This policy explains how Da Leone Italian Steakhouse handles personal information submitted through this website, including reservation requests and newsletter sign-ups.
1. Who is responsible for your data?
The data controller is Da Leone Italian Steakhouse (“Da Leone”, “we”, “us” or “our”).
P.º Marítimo Rey de España, 6329640 Fuengirola, Málaga, Spain
Email: info@daleone.com
Telephone: +34 951 44 64 42
2. Information we collect
Depending on how you use the website, we may collect:
- Reservation information: your name, phone number, email address, requested date and time, number of guests, and any optional notes you provide.
- Newsletter information: your email address and the consent recorded when you choose to receive news or offers.
- Technical and security information: IP address, request time, server logs and information needed to protect the website, prevent abuse and diagnose delivery problems.
- Communications: information you provide when contacting us by email or telephone.
Please do not include medical records, diagnoses, payment-card details or other unnecessary sensitive information in the optional reservation notes. If an accommodation requires sensitive details, contact us directly by telephone.
3. Why we use your information
| Purpose | Legal basis |
|---|---|
| Receive, manage and respond to reservation requests | Steps requested before providing restaurant services and performance of the booking arrangement |
| Send the restaurant notification and your reservation-request confirmation | Steps requested by you and our legitimate interest in reliably administering bookings |
| Send newsletters or seasonal offers | Your consent, which you may withdraw at any time |
| Secure the website, prevent abuse and maintain submission records | Our legitimate interests in service security, fraud prevention and business continuity |
| Meet accounting, tax, consumer-protection or other legal duties | Compliance with applicable legal obligations |
4. Who receives your information?
Access is limited to Da Leone staff who need the information to handle your request and service providers that support website hosting, email delivery, security and technical maintenance. These providers act under contractual and confidentiality obligations. We may also disclose information where required by law or a competent authority.
We do not sell personal information.
5. International transfers
We do not intentionally transfer reservation information outside the European Economic Area. To determine the initial website language and preselect a country calling code in the reservation form, the server may ask a technical provider only for the country code associated with an IP address. If a service provider processes information in another country, we require an appropriate legal transfer mechanism and safeguards where applicable.
6. How long we keep information
- Reservation requests and related communications are normally retained for up to 24 months after the requested visit, unless a longer period is needed for a complaint, legal claim or legal obligation.
- Records required for accounting, tax or other mandatory purposes are retained for the period required by applicable law.
- Newsletter details are retained until you withdraw consent or we stop the mailing list.
- Technical security logs are retained only as long as reasonably necessary for security and troubleshooting.
7. Your data-protection rights
Subject to the conditions in applicable law, you may request access to, correction or deletion of your personal data; restriction of or objection to processing; and data portability. Where processing relies on consent, you may withdraw that consent at any time without affecting earlier lawful processing.
To exercise a right, email info@daleone.com or write to the address above. We may need to verify your identity. You may also lodge a complaint with the Spanish Data Protection Agency (AEPD).
8. Language, browser storage and external websites
This website does not currently use non-essential cookies or third-party analytics. On a first visit and when the reservation form is opened, the server uses a country code supplied by the delivery network when available, or may look up the country associated with the IP address through ipapi.co’s country service. The result is used only to choose the initial site language and preselect the reservation form’s country calling code; you can change both selections.
Your language choice is stored in the browser’s local storage and the language prompt status in session storage. You can remove both through your browser settings. They are not used for advertising or cross-site tracking. Our hosting provider may process essential technical logs required to deliver and secure the site. Links to maps or other external websites are governed by those providers’ own privacy terms once you leave our website.
9. Security
We use reasonable technical and organisational measures designed to protect personal information. Reservation emails are sent through authenticated, encrypted SMTP and credentials are kept outside the public website directory. Every accepted reservation and newsletter form is also written to one owner-only submissions.csv file stored outside public_html. The website has no route for downloading or viewing that file; it is available only through the hosting account’s file manager or server filesystem. No online transmission or storage method is completely risk-free.
10. Updates to this policy
We may update this policy when our services, providers or legal obligations change. The current version and revision date will always appear on this page.
Book a table