In compliance with the obligations deriving from national legislation (Legislative Decree 30 June 2003 No. 196, Code for the protection of personal data) and UE Law (European regulation for the protection of personal data No. 679/2016, GDPR) and subsequent changes, the Organization (Data Controller), informs what follows:
PERSONAL DATA SOURCES AND CATEGORIES
Personal data held by the Organization are collected from interested users. With the use or consultation of this site visitors and users explicitly approve this privacy statement and consent to the procession o their personal data in relation to the method and purpose described below, including any disclosure to third parties if necessary for the provision of a service. This website doesn’t collect sensible data (racial or ethnic origin, religious ideas, politic opinions, etc.).
Like all website, this site also makes use of log files in which information collected in an automated manner in kept during user visits; this information is not collected to be associated to identified users, but, for its own nature, could be identify users through processing and association with data owned by third parties. Information collected can include the IP addresses or domain names of the computers utilized by the users who connect to this website, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.) and other parameters about the device operating system and/or the User’s IT environment. The above information is processed in an automated form and collected in an exclusively aggregated form in order to verify the correct functioning of the site, and it is deleted after being processed. For security purposes the automatically recorded data may possibly include personal data such as IP address, which could be used, in accordance with applicable laws, in order to block attempts at damage to the site itself or to cause damage to other users, or in any case harmful activities or constituting a crime.
Sensible data about users’ habit or purchases choices are not directly collected. However, this data may be collected by independent subjects through links (third parties elements folded in). Read about the Third Parties Cookies section.
Session cookies are essential in order to distinguished between connected users, and are useful to avoid that a required feature can be provide to the wrong users, as well for security purpose to prevent cyber attacks on the site. Session cookies don’t contain personal data and last only for the current session, ie until the browser is closed. No consent is required for them. The cookies used by the site are strictly necessary for the use of it and limited to session identifiers transmission (constituted by casual numbers generated by the server) necessary to permit a safe and effective site navigation and avoid using other processing technologies that may potentially affect the confidentiality of the users’ surfing activities and do not permit the acquisition of personal data that may identify the users. Then this website uses analytics cookies that help to understand how users react to site contents, collecting information (geographical and web origin, technology, language, entry, visited and exit page, dwell time, etc.) and generating site usage statistics without identifying single users. Consent is not required for technique cookies, so opt-out system is applied. Technique cookies are not communicated to third parties.
THIRD PARTIES COOKIES
This web site folds in third parties’ cookies and other elements (tag, pixel, etc.) on which the Owner has no control or responsibility; as a consequence, the information on the use of these cookies and their purposes, as well as on how to disabled them, are provided directly by the third parties on the pages indicated below:
• Google Analytics
• Google (widget)
• Facebook (widget)
DATA VOLUNTARILY PROVIDED BY THE USER
NEWSLETTER AND MAILING LIST
PURPOSE AND LEGAL BASIS OF PROCESSING
Personal data are used to (rif. artt. 6(b) of GDPR): a) Allow site navigation b) Accomplish requested service or performance normally executed by the present Organization (cod. ateco 79.11 travel agencies activities). Additionally, personal data may be processed
c) For purposes related to a task that is carried out in the public interest or in the exercise of official authority vested in the Owner, and for compliance with a legal obligation to which the Owner is subject (rif. Art. 6(c) e 9(b,g,h) of GDPR); d) for check, a right exercise or defence in present organization legal branch; e) for direct marketing purposes according to Owner legitimate interest; for cookies, the advertising id used to show advertises; for mail addresses to newsletter shipping; for navigation and usage log to protect the service and site from cyber-attacks; in those cases, the user can deny his/her consent so the Owner will abstain from processing (rif. Art. 6(f) of GDPR); f) for purposes functional to activities the user can give his consent, as joining the newsletter to receive information and promotional messages and services and products selling, satisfaction degree detection, data communication to third parties to receive information and promotional notices and marketing (GDPR art.(a)).
CONSEQUENCES TO DATA BESTOWAL REFUSE
Bestowal of data collected from the user is optional but necessary to processing them for purposes listed in a) and b). If users do not communicate their essential data and don’t permit processing, it won’t be possible to provide services and to fulfil contract requirements taken, with a resulting prejudicial for a correct fulfilment of requirements, such as accounting, financial or administrative ones, etc.
MODE OF DATA PROCESSING
Processing connected with this web site services are treated with automated tools for the time strictly necessary to carry out the activities specified; they take place by the server in Italy or EU and are treated by persons in charge of processing, or persons in charge of maintenance and administration operations. Appropriate security measures are set to prevent unauthorized access, disclosure, modification, or unauthorized use or destruction of the data (anti-intrusion devices, firewall, log and disaster recovery). For data processing is intended data collection, registration, organization, preservation, elaboration, modification, cancellation, and destruction or two or more of these operations combined. The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated, in a safety and privacy granted manner. Personal data will be process according to modalities indicated in art. 5 Reg.to EU 2016/679, which also establishes that data should be treated in a licit way and with decency, they should be collected and registered for determined, explicit, legitimate purpose and, if necessary, they should be up-to-date, relevant, complete and not exceeded to the processing purpose, respectful of fundamental rights and of user dignity, paying specific attention to privacy and personal identity, through protection and security measures.
Personal data shall be processed and stored for as long as required by the purpose they have been collected for. Data (just the essential one) are communicated to
• persons in charge of processing, inside and outside the organization, involved with the specific operations (site administration, navigation, traffic or sensible data analysis, mails and forms managing, sales, etc.)
• in cases and to subjects established by the law.
CATEGORIES OF ADDRESSEE
In any case the data collected from the site will never be provided to third parties, for any reason, unless is it a legitimate request by the judicial authority and only in the cases provided by law. Except for cookies and third parties’ cookies and elements (as indicated above), without a previous user consent to communications to third parties, just services that don’t provide for such communications will be executed. If necessary, specific consent will be requested to users and the subjects who will receive that data will use them as anonymous owner.
Pursuant to European Regulation 679/2016 (GDPR) and national regulations, the user can, in accordance with the procedures and within the limits established by current legislation, exercise his/her rights (access, amendment, cancellation, limitation, portability, objection, blocking of data processed in violation of the law) (art. 15-22 GDPR); the right to lodge a complaint with the Supervisory Authority (https://www.garanteprivacy.it/); in cases of consent-based processing, the right to revoke that consent, considering that that revocation doesn’t compromise the processing legality based on consent prior the revocation.
Almost every browser permit to manage and don’t activate cookies, according to users’ preferences. Some browser let users set up rules to manage cookies site by site, to have a bigger control on privacy; another feature is the incognito browse mode, in order to delete all cookies after closing.
Instruction for disabling cookies can be found on the following web pages:
• Internet Explorer
DATA CONTROLLER AND CONTACTS
Data controller is Soluzioni Turistiche Integrate S.r.l., Piazza Teresa Noce 17 D, cap. 10155, Torino, Italy.
Telephone number +39 011 19214791; mail address firstname.lastname@example.org.
A complete list of data manager in available if requested.