Privacy Policy

WEBSITE DATA PRIVACY INFORMATION

updated to EU Reg 2016/679

(European Regulation on the protection of personal data)

1) Introduction

Italtours.it takes user privacy seriously and is committed to respecting it. This privacy policy (“Privacy Policy”) describes the personal data processing activities carried out by Italtours.it through the website www.italtours.it and the related commitments undertaken in this regard by the Company. Italtours.it may process the user's personal data when the user visits the Site and uses the services and functions present on the Site. In the sections of the Site in which the user's personal data are collected, a specific information is normally published pursuant to the 'art. 13/15 of EU Reg. 2016/679. Where required by EU Reg. 2016/679, the user's consent will be requested before proceeding with the processing of their personal data. If the user provides personal data of third parties, he must ensure that the communication of the data to Italtours.it and the subsequent processing for the purposes specified in the applicable privacy information complies with EU Reg. 2016/679 and the applicable legislation.

2) Identification details of the owner, manager and Privacy Officer

Email address of the Sole Director: This email address is being protected from spambots. You need JavaScript enabled to view it.

Responsible email address: This email address is being protected from spambots. You need JavaScript enabled to view it.

3) Type of data processed

Visiting and consulting the Site does not generally involve the collection and processing of the user's personal data except for navigation data and cookies as specified below. In addition to the so-called "browsing data" (see below), personal data voluntarily provided by the user may be processed when the user interacts with the functions of the Site or requests to use the services offered on the Site. In compliance with the Privacy Code, Italtours.it may also collect the user's personal data from third parties in carrying out its business.

4) Cookies and navigation data

To find out what cookies are, which cookies our site uses and how to disable them, visit the cookies page for more information.

5) Storage of personal data

Personal data are stored and processed through IT systems owned by Italtours.it and managed by Italtours.it or by third party suppliers of technical services; for further details please refer to the “Scope of accessibility of personal data” section below. The data is processed exclusively by specifically authorized personnel, including personnel in charge of carrying out extraordinary maintenance operations.

6) Purposes and methods of data processing

Italtours.it may process the user's common and sensitive personal data for the following purposes: use by users of services and features on the Site, management of requests and reports from its users, sending newsletters, management of applications received through the Site, etc. Furthermore, with the further and specific optional consent of the user, Italtours.it may process personal data for marketing purposes, i.e. to send the user promotional material and/or commercial communications relating to the Company's services, at the addresses indicated , both through traditional methods and/or means of contact (such as paper mail, telephone calls with an operator, etc.) and automated ones (such as communications via the internet, fax, e-mail, text messages, applications for mobile devices such as smartphones and tablets - so-called APPS-, social network accounts -e.g. via Facebook or Twitter-, automatic operator calls, etc.).

Personal data are processed both in paper and electronic form and entered into the company information system in full compliance with EU Reg. 2016/679, including security and confidentiality profiles and inspired by the principles of correctness and lawfulness of processing. In compliance with EU Reg. 2016/679, the data is kept and stored for 10 (ten) years.

7) Security and quality of personal data

Italtours.it undertakes to protect the security of the user's personal data and complies with the security provisions established by applicable legislation in order to avoid data loss, illegitimate or illicit use of the data and unauthorized access to the same , with particular reference to the Technical Regulations regarding minimum safety measures. Furthermore, the information systems and computer programs used by Italtours.it are configured in such a way as to minimize the use of personal and identifying data; such data are processed only to achieve the specific purposes pursued from time to time. Italtours.it uses multiple advanced security technologies and procedures aimed at promoting the protection of users' personal data; for example, personal data is stored on secure servers located in places with protected and controlled access. The user can help Italtours.it to update and keep their personal data correct by communicating any changes relating to their address, title, contact information, etc.

8) Scope of communication and data access

The user's personal data may be communicated to:

• all subjects whose right to access such data is recognized by virtue of regulatory provisions;
• to our collaborators, employees, within the scope of their duties;
• to all those natural and/or legal persons, public and/or private when communication is necessary or functional for carrying out our business and in the ways and for the purposes illustrated above;

9) Nature of provision of personal data

The provision of some personal data by the user is mandatory to allow the Company to manage communications, requests received from the user or to contact the user himself to follow up on his request. This type of data is marked with the asterisk symbol [*] and in this case the provision is mandatory to allow the Company to follow up on the request which, failing this, cannot be processed. On the contrary, the collection of other data not marked with an asterisk is optional: failure to provide it will not entail any consequences for the user.

The provision of personal data by the user for marketing purposes, as specified in the "Purposes and methods of processing" section is optional and the refusal to provide them will have no consequences. The consent given for marketing purposes is intended to be extended to the sending of communications carried out through both automated and traditional methods and/or means of contact, as exemplified above.

10) Rights of the interested party

10.1 Art. 15 (right of access), 16 (right of rectification) of EU Reg. 2016/679

The interested party has the right to obtain from the data controller confirmation as to whether or not personal data concerning him or her are being processed and, in this case, to obtain access to the personal data and the following information:< /p>

a) the purposes of the processing;

b) the categories of personal data in question;

c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients are from third countries or international organisations;

d) the expected retention period of personal data or, if this is not possible, the criteria used to determine this period;

e) the existence of the right of the interested party to ask the data controller to rectify or delete personal data or to limit the processing of personal data concerning him or her or to oppose their processing;

f) the right to lodge a complaint with a supervisory authority;

g) the existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the interested party.

11.2 Right referred to in art. 17 of EU Reg. 2016/679 - right to cancellation ("right to be forgotten")

The interested party has the right to obtain from the data controller the deletion of personal data concerning him or her without unjustified delay and the data controller has the obligation to delete the personal data without unjustified delay, if one of the following reasons exists :

a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

b) the interested party withdraws the consent on which the processing is based in accordance with Article 6, paragraph 1, letter a), or Article 9, paragraph 2, letter a), and if there is no other legal basis for the treatment;

c) the interested party objects to the processing pursuant to Article 21, paragraph 1, and there is no overriding legitimate reason to proceed with the processing, or objects to the processing pursuant to Article 21, paragraph 2;< /p>

d) the personal data have been processed unlawfully;

e) the personal data must be erased to comply with a legal obligation established by Union or Member State law to which the data controller is subject;

f) the personal data were collected in relation to the offer of information society services referred to in Article 8, paragraph 1 of EU Reg. 2016/679

12.3 Right referred to in art. 18 Right to restriction of processing

The interested party has the right to obtain from the data controller the limitation of processing when one of the following hypotheses occurs:

a) the interested party disputes the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of such personal data;

b) the processing is unlawful and the interested party opposes the deletion of the personal data and instead requests that their use be limited;

c) although the data controller no longer needs them for the purposes of the processing, the personal data are necessary for the interested party to ascertain, exercise or defend a right in court;

d) the interested party has opposed the processing pursuant to article 21, paragraph 1, EU Regulation 2016/679 pending verification regarding the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested.

12.4 Right referred to in art.20 Right to data portability

The interested party has the right to receive the personal data concerning him or her provided to a data controller in a structured, commonly used and machine-readable format and has the right to transmit such data to another data controller without impediments on the part of the data controller

13. Revocation of consent to processing

The interested party has the right to revoke consent to the processing of his/her personal data by sending an e-mail to the following address: This email address is being protected from spambots. You need JavaScript enabled to view it., attaching a photocopy of his/her identity document, with the following text: <> . At the end of this operation, your personal data will be removed from the archives as soon as possible.

If you wish to have more information on the processing of your personal data, or to exercise the rights referred to in point 7 above, you can send an e-mail to the following address: This email address is being protected from spambots. You need JavaScript enabled to view it.. Before we can provide you with, or change, any information, we may need to verify your identity and answer some questions. An answer will be provided as soon as possible.