Privacy Policy

Last updated: 2 April 2026

1. Data Controller

Il-Panzier Restaurant
39, Charity Street, Victoria, Gozo, Malta — VCT 1207
Email: [email protected]
Phone: +356 2155 9979

2. Data We Collect

Table reservations

When you make a booking we collect: first and last name, email address, phone number, date and time of visit, number of guests, country of origin, and any special requests or dietary requirements you provide.

Newsletter

When you subscribe to our newsletter we collect your email address and, optionally, your name.

Contact form

When you contact us we collect: name, email address, phone number (optional), subject, and message.

Automatically collected data

Our server logs may record your IP address, browser type, and pages visited. We use essential session cookies necessary for the website to function.

3. How We Use Your Data

  • Bookings — to confirm, manage, and fulfil your reservation, and to communicate any changes (legal basis: contract performance, Art. 6(1)(b) GDPR).
  • Newsletter — to send you news and special offers (legal basis: consent, Art. 6(1)(a) GDPR). You can unsubscribe at any time via the link in any email.
  • Contact enquiries — to respond to your message (legal basis: legitimate interest, Art. 6(1)(f) GDPR).
  • Operational improvements — anonymised, aggregated analytics to improve our service.

4. Cookies

We use only essential cookies required to keep the site secure and functional (session management, CSRF protection). We do not use advertising or tracking cookies.

  • Session cookie — keeps you logged in during a visit.
  • CSRF token — protects forms from cross-site request forgery.
  • Cookie consent — remembers your cookie preference (stored locally in your browser, not on our servers).

5. Data Sharing

We do not sell or rent your personal data. We may share data with:

  • Email service provider — to deliver booking confirmations and newsletters.
  • Hosting provider — for website infrastructure.
  • Google Calendar — booking details are synced to our internal calendar.

All processors are contractually bound to handle data in accordance with GDPR.

6. Data Retention

Booking data is retained for up to 3 years for operational and legal purposes. Newsletter subscriptions are kept until you unsubscribe. Contact form messages are deleted after 12 months unless an ongoing relationship exists.

7. Your Rights

Under GDPR you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate data.
  • Request erasure ("right to be forgotten").
  • Restrict or object to processing.
  • Data portability.
  • Withdraw consent at any time (without affecting prior processing).
  • Lodge a complaint with the Information and Data Protection Commissioner (Malta).

To exercise any right, contact us at [email protected]. We will respond within 30 days.

8. Security

We implement appropriate technical and organisational measures to protect your data, including encrypted connections (HTTPS), access controls, and regular security reviews.

9. Changes to This Policy

We may update this policy from time to time. The date at the top of this page shows when it was last revised. Continued use of our website after changes constitutes acceptance of the updated policy.

10. Contact

For any privacy-related enquiries: [email protected]

← Back to Home