Notice pursuant to article 13 of Regulation (EU) 2016/679 ("GDPR")
This Notice is made available pursuant to art. 13 and 14 of the European Regulation 2016/679 on the protection of personal data ("Regulation" or "GDPR) in order to inform interested parties about the methods of processing personal data concerning them.
1 DATA CONTROLLER
The Data Controller is Venetiana S.r.l. with registered office in Sestiere Santa Croce, 504 - 30135 Venice, VAT no. 03760980270, e-mail address firstname.lastname@example.org. The Data Controller has designated a Data Protection Officer (DPO) who can be contacted at the e-mail address email@example.com.
2 DESCRIPTION, PURPOSE AND LEGAL BASIS OF THE DATA PROCESSING
The Data Controller collects and processes personal data that are adequate, relevant and not excessive, as required to meet the purposes set out below and ensures that such personal data remains up-to-date and accurate.
Processing of data communicated by customers for the purchase and use of services
The Data Controller processes the personal data of customers communicated by customers for the purchase and use of the Controller's services, directly or through the website www.venetiana.it, and for the use of the App dell'App POP Guide ( the App).
The personal data processed are personal and contact data, information relating to payment and geolocation data for the use of the services provided through the App. The Data are provided directly by the Data Subject or by the person exercising parental authority over the Data Subject, for the following purposes:
a) purchase on the Site of digital content of mobile tourist guides and / or travel tickets;
b) management of access and use of services.
The legal basis for data processing is the fulfillment of contractual obligations between the parties. The provision of data is optional. Any refusal to provide personal data for the aforementioned purposes makes it impossible to use the related services offered by the Data Controller.
The Data Controller also processes the contact data:
c) for direct marketing communications relating to offers, services and events of the Data Controller, addressed to its customers, who are in any case guaranteed the right to object to such processing, at any time and free of charge (opt-out).
The legal basis of the data processing is the legitimate interest of the owner in carrying out direct marketing initiatives towards its customers, in consideration of the relationship established with them and the protection of the fundamental rights and freedoms of the customer, guaranteed by law. of opposition.
With the consent of the interested party, the Data Controller may also process personal data for the following purposes:
d) sending commercial and promotional communications relating to products and / or services of companies belonging to the Autoguidovie Group / selected Venetiana partners.
The legal basis of these treatments is the consent freely expressed by the interested party.
Navigation data of the website www.venetiana.it
The computer systems and software procedures used to operate the website www.venetiana.it acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site.
3 METHODS, LOCATION AND DURATION OF THE PROCESSING
Personal data are processed at the operational headquarters and within the organization of the Data Controller, by the competent offices in charge, with IT and / or telematic and paper tools, with technical and organizational measures that guarantee an adequate level of security and confidentiality to the data. personal data, in order to protect data from accidental or unlawful destruction or alteration, accidental loss, disclosure or unauthorized access and from other forms of unlawful processing.
Data processing is carried out for the time strictly necessary to pursue the aforementioned purposes, without prejudice to any retention terms provided for by law or regulations. In particular, the Data collected for the purposes indicated:
in paragraph 2 lett. (a) will be kept for the entire duration of the registration of the interested party on the website or the services of the Venetiana app, and subsequently for no later than the statutory limitation period.
in paragraph 2 lett. b), will be kept for the period of time necessary for the provision of the services purchased, and subsequently for no later than the statutory limitation period. The Data collected for the processing purposes referred to in paragraph 1 (d), will be kept until the Data Subject revokes his consent to receive commercial communications or requests the cancellation of the Data, except for cases in which the Data Controller must keep such Data to defend its rights in relation to any disputes outstanding at the time of the request, or upon formal request by the public authorities.
The Data collected for the processing purposes referred to in paragraph 1, letter f), will be kept until the interested party withdraws consent to the marketing activities described therein, or submits a request for cancellation of such Data, without prejudice to the foregoing. .
4 CATEGORIES OF SUBJECTS TO WHICH THE DATA MAY BE COMMUNICATED
Personal data may be communicated, in compliance with the applicable rules and for the sole purposes and under the conditions indicated in this information, with public subjects for legal obligations, or with the following categories of recipients:
- business partners of the Data Controller, to whom the same communicates the data exclusively for the provision of the service;
- hosting providers, IT companies, communication agencies;
- people, companies or professional firms that provide assistance and advice to the Data Controller, in accounting, administrative, legal, tax and financial matters.
These subjects are identified by the Data Controller through specific agreements as data controllers or joint controllers.
The Data will not be disseminated. The data will not be transferred outside the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to move the location of the servers to non-EU countries. In this case, the Data Controller ensures from now on that the transfer of data will take place in accordance with the applicable legal provisions by stipulating, if necessary, agreements that guarantee an adequate level of protection.
5 RIGHTS OF THE DATA SUBJECT
The interested party, i.e. the natural person to whom the personal data refer, has the right to ask the Data Controller for access to their personal data, to rectify or delete them, as well as to request limitation or oppose their processing. . The interested party is also the holder of the right to data portability.
To exercise these rights, you can refer to the contacts indicated in this statement. All requests received will be processed and checked in accordance with the concrete provisions of the applicable rules, also with reference to the actual existence of the conditions for their acceptance.
To manage requests, it may be necessary to ascertain the identity of the applicant, as a security measure to prevent the personal data being processed from being disclosed to subjects who are not entitled to know them. For the same reasons, it is possible that the person making the request is also contacted to provide any clarifications regarding the request made.
The exercise of the rights is not conditional on a payment, however the Data Controller reserves the right to charge the costs and expenses incurred to manage requests that are clearly spurious, unfounded, repetitive, excessive or that have the sole purpose of hindering the activity of the Data controller, the pursuit of their legitimate interests or the exercise of their rights. In such cases, the Data Controller may also not follow up or reject.