Who is the Data Controller?[1]
The company ITALY TRAVEL SPECIALIST s.r.l., represented by its legal representative pro tempore, with registered office at Via Luigi Galvani 2 – 50131 – Florence (FI), VAT number IT06572740485, e-mail: info@italytravelspecialist.it, PEC phone +39 366 188 12 66

 

How can I contact them?

The company’s contact details are:
Phone: +39 366 188 12 66
PEC:
Email: info@italytravelspecialist.it
Address: Via Luigi Galvani 2 – 50131 – Florence (FI)

 

  1. Foreword

Under the European General Data Protection Regulation (GDPR), legal entities are not considered data subjects and therefore the European regulation does not apply to them. However, if personal data referring to a natural person is entered in the context of the collection of corporate data, that person shall be considered a data subject under the aforementioned regulation, with the consequent applicability of the relevant legislation.

 

  1. What processing activities are carried out through the website? And what are the legal bases, purposes and retention periods?

NEWSLETTER: If you subscribe to the newsletter, you will provide us with your first name, last name and email address.
CONTACT FORM: If you fill in the contact form, we will collect your first and last name, email address and phone number.

In any case, the IP address and browsing logs will be saved.

 

Legal Basis and Purpose of Processing
The processing of data will be carried out to allow the performance of activities related to the establishment and management of the service requested from the Controller. The data will be processed lawfully, fairly and with the utmost confidentiality, in compliance with adequate security measures as provided for by the Code and the Regulation. The processing will be carried out using analogue/digital means. The data will not in any case be subject to public disclosure.

In particular:
NEWSLETTER: The purpose is to inform you of news and promotions, and the legal basis is consent.
CONTACT FORM: The legal basis is consent, and your data will be processed to allow us to respond to your requests.

In any case: the IP address associated with the browsing log is collected for security purposes, in relation to access to the systems, and the legal basis is the legitimate interest of the Controller.

 

  1. Processing methods

The Controller will process personal data for the time necessary to fulfil the purposes described above, after which they will be deleted. We will delete the data after responding to your requests. For newsletter activities, the data will be deleted 5 years after the last communication sent or use of the site for profiling activities. Data relating to opened tickets will be retained for 10 years for reasons related to potential legal defence. Browsing logs will be retained for a maximum period of 24 months.

 

  1. To whom will my data be disclosed?

The Controller may disclose the data to all parties to whom disclosure is required by law for the fulfilment of the purposes provided for by law.

The Controller also makes use of certain companies or IT tools that carry out data processing activities on the personal data of data subjects solely in the interest of the Controller, all of whom have been duly appointed as data processors pursuant to Art. 28 GDPR. The list of data processors is available at the registered office and may be requested at the email address info@italytravelspecialist.it. The data will also be disclosed to payment gateways that operate as independent data controllers.

 

Data Storage and Transfer
The management and storage of personal data will take place on servers located in Italy at the Controller’s operational offices and in any other location where the parties involved in the processing are located, including countries outside the EU. The Controller hereby ensures that data transfers take place in compliance with the GDPR through the execution of standard contractual clauses. For further information, contact the Controller at the following email address info@italytravelspecialist.it.

 

Cookies
With regard to cookies that are installed on your device, we inform you that the provision of data is optional. However, some cookies are necessary to allow correct navigation on the website and therefore, without consent, the website may not function properly. The site also uses a technical cookie necessary to remember the choice previously made regarding cookies. However, please note that this website uses third-party cookies.

What are cookies?
Cookies are text strings that the websites visited by users (so-called Publishers, or “first parties”) or different sites or web servers (so-called “third parties”) place and store within the user’s terminal device, so that they can be retransmitted to the same sites on the next visit. *

 

What are they used for?
Cookies are used for different purposes: performing IT authentication, monitoring sessions, storing information on specific configurations relating to users who access the server, storing preferences, or facilitating the use of online content, such as for example keeping track of items in a shopping cart or information for filling in an online form, etc.; but they can also be used to profile the user, i.e. to “observe” their behaviour, for example in order to send targeted advertising, measure the effectiveness of advertising messages and adopt consequent commercial strategies. In this case, they are referred to as profiling cookies. *

 

What are technical cookies?
These are cookies that are used to carry out navigation or to provide a service requested by the user. They are not used for any further purposes and are normally installed directly by the website owner.

Without the use of such cookies, some operations could not be performed or would be more complex and/or less secure. *

 

Are analytics cookies technical cookies?
Analytics cookies can be assimilated to technical cookies if they are used for the purpose of optimising the site directly by the site owner, who will be able to collect statistical information in aggregate form on the number of users and how they visit the site.

If, on the other hand, the processing of such statistical analyses is entrusted to third parties, the users’ data must be previously minimised and cannot be combined with other processing or transmitted to further third parties. Under these conditions, the same rules regarding information and consent that apply to technical cookies also apply to analytics cookies. *

 

What cookies does this site use?
In particular, the site uses the following cookies:

[cookie_audit_category columns=”cookie,description”]

 

How to disable cookies?
We also inform you that, below, you can find instructions on how to disable cookies:
– If you use Internet Explorer: http://windows.microsoft.com/it-it/windows7/block-enable-or-allow-cookies
– If you use Chrome: https://support.google.com/accounts/answer/61416?hl=it
– If you use Firefox: https://support.mozilla.org/it/kb/Attivare%20e%20disattivare%20i%20cookie
– If you use Safari on iPad, iPhone, iPod: https://support.apple.com/it-it/HT201265
– If you use other browsers: “http://it.wikihow.com/Disattivare-i-Cookies“),

 

Anonymous browsing
To find out how to enable this option on the main search engines, click on the browser you use:

Internet Explorer (http://windows.microsoft.com/it-IT/windows7/Block-enable-or-allow-cookies),
Google Chrome (https://support.google.com/chrome/answer/95464?hl=it),
Mozilla Firefox (https://support.mozilla.org/it/kb/Navigazione anonima),
Opera Browser (http://help.opera.com/opera/Windows/1781/it/private.html#privateWindow),
Apple Safari (https://support.apple.com/it-it/HT6074).

[cookie_popup_content]

 

  1. a) What are my rights and how can I exercise them

The user, in their capacity as a data subject, has the rights set out in Art. 15 et seq. of the Regulation, and specifically:

1. RIGHT OF ACCESS (Art. 15 GDPR)
The data subject has the right to obtain confirmation as to whether or not personal data concerning them exists, even if not yet recorded, and its communication in an intelligible form.

2. RIGHT TO RECTIFICATION (Art. 16 GDPR)
The data subject has the right to obtain the rectification of inaccurate personal data concerning them, as well as the integration of incomplete data.

3. RIGHT TO ERASURE (Art. 17 GDPR)
The data subject has the right to obtain the erasure of personal data in the presence of particular grounds, such as the withdrawal of consent, opposition to processing, or if the data is no longer necessary in relation to the purposes for which it was collected and processed, or in the case of unlawful processing. It will not always be possible to proceed with erasure, but the Controller shall in any case be required to provide adequate justification.

4. RIGHT TO RESTRICTION OF PROCESSING (Art. 18 GDPR)
The data subject has the right to obtain the restriction of processing in the presence of particular circumstances, such as, for example, in the case of a request for rectification or opposition during the time of evaluation of the requests.

5. RIGHT TO DATA PORTABILITY (Art. 20 GDPR)
If the processing is based on consent or on a contract and is carried out by automated means, the data subject may receive their data in a structured, commonly used and machine-readable format, or request that it be transmitted to another controller.

6. RIGHT TO OBJECT (Art. 21 GDPR)
The data subject has the right to object, in whole or in part:
a) on legitimate grounds, to the processing of personal data concerning them, even if pertinent to the purpose of the collection;
b) to the processing of personal data concerning them for the pursuit of purposes not contemplated by Art. 2.

The user may submit a request to object to the processing of their personal data pursuant to Article 21 of the GDPR, in which they must provide evidence of the reasons justifying the objection: the Controller reserves the right to evaluate the request, which would not be accepted in the event of the existence of compelling legitimate grounds for processing that override the interests, rights and freedoms of the user.

7. RIGHT TO LODGE A COMPLAINT
The data subject has the right to lodge a complaint with the competent supervisory authority pursuant to Article 77 of the GDPR if they believe that the processing of their data is contrary to the legislation in force.

 

  1. b) How to exercise your rights:

The data subject may exercise the rights referred to in this article at any time by contacting the Data Controller at the addresses indicated above.

 

[1] Pursuant to Art. 4 No. 7 GDPR: the Data Controller is the party that determines the purposes and means of the processing of personal data, and their responsibilities are set out in Art. 24 GDPR.

(* source: Italian Data Protection Authority – cookie FAQ)