Information pursuant to Article 13 of European Regulation 2016/679
Personal data communicated to the Data Controller will be treated with correctness and transparency for lawful purposes and protecting the privacy and rights of the customer in compliance with the Community legislation on the protection of personal data (EU Regulation 2016/679).
The treatments will be carried out with the following purposes and methods:
- DATA CONTROLLER
In accordance with the privacy legislation in force (Art.13 of European Regulation 2016/679 “GDPR”), the Data Controller is the company Clementson Travel Office s.r.l., Castello 5313, 30122 Venezia, email: firstname.lastname@example.org (for the correspondence regarding the data processing, please, write as object of the email: PRIVACY REQUEST).
- TYPE OF DATA PROCESSED
The Data Controller will process the personal data communicated by the Customer (name, surname, address, citizenship, date and place of birth, social security number, identity document, email, phone/mobile number, payment data) in the pre-contractual and contractual context for the purposes indicated in this statement. There is the possibility, in specific cases (eg following a request for cancellation of a trip sent by the Customer) that the Data Controller needs to process sensitive and/or particular data (eg medical certifications).
- PURPOSES AND LAWFUL BASIS OF PROCESSING
The data are processed by the Data Controller for the following purposes:
- a) to allow the Data Controller to respond to any requests for information and/or estimation sent by the Customer in the pre-contractual premises (legal basis: execution of the contract for which the Data Subject is a party);
- b) to allow the Data Controller to process a request for the booking/purchase of a service from the Customer and all related and consequent activities (legal basis: execution of the contract for which the Data Subject is a party);
- c) to allow the Data Controller to comply with legal and accounting obligations (legal basis: compliance with legal obligations);
- d) subject to specific and distinct consent given by the Customer to allow the Data Controller to send him periodically his newsletter (legal basis: consent of the Data Subject party)
- TYPE OF DATA PROCESSED
The data that will be processed are those described under Section 2, including data strictly necessary for the purposes indicated in the previous section.
- DATA RECIPIENT AND EVENTUAL CATEGORIES OF DATA RECIPIENTS
Data communicated by the customer will be accessible to:
- employees and collaborators of the Controller;
- companies (airlines, railway companies, shipping companies, photographic agencies, events agencies, etc.) with commercial relations relating to the Controller activity;
- Competent administrative offices;
- Companies in charge of providing assistance to the information systems of the Data Controller (computer network, website, etc.);
- professional firms providing for the fulfillment of obligations in administrative, accounting, tax, legal, etc. on behalf of the Data Controller;
The list of the aforementioned subjects, who will be identified as external processors, will be updated constantly by the Data Controller and will be made available to any Data Subject requesting.
The data listed at point 2 will not be disseminated and will be treated with organizational and logical methods related to the aforementioned purposes.
- Methods of Data Processing.
The processing of data by the competent corporate structures will take place through appropriate tools to ensure security and confidentiality and can be carried out, as well as with analogical tools, also through automated tools (both IT and telematics tools) to store, manage and transmit data themselves.
The treatment and storage of personal data will be carried out on servers located within the EU, in the headquarters of the Data Controller and /or third-party companies in charge and no transfer will be made of them outside the European Union.
- DATA RETENTION POLICY
Personal data communicated by the customer, object of treatment for the above purposes, will be retained until the end of the pre-contractual negotiations and, in case of good end of the aforementioned negotiations, for the duration of the contract and, afterwards, for the duration of 10 years as required by the Civil Code on the conservation of correspondence and by the law on the conservation of fiscal documents.
In case of assent given by the Customer, his e-mail address will be retained for the purposes described in point 3c) for the period of 60 months in order to allow the Data Controller to send the Client communications relating to the initiatives / activities he organizes.
- RIGHTS OF DATA SUBJECTS
In its quality of Subject, the Customer has the possibility to exercise specific rights:
- to access personal data concerning him or her (once he/she has received confirmation that his/her data are subjected to treatment by the Data Controller);
- of rectification and integration of data pertaining to him or her;
- to obtain the erasure of the data pertaining to him or her;
- to obtain the processing treatment restriction of the data pertaining to him or her;
- to receive the data communicated to the Data Controller in a structured format of common use, so that they can be sent to another Data Controller;
- to object to the processing of his/her personal data if there are reasons related to his personal circumstances;
- not to be subjected to an automated decision-making process, including profiling, which produces legal effects concerning him/her;
- to obtain communication in the event that his/her data are subject to a serious violation;
- to withdraw the consent at any time;
- to lodge a complaint with a supervisory authority (Data Protection Authority).
The above rights can be exercised by sending a request without a formal procedure to the Data Controller at the address reported in Art.1.
- Nature of providing data and consequences of refusing to answer.
The communication of data for the above purposes is necessary and mandatory; in fact, in the absence of the aforementioned data, it will not be possible to proceed with the provision of the services described in points 3a) and 3b).
The consent to the use of the email for the period of 36 months is optional. The Customer can therefore decide not to give such consent or to revoke the consent given, according to the procedures set out in point 8i), without prejudice to the lawfulness of the treatment based on the consent given prior to the revocation.