Sources for the personal information processing
All the personal information processing, like the registration of information of guests of the restaurants, shall be based on the authority of the legislation on privacy and respect all the principles of the privacy legislation.
The authorization can, for example, be based on the consent or the need to fulfil a legal obligation, which is part of the responsible.
The responsible part shall be assessed if and which authority is available for the processing of personal data.
Mandatory training
Due to the responsibility by the data controller, it is necessary explain visitors why information are obtained, how they are stored and how long.
Guests registration
According to the Regulation n. 321/2021 on the limitation of meetings due to epidemics, the higher number of clients in each room will be of 20 and shall be given numbered seats.
Which information can be registered?
The name, the number of identification and the phone number can be registered according to the Regulation n. 321/2021.
Security of personal information
It is responsibility of the data controller to guarantee that the security of personal data is adequate.
For example, adequate security measures can limit the access of guests to information.
Usage of personal information
According to the Regulation n. 321/2021 is not permitted use personal information recollected for other purposes compared to those obtained.
How long information can be stored?
The information will be deleted after 2 weeks according to the Regulation n. 321/2021.