Privacy Policy


This information is provided pursuant to and for the purposes of Article 13 of EU Regulation no. 2016/679 of 27 April 2016 (hereinafter also "GDPR") on the protection of individuals with regard to the processing of personal data. Specifically, Spazio S.r.l., as Data Controller, wishes to inform you that, in implementation of the obligations arising from the GDPR, it is required to provide certain information regarding the methods and purposes of the processing of personal data, which it may come into possession of following consultation and use of the website by the user.


The Data Controller for all personal data collected and processed and used in relation to the management of the website is the company Spazio S.r.l., owner of the "Laboratorio Niko Romito" website and the Laboratorio Niko Romito Shop, with registered office in Contrada Santa Liberata snc - 67031 Castel di Sangro (AQ).





  1. a) Personal data

In the optional, explicit and voluntary use of the site they will be acquired:

a.1) Personal data: any information which, directly or indirectly, including in conjunction with any other information, including a personal identification number, makes a natural person identified or identifiable; date of birth, status and language in which you wish to receive the newsletter;

a.2) Special data: food intolerances or food preferences for religious reasons, if they are voluntarily indicated by the User when making reservations.

All content entered voluntarily by the user will be visible to the Data Controller and its employees.

The personal data of the interested party, collected and registered to access the site, will be treated in a strictly confidential manner by the Data Controller and the subjects appointed by the same, and may be used only for statistical purposes in aggregate form or in any case in such a way as to make them anonymous.

  1. b) Navigation data

In the course of normal operation, the computer systems and software procedures used to operate the site acquire certain personal data, the transmission of which is implicit in the use of Internet communication protocols.

This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment.

These data are used only to obtain anonymous statistical information on the use of the site and to check its correct functioning. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site and the Owner only upon request of the supervisory bodies in charge.

2.2 PURPOSE OFTHE PROCESSING. Your personal data are processed:

  1. A) Even without your express consent (art. 24 lett. a), b), c) Privacy Code and art. 6 lett. b), e) GDPR), for the following Service Purposes:
  • conclude contracts for services requested from the Controller via the shop;
  • to fulfil pre-contractual, contractual and fiscal obligations arising from existing relations with you;
  • to allow the use of the information request service, to fulfil the obligations provided for by the law, by a regulation, by Community legislation or by an order of the Authority (such as, by way of example but not limited to: tax purposes, anti-money laundering purposes L. 231/07 and subsequent amendments and additions);
  • exercise the rights of the Controller, such as the right of defence in court;
  1. B) Only with your specific and distinct consent (Articles 23 and 130 of the Privacy Code and Article 7 GDPR), for the following Marketing Purposes:
  • to send you newsletters, commercial communications and/or advertising material on products or services offered by the Controller and to measure the degree of satisfaction with the quality of services;
  • to send you marketing sms containing commercial communications and offers on products or services offered by the Controller and detection of the degree of satisfaction on the quality of services;
  • identification, also by means of electronic processing, of consumer behaviour and habits in order to improve the services and products offered, meet specific needs and direct commercial proposals of interest.

Please note that the personal data processed for direct marketing purposes are: name, surname, e-mail, telephone number. If the data subject has given his/her consent at the time of subscribing to the newsletter or to SMS marketing, or if he/she gives his/her consent subsequently and until such time as he/she revokes his/her consent, his/her personal data may also be processed by the Controller for direct marketing purposes, i.e. for sending e-mails of an informative, advertising and/or promotional nature, for sending SMS messages of an informative, advertising and/or promotional nature and, more generally, for sending commercial communications. This processing will be carried out using automated methods of contact, and in particular by e-mail and SMS (where consent has been given).

2.3 The Owner has the right to process the aforementioned data in aggregate form, in compliance with the measures prescribed by the EU Regulation and the Privacy Guarantor's Guidelines and by virtue of the specific exemption from consent provided by the same Authority, for electronic analysis and processing (e.g. classification of the entire class of users into categories that are homogeneous in terms of service levels, consumption, spending, etc.) aimed at periodically monitoring the development and economic performance of Spazio S.r.l.'s activities, in order to improve services and optimise online services.

2.4 The data acquired to make the payment via PayPal will be processed by PayPal (Europe) s.à.r.l. et Cie, S.C.A., 22-24-Boulevard Royal l 2449, Luxembourg. We would like to remind you that Spazio S.r.l. does not process your data necessary to make the payment but only receives the communication of the payment from the PayPal owner.


3.1 The legal basis for the processing of the above-mentioned personal data is:

- as regards point 2.1 letter a.1), Types of data processed, the need to perform the services requested by the User, and compliance with legal obligations relating to billing;

- with regard to point 2.1 letter b), Types of data processed, the need to allow navigation on the site;

- with regard to point 2.2. letter A), Purposes of the processing, compliance with legal obligations and the need to perform the services provided by the Data Controller. Therefore, the provision of data is compulsory and failure to provide such data may result in the non-performance or suspension, even interruption, of the services offered;

- as regards point 2.2 letter B), Purposes of the Processing, the legitimate interest of the Controller;

- with regard to point 2.2 letter B), Purposes of the processing, the consent given by the Customer for the direct marketing purposes indicated above. The Customer may revoke his/her consent at any time, either by connecting to the form for revoking consent at the bottom of the newsletter, or by writing to

3.2 With the exception of the technical cookies strictly necessary for normal browsing, the provision of data is left to the will of the user who decides to browse and use the website after having read the brief information contained in the specific banner and to use the services that involve the installation of cookies.

You can therefore prevent the installation of cookies by maintaining the banner (i.e. by not closing it by clicking on the "ok" button), as well as by using the appropriate functions available on your browser. We would also like to remind you that most internet browsers are initially set to accept cookies automatically. This means that you have the possibility at any time to set your browser to accept all cookies, to accept only some cookies, or to reject them by disabling their use by websites. In addition, you can usually set your browser preferences to notify you whenever a cookie is stored on your computer.

3.3 Finally, at the end of each browsing session, you can delete the cookies collected from the hard disk of your device. If you wish to delete the cookies installed in the cookie folder of your browser, please note that each browser has different procedures for managing its settings.

By selecting the links below you can obtain specific instructions for some of the major browsers.

You can also visit the website, in English, or for more information on how you can manage/delete cookies depending on the type of browser you use. To delete cookies from the Internet browser of your smartphone/tablet, please refer to the user manual of your device.

3.4 Please note that if you disable cookies, the site may not function properly.


4.1 Personal data are processed by automated and non-automated means for the purposes for which they were collected. Specific security measures are observed to prevent the loss of data, unlawful or incorrect use and unauthorised access.

4.2 The data collected, may be used on behalf of the Data Controller, by the administrators in charge of carrying out processing services and the correct performance of the site's activities. Processing related to the web services of this site may also take place at the web service provider's premises. It should be noted that personal data will be stored and controlled, also in relation to the knowledge acquired on the basis of technical progress, the nature of the data and the specific characteristics of the processing, through the adoption of appropriate and preventive security measures, both physical and logical, so as to minimise the risks of destruction or loss of data, unauthorised access, processing not allowed or not in accordance with the purposes of collection. In addition to the Data Controller, therefore, in some cases, other subjects involved in the organization of this Website (administrative, commercial, marketing, legal, system administrators) or external subjects (such as third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) also appointed, if necessary, as Data Processors by the Data Controller, may have access to the Data. The updated list of Data Processors can always be requested from the Data Controller.

4.3 The Data are processed at the Data Controller's operational headquarters and at any other place where the parties involved in the processing are located. For further information, please contact the Data Controller. The User's Personal Data may be transferred to a country other than the one where the User is located.

The User is entitled to obtain information on the legal basis for the transfer of Data outside the European Union or to an international organisation under public international law or formed by two or more countries, such as the UN, as well as on the security measures taken by the Data Controller to protect the Data.

The data will be stored on a physical server located on Italian territory. Data processing shall be carried out by the Data Controller and by the persons expressly authorised by the Data Controller.


5.1 The processing of your personal data is carried out by means of the operations indicated in Article 4 of the Privacy Code and Article 4 no. 2) GDPR.

5.2 The data necessary for the provision of the service shall be stored by the Controller for the time necessary to provide the requested services or until the service is exhausted by the Controller.

5.3 The Data Controller may retain your personal information after the services have been provided if such retention is reasonably necessary to comply with legal obligations, meet regulatory requirements, resolve disputes between users, prevent fraud and abuse or enforce this privacy policy.

5.4 The navigation data will be stored for the technical time necessary to perform the functions for which they were collected and in any case for a maximum period of 6 months.

5.5 The Data Controller shall therefore process the personal data for the time necessary to fulfil the above purposes and in any case for no longer than 10 years from the termination of the relationship for the Service Purposes and for no longer than 2 years from the collection of the data for the Marketing Purposes and with reference to the newsletter service (as per Provision of the Garante of 24 February 2005), without prejudice to the possibility of the Data Subject to cancel his/her data at any time, with the notice that, in any case, upon the relevant expiry date, such data will be automatically deleted or permanently and non-reversibly anonymised.


6.1 In order to make its services as efficient and easy to use as possible, this Site makes use of cookies. Therefore, when you visit the Site, a minimal amount of information is placed on your device, as small text files called "cookies", which are saved in the directory of your web browser. There are different types of cookies, but essentially the main purpose of a cookie is to make the Site work more efficiently and to enable certain features of the Site.

6.2 Cookies are used to improve the User's overall navigation. In particular:

They allow you to navigate efficiently from one page of the website to another.

They store the user name and preferences entered.

They allow you to avoid entering the same information (such as username and password) several times during a visit.

They measure Users' use of services in order to optimise the browsing experience and the services themselves.

They present targeted advertising information according to the interests and behaviour expressed by the User while browsing.

There are different types of cookies. Below are the types of cookies that may be used on the Site with a description of the purpose of their use.

6.3 Our site uses the following types of cookies:

Technical cookies

Cookies of this type are necessary for certain areas of the site to function properly. Cookies in this category include both persistent cookies and session cookies. Without these cookies, the site or portions of the site may not function properly. Therefore, they are always used, regardless of user preference. Cookies in this category are always sent from our domain.

Analytical cookies

Cookies of this type are used to collect information on the use of the site. The Owner uses this information for statistical analysis, to improve the site and simplify its use, as well as to monitor its correct functioning. This type of cookie collects information in an anonymous form on users' activity on the site and on how they arrived at the site and the pages they visited. Cookies in this category are sent from the Site itself or from third party domains.

Third Party Cookies

These cookies will only be installed if the site owner enables the relevant functionalities provided by the platform. In particular:

Google Analytics: Google Analytics is a web analysis service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), for the purpose of browsing history, counting visits, and statistics. The information and privacy notes relating to the operation and consent to the use of Google cookies are available at the following links:

Information on 'How Google uses data when you use our partners' websites or applications ':

Google Analytics cookie policy:

How to refuse Google Analitycs cookies: download and install the browser plug-in available at the following link:

Information and general notes on Google services:

This cookie is only activated with the express consent of the person concerned.

Cookies to integrate third-party software products and functions

This type of cookie integrates functionalities developed by third parties within the pages of the Site such as icons and preferences expressed in social networks in order to share the content of the site or for the use of third party software services (such as software to generate maps and other software offering additional services). These cookies are sent from third party domains and partner sites that offer their functionality between the pages of the Site.

The website uses the following external services: ('Google Maps')

Google Maps

Google Maps is a service for displaying maps and directions provided by Google, Inc. ("Google"). For more information see Google, privacy and terms.


7.1 The personal data provided will not be disseminated or disclosed to unspecified persons.

7.2 On the other hand, the data may be communicated to well-defined parties only by the Data Controller for the purposes indicated, in particular:

  1. a) E-commerce platform;
  2. b) Data processors and persons in charge of processing (the list of the former may be made available only to the persons concerned who make an explicit request);
  3. c) To legal, tax and business consultants, for the best management of tax and invoicing profiles, who shall remain, in any case, independent data controllers, unless they are expressly appointed external data controllers.

7.3 Without the need for express consent(ex art. 24 lett. a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR), the Controller may communicate your data for the purposes of art. 2. A) to Supervisory Bodies, Judicial Authorities, as well as to all those subjects to whom communication is compulsory by law for the fulfilment of the aforementioned purposes. These subjects will process the data in their capacity as autonomous data controllers.

7.4 Your personal data may also be communicated for the same purposes to other companies in the Niko Romito Group of which Spazio S.r.l. - Laboratorio Niko Romito is part (parent, subsidiary or associated companies, even indirectly), as well as to third party suppliers of IT or storage services.

7.5 The list of companies to which your data may be communicated for the same purposes and the list of persons appointed as external data processors is available at the following references and may be requested from Spazio S.r.l. at the address

7.6 Your data will not be disclosed. Your data will not be transferred either to member states of the European Union or to third countries outside the European Union.


8.1 The provision of data for the purposes of art. 2.2 A) is mandatory. In the absence of such data, we will not be able to provide you with the Services of art. 2.A).

8.2 The provision of data for the purposes of art. 2.2 B) is instead optional. You may therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive newsletters, commercial communications and advertising material relating to the Services offered by the Owner. You will, however, continue to be entitled to the Services referred to in art. 2.2 A).


9.1 In your capacity as data subject, and art. 13 GDPR and precisely the rights:

- access, rectification, cancellation, restriction and opposition to data processing;

- to obtain without hindrance from the data controller the data in a structured, commonly used and machine-readable format for transmission to another data controller;

- to withdraw consent to the processing, without prejudice to the lawfulness of the processing based on the consent acquired before the withdrawal.

9.2 In this regard, please note that the deadline for replying to the person concerned is, for all rights, one month from receipt of the request, extendable up to three months in cases of particular complexity.

9.3 The foregoing rights may be exercised by written communication to be sent by email to the address: or by registered letter with return receipt to the address: Spazio S.r.l., Contrada Santa Liberata snc, Castel di Sangro (AQ) - 67031.


10.1 The data subject has the right to lodge a complaint with the Data Protection Authority.

10.2 The complaint is the tool that allows the data subject to address the Guarantor to complain about a violation of the rules on the protection of personal data pursuant to Article 77 of the GDPR and to request an investigation by the Authority.

10.3 The complaint may be lodged by the Data Subject with the Supervisory Authority of the place where he/she resides, or in the place where he/she works or in the place where the alleged breach occurred.

10.4 The Data Subject shall also have the right to take legal action before the ordinary courts if he/she considers that his/her rights have been infringed as a result of processing.

This privacy policy may need to be updated from time to time, e.g. due to the implementation of new technologies or the processing of data for purposes other than those indicated. The Controller therefore reserves the right to amend or supplement this privacy policy at any time. In this case, it will be the responsibility of the Controller to publish the changes and to inform the Data Subject by means of a notice on this website.