Privacy Policy

Last updated: 11 March 2026

Sogni S.r.l., as Data Controller, wishes to provide the following specific information regarding the methods of management of its website (https://www.sogni.eu) with reference to the processing of the personal data of users who browse it. This information notice is also provided pursuant to Article 13 of Regulation (EU) 2016/679 (“GDPR” or “Regulation”).

LEGAL REFERENCES

- Directive 2002/58/EC concerning “the processing of personal data and the protection of privacy in the electronic communications sector”;

- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data, and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

- Legislative Decree of 30 June 2003 No. 196 “Personal Data Protection Code”, as amended by Legislative Decree of 10 August 2018 No. 101.

DATA CONTROLLER

The Data Controller is Sogni S.r.l., with registered office in Milan, Via Savona No. 97, 20144, Milan, email address: privacy@antonioligroup.com.

DATA PROTECTION OFFICER

The Data Controller has appointed a Data Protection Officer, who can be contacted at the following address: dpo@antonioligroup.com.

PLACE OF DATA PROCESSING

The processing operations related to the web services of this site take place at the above-mentioned headquarters of Sogni S.r.l. and at the premises of other third parties, specifically appointed as Data Processors pursuant to Article 28 GDPR, which provide outsourcing services.

TYPES OF DATA PROCESSED

Browsing data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the user’s operating system and IT environment. These data are used solely for the purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning, and are deleted immediately after processing. The data could be used to ascertain liability in the event of hypothetical computer crimes against the site.

Data voluntarily provided by the user

The optional submission of personal data by the user (first name, last name, email address, telephone number) through the forms on the site to book a table, or provided by writing to the email addresses or calling the telephone numbers indicated on the site, entails the subsequent acquisition of the data provided by the user, which are necessary for the provision of the requested service or information.

Anonymous or aggregated data

Anonymization is a form of processing aimed at preventing the identification of the data subject. Anonymized data do not fall within the scope of application of data protection legislation. Aggregated data may derive from personal data provided by the user but are not considered personal data insofar as, as specified, they do not allow the identification of the data subject, either directly or indirectly.

COOKIES

The Data Controller has implemented solely technical cookies that are strictly necessary for the functioning of the site.

PURPOSES AND LEGAL BASIS OF PROCESSING

Personal data will be processed for the following purposes:

(i) To allow navigation and consultation of the site.

The legal basis for the processing is consent, which is deemed to be manifestly given through browsing the site (Article 6, para. 1, letter a) of the GDPR).

 (ii) Purposes related to booking a table at the restaurant or bar (booking contract).

The legal basis for the processing is the performance of a contract to which the data subject is a party (Article 6, para. 1, letter b) of the GDPR).

(iii) Purposes related to responding to any requests for information.

The legal basis for the processing is the consent that is deemed to be manifestly expressed at the time the request is submitted (Article 6, para. 1, letter a) of the GDPR).

(iv) Purposes related to the sending of commercial communications, including promotions, newsletters, and advertising, relating to the brands and services of the Antonioli Group companies. 

The legal basis for the processing is consent (Article 6, para. 1, letter a) of the GDPR).

(v) Profiling purposes aimed at evaluating the preferences expressed by users in the context of bookings and views on the site and sending personalized commercial communications by the Antonioli Group companies.

​The legal basis for the processing is consent (Article 6, para. 1, letter a) of the GDPR).

(vi) Defensive purposes in the event of abuse in the use of the site or attempts at fraud.
The legal basis for the processing is legitimate interest (Article 6, para. 1, letter f) of the GDPR).

SPECIAL CATEGORIES OF DATA

In the execution of your booking request, the processing may involve special categories of data relating to your health status (including, by way of example, food allergies and intolerances), voluntarily provided by you and processed with your express consent.

LINKS TO OTHER WEBSITES

This site may contain links or references to access other websites. Please note that the Data Controller does not control the cookies or other monitoring technologies of such websites, to which this Policy does not apply. We therefore suggest that you consult the individual privacy policies related to such websites.

OPTIONAL NATURE OF DATA PROVISION

Except as specified for browsing data (which are necessary for the correct functioning of the site), the user is free to provide their personal data. However, failure to provide such data may result in the inability to complete a booking or obtain the requested information.

CONTROL OVER YOUR PERSONAL DATA

Please note that at any time you may choose to limit the collection or use of your personal data. For example, if you have previously given consent for the processing of your personal data for marketing purposes, you may change your mind at any time by writing to or sending us an email at the address privacy@antonioligroup.com. The company will not sell or distribute the collected personal data to third parties unless explicit and free consent has been obtained from the data subjects or unless this is expressly required by law. Subject to obtaining consent from the data subjects, personal data may however be used to send commercial communications.

METHODS OF PROCESSING AND DATA RETENTION PERIODS

Personal data are processed using automated tools for the time strictly necessary to achieve the purposes for which they were collected.

In particular, with reference to the personal data processed in connection with bookings, the Data Controller will retain the data for the time necessary to perform the service and, in the event of failure to cancel the booking within the time limits indicated by the Data Controller and, consequently, of payment of a penalty by the data subject, the data will be retained for ten (10) years from the conclusion of the booking contract.

Personal data processed for marketing purposes on the basis of expressed consent or on the basis of the Data Controller’s legitimate interest will be retained by the Data Controller until the data subject withdraws consent, while data collected for profiling purposes, aimed at evaluating the preferences expressed by the data subjects, will be retained for 12 (twelve) months. Specific security measures are observed to prevent data loss, unlawful or incorrect use, and unauthorized access. The Data Controller, inspired by the main international standards, has also adopted additional security measures to minimize the risks relating to the confidentiality, availability, and integrity of the personal data collected and processed.

SHARING, COMMUNICATION, AND DISCLOSURE OF DATA

The collected data may be transferred or communicated to other companies, specifically appointed as Data Processors, for activities strictly related to the purposes indicated above and instrumental to the operation of the service, such as IT system management and booking management. Outside of these cases, personal data will not be communicated or disclosed to anyone, except as provided for by contract or authorized by the data subjects.

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

Personal data will not be transferred to Third Countries, meaning countries outside the European Union or the European Economic Area. Should this occur, the Data Controller declares and guarantees compliance with the provisions of Articles 44 et seq. of the GDPR.

RIGHTS OF DATA SUBJECTS

Personal data protection legislation expressly provides for certain rights vested in the subjects to whom the data relate (the so-called data subjects). In particular, pursuant to Articles 15 et seq. of Regulation (EU) 2016/679, each data subject has the right to obtain confirmation as to whether or not personal data concerning them exist and, if so, to obtain access to the personal data, to obtain rectification, erasure, restriction of processing, data portability, and to object to processing.
To exercise the above rights, users may contact the Data Controller by sending a registered letter with return receipt to the address indicated or by sending an email to privacy@antonioligroup.com or the Data Protection Officer by writing to the following address: dpo@antonioligroup.com.

RIGHT TO LODGE A COMPLAINT

Data subjects who believe that the processing of their personal data through this site is carried out in violation of the provisions of the GDPR have the right to lodge a complaint with the Supervisory Authority, as provided for by Article 77 of the GDPR.

CHANGES TO THIS PRIVACY POLICY

The Data Controller periodically reviews its privacy and security policy and, if necessary, revises it in relation to regulatory, organizational, or technological developments. In the event of changes to the policy, the new version will be published on this page of the site.

QUESTIONS, COMPLAINTS, SUGGESTIONS, AND EXERCISE OF RIGHTS

Anyone interested in obtaining further information, contributing suggestions, or submitting complaints or objections regarding the privacy policies, the manner in which the Data Controller processes personal data, as well as exercising the rights provided for by personal data protection legislation, may contact the Data Controller by writing to Sogni S.r.l., with registered office in Milan, Via Savona No. 97, email address: privacy@antonioligroup.com or by writing to the Data Protection Officer at the following address: dpo@antonioligroup.com.