The purpose of this document is to inform the individual (hereinafter referred to as «Data Subject») about the processing of their personal data (hereinafter «Personal Data») collected by the data controller, Barbirotti Viaggi, with legal headquarters at Piazza Alfano I, nr 6 – 84121 Salerno (Sa), VAT number 04602370654, Tax Code BRBMRZ65D11H703R, email address email@example.com (hereinafter referred to as «Controller»), through the website www.barbirottiviaggi.it (hereinafter «Application»).
Categories of Personal Data Processed
The Controller processes the following types of Personal Data voluntarily provided by the Data Subject: Contact details: name, surname, address, email, phone, images, authentication credentials, any additional information sent by the Data Subject, etc.
The Controller processes the following types of Personal Data collected automatically: Technical data: Personal Data produced by the devices, applications, tools, and protocols used, such as information about the device used, IP addresses, type of browser, type of Internet service provider (ISP). Such Personal Data can leave traces that, particularly when combined with unique identifiers and other information received from servers, can be used to create profiles of individuals.
Failure to provide Personal Data by the Data Subject for which there is a legal, contractual obligation or if they constitute a necessary requirement for the conclusion of the contract with the Controller, will result in the inability of the Controller to establish or continue the relationship with the Data Subject.
The Data Subject who communicates third-party Personal Data to the Controller is directly and exclusively responsible for their origin, collection, processing, communication, or dissemination.
Cookies and similar technologies
Legal basis and purpose of processing
Processing of Personal Data is necessary. For the execution of the contract with the Data Subject, specifically:
Fulfillment of any obligation arising from the pre-contractual or contractual relationship with the Data Subject.
Registration and authentication of the Data Subject: to allow the Data Subject to register on the Application, access and be identified also through external platforms.
Support and contact with the Data Subject: to respond to requests from the Data Subject.
Management of payments: to manage payments via credit card, bank transfer, or other tools.
For legal obligation, specifically:
Based on the legitimate interest of the Controller, for:
Based on the consent of the Data Subject, for:
Based on the legitimate interest of the Controller, the Application allows interactions with external platforms or social networks whose processing of Personal Data is governed by their respective privacy policies, which are referred to. The interactions and information acquired by this Application are in any case subject to the privacy settings chosen by the Data Subject on such platforms or social networks. These pieces of information – in the absence of specific consent to processing for further purposes – are used solely to allow the use of the Application and to provide the information and services requested.
The Personal Data of the Data Subject may also be used by the Controller to defend itself in court before the competent judicial authorities.
Processing Methods and Recipients of Personal Data
The processing of Personal Data is carried out using paper and electronic tools with organizational methods and with logics strictly related to the purposes indicated and by adopting appropriate security measures.
Personal Data is processed exclusively by Individuals authorized by the Controller of Personal Data who have committed to confidentiality or have an adequate legal obligation of confidentiality;
Personal Data will not be indiscriminately disclosed in any way.
If necessary, Personal Data may be transferred to entities located outside of the European Economic Area (EEA). Whenever Personal Data is to be transferred outside of the EEA, the Controller will adopt all suitable and necessary contractual measures to ensure an adequate level of protection of Personal Data, including – among others – agreements based on standard contractual clauses for the transfer of data outside of the EEA, approved by the European Commission. To request information on the specific guarantees adopted, the Data Subject can contact the Controller at the following email address: firstname.lastname@example.org.
Completely Automated Decision-Making Processes
The Controller uses completely automated decision-making processes that can produce legal effects for the Data Subject or significantly affect them, operating according to these criteria: The processing of data for the purpose of simplifying decision-making processes.
Retention Period of Personal Data
Personal Data will be retained for the period of time necessary to fulfill the purposes for which it was collected, specifically: For purposes related to the execution of the contract between the Controller and the Data Subject, they will be retained for the entire duration of the contractual relationship and, after its termination, for the ordinary limitation period of 10 years. In the case of judicial litigation, for the entire duration of the same, until the exhaustion of the terms for challenging actions.
At the end of the retention period, all Personal Data will be deleted or stored in a form that does not allow the identification of the Data Subject.
Rights of the Data Subject
Data Subjects can exercise certain rights regarding the Personal Data processed by the Controller. In particular, the Data Subject has the right to:
To exercise their rights, Data Subjects can send a request to the following email address: email@example.com. Requests will be handled by the Controller immediately and fulfilled as soon as possible, in any case within 30 days.
Proyecto cofinanciado por el Fondo Europeo de Desarrollo Regional