Дон Вито Корлеоне New Style

Privacy policy

Last updated: 2 June 2026

This privacy policy describes how Дон Вито Корлеоне New Style processes personal data when you use the website to browse the menu, place online orders, make reservations, contact us, and use other services. It complies with Regulation (EU) 2016/679 (GDPR) and applicable Bulgarian law.

1. Data controller

The controller of your personal data is Дон Вито Корлеоне New Style, correspondence address: Ruse, Druzhba 1, Geo Milev St. 5, next to Shone shop, email: [email protected], tel.: 0895 565111 / 0896 824150.

2. Data we collect

  • Order data: name, phone, delivery address (for delivery), order note, selected products, quantities, prices, payment method, delivery zone, date and time of order.
  • Contact form data: name, email, phone (optional), message content.
  • Technical data: IP address, browser and device type, language settings, access date and time — via server logs, necessary for security and site operation.
  • Session data: cart contents, selected language (BG/EN), session identifier — stored in the browser/server session.
  • Cookie and analytics data — only with consent via Klaro (Google Tag Manager / Analytics, Facebook/Meta Pixel). See the Cookie Policy.
  • Local storage: preference to hide the “restaurant closed” notice (in browser localStorage), not sent to the server.

3. Purposes of processing

  • Accepting, processing and fulfilling food orders (delivery or pickup at the restaurant).
  • Communicating with you about the order (if needed — via the phone number you provided).
  • Responding to enquiries via the contact form.
  • Maintaining the cart and language settings during your session.
  • Ensuring site security and stability (logs, abuse prevention).
  • Statistics and site improvement — with consent for analytics cookies.
  • Advertising and effectiveness measurement — with consent for marketing cookies.
  • Syncing the lunch menu from our public Facebook page (public page content only; no processing of visitors’ personal data for this purpose).

4. Legal basis (GDPR)

  • Performance of a contract / pre-contractual steps (Art. 6(1)(b)) — for online orders.
  • Legitimate interests (Art. 6(1)(f)) — site security, abuse prevention, responding to enquiries, internal accounting and proof of orders.
  • Consent (Art. 6(1)(a)) — for non-essential cookies (analytics, marketing) and when you send a contact form message on your own initiative.
  • Legal obligation (Art. 6(1)(c)) — where the law requires retention (e.g. accounting records).

5. Retention periods

  • Orders: we keep data for as long as needed to fulfil the order, accounting and defence against claims — usually up to 5 years, unless the law requires longer.
  • Contact messages: up to 2 years after correspondence ends, unless a legal dispute arises.
  • Session and cart: until the session ends or you clear it.
  • Server logs: usually up to 90 days.
  • Analytics/marketing data: per Google/Meta settings and your choices in Klaro.

6. Recipients and processors

Data may be accessed by authorised staff of the restaurant and by providers who help us operate the site:

  • Website hosting and infrastructure.
  • Email services for contact form messages.
  • Google (Tag Manager / Analytics) — with consent.
  • Meta (Facebook Pixel) — with consent.
  • Technical support and admin panel providers (if external).

7. Transfers outside the EEA

When using Google and Meta services, data may be processed in the USA or other third countries. In such cases we rely on appropriate safeguards under the GDPR (e.g. adequacy decisions or standard contractual clauses) where the provider offers them.

8. Whether provision is mandatory

For online orders, name, phone and — for delivery — address are required. Without them we cannot accept the order. For the contact form — name, email and message. Non-essential cookies are not required to use the site.

9. Your rights

  • Right of access to your personal data.
  • Right to rectification of inaccurate data.
  • Right to erasure (“right to be forgotten”), where applicable.
  • Right to restriction of processing.
  • Right to data portability (where processing is automated and based on consent or contract).
  • Right to object to processing based on legitimate interests.
  • Right to withdraw consent at any time (without affecting lawfulness before withdrawal).
  • Right to lodge a complaint with the Bulgarian Commission for Personal Data Protection (CPDP) — www.cpdp.bg.

10. Security

We apply appropriate technical and organisational measures (HTTPS encryption, limited access, admin panel protection, form validation). No method guarantees 100% security on the internet.

11. Children

The site is not aimed at children under 16 to submit personal data on their own. We expect orders to be placed by adults or with parental consent.

12. Changes

We may update this policy. A new version will be published on this page with a new date. For material changes we may notify you via the site.

Data controller — Дон Вито Корлеоне New Style. Email for enquiries: [email protected]. Address: Ruse, Druzhba 1, Geo Milev St. 5 (next to Shone shop).