Art. 13 Regulation (EU) 2016/679 (hereinafter “GDPR”)
Information about private policy
What is the purpose of this document? Pursuant to article 13 of GDPR (Regulation EU 2016/679), we shall provide you (the data subject) with the information on the personal data which are processed and who is going to process them, in order to ensure a fair and transparent processing. Therefore, below the following data are listed:
- Who will be processing your data (Data Controller and Data Processors)
- The type of data that will be processed
- The purposes for which the personal data are processed
- How long the personal data will be retained for
- Your data protection rights
a) General Data Protection Regulation (GDPR) EU 2016/679
b)Italian Legislative Decree no. 196/2003 (Privacy Code), as amended by the Italian Legislative Decree no. 101/2018 and further integration and amendments
Easy Market spa acts as an intermediary in the sale of tourism products to Travel Agencies (the data subject).
Pursuant to article 13 of GDPR (Regulation EUE 2016/679), we shall provide you (the data subject) with the information on the processed personal data and who is going to process them, in order to ensure a fair and transparent processing.
1) DATA CONTROLLER
Easy Market Spa (with registered office in Strada Statale Consolare 51/c 47924 RIMINI Italy, fiscal code and VAT no.: 03109340400, Telephone: 0541 797510 Fax: 0541 489908.
e-mail: firstname.lastname@example.org PEC: email@example.com
2) SCOPE, LEGAL FRAMEWORK, PURPOSE OF THE PROCESSING AND DURATION OF DATA RETENTION
Your personal data are collected for the following purposes:
a) Fulfilment of laws, regulation, secondary legislation:
- The legal basis for this processing is the duty for the Data Controller to fulfil a legal obligation;
- The personal data will be retained during the duration of the contract and for 10 years after the termination of the contractual relationship. In the event of litigation, the data will be retained over the duration of the litigation and until the judgment becomes final.
- The collection of personal data is mandatory by law; in the event of refusal, the contract shall not be performed.
b) Management of the tourism service:
- The legal basis for this processing is to execute the contract to which the data is a party of as well as the pre-contractual fulfilments requested by the data subject;
- The personal data will be retained during the duration of the contract and for 5 years after the termination of the contractual relationship;
- The collection of personal data is due in consideration of the binding contract in place between the parties and, in the event of refusal, the contract shall not be performed.
c) Sending marketing material and promotions in relation to the Data Controller’s activity (newsletter, offers…) similar to services already provided, market researches, even if anonymized (Travel Agency preferences and satisfaction surveys…):
- The legal basis for this processing is the right of the Data Controller to pursue its legitimate interest;
- The personal data will be retained as long as the data subject submits the request to unsubscribe from the promotional service/newsletter.
3) THE PROCESSING OF PERSONAL DATA
We consider as processing of personal data any operation or group of operation, put in place with or without automatic processes and applied to personal data or groups of personal data, such as collection, recording, organization, registration, retention, selection or amendment, extraction, consultation, use and communication by transmission, publication or in any other way, disclaimer, comparison, interconnection, limitation, cancellation and destruction.
Personal Data defined as special category of data under article 9 GDPR, can also be collected. These data are those revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, data concerning health or data concerning a person’s sex life or sexual orientation. The Data Controller shall have the right to process such data, prior express written consent.
We will be processing the following personal data:
-Data to get access to the secure area
By registering to access to the secure area, the Data Controller processes the following personal data:
- Travel agency details [name, family name (point of contact of the Travel agency), e-mail, fiscal code, telephone number, Mobile phone, registered office address]
- Final customers details [name, family name, e-mail, date of birth, place of birth, nationality, fiscal code, sex, telephone number, mobile phone number, address, ID card details, disabilities, health information, religion]
-Data to get access to the newsletter
Personal data processed to get access to the newsletter are name, family name, e-mail.
IT systems and software procedures used to run this website, automatically collect personal data whose transfer is implied in the Internet communication protocols.
This category comprehends IP addresses, domain names, URI/URL (Uniform Resource Identifier/Locator) websites, the methods used to submit the request to the server, the size of the file obtained as a feedback and other parameters related to the operative system and the user IT environment.
These data, which are necessary to use the web services, are also processed to:
- obtain statistics on the use of the services (most visited pages, number of visitors for time slot or daily, geographical area, etc.);
- check the correct functioning of the offered services.
Browsing data will be retained for no longer than 365 days and are immediately deleted after their aggregation (except if needed by the judicial authority to ascertain criminal offences)
-Data communicated by the user
Whenever a user voluntarily and explicitly sends correspondence to the Data Controller’s addresses, the contact details and the personal data included in the correspondence are acquired as necessary to get in touch with and reply to the sender.
The user has the right to register to the website to access the secure area and use the services offered by the Data Controller.
4) PERSONAL DATA RECIPIENTS
for the abovementioned purposes, your personal data can be shared with:
- those typically acting as data processors meaning companies, individuals or professionals that provide the Data Controller with accounting, administrative, legal, tax and debt collection services;
- those with whom it is necessary to liaise in relation to the provision of the services;
- individuals, entities or authorities to whom it is mandatory to share the personal data communicate, in compliance with applicable laws or orders;
- personnel expressly authorized by the Data Controller, that abides by confidentiality agreements or has a confidentiality duty or receives operative instructions, necessary to put in place activities strictly connected with the provision of the services;
The data processors’ list is available by sending a written request to the Data Controller.
5) TRANSFER OF PERSONAL DATA
Some of your personal data are shared with recipients that may be located outside the European Union. The Data Controller shall ensure that the personal data are processed by such recipients in compliance with the GDPR. Indeed, the transfers may be based on a compliance basis or on the Model Clauses approved by the European Commission. For more information, please contact the Data Controller.
6) AUTOMATED INDIVIDUAL DECISION-MAKING, INCLUDING PROFILING
The Data Controller, to execute or perform the contract, shall implement an automated decision-making process on the processing of personal data, including profiling as set forth by article 22 of the GDPR, with the purpose to tailor the price list based on the origin of the Travel Agency.
7) DATA SUBJECT RIGHTS
The data subjects have the right to obtain from the Data Controller, in the events provided, access to the personal data, their rectification or deletion of personal data or restriction of processing or to object to such processing (articles 15 and following of the GDPR). The relevant request is submitted to the Data Controller via email: firstname.lastname@example.org
8) RIGHT TO FILE A CLAIM
The data subjects that deem that the processing of their personal data has breached the provisions of the GDPR, have the right to file a claim to the Data Protection Authority (garanteprivacy.it), as set forth by art. 77 of the GDPR, or to file a claim before the judicial authority (art. 79 of the GDPR).Requests can be addressed to the Data Controller or to the
our Data Protection Officer: email@example.com