Information pursuant to Art. 13-14 of the European Regulation 679/2016 (GDPR)

Maroni Turismo protects the confidentiality of your personal data and guarantees their protection and proper processing, in line with recent European legislation. Hereby, in accordance with Articles 13 and 14 of the European Regulation (EU) 2016/679 (hereinafter GDPR) and Legislative Decree 196/03, as amended by Legislative Decree 101/18, we hereby inform you of the following:

1) Data controller and data protection officer.

The Data Controller is Maroni Turismo. in the person of its legal representative pro tempore, with registered office in Ponte di Legno, Via Roma, 46. The Data Controller can be contacted by communication at info@maroniturismo.it

The owner has not appointed a data protection officer (DPO).

Data processing, as described below, takes place in Ponte di Legno, Via Roma, 46; data are processed and stored by the owner within the European Economic Area and will not be transferred or outside the European Economic Area.

2) Type of data and processing.

The data you give us are common and not special.

These include first and last name, date of birth contact data (landline phone number, mobile including VOIP and e-mail address etc.).

Data may be provided to us by you personally, as a data subject, including through remote means.

Our website, in the course of its operation, may acquire some data whose transmission is automatic in the course of navigation such as IP address, online identifiers, contact time, etc. Said information is not processed but will be used only to provide anonymous statistics on the use of the site itself and to control any anomalies, as well as to avoid fraud; for the latter purpose, the data may be used only for the purpose of possible communications to the competent Authorities for the purpose of ascertaining responsibility. That said, we inform you, therefore, that, by their nature, said information could, through association and processing with data held by third parties, allow the identification of the user.

In addition to the above, in case of interaction with social networks, you may provide your data in the registration window (“register with…”) of the social network.

In general, all types of data processing may be identified in those provided for in Art.4 paragraph 1, no. 2 of EU Reg. 679/16 (e.g. collection, recording, organization, storage etc). Your data will, however, be processed in a lawful, correct and transparent manner. Only the data necessary and essential for the achievement of the specific purpose will be processed (c.d. minimization of processing and accountability ex art 5 paragraph 1 letter c of the GDPR), with guarantee of accuracy and integrity of the data.

In particular, you acknowledge that your personal data, including special data, may be collected on the basis of information you provide during registration or communications, including electronic communications, between you and the owner.

Persons under the age of 16 will be able to use the services only with the consent of their parents or, in any case, the holder of parental responsibility under Article 8 of the GDPR.

3) Purpose, legal basis and manner of data processing.

The processing of your data is mainly aimed at the correct and complete provision of the services you have requested.

Each type of processing bases its legitimacy on an assumption or legal basis, pursuant to Article 6 of the GDPR.

The purposes of processing are as follows with the relevant legal basis in parentheses:

(a) provision of requested services, management of purchase orders, supply of products, management of payments and communications pertaining to such orders (execution of the contract or pre-contractual measures);

(b) fulfillment of tax and accounting obligations, including through third parties and external managers (fulfillment of legal and statutory obligations);

(c) personal communications and internal security (contract execution);

(d) direct marketing initiatives so-called soft spam (art.130, paragraph 4 Privacy Code)

(e) commercial communications from other branded companies or third parties operating in the field; (consent);

(f) customer care and customer satisfaction (contract execution);

Any additional and future purposes will be the subject of an appendix to this notice and possible consent.

Your data will be processed both manually and by electronic means, only when there is a suitable legal basis.

Personal data may be processed through both paper-based and computerized archives (including portable devices) and in a manner strictly necessary to meet the above purposes. Data may be processed through so-called cloud-based computing devices and reside in archives of the latter kind.

The provision of data is mandatory insofar as it is necessary for the fulfillment of contractual or legal obligations with regard to the purposes indicated above in letters a)b)c)f). In order to letters d)e) the conferment is optional in nature and may be subject to revocation or opposition as described below. The data controller informs you that failure to provide or incorrect communication/updating of your data could result in the impossibility of ensuring congruity of processing with respect to the regulations in force.

4) Data sharing.

The data may be processed by our collaborators with the function of customer management, marketing, technical personnel etc. All such collaborators have received appropriate training and instructions regarding the minimum security measures required to protect your data.

In order to process your data, the owner may also use third parties such as:

1. consultants in general, accountants and accountant or legal experts, formally delegated or having legal title, who provide functional services for the above purposes;

2. banking and insurance institutions that provide functional services for the above purposes, including companies that deal with payment services accepted by our site as independent owners;

3. parties who process data in fulfillment of specific legal obligations;

4. judicial, police or administrative authorities for the fulfillment of legal obligations;

5. sites and third party providers of communication networks and services;

6. sites and third party providers of communication networks and services for the purpose of processing communications sent by e-mail and their content and attachments;

Your data may, therefore, be communicated to these parties, who will process them as autonomous data controllers or processors.

You will be able to check the compliance of these service providers with the current regulations on the site of each of them, including by making a request to the owner of the contact information in accordance with the forms indicated below.

5) Data retention.

Your personal data, which are processed for the above-mentioned purposes, will be stored, in accordance with Art.13.2nd paragraph lett. a GDPR. The data will be stored for as long as the owner is subject to retention obligations, for tax or other purposes, provided for by law or regulation. In any case, in compliance with the provisions mentioned above, your data will not be kept beyond the period strictly necessary for the purposes and purposes described above.

Pending disputes with the data controller, processing will continue until each party’s rights are time-barred. As for marketing purposes, unless the data subject expressly objects for the latter purpose or withdraws consent, the duration will be two years.

6) Data Profiling and Dissemination.

Your personal data are not subject to dissemination or to any fully automated decision-making process, including profiling. An exception is the case in which you connect to the site or pages of social networks referable to the owner (Facebook, Twitter, etc) in that hypothesis your data may be subject to analysis according to the provisions and purposes indicated by the provider of the web service or social network of reference. In the latter case, it is possible that the hosting service provider or social network of reference makes use of cookies. You are invited, therefore, to check your privacy and security settings on your social profile settings and disable the use of such tools if you do not want said processing. Remember that the Settings option, available in the toolbar of most browsers, includes instructions to prevent the browser from accepting cookies, receive notifications for each new cookie installed, or disable unwanted cookies. By continuing to use and visit the owner’s website or social profiles you automatically consent to the processing of your data and the use of cookies according to the settings you predefine and indicated by the hosting server or social network you use.

7) Data security.

The owner is committed to protecting its data from unauthorized access or other alterations. This implies the use of various security measures (passwords, firewalls, antivirus, backups etc) in order to protect stored data as well as continuous reviews of how data is collected, stored and processed.

In accordance with the provisions of this policy, the owner will treat all of your personal data in strict confidence so as to preserve its integrity, confidentiality, and availability (art.32 GDPR) and will take all reasonable steps to ensure the security of your data once in the owner’s possession. Likewise, the owner will impose similar measures on third-party providers.

8) Rights of the data subject.

Your rights under the GDPR include those of:

– to request access to your personal data and information relating to them; rectification of inaccurate data or supplementation of incomplete data; deletion of personal data relating to you (upon the occurrence of one of the conditions indicated in Article 17(1) of the GDPR and in compliance with the exceptions provided for in paragraph 3 of the same article); limitation of the processing of your personal data (upon the occurrence of one of the cases indicated in Article 18(1) of the GDPR);

– to request and obtain – in cases where the legal basis of the processing is a contract or consent, and the processing is carried out by automated means – your personal data in a structured, machine-readable format, including for the purpose of communicating such data to another data controller (so-called right to personal data portability);

– Object at any time to the processing of your personal data in the event of special situations concerning you;

– revoke consent at any time, limited to cases where the processing is based on your consent for one or more specific purposes and involves common personal data (e.g., date and place of birth or place of residence), or special categories of data (e.g., data revealing your racial origin, political opinions, religious beliefs, health status, or sex life). Processing based on consent and carried out prior to revocation of consent retains, however, its lawfulness;

– Propose a complaint to a supervisory authority (Data Protection Authority – www.garanteprivacy.it).

9) Contacts

To enforce your rights, you may forward an email to the owner or contact him at the following address: Maroni Turismo, Via Roma, 46.