Bookingpiemonte.it website and all the third levels connected to it
DISCLOSURE PURSUANT TO ART. 13 OF THE EU REGULATION No.679/2016
(relating to the protection of natural person with regard to the processing of personal data, as well as to the free circulation of such data)
Dear Customer / Supplier / Visitor,
the company TURISMO ALPMED S.R.L. – registered office in Turin (TO) Via Camillo Benso di Cavour 17 chap. 10123 VAT 10807510010 – as Data Controller, pursuant to art. 13 of the EU Regulation n. 679/2016 is glad to inform you that your data will be processed according to the principles established by the GDPR (General Data Protection Regulation EU 679/2016), that means in compliance with the principle of lawfulness, correctness, transparency, in order to minimize the purpose and conservation of data and extend the accuracy, integrity and confidentiality.
SUBJECT OF THE TREATMENT
The processed data are:
- navigation data;
- personal data, identification and contact details.
SOURCE OF PROCESSED DATA
The Data Controller processes the navigation data and the personal data provided spontaneously by the interested subject on the occasion of:
- visits or phone calls to the offices;
- previous transactions;
- direct contacts for participation in events, exhibitions, etc.;
- interactions through the website (e.g. filling in the “Contacts” form);
PURPOSE AND LEGAL BASIS OF THE DATA TREATMENT
The personal data voluntarily provided by you will be processed for the purposes listed below.
Concerning the navigation data: the user is allowed to browse the website of the data controller; perform statistical research/analysis by using aggregate or anonymous data, without the possibility of identifying the Visitor, in order to measure the operation, traffic and interest of the Site itself; fulfil legal obligations to which the Data Controller is subject.
Concerning personal, identification and contact data:
- in execution of the contract between the interested party and TURISMO ALPMED S.R.L. or in execution of pre-contractual measures adopted at the request of the interested party in order to:
- carry out the administrative-accounting activities strictly connected and preparatory to the fiscal and bureaucratic obligations and in order to organize the requested services;
- exchange information, including pre and post contractual activities;
- provide the services requested and protect the credit positions arising from there;
- formalize requests for information, prepare estimates/ offers, manage negotiations and pre-contractual relationships;
- formulate requests or fulfil requests received.
- By virtue of the legitimate interest of the Data Controller for:
- carry out surveys on the degree of customer satisfaction and on the quality of the services offered (“Customer Satisfaction”).
- With the consent of the interested party for:
- send newsletters and/or commercial – promotional communications regarding products, services, news, events of TOURISM ALPMED S.R.L .;
About marketing activities, it will not be possible to carry out the aforementioned activities without the consent of the interested party.
DIFFUSION AND COMMUNICATION OF DATA
The personal data processed by the Data Controller will not be disclosed, i.e. will not be disclosed to undetermined subjects, in any possible form, including that of making them available or the simple consultation.
The data are communicated to the recipients only for what is strictly necessary in relation to the aforementioned purposes. They can be communicated to workers who work for the Data Controller; in particular, based on the roles and duties performed, the ones of them that have been entitled to process personal data, within the limits of their competences and in accordance with the instructions given. They may also be communicated, within the strictly necessary limits, to external parties who collaborate with the Data Controller and to subjects which, for the purpose of processing purchases or other requests or services relating to the transaction or contractual relationship with the Data Controller, must provide assets and/or perform services or services. They may also be communicated to the subjects entitled to access it under the provisions of the law, regulations, and Community legislation.
Finally, the data may be communicated to third parties belonging to the following categories:
- subjects that provide services for the management of the information system used and for the operation of the Site itself (e.g. WinTrade srl for the booking platform and La Fourchette – The Fork for the restaurant reservation service);
- subjects that carry out the services offered (e.g. transfers, excursions, guided tours, travel/holiday package organizers, owners / contact persons of accommodation facilities and/ or restaurants);
- freelance professionals, studios or companies in the field of assistance and tax consultancy and labour law;
- building societies;
- competent authorities for the fulfilment of legal obligations and/or provisions of public authorities, upon request.
The Data Controller does not transfer personal data to third Countries or international organizations. However, it reserves the right to use cloud services; in which case, the providers of the service will be selected from those who provide adequate guarantees, as expected by art. 46 GDPR 679/16.
DATA PROCESSING AND STORAGE PROCEDURES
The treatment will be carried out in an automated and/or manual form, with methods and tools aimed at guaranteeing maximum security and confidentiality, by persons specifically appointed for this purpose in compliance with the provisions of art. 4 and the principle of accountability of the G.D.P.R.
The Data Controller maintains and processes personal data for the time necessary to fulfill the indicated purposes, or to carry out what is requested by the user. Subsequently, the personal data will be stored, and not further processed, for the time established by the current civil and fiscal provisions.
The data processed for Customer Satisfaction will be kept by the Company for the period deemed strictly necessary to achieve these purposes. However, the Company may continue to keep such data for a longer period, in order to be able to manage any disputes related to the provision of the service.
The data processed for marketing purposes will be kept by the Company starting from the moment in which the data subject has given his consent until such consent is repealed.
RIGHTS OF THE INTERESTED PARTY
Pursuant to GDPR 679/2016 the interested party has the right of access (art. 15), right of rectification (art. 16), right to cancellation (art. 17), right to limitation of treatment (art. 18), right to portability (art. 20), right of opposition (art. 21), right of opposition to the automated decision-making process (art. 22).
For the purpose of enforcing their rights, the interested party may contact the Data Controller specifying the object of the request, the right he intend to exercise and attaching a photocopy of an identity document that certifies the legitimacy of the request to the following address:
TOURISM ALPMED S.R.L. Via Cavour 17 chap. 10123 Turin (TO)
or by sending an e-mail to the following e-mail address email@example.com
REVOCATION OF CONSENT AND CLAIM PROPOSAL
Referring to art. 6 of GDPR 679/16, the interested party may revoke the consent given at any time, except for the communication of data to third parties provided following the law, whose failure to transmit could compromise, entirely or in part, the provision of the service.
The interested party has the right to propose a complain to the control authority of the State of residence.
REFUSAL TO PROVIDE DATA
The interested party may not refuse to provide the Data Controller with the personal data necessary to comply with the laws of commercial transactions and taxation. Providing additional personal data may be necessary to improve the quality and efficiency of the transaction. Therefore, refusal to provide the data required by law will prevent the execution of orders; while the provision of further data may compromise in whole or in part the fulfillment of other requests and the quality and efficiency of the transaction itself.
Persons operating in the name and on behalf of legal persons may refuse to provide the Data Controller with their personal data. The transfer of these data is however necessary for a correct and efficient management of the contractual relationship. Therefore, any refusal to confer data may compromise the contractual relationship entirely or in part.
With regards to the data provided when filling in the “Contacts” form, the interested party may refuse to communicate them to the Data Controller, since the conferment is optional. However, filling in the indicated fields is essential to be able to process the requests received.
AUTOMATED INDIVIDUAL DECISION MAKING
The Data Controller does not carry out actions consisting in automated decision-making processes on the data.
The Data Controller is TURISMO ALPMED S.R.L. – registered office in Turin (TO) Via Camillo Benso di Cavour 17. The Data Controller guarantees the security, confidentiality and protection of the personal data in its possession, at any stage of the data processing.
The updated list of internal and external managers is available from the Data Controller.
CHANGES TO THIS NOTICE
The Data Controller reserves the right to change the content of this information, entirely or in part, also if changes in the Privacy legislation occur.
The Owner will contact the interested party in advance if he process personal data for new purposes than those indicated in this statement.
The Owner will publish the updated version of this document on the Site and from that moment it will be binding: the interested party is therefore invited to visit this section regularly.