Privacy Policy – Chic Mama Club Restaurant

Last updated: 02/05/2025

1. Data Controller The Data Controller is Bagni D’Arienzo S.r.l., headquartered at Via Pasitea, 71 – 84017 Positano (SA), Italy, VAT ID: IT02972990655. Contacts:

  • Email: reservation@chicamama.it
  • Phone/WhatsApp: +39 089 842 4255

2. Scope and Legal Framework This Policy applies to personal data collected via:

  • https://chicamama.it
  • https://booking.chicamama.it** Legal frameworks covered:
  • GDPR (EU): access, rectification, deletion, portability, objection
  • CCPA/CPRA (California): right to know, delete, restrict data sharing
  • DMA (EU): transparency and fairness in processing
  • LGPD (Brazil): principles of purpose, necessity, accountability
  • POPIA (South Africa): explicit consent, security safeguards

3. Purposes and Legal Bases

  • Booking management, customer support: GDPR Art. 6(1)(b); LGPD: contractual execution; CCPA: operational necessity
  • WhatsApp/SMS notifications: Explicit consent during booking
  • Newsletter/promotions: Consent (non-customers); legitimate interest (existing customers)
  • Accounting, tax compliance: GDPR Art. 6(1)(c); LGPD: legal obligations; POPIA: specific purpose
  • Targeted advertising: Cookie-based consent; CCPA: restrictions on data “sale” Note: Failure to provide mandatory data may result in service denial.

4. Marketing and Communications

  • WhatsApp/SMS: only with explicit opt-in; unsubscribe by replying “STOP” or contacting us
  • Newsletter: consent-based for new users; legitimate interest for clients. All emails include an “unsubscribe” link
  • Cookie/Consent Mode: preferences managed via cookie banner

5. Data Subject Rights

  • GDPR: Access, rectification, deletion, restriction, portability, objection
  • CCPA/CPRA: Access to data (12 months), deletion, opt-out of sharing
  • LGPD: Confirmation, anonymization, explanation of processing
  • POPIA: Rectification, consent withdrawal, data portability

To exercise your rights:

  • Email: reservation@chicamama.it
  • WhatsApp/SMS: +39 089 842 4255

6. Data Recipients Data may be shared with:

  • Technical providers (hosting, email tools)
  • Legal/tax authorities
  • Marketing platforms (e.g., Google, Meta) with prior consent Transfers outside the EU are covered by appropriate safeguards (e.g., Standard Contractual Clauses).

7. Data Retention

  • Booking & contracts: Up to 5 years (Italian Civil Code Art. 2948)
  • Tax documents: 10 years (Italian Civil Code Art. 2220)
  • Marketing data: Until consent withdrawal

8. Cookies and Online Tracking

  • Technical cookies: essential for the site
  • Marketing cookies: subject to consent (e.g., Google Ads, Meta) Manage settings via banner or Cookie Policy.

9. Data Security We implement technical and organizational measures to protect personal data from unauthorized access, loss, or unlawful processing.

10. Policy Updates This Privacy Policy may be updated to remain compliant with legal requirements.

Last updated: 02/05/2025