privacy policy

This page describes how personal data belonging to users who visit the site are processed. This privacy statement is also provided pursuant to Article 13 of Regulation (EU) 2016/679 applicable as of 25 May 2018 – General Data Protection Regulation (hereinafter referred to as GDPR) to those who interact with the web services of restaurant Mamì in Milan, which may be viewed electronically at the address managed by Sol Meliá Italia S.r.l.

This statement is provided only for the website and not for other websites that may be visited by the user through links for which Sol Meliá Italia S.r.l. is not responsible.


Pursuant to Article 4, point 7, GDPR 2016/679, the Data Controller in reference to the management of Mamì’s catering services is the company Sol Meliá Italia S.r.l., with registered office at Via Masaccio 19 – 20149 Milan, Italy.


Pursuant to Article 28 of GDPR 2016/679, the Data Processor responsible for the website hosting and assistance service is the company XDEERS Sagl at Via Marcetto 6 Novazzano – 6883 Switzerland.

Pursuant to Article 28 of GDPR 2016/679, the Data Processor responsible for bookings of the restaurant Mamì through the website is the company E-Group S.r.l. of Padua, which uses the booking platform Prenota-Web.


Pursuant to Article 37 of GDPR 2016/679, Sol Meliá Italia S.r.l. officially appointed a Data Protection Officer (hereinafter referred to as DPO), whose contact details are:

The DPO is available to data subjects for any information concerning the processing of their personal data and exercise of their rights.


The data in connection with this site’s web services are processed at the address of Hotel Meliá Milan and at the external data processors’ premises and are only handled by technical staff of the office in charge of the processing. No data deriving from the web service will be disclosed or disseminated. Any personal data provided by users who submit requests to send information materials will only be used to provide the service or benefit requested and will only be disclosed to third parties if this is necessary for such purpose.


Navigation data

IT systems and software procedures used for the purposes of this website during normal operations will acquire personal data whose transmission is required for the use of Internet communication protocols. Such information is not collected in order to be associated with identified data subjects, but by their very nature they could, through processing and association with data held by third parties, make it possible to identify users. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code stating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and to the user’s IT environment. These data are only used for the purpose of obtaining anonymous statistical information on the use of the site and to check its correct operation and are immediately deleted after processing. Such data could be used to ascertain responsibilities in the event of possible computer crimes against the site: except for this possibility, at present the data on web contacts will not be retained for more than thirty days.

Data provided optionally by users

Filling in the booking form optionally involves the subsequent processing of the personal data being provided in order to ensure the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.

The company has adopted specific measures to ensure that data processing is preceded by an optional action of the user to the effect that he/she has read this privacy statement.


Please refer to the Cookie Policy available HERE


Personal data are processed with automated tools for the time necessary to achieve the purposes for which such data were collected. Specific security measures will be observed to prevent data loss, unlawful or incorrect use and unauthorized access.


In compliance with Article 8 of GDPR 2016/679, this website’s services are not intended for children under 16. We do not knowingly collect personal data from minors.

However, if required, consent to the processing of personal data will be expressed legitimately by a minor directly only when he/she is 16 years of age or older. In other cases, Sol Meliá Italia S.r.l. requires consent to the processing to be given or authorized by the holder of parental responsibility over the minor.

If we become aware that a minor’s personal data have been collected by us, we will immediately delete them, unless required by law to retain such data.

Users are kindly requested to contact us if they believe that the Data Controller has erroneously or involuntarily collected information concerning a minor.


The personal data that users provide through the website in question will be processed by Sol Meliá Italia S.r.l. for the following purposes:

  1. a) to make restaurant bookings. The legal basis of the processing is Article 6, par. 1, sub-par. b), GDPR 2016/679, i.e. processing is necessary in order to take steps prior to entering into a contract to which the data subject is a party. Consent not necessary;
  2. b) to register for restaurant Mamì’s newsletter and receive regular promotional and commercial communications. The legal basis of the processing is Article 6, par. 1, sub-par. a), GDPR 2016/679, i.e. the processing requires the express Consent of the data subject;
  3. c) purposes of statistical research and analysis on anonymous aggregate data, aimed at measuring the operation of the Site, measuring traffic and evaluating usability and interest in making it more functional and performing; Consent not necessary as no personal data are processed;
  4. d) purposes related to compliance with laws and regulations. The legal basis is Article 6, par. 1, sub-par. c), GDPR 2016/679, i.e. processing is necessary for compliance with a legal obligation to which the data controller is subject. Consent not required;
  5. e) purposes necessary to ascertain, exercise or defend a right in court or whenever the judicial authorities perform their judicial functions. The legal basis is Article 6, par. 1, sub-par. f), GDPR 2016/679, i.e. processing is necessary for the pursuit of the data controller’s legitimate interest. With regard to any possible processing, for the same purposes, of data referred to in the special categories listed in Article 9, par. 1, GDPR, the legal condition to be met can be found in par. 2, sub-par. f) of the same article: “processing is necessary for the establishment, exercise or defence of legal claims”. Consent not required.

The Data Controller undertakes to restrict the area of dissemination and processing of personal data (e.g. storage, archiving, retention of data on its servers) to countries belonging to the European Union, with the express prohibition of sending data to non-EU countries that do not guarantee (or lack) an adequate protection level, or, in the absence of protection tools provided for by Regulation (EU) 2016/679 – CHAPTER V (adequacy decision, Standard Contractual Clauses or express consent by the data subject with the prior adequate specification and description of risks associated with disclosure).


Sol Meliá Italia S.r.l. will process your personal data for the time strictly necessary to achieve the purposes stated herein.

By way of example without limitation, Sol Meliá Italia S.r.l. will process personal data for the newsletter service until you decide to unsubscribe from the service with a simple click in the email you have received (specifically, the unsubscribe link).

Without prejudice to the above, Sol Meliá Italia S.r.l. will process your personal data for the time permitted by Italian law to protect its interests (Article 2947 (1) (3) of the Italian Civil Code).

More information regarding the personal data retention period and criteria used to calculate such period can be requested in writing from the DPO.


The Data Controller will not process any personal data acquired in the forms filled out on this website by automated means, including profiling.

With regard to any profiling activities carried out through cookies, please refer to the related Cookie Policy.


The subjects to whom the personal data refer will have the right at any time to obtain confirmation of the existence or otherwise of such data and to learn about the content and origin thereof, verify their accuracy or request them to be supplemented or updated, or rectified (Chapter III, GDPR 2016/679). Under the same article, data subjects will have the right to request the deletion, anonymization or blocking of any data processed in violation of the law and in any case to object, for legitimate reasons, to their processing. Requests should be addressed to Sol Meliá Italia S.r.l. for the attention of the Data Protection Officer.

Users may freely exercise the rights referred to in Articles 15 and following of GDPR 2016/679, which are listed in full hereunder, namely:

  • withdraw consent at any time. Users may withdraw their previously expressed consent to the processing of their personal data;
  • object to the processing of their data. Users may object to the processing of their data when this occurs on a legal basis other than consent;
  • gain access to their data. Users have the right to obtain information on the data processed by the Data Controller, on certain aspects of the processing and to receive a copy of the processed data;
  • verify and request rectification. Users may verify the correctness of their data and request their updating or correction;
  • obtain the restriction of the processing. When certain conditions are met, users may request the processing of their data to be restricted. In this case the Data Controller will not process the data for any other purpose than their retention;
  • obtain the deletion or removal of their personal data. When certain conditions are met, users may request the Data Controller to delete their data;
  • receive their data or have them transferred to another data controller. Users have the right to receive their data in a structured, commonly used and machine-readable format and, where technically feasible, to obtain the transmission thereof to another data controller without hindrance. This rule is applicable when data are processed by automated tools and the processing thereof is based on the user’s consent, on a contract to which the user is a party or on contractual clauses connected thereto;
  • object to the processing as a result of a decision based solely on automated processing, including profiling, which may produce legal effects concerning them or significantly affect their person in a similar way.

Requests should be sent to the e-mail address:


Data subjects who believe that their personal data have been processed on this site in violation of the provisions of the Regulation will have the right to lodge a complaint with the Italian Privacy Authority, as set forth in Article 77 of the Regulation itself, or to take the appropriate judicial remedy (Article 79 of the Regulation).


This privacy statement was updated on 3-12-2021 and may be subject to future reviews.