pursuant to Art. 13 of EU Regulation no. 679/2016.
WHAT PERSONAL DATA CAN BE PROCESSED
The following types of User data (hereinafter also referred to jointly as “personal data”) may be processed through the Site.
A) Browsing data and cookies
The computer systems and software processes used to operate the Site acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified individuals, but by their very nature could, through processing and association with data held by third parties, allow Users to be identified. This category of data includes the IP addresses of the computers used by Users who connect to the Website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system in use. This data is only used to obtain anonymous statistical information on the use of the Website and to check its correct functioning and is deleted immediately after processing. The data could be used to ascertain responsibility in the event of any computer crimes against the Site.
B) Personal data voluntarily provided by the User
The Company processes certain personal data that may be voluntarily provided by Users, including through specific forms:
- for the request of information by filling out the “Info & Bookings” form on the Site (name, surname, country, city, e-mail address – required fields – telephone number, mobile phone number, message and I am interested in – optional fields);
- for subscription to the newsletter (email address – required field);
or personal data that can be sent to the Company by e-mail or in any other way using the contact details given on the Site.
PURPOSES FOR WHICH PERSONAL DATA CAN BE USED
A) Execution of a contract or pre-contractual measures related to the User’s request for information sent by filling out the “Info & Bookings” form on the Site.
The Company may process the User’s personal data in order to execute a contract or pre-contractual measures, to manage and respond to requests for information submitted by filling out the “Info & Bookings” form on the Site.
Prerequisite for processing: fulfilment of a contractual obligation or execution of pre-contractual measures. The provision of personal data is compulsory; failing this, the Company will not be able to respond to the User’s requests or execute the contract or the contractual measures adopted at the User’s request.
B) Sending Marketing communications.
The Company may process the User’s contact data for marketing purposes in order to provide information on promotional initiatives related to products and events through automated contact methods (i.e. e-mail).
Prerequisite for processing: the User’s consent, which can be withdrawn at any time using the contact details below. Failure to give consent shall not lead to any consequences other than preventing the User from receiving promotional communications.
C) Purposes connected with the obligations provided for by laws, regulations or Community legislation, by provisions/requirements of authorities empowered by law and/or by supervisory and control bodies.
The Company may process the User’s personal data in order to fulfil its obligations.
Prerequisite for processing: fulfilment of a legal obligation. Provision of personal data for this purpose is compulsory because if it is not provided the Company will be unable to fulfil specific legal obligations.
D) Defence of rights during judicial, administrative or extrajudicial proceedings and in disputes arising in connection with offered services/activities.
The Company may process personal data to defend its rights or take action or even make claims against the User or third parties.
Prerequisite for processing: the Company’s legitimate interest in protecting its rights. In this case, a new and specific provision is not required, since the Company will pursue this further purpose, if necessary, by processing the data collected for the above-mentioned purposes, which are considered compatible with the present purpose (also because of the context in which the data were collected, the nature of the data and the appropriate guarantees for their processing, as well as the link between the above-mentioned purposes and this further purpose).
HOW AND WHERE WE KEEP PERSONAL DATA SECURE
The Company takes appropriate security measures to ensure the protection, security, integrity and accessibility of Users’ personal data. Appropriate security measures are in place to prevent unauthorized access, disclosure, modification or destruction of personal data.
All personal data are retained on the Company’s secure computer devices (or appropriately stored hard copies) or those of our suppliers, and can be accessed and used in accordance with our standards and security policies (or equivalent standards for our suppliers).
The Company hereby informs you that your personal data will be processed, for the purposes set out in this Policy, exclusively within the countries belonging to the European Union (EU) or the European Economic Area (EEA) or with entities in Third Countries that have provided adequate guarantees in a residual and limited manner.
HOW LONG WE RETAIN PERSONAL DATA
We retain personal data only for the time necessary to attain the purposes for which they were collected or for any other legitimate connected purpose. Therefore, if personal data is processed for two different purposes, we will retain that data until the purpose with the longer term ends. However, we will no longer process personal data for the purpose for which the retention period has expired.
Personal data provided by you that are no longer necessary, or for which there is no longer a legal precondition for the respective retention, are made irreversibly anonymous (and may be retained in this form) or securely destroyed.
Browsing data are not retained by the website unless required by the judicial authorities to ascertain whether a crime has been committed.
Data processed to fulfil any contractual obligation may be retained for the entire duration of the contract and in any case no longer than 10 years, in accordance with the statute of limitations provided by law.
Data processed for marketing purposes may be retained for 24 months from the date we receive your most recent consent for this purpose.
If it is necessary to process data for legal purposes, it will be retained for as long as any claims may be pursued by law.
WHO CAN ACCESS PERSONAL DATA
Users’ personal data may be accessed by the Company’s duly authorized employees, as well as by any external suppliers (including consultants), appointed, if necessary, as data processors.
You may contact the Company using the contact details provided in the “Contacts” section if you wish to request to see the list of data processors and other parties to whom data is disclosed.
PERSONAL DATA PROTECTION RIGHTS
Every User has the right to obtain from the Company, subject to the existence of the legal prerequisite underlying the request:
- access to and rectification of personal data concerning him/her;
- erasure of their personal data;
- rectification of personal data held by the Company concerning Users;
- withdrawal of consent in cases where the processing is based on consent
- limitation of the processing of personal data concerning Users;
- copying of personal data provided by Users to the Company in a structured, commonly used and machine-readable format (portability) and the transmission of this personal data to another data controller.
Right to object: Users have the right to object, wholly or partially, to the use of personal data processed by the Company, if the conditions provided for by the legislation on the protection of personal data exist, for example in the case where personal data is processed for direct marketing purposes.
Should the User exercise any of the aforementioned rights, the Company will be responsible for verifying that the User is entitled to exercise such rights and will normally reply within one month.
Should the User consider that the processing of his/her personal data violates the provisions of the applicable legislation on the protection of personal data, he/she has the right to complain to the Guarantor for the protection of personal data, using the references available on https://www.garanteprivacy.it/, or to take appropriate legal action.
The Company’s contact information for questions and for the exercise of rights regarding the processing of personal data is as follows: PEC firstname.lastname@example.org.
For more information regarding our services please write to the following e-mail address email@example.com.
Last updated: May 2021