Policy under the art. 13 D.lgs. 196/03and art. 13 UE Rule nr. 679/2016
According to the art. 13 of D.Lgs. 196/2003 and the art. 13 of the UE Rule 679/2016 (GDPR), this document explains the methods and purposes of the personal data processing that we receive and collect when we use the services/websites of Let's Travel Srl, as well as some of the measures we take to protect this data.
According to the current legislation, the tdata processing carried out by Let's Travel S.r.l. will be based on the principles of lawfulness, correctness, transparency, purpose limitation and retention, data minimization, accuracy, integrity and confidentiality.
1. Data controller
The data controller is Let's Travel S.r.l. (hereinafter named as "Controller"), based in Terni in Via del Falco 14, P.I. 01500920556, ph. 0744.1980233, e-mail: email@example.com
2. Personal data subjected to processing
Personal data processing means any operation or set of operations, performed with or without the use of automated processes and applied to personal data or sets of personal data, such as the collection, registration, organization, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction .
Personal data processed, which may vary according to the services requested, consist of: name and surname, email address, telephone number, tax code / VAT number, location data, an online ID, purchases made, and other data suitable to make the user identified / identifiable (hereafter "Personal Data"). In particular, the Personal Data processed through the Website are as follows:
a) Navigation data
When the user visits the owner's websites, the servers automatically record information such as URL, IP addresses, browser type, browser language, date and time of the request made. The transmission of this information is implicit in the use of web communication protocols.
This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parts, allow users to be identified.
These data are used with the only purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning. The data could be used to ascertain responsibility in case of computer crimes against the site or third parts. Except for this case, these data are stored for 30 days.
b) Data provided voluntarily by the user
On the website of the Data Controller, the user has the possibility to transmit personal data by filling out forms or sending e-mails. The provision of this data takes place on an optional, explicit and voluntary basis, and involves the subsequent acquisition of the sender's email address, necessary to respond to requests, as well as any other personal data entered for the purposes of the service and those further granted by the user. Specific summary policy is available on the pages that provide for the forms, with the possible specify of the obligation to provide the data needed to use the specific service.
The user assumes his own responsibility for the personal data of third parts that may be published or shared through this site and warrants that he has the right to communicate or spread them, relieving the owner from any liability to third parties.
Data interacting with social networks
Within the website of the Owner, the user can be allowed to comment on the pages using their Facebook profile, through a special interaction plugin. In this case, Facebook will automatically send some personal data to the website.
Among technical cookies, which do not require express consent for their use, the Italian Data Protection Authority also includes:
- " analytics cookies" used directly by the site operator to collect informations, in aggregate form, on the number of users and how they visit the site;
- "navigazion or session cookies" (to authenticate);
- "functionality cookies", which allow the user to browse according to a set of selected criteria (for example, the language, the products selected for purchase) in order to improve the service rendered to the coustomer himself.
About the "profiling cookies", i.e. those aimed to create profiles related to the user and used to send advertising messages in line with the preferences expressed by the same in the context of navigation, a prior consent of the user is required.
Registration to the website and the services offered are intended for adults: for this reason, the Owner does not knowingly collect data from persons under the age of 18.
The pages that the user visits may contain links to external websites, to provide useful information to users. This information does not apply to sites not managed by the Owner, therefore the user must elaborate on the procedures related to the protection of privacy in the same external websites.
3. Purpose of the processing
The data processing, subject to specific consent when required by law, takes place for the following purposes:
- Register to the owner's websites
- Use the services/products offered by the owner
- for purposes of control, research and analysis to manage and improve the technologies and services of the owner
- receive answers to requests sent to the owner
- receive informations about services/products offered by the owner
- pre-contractual fulfillments, contractual and tax obligations deriving from existing relationships with the owner
Subject to specific and separate consent for the above, personal data are collected for:
- send newsletters, commercial services and/or advertising material concerning products and/or services offered by the owner.
4. Legal basis of the processing
Let's Travel S.r.l. process your personal data if one or more of the following conditions occurs:
- the user has given consent for one or more specific purposes
- processing is necessary for the execution of a contract or for the performance of pre-contractual transactions
- the processing is necessary to comply with legal obligations of the owner
- the processing is necessary for a legitimate interest of the owner or third parts
The interested part can require the legal basis of each processing data
5. Optional and mandatory consent to provide personal data
The interested party is free to provide personal data each time requested; their failure, partial or incorrect sending could make it not possible to use the services required.
The acquisition of consent to the processing of personal data is necessary for all the above-mentioned treatments connected and/or necessary to fulfill legal obligations, to the community legislation, to fulfill obligations arising from a contract where the interested party is part or fulfill, before the conclusion of the contract, specific requests of this one.
6. Recipients of personal data
For the purposes described in the 3rd par. of this information, the personal data of the user may be shared with:
a) subjects that only act as controllers, i.e. people, companies or professional firms that provide assistance and advice to Let's Travel S.r.l. in accounting, administrative, legal, tax, financial things relating to the provision of the Services; subjects with whom it is necessary to interact for the provision of the Services (for example the Hosting Providers), subjects delegated to perform technical maintenance activities on the servers that host the websites of the owner;
b) subjects, public or private authorities to whom it is mandatory to communicate the personal data of the user in accordance with legal provisions or orders of the authorities (for example, in the course of criminal investigations Let's Travel Srl may receive requests from the police authority to provide electronic traffic logs);
c) persons authorized by Let's Travel S.r.l. to the processing of personal data necessary to carry out activities strictly related to the provision of the Services, which are committed to confidentiality or have an appropriate legal obligation of confidentiality, such as the employees/collaborators of the Owner;
d) business partners for their own purposes, autonomous and distinct, only if the user has given a specific consent.
7. Place of data processing
The processing of personal data is carried out in the headquarters of Let's Travel S.r.l. and managed by technical, administrative, commercial staff for the purposes described in the 3rd par.
The server providers are located in EU.
Further information can be requested to the owner.
8. Data retention
Personal data will be processed for the time necessary to achieve the purposes of the 3rd par. or until the cancellation of the previously expressed consent.
Let's Travel S.r.l. has the right to keep personal data up to the time allowed by Italian law to protect its interests. Further information about the data retention period and the criteria used to determine this period can be requested writing to the Data Controller.
Let's Travel S.r.l. utilizes appropriate security measures to protect data from unauthorized access, modification or disclosure or destruction. These measures include internal controls on the methods of collecting, storing and processing data as well as on security measures to protect from any unauthorized access the systems on which personal data are stored.
9. Rights of the interested parts
The user has the right to ask the owner, at any time, access to his personal data, editing or cancellation of the same or to deny their treatment in the cases provided for in Article 20 of the Regulation, has the right to request the limitation of treatment in the cases provided by the art. 18 of the Regulations, as well as obtaining in a structured format, in common use and readable by automatic device, the data concerning it (portability), in the cases provided by the art. 20 of the Regulations, writing to Let's Travel S.r.l. – Via del Falco, 14 – 05100 TERNI - Ph +39.0744.1980233 - P.I. 01500920556 - Mail: firstname.lastname@example.org
Last update: 18/05/2018