This document will describe the use of personal data of the clients who will make use of the services of the company for the buyer.
It discloses information in accordance with the Regulations (UE) 2016/679 of the European Parliament and the council of 27th April 2016 (GDPR: General Data Protection Regulation)
Fully operational since 25th May 2018, issued in Italy with legislative decree 101/2018 of the 10th August 2018, fully operational since 19th September 2018.
After the expression of the will of the customer to adhere to one of the services offered by the company it is possible to use data relative to people that are identified or identifiable.
The controller is ViaggiarEgidi of Egidi Ettore, with registered office in Via Sant’Andrea, 16/C Arco (TN) and legally represented by Mr Egidi Ettore, E-mail address firstname.lastname@example.org.
The processor is Mr Egidi Ettore, E-mail address email@example.com, who is given the duty of control through insider work areas of the services included in the contract with the buyer and here summarised.
Request of information of the person interested to the goods and services.
Estimate of good and services (also of/and third party) of lawful interests for the
Conclusion of the contract and supply of goods and services (also of/and third
party) and relative invoicing with management of the bank flow.
Distribution and support of goods and services (also of/and third party) for which
Data processors have been nominated externally for the activity related to Art. 28
and Art. 32 Regulation EU 2016/679.
Access to the services through website and/or dedicated platform.
Consultancy and assistance (also for services of/and third party).
Complain and dispute.
Communication of service from the technical, commercial and administrative
operators (also for services of/and third party) and through Email and/or mail
and/or sms and/or telephone communication and/or WhatsApp.
Activities connected to the management of suppliers of the company and of the
Activities connected to the company’s human resources management and to the
internal process of the transfer of the employees.
Activities of commercial communication: under the art 7 Regulation EU 2016/679,
the data will be processed for the following marketing purposes: delivery through E-mail and/or paper mail and/or sms and/or What’sApp and/or Social Network and/or phone contacts and/or newsletter, commercial communication and/or innovative and/or advertisement material on products and/or invites to events and also training and workshops and/or offered by the owner and/or the detection of the level of satisfaction of the quality of the services; sending Emails and/or paper mail and/or sms and/or WhatsApp and/or Social Network and/or telephone
contacts and/or commercial and/or promotional communications of third parties (for instance Business Partner and good and service of/and third party).
PLACE OF PROCESSING OF THE DATA
The processing connected to the services take place in the previously mentioned head offices of the purchaser and they are processed only by technical and administrative staff, who are in charge of the processing and are divided in internal departments. In case of necessity, the data connected to services can be processed by the company’s personnel through the use of management and internal software (processor under the article 29 of the Codice with regard to protection of the personal data), in the head office of the same society.
TYPES OF DATA PROCESSED
The transmission, communication and/or the optional, explicit, voluntary delivery of emails to the addresses indicated from the agency also through the website www.viaggiaregidi.it and the related platforms entails the following acquisition of the address of the sender and the data of the user necessary to reply to the requests. Personal data can be defined as the information which identify or make identifiable an individual and that can provide information about his/hers characteristics.
● Personal identifying: biographical data (name, surname, address of residency, date and place of birth, contacts), data that can be included in management programmes;
● Particular sensitive: personal: data that note the racial and ethnical origin, religious, philosophical and other beliefs, political opinions, membership of parties, trade unions, religious, philosophical, pollical or trade union associations or organisations, state of health and sexual life;
POSSIBLE RECIPIENTS OF THE DATA
Without the necessity of an express consent (art. 6 lett. B and c) of the reg. EU 2016/679 the Owner will be able to communicate the Data for the aims in art. 2 of the reg. EU 2016/679 to: bodies of supervision and quality, legal authorities, and to those subjects to which the communication is lawfully compulsory for the performance of the expressed
aims. Said subjects will process the Data in their quality of autonomous owners of the process.
The data can be made available for the aims above to the employees and the collaborators of the Owner and of the Societies related to Vitamina Studio Srls in Italy and abroad, in the capacity of nominated and/or responsible and/or administrators of the system; to third companies and other subjects that carry out the activity of outsourcing for the courthouse, in their capacity of external responsible for the treatment. Furthermore, in relation to the aims indicated to the points 1, 2 and 3 of the previous paragraphs, the data will be communicated to the following subjects or categories of subjects:
● Recognised accounting firms for the profession of assistance to companies when the communication is compulsory by law, or in the interest of the individual (natural or physical person).
● Recognised Law firms for the profession of assistance to companies when the communication is compulsory by law, regularly responsible to this form of process in the full respect of the minimum existing measures, or when the communication is in the interest of the individual (natural of physical person).
OBLIGATORY NATURE AND CONTRIBUTIONS OF THE DATA
The contribution of the data and the relative process are compulsory in relation to the aims above stated, in relation with obligations of natural matters; resulting that the eventual refusal to provide the data for such aims could cause the impossibility of the controller to carry out the same professional relationships and the legal obligations. The contribution of the data and the relative treatment is to be considered as optional in other cases, without any other consequences.
DURATION OF THE PROCESS
The personal data are processed with automatic instruments for the time strictly necessary to achieve the aims for which they have been collected. Specific security measures are applied to prevent the loss of data, illegal or incorrect purposes and not authorized accesses.
DURATION OF THE PROCESS
At the end of the performance or the supply of the service and in any case for the time necessary to fulfil the aims above, the personal data will be stored exclusively for historical and statistical aims where requested, in accordance with the law, the regulations, the Community law, codes of ethics and of good behaviour undersigned into accordance with article 40 of the EU Regulation 2016/679.
In the light of this principle, your personal data will be processed by the controller to the limit of what is necessary to the fulfilment of the aim contained in this disclosure. In particular your personal data will be processed for the minimum time necessary, as indicated by the Recital 39 of the Regulations. This means until the end of the service and contract relationships between you and the controller, unless a further time of storage that could be imposed by legal provisions, also as included in the Recital 65 of the Regulations. After this period the data will be stored anonymously, or they will be destroyed.
RIGHT OF THE INTERESTED
In relation with the mentioned processes the interested also has the right to ask the access to his personal data and the amendment or their cancellation or the limitation of the processes that concern him/her or to oppose to their treatment, they also have the right to the portability of their data.
RIGHT OF ACCESS
According to the art. 15. Paragraph 1 of the Regulations you will have the right to receive from the Controller the confirmation whether the personal data is being processed or not, in this case the possibility to be able to obtain the access to said personal data and the following information.
a) The aim of the process;
b) The categories of the concerned personal data;
c) The aims of the treatment;
d) the receivers or the categories of receivers to which the data are or will be
communicated to, in particular if receivers of third countries or international organisations;
e) when possible, the time of storage of the personal data, or when it is not possible, the criteria used to determinate said period.
f) the existence of the right of the interested to ask to the Controller for the amendment or the deletion of the personal data or the limitation of the process of the personal data that regard him or to oppose to their process.
g) The right to lodge a complaint to a control authority g) if the personal data are not collected from the data subject, all the information available about their origin;
h) The existence of an automatized decisional process, including the profiling of which the art 22. Paragraphs 1 and 4 of the regulation, and at least in these cases, significant information about the used logic, as well as the importance and the consequences planned for such process for the person concerned.
RIGHT OF AMENDMENT
In accordance with art 16. Of the Regulation it is possible to obtain the amendment of your personal data that are found to be incorrect. Considering the aim of the process, it will also be possible to obtain the integration of your personal data that are found to be incomplete, also by providing an integrative declaration.
RIGHT TO DELATION
It is possible to obtain, in accordance with article 17, paragraph 1 of the Regulation, the cancellation of your personal data without unjustified delay and the Controller will have the obligation to delete your personal data, whenever even just according the following reasons: a) the personal data are not necessary for the aims they have been collected and processed for; b) you have managed to withdraw the consent on which the Process of your personal data is based and there is no other legal basis for their treatment c) you have opposed to the treated of the data in accordance with article 21, paragraph 1 or 2 of the Regulation and there is no overriding legitimate to proceed with the processing of your personal data; d) if your personal data has been treated unlawfully; e) it is necessary to delete your personal data to fulfil a law requirement.
Anticipated in a community law or o an internal law, in accordance with article 17, paragraph 3 or the Regulation, the Controller is legitimised not to arrange the cancellation of your personal data, when they process is necessary, for example for the exercise of the freedom of expression right, for the fulfilment of a duty of law, for reasons of public interest, for purposes of storage in the public interest, of scientific or historical research or with statistical aims, for the assessment, the exercise or the defence of a right in a court of law.
RIGHT TO THE LIMITATION OF THE PROCESS
It will be possible to obtain the limitation of the process according to art. 14 of the Regulation in the case in which one of the following hypotheses will rise:
a) The accuracy of the personal data is disputed (the limitation will last for the time necessary for the Controller to verify the accuracy of the personal data).
b) The process is unlawful, but it is opposed to the cancellation of your personal data, asking instead for the use to be limited.
c) Despite the Controller does not need them anymore for the aim of the process, your personal data will be needed for the assessment, the exercise and the defence of a right in a court of law.
d) It is opposed to the process according to art.21 paragraph 1 of the Regulation and it is waiting for the verification in regards with the prevalence of the lawful rights of the Controller compared to yours. In case of limitation of the process, your personal data will be processed, except from for the conservation, only with your consent or for the assessment, the exercise or the defence of a right in a court of law or to protect the right of another physical or juridical person or for reasons of relevant public interest. We will inform you, in any case, before such limitation is withdrawn.
RIGHT TO THE PORTABILITY OF DATA
It will be possible, in any moment, to ask and to receive, according to art. 20, paragraph 1 of the regulations, all your personal data processed by the Controller and/or by the joint Controllers, in a structured, of common use and readable format or ask for the transmission to another Controller without obstacles. In this case, it will be your responsibility to provide all the exact data of the new controller you wish your personal data to be transferred to, providing us with a written authorisation.
RIGHT OF OPPOSITION
In accordance with art. 21, paragraph 2 of the Regulation and as reaffirmed in the Recital 70, you will be able to oppose, in every moment, to the process of your personal data, whenever these are used for direct marketing purposes, inducing the profiling
when it is connected to such direct marketing.
REVOCATION OF THE CONSENT
If the process is based on consent, the owner notifies the interested person that there the right to revoke it at any time, without affecting the lawfulness of the process based on the consent given before the withdrawal.
RIGHT TO LODGE A COMPLAINT
The Owners informs the interested that he/she has the right to lodge a companied to the personal data protection authority as independent administrative authority established by the law n. 675 from 31st December 1996, to ensure the protection of the rights and fundamental freedom and the respect of dignity in the process of the personal data located in Piazza Monte Citorio, 121 00186 Roma.
ViaggiarEgidi of Egidi Ettore is available to communicate the entitlement to exercise these rights at the email address firstname.lastname@example.org or through post at Via Sant’Andrea, 16/C 38062 Arco (TN).
The company communicates that they have concluded an insurance policy with Sara Assicurazioni Spa to cover the costs and the responsibility deriving from the loss of data in case of Cyber Risk and Data Breach including cyber extortion.