Privacy policy

Privacy policy


PROCESSING: Customer reservation and data on food intolerances

Pursuant to Article 13 of Regulation (EU) 679/2016 on the protection of individuals with regard to the processing of personal data

The company Il Giglio 5 S.r.l., (hereafter the “Company” or the “Data Controller”), owner of the Lorenzo Dé Medici Restaurant, with registered office in Florence, Via Fra Bartolommeo n. 5, VAT no. 05746560480, as data Controller, informs you, pursuant to art. 13 of the European Regulation 679/2016 concerning the protection of personal data (“GDPR”), about the processing of your personal data that will be carried out in the performance of the services offered to customers.

1. Type of data processed

The Company is the Controller of the personal data communicated to it by the User when making a reservation or using the restaurant services. The data processed include:

  • Name, address and other personal identification numbers
  • Tax code and other personal identification numbers – Tax code/VAT number
  • Any data relating to food intolerances

2. Purposes of the processing

Data processing is carried out by the Company in the performance of its activities. In particular, the Data provided by the Data Subjects will be processed, with computerised and other tools, for the following purposes: carrying out the services offered by the restaurant (serving food and beverages) in accordance with the dietary requirements of the clientele.

The personal data provided to the restaurant may also include the processing of data concerning the customer’s health (with particular reference to food intolerances and/or allergies). If the data is provided by the user, consent is deemed implicit; otherwise, for the processing of data concerning the customer’s state of health, it is necessary for the customer to express consent:

3. Method of Processing

The Data shall be processed by the Company with electronic and manual systems according to the principles of correctness, fairness and transparency provided for by the applicable legislation on the protection of personal data and protecting the confidentiality of the Data Subject by means of technical and organisational security measures to ensure an adequate level of security.

4. Data retention

The Data provided by the Data Subject shall only be processed for the duration of the services offered by the restaurant.

5. Communication, dissemination and transfer of Data

The Data shall be processed, to the extent necessary, by authorised, adequately instructed and trained personnel, by the Data Controller as well as by the personnel of third parties who provide services to the Data Controller and process the Data on its behalf and on its instructions as data processors.

In case of communication to third parties, the recipients may be:

  • Accountants and tax consultants.
  • Forwarding agents to whom the home delivery service is entrusted.

More in general, in the performance of its ordinary business activities, the Data may be communicated to subjects carrying out control, auditing and certification activities of the activities carried out by the Data Controller, consultants and freelance professionals in the context of tax assistance services, judicial and in the case of corporate operations for which it is necessary to assess the company’s assets, public bodies and administrations, as well as to parties entitled by law to receive such information, Italian and foreign judicial authorities and other public authorities, for purposes connected with the fulfilment of legal obligations, or for the performance of obligations undertaken and arising from the contractual relationship, including for the need to defend oneself in court.

The data collected regarding the health status of customers will not be subject to communication, dissemination or transfer and will be processed exclusively by qualified restaurant personnel and stored for the time necessary to perform the food and beverage service.

The data collected will not be transferred to countries outside the EU.

6. Profiling and/or automatic processing activities

If the processing of your data involves profiling activities or automatic processing, these are the characteristics:

  • the site uses the Search Console service
  • the site uses the Google Analytics 4 software. To this end, the Data Controller will use the services offered by, which guarantees the privacy compliance of the Google Analytics 4 service. In particular, as shown on the aforementioned page, ‘the service acts as a proxy between your site and Google’s servers. Host Analytics cleans the data collected on your site of all personal data before forwarding them to Google’s servers, so as to avoid the transfer of personal data abroad, thus complying with privacy directives.’ and again ‘The service servers are located at the Turin data-center owned by Host.
  • The site uses the ‘Google Ads’ service. For further information, please refer to the addresses: and

For further information, please refer to the cookie policy available at

The owner uses Google Font API inhibition services, which therefore does not process any personal data. For further information, please refer to the dedicated page of the service provider:

The particular categories of data provided by the data subject (e.g. concerning possible food intolerances) will not be subject to profiling or automatic processing.

7. Further subjects connected with the processing

Person in charge of processing:

Il Giglio 5 S.r.l., (hereafter the “Company” or the “Data Controller”), owner of the Lorenzo Dé Medici Restaurant, with registered office in Florence, Via Fra Bartolommeo n. 5, VAT no. 05746560480.

8. Rights of the Data Subject

The Data Subject may exercise, in relation to the data processing described herein, the rights provided by the GDPR (Articles 15-21), including:

  • receive confirmation of the existence of the Data and access to its content (access rights);
  • updating, modifying and/or correcting the Data (right of rectification);
  • to request the deletion or restriction of Data processed unlawfully, including Data whose retention is unnecessary for the purposes for which the Data were collected or otherwise processed (right to be forgotten and right to restriction)
  • object to the processing (right to object);
  • to lodge a complaint with the Supervisory Authority (Data Protection Authority in the event of a breach of the rules on personal data protection;
  • receive an electronic copy of the Data concerning him/her as a Data Subject, when such Data has been rendered in the context of the contract, and request that such Data be transmitted to another data controller (right to data portability).

To exercise these rights, the Data Subject may contact the Data Controller by sending a communication to:

  • Contact telephone number: 055212932
  • Email contact at the following address:

When contacting us, the Data Subject should make sure to include his or her name, email/postal address and/or telephone number(s) to ensure that his or her request can be handled properly.