PRIVACY AND DATA PROCESSING POLICY
This information is provided pursuant to art. 13 of the European Regulation (EU) 2016/679 (hereinafter ‘GDPR’) by Holidaysliguria.com, in its capacity as Data Controller, which hereby informs you that the aforementioned legislation provides for the protection of the interested parties with respect to the processing of personal data and that such processing shall be based on the principles of correctness, lawfulness, transparency and protection of your confidentiality and your rights.
Your personal data will be processed in accordance with the legal provisions of the aforementioned legislation and the confidentiality obligations provided therein.
Personal data processed
Data provided voluntarily will be processed. Through the Site you have the opportunity to provide
personal data voluntarily, e.g. your name and e-mail address to contact us via the “contact” form. We will use this data in accordance with the applicable legislation in force, assuming that it relates to you. In the event that the data is referable to a third party, for the latter, you act as autonomous data controller, assuming all the obligations and responsibilities of law. In this sense, you grant on this point the widest indemnity against any dispute, claims, requests for compensation for damage caused by processing, etc., that may be received by our company from third parties whose personal data are being processed through your use of the Site in violation of the applicable legislation currently in force.
Purpose of data processing
Specifically, your personal data are processed for the following purposes and legal bases
- activities related to contact management (examples of activities are: filling in the contact form on the site or, more generally, the sending of an e-mail involving the processing of personal data such as, for example, name, surname, subject; the legal basis of the aforementioned purpose is identified in the contract and pre-contractual measures (Art. 6.1, letter b, GDPR);
- activities related to the performance of the contract to which you are party, including the pre contract (examples of activities are: the provision of a service, responding to a request, the request for contact via the ‘contact’ form (etc.); the legal basis of the purpose is identified in the contract and pre-contractual measures (Art. 6.1, letter b, GDPR), but also (where applicable) in legitimate interest (Art. 6.1(f) GDPR) with regard to the need to defend a right and also in the fulfilment of an
legal or regulatory obligation in force or to fulfil an obligation imposed by the Authorities (Art. 6.1(c) GDPR);
- maintenance of computer systems and devices (persons in charge of performing maintenance and repairs on the Site may accidentally access your personal data.
These events are entirely occasional and unforeseeable and, in any case, devoid of identification purposes and of a duration limited to the performance of the maintenance/repair; the legal basis of the aforementioned purpose is identified in the legitimate interest (Art. 6.1(f) GDPR). None of our processing is based on consent. The legal bases on which we operate are: contract, legitimate interest and legal obligation.
We do not carry out processing with automated decision-making processes or profiling.
Data retention
Your personal data will be kept for the time strictly necessary to fulfil the purposes above and to fulfil legal obligations. In particular, for activities related to contact management, your personal data will be deleted when the purpose of contact, reply or correspondence has been definitively fulfilled, for activities related to the execution of the contract to which you are party (including the pre-contractual phase), your personal data are retained for the entire duration of the contractual relationship and, once the relationship has ended, they will be kept for any needs for the establishment/exercise/defence of a right or for the fulfilment of a legal obligation or of regulations in force or to fulfil an obligation imposed by the Authorities (art. 6.1, letter c, GDPR), for computer systems and device maintenance activities, referring to personal data that we hold for the other purposes indicated in this Policy, the retention times storage times coincide with those identified from time to time for the aforementioned purposes.
Consent and optional/obligatory nature of conferment
The processing of your Personal Data, for the purposes outlined above, may be carried out without your consent. The provision of your data, which you undertake to provide us with by contract or by law, is compulsory and is a necessary requirement for the conclusion of the contract and failure to provide it will make it impossible for us to execute the contracts and other related fulfilments. Any other provision of your personal data (e.g. for sending requests not yet contracted or for site navigation) is purely optional. The only consequence of failure to provide optional data will be the impossibility to provide or perform the services requested.
Categories of recipients
Your Personal Data may also be communicated to third parties, for technical and operations strictly related to the purposes set out above and in particular to the following categories of subjects:
1. subjects necessary for the provision of services offered by the Site including by way of example
the sending of e-mails and analysis of the operation of the Site who typically act as data processors of our reality;
2. persons authorised by our reality to process Personal Data who have committed themselves to confidentiality or have an appropriate legal obligation of confidentiality;
3. judicial authorities in the exercise of their functions when required by applicable law.
Transfers abroad
The Data Controller does not transfer personal data outside the European Economic Area.
European Economic Area. The Controller, however, reserves the right to use cloud services; in which case, the service providers will be selected from among those who provide adequate guarantees in compliance the applicable regulations in force.
Method of processing
Your personal data will be processed in both electronic and paper format.
The processing will, however, be carried out mainly by computer and in any case with observance of the minimum precautionary measures for data security and confidentiality. In particular, technical, IT, organisational, logistical and procedural security measures have been implemented and procedures have been implemented in order to prevent loss, unlawful or irrelevant use of the data and unauthorised access to them.
Rights of the data subject and complaints before the Garante
We inform you that with regard to the processing of your personal data you may exercise the following rights:
1. Right to obtain access to your personal data (Art. 15 GDPR): You may contact us to know whether your personal data is being processed and the legal information on the processing;
2. Right of rectification (art. 16 GDPR): obtain the correction of Your personal data that is inaccurate or the integration of incomplete data;
3. Right to erasure/oblivion (art. 17 GDPR): obtain the deletion of your personal data in the cases provided for by law;
4. Right to the limitation of processing (art. 18 GDPR): obtain the submission of your personal data to storage only, to the exclusion of other activities, in the cases provided for by law;
5. Right to portability (art. 20 GDPR): to obtain Your personal data in a structured, commonly used and machine-readable format and to obtain, also, the direct transmission to another data controller, in the cases provided for by law;
6. Right to object (Art. 21 GDPR): right to stop further processing of your personal data for reasons related to your situation. for reasons related to your particular situation, subject to the prevalence of our compelling legitimate reasons, in the cases provided for by law;
7. Right to revoke consent (Art. 7.3 GDPR): right to revoke consent at any time for cases where
consent in cases where processing is based on consent.
To exercise the aforementioned rights, you may use the Controller's contact details provided in this
Information Notice. The exercise of rights is not subject to any formal constraints and is free of charge. We also inform you of your right to lodge a complaint with the competent Data Protection Authority. We remind you that the complaint, pursuant to Art. 77.1 GDPR, may be lodged by the data subject with the Authority of the place where the data subject resides normally resides, where he/she works or where the alleged breach has occurred.
Data Controller
The Data Controller is holidaysliguria.com.
Contact details of the Data Controller
- e-mail: holidaysliguria@hotmail.com
- telephone: 0039 3357866794
The Data Protection Officer (DPO) designated by the Controller pursuant to Article 37 of the GDPR is:
- E-mail: holidaysliguria@hotmail.com
Changes
This notice is effective as of 21 January 2022. We reserve the right to amend or simply update its content, in part or in full, including due to changes of applicable legislation. The updated Policy will be promptly posted on this Site. We therefore invite you to regularly visit this page to view of any updates.
This information is provided pursuant to art. 13 of the European Regulation (EU) 2016/679 (hereinafter ‘GDPR’) by Holidaysliguria.com, in its capacity as Data Controller, which hereby informs you that the aforementioned legislation provides for the protection of the interested parties with respect to the processing of personal data and that such processing shall be based on the principles of correctness, lawfulness, transparency and protection of your confidentiality and your rights.
Your personal data will be processed in accordance with the legal provisions of the aforementioned legislation and the confidentiality obligations provided therein.
Personal data processed
Data provided voluntarily will be processed. Through the Site you have the opportunity to provide
personal data voluntarily, e.g. your name and e-mail address to contact us via the “contact” form. We will use this data in accordance with the applicable legislation in force, assuming that it relates to you. In the event that the data is referable to a third party, for the latter, you act as autonomous data controller, assuming all the obligations and responsibilities of law. In this sense, you grant on this point the widest indemnity against any dispute, claims, requests for compensation for damage caused by processing, etc., that may be received by our company from third parties whose personal data are being processed through your use of the Site in violation of the applicable legislation currently in force.
Purpose of data processing
Specifically, your personal data are processed for the following purposes and legal bases
- activities related to contact management (examples of activities are: filling in the contact form on the site or, more generally, the sending of an e-mail involving the processing of personal data such as, for example, name, surname, subject; the legal basis of the aforementioned purpose is identified in the contract and pre-contractual measures (Art. 6.1, letter b, GDPR);
- activities related to the performance of the contract to which you are party, including the pre contract (examples of activities are: the provision of a service, responding to a request, the request for contact via the ‘contact’ form (etc.); the legal basis of the purpose is identified in the contract and pre-contractual measures (Art. 6.1, letter b, GDPR), but also (where applicable) in legitimate interest (Art. 6.1(f) GDPR) with regard to the need to defend a right and also in the fulfilment of an
legal or regulatory obligation in force or to fulfil an obligation imposed by the Authorities (Art. 6.1(c) GDPR);
- maintenance of computer systems and devices (persons in charge of performing maintenance and repairs on the Site may accidentally access your personal data.
These events are entirely occasional and unforeseeable and, in any case, devoid of identification purposes and of a duration limited to the performance of the maintenance/repair; the legal basis of the aforementioned purpose is identified in the legitimate interest (Art. 6.1(f) GDPR). None of our processing is based on consent. The legal bases on which we operate are: contract, legitimate interest and legal obligation.
We do not carry out processing with automated decision-making processes or profiling.
Data retention
Your personal data will be kept for the time strictly necessary to fulfil the purposes above and to fulfil legal obligations. In particular, for activities related to contact management, your personal data will be deleted when the purpose of contact, reply or correspondence has been definitively fulfilled, for activities related to the execution of the contract to which you are party (including the pre-contractual phase), your personal data are retained for the entire duration of the contractual relationship and, once the relationship has ended, they will be kept for any needs for the establishment/exercise/defence of a right or for the fulfilment of a legal obligation or of regulations in force or to fulfil an obligation imposed by the Authorities (art. 6.1, letter c, GDPR), for computer systems and device maintenance activities, referring to personal data that we hold for the other purposes indicated in this Policy, the retention times storage times coincide with those identified from time to time for the aforementioned purposes.
Consent and optional/obligatory nature of conferment
The processing of your Personal Data, for the purposes outlined above, may be carried out without your consent. The provision of your data, which you undertake to provide us with by contract or by law, is compulsory and is a necessary requirement for the conclusion of the contract and failure to provide it will make it impossible for us to execute the contracts and other related fulfilments. Any other provision of your personal data (e.g. for sending requests not yet contracted or for site navigation) is purely optional. The only consequence of failure to provide optional data will be the impossibility to provide or perform the services requested.
Categories of recipients
Your Personal Data may also be communicated to third parties, for technical and operations strictly related to the purposes set out above and in particular to the following categories of subjects:
1. subjects necessary for the provision of services offered by the Site including by way of example
the sending of e-mails and analysis of the operation of the Site who typically act as data processors of our reality;
2. persons authorised by our reality to process Personal Data who have committed themselves to confidentiality or have an appropriate legal obligation of confidentiality;
3. judicial authorities in the exercise of their functions when required by applicable law.
Transfers abroad
The Data Controller does not transfer personal data outside the European Economic Area.
European Economic Area. The Controller, however, reserves the right to use cloud services; in which case, the service providers will be selected from among those who provide adequate guarantees in compliance the applicable regulations in force.
Method of processing
Your personal data will be processed in both electronic and paper format.
The processing will, however, be carried out mainly by computer and in any case with observance of the minimum precautionary measures for data security and confidentiality. In particular, technical, IT, organisational, logistical and procedural security measures have been implemented and procedures have been implemented in order to prevent loss, unlawful or irrelevant use of the data and unauthorised access to them.
Rights of the data subject and complaints before the Garante
We inform you that with regard to the processing of your personal data you may exercise the following rights:
1. Right to obtain access to your personal data (Art. 15 GDPR): You may contact us to know whether your personal data is being processed and the legal information on the processing;
2. Right of rectification (art. 16 GDPR): obtain the correction of Your personal data that is inaccurate or the integration of incomplete data;
3. Right to erasure/oblivion (art. 17 GDPR): obtain the deletion of your personal data in the cases provided for by law;
4. Right to the limitation of processing (art. 18 GDPR): obtain the submission of your personal data to storage only, to the exclusion of other activities, in the cases provided for by law;
5. Right to portability (art. 20 GDPR): to obtain Your personal data in a structured, commonly used and machine-readable format and to obtain, also, the direct transmission to another data controller, in the cases provided for by law;
6. Right to object (Art. 21 GDPR): right to stop further processing of your personal data for reasons related to your situation. for reasons related to your particular situation, subject to the prevalence of our compelling legitimate reasons, in the cases provided for by law;
7. Right to revoke consent (Art. 7.3 GDPR): right to revoke consent at any time for cases where
consent in cases where processing is based on consent.
To exercise the aforementioned rights, you may use the Controller's contact details provided in this
Information Notice. The exercise of rights is not subject to any formal constraints and is free of charge. We also inform you of your right to lodge a complaint with the competent Data Protection Authority. We remind you that the complaint, pursuant to Art. 77.1 GDPR, may be lodged by the data subject with the Authority of the place where the data subject resides normally resides, where he/she works or where the alleged breach has occurred.
Data Controller
The Data Controller is holidaysliguria.com.
Contact details of the Data Controller
- e-mail: holidaysliguria@hotmail.com
- telephone: 0039 3357866794
The Data Protection Officer (DPO) designated by the Controller pursuant to Article 37 of the GDPR is:
- E-mail: holidaysliguria@hotmail.com
Changes
This notice is effective as of 21 January 2022. We reserve the right to amend or simply update its content, in part or in full, including due to changes of applicable legislation. The updated Policy will be promptly posted on this Site. We therefore invite you to regularly visit this page to view of any updates.