EU Regulation 2016/679 governs the protection of natural persons and other subjects in regard to the processing of personal data. Under the above-mentioned regulation, the processing of your personal data will be based on principles of fairness, legality and transparency, and on the protection of your confidentiality and rights.
TURISMO85 SRL with registered offices at Via Nazionale, 8/C- 33042 - Buttrio (UD) Tax Number and VAT registration number 01358730305 (hereinafter, “Data Controller"), in its capacity as data controller, provides you with the following information as per Art. 13 of the GDPR.
1. Data Protection Officer
The Data Controller has appointed a Data Protection Officer who can be contacted at firstname.lastname@example.org
2. Data Processor
In carrying out its activities, the Data Controller makes use of certain services rendered by Danieli & C. Officine Meccaniche S.P.A. in its capacity as Data Processor, whose headquarters are located at: Via Nazionale 41 - 33042 Buttrio (UD)
3. Processed Data
The Data Controller will process the personal identification data provided by you as a natural person or legal entity (such as first name, surname, company name, address, telephone, e-mail, bank and payment information) and hereinafter referred to as “personal data”, at the time of stipulating service contracts or estimates or requesting the purchase of tourist services.
4. Purposes of Data Processing
The transfer of your personal data is optional; however, if the data required for the purposes set forth in items I) and XI) (contractual and legal purposes) is missing, the requested service cannot be carried out either in part or in whole and cannot benefit from the opportunities mentioned below:
• I. planning of a tourist package or enabling the purchase of the associated tourist services;
• II. intermediation in the purchase of a tourist package put together by a third party or of individual tourist services provided by other suppliers (i.e. hoteliers; carriers);
• III. intermediation in the purchase of financial/insurance services in addition and related to tourist packages/services facilitated or purchased individually (medical-baggage insurance; cancellation and travel insurance);
• IV. issuing visas;
•V. issuing ESTA visas;
•VI. registering on our website;
• VII. fulfilling precontractual, contractual and fiscal obligations deriving from existing work relationships with you;
• VIII. entering master files in the company’s databases;
• IX. accounting and invoicing;
• X. fulfilling the obligations required by law, a regulation, community legislation or by order of the Authority (such as anti-money laundering);
• XI. exercising the rights of the Data Controller such as the right to defense in a court of law.
4.bis Additional Purposes
Processing for marketing purposes can only occur with your explicit consent, i.e.:
• SMS, e-mail, mail and/or telephone contacts, newsletters, commercial communication and/or advertising material concerning products or services offered by the Data Controller, and indicating the degree of satisfaction regarding the quality of the services;
Please note that if you are already our client, we may send you commercial communications concerning services and products of the Data Controller that are similar to those you have already used, unless you do not consent. Consent for the purposes set forth in items 4 and 4bis can be revoked by you at any time. If it is not revoked, the data retention period will be ten (10) years.
5. Processing of Special Categories of Personal Data
In reference to the contract entered into with you, specific services or particular conditions of these services (i.e. travellers who are disabled or who are on special diets, specific accommodation requests or particular conditions of transportation and/or catering services, as well as any other additional or ancillary service that may be requested) may entail the acquisition and processing of special category data. These are “data that could reveal racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership in parties, unions, associations or organizations of a religious, philosophical or political or union-related nature, as well as personal data that could reveal the health condition, sex life or sexual orientation of a natural person”.Data processing is voluntary and subject to the receipt of a specific written consent form. Without this consent, T85 cannot provide the requested service. Therefore, should you require specific services that could entail the acquisition and processing of special category data by T85, we ask that you contact our booking staff to fulfill the necessary formalities.
6. How your Data are Processed
Your personal data are processed through the operations described in Art. 4, n.2) of the GDPR: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data. Your personal data provided on paper, by telephone or by electronic and/or automated means can be processed. The Data Controller will process your personal data for the time needed to fulfill the afore-mentioned purposes, and will retain these data for a period not to exceed the period of limitation established by law to protect the data controller’s rights in the event of any disputes connected with the rendering of the services and/or for fiscal reasons (10 years). At the end of the retention period mentioned above, the data will be destroyed, cancelled or made anonymous, in accordance with the technical erasure or back-up procedures.
7. Access to Data
Your data may be made accessible for the purposes stated in Art.4 and 4bis):
• to employees and collaborators of the Data Controller or of Turismo85 srl, in their capacity as internal processing officers and/or data processors and/or system administrators;
• to other companies or subjects (including but not limited to credit institutions, professional firms, consultants, insurance companies, airlines, shipping and rental companies, etc.) which outsource their services on behalf of the Data Controller in their capacity as external data processors.
8. Disclosure and Dissemination of Data
Without requiring explicit consent as per Art. 6 lett.b) and c) of the GDPR), the Data Controller may, for the purposes set forth in Article 2, disclose your data to Supervisory Committees (such as IVASS), judicial authorities, insurance companies for the rendering of insurance services and to those subjects to whom disclosure is required by law for the performance of the mentioned purposes. These subjects will process the data in their capacity as independent data controllers. Your data will not be disseminated.
9. Transfer of data outside the European Union
Your personal data may be transferred abroad to third companies that may or may not belong to the European Union, for the same purposes mentioned above. If your data is transferred to countries outside the European Union, these countries will guarantee a suitable level of protection based on a specific decision of the European Commission, or as an alternative, the recipient will be contractually required to provide a suitable level of data protection that is comparable to that of the GDPR.
10. Rights of the Data SubjectAs a Data Subject, you have the rights set out in Articles 15-22 of the GDPR, namely the right to:
I. obtain confirmation of the existence or non-existence of personal data that concern you, even if they have not yet been recorded, and their disclosure in a comprehensible manner;II. obtain indication of:
a) the source of the personal data;
b) the purposes and manner of processing;
c) the logic applied in the case of processing with the aid of electronic tools;
d) the identification details of the data controller, processors and designated representative pursuant to Article 3, paragraph 1, GDPR; e) the subjects or categories of subjects to whom the personal data can be disclosed or who may become aware of the data in their capacity as designated representative within the State, or as data processors or officers;
III. obtain: a) an update, correction or if there is interest, the integration of the data; b) the erasure, anonymous transformation or blocking of data processed in violation of the law, including data that do not need to be stored for the purposes for which they were collected or subsequently processed; c) a declaration that the operations in items a) and b) and their content were brought to the attention of those to whom the data were disclosed or disseminated, except in cases where this is impossible to fulfill or entails the use of means that are patently disproportionate to the protected right;
IV. object in whole or in part to: a) the processing, for legitimate reasons, of personal data that concern you, even if they are pertinent to the purpose for which they were collected; b) the processing of personal data that concern you for the purpose of sending you advertising or sales material or to carry out market research or commercial communication through the use of operator-less automated call systems, by e-mail and/or traditional marketing methods, by telephone and/or paper mail. Please note that, as explained in point b) above, the data subject’s right to object to direct marketing purposes using automated systems is also extended to traditional systems, and this in any event is notwithstanding the possibility for the data subject to even partially exercise his/her right to object. Therefore, the data subject may decide to receive information only through traditional methods of communication or only via automated communication or neither. Where applicable, he/she also has the rights in Articles 16-21 of the GDPR (Right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object), as well as the right to submit claims to the data protection authority (www.garanteprivacy.it ).
11. How to exercise your rights
You may exercise your rights at any time by sending:• a registered letter with acknowledgement of receipt to TURISMO85 SRL via Nazionale, 8/C- 33042- Buttrio-(UD)• an e-mail to: dataprotectionT85@turismo85.it• an e-mail to the DPO: email@example.com