security.

11. Rights of Data Subjects

Under Articles 15–22 of the GDPR, you have the right to:

  • Access your personal data

  • Rectify inaccurate data

  • Request erasure (“right to be forgotten”)

  • Restrict processing

  • Object to processing

  • Request data portability

  • Withdraw consent at any time

Requests may be submitted to:

info@donnastellaamalfi.com

You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali).

12. Changes to This Policy

The Company reserves the right to update this Privacy Policy at any time.

Updated versions will be published on this page with the revision date indicated above.