Information on the protection of personal data Art. 12 and following Regulation (EU) 2016/679
Pursuant to art. 12 ff. of the “Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, concerning the protection of individuals with regard to the processing of personal data, as well as the free circulation of such data and repealing Directive 95/46 / EC (general regulation on data protection)”, GUSI s.r.l.s., as Data Controller, is required to provide users who connect to the domain poloturisticoumbria.com (regardless of the purpose of the connection) some information relating to the processing of data personal data carried out there.
poloturisticoumbria.com domain: the domain, reachable through the world wide web service of the internet network, at the address poloturisticoumbria.com, consisting of data, applications, technological resources, human resources, organizational rules and procedures to the acquisition, storage, processing, exchange, retrieval and transmission of information.
Collection points: areas within the poloturisticoumbria.com domain intended for the collection of personal data.
I. Warnings and protection of minors
The processing of personal data will apply the principles of lawfulness, correctness and transparency. Personal data will be collected for specific, explicit, legitimate purposes (purpose limitation) and will be adequate, relevant and limited with respect to the purposes for which they are processed (data minimization). They will always be updated and accurate and stored for a period of time not exceeding what is necessary for the purpose of executing the Contract, without prejudice to the fulfillment of legal and tax obligations that set longer retention times (storage limitation). Personal data will be processed by adopting all appropriate security measures to ensure its integrity, confidentiality and unavailability by unauthorized third parties (integrity and confidentiality). Unless expressly indicated, the provision of personal data through the collection points on the website poloturisticoumbria.com is reserved for adults.
II. Reference standards and legal bases for processing
The processing operations, which will be illustrated in detail below, have their legal basis in the rules governing the right to the protection of personal data, the right to privacy and, finally, in those that allow you to express or revoke, in any moment, the informed consent to the processing operations, namely:
- the General Regulation (EU) 2016/679, concerning the protection of individuals with regard to the processing of personal data, as well as the free circulation of such data;
- informed consent, expressed in compliance with the current provisions of the law regarding the protection of personal data (Article 6 of Regulation (EU) 2016/679);
- the fulfillment of contractual obligations undertaken by GUSI s.r.l.s. upon accession of the interested party to the service (Article 6 of Regulation (EU) 2016/679);
- the fulfillment of obligations or orders to which GUSI s.r.l.s. is required by law or by order of the Authority (Article 6 of Regulation (EU) 2016/679).
III. – Nature of the data being processed.
III.1. – The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message. Specific summary information will be progressively reported or displayed on the pages of the site set up for particular services on request. In any case, where required by law, consent to the processing of personal data will be requested from time to time.
III.2. – Exclusively after consent, where necessary, the following categories of personal data will or may be processed for the purposes indicated.
(a) Common personal data, identification data
Such as eg. name and surname, date and year of birth, social security number, gender, address, city, province, e-mail address, telephone number, postcode, link to the profiles of the following social networks: Facebook, Instagram, Whatsapp and Twitter.
(b) Technical treatments
The type of browser used to connect to the poloturisticoumbria.com domain (non-identifying data), automatically recorded by the logical protection and access control devices to the domain (log files), also constitute the object of processing. These personal data will be used exclusively for the purpose of controlling network traffic to the poloturisticoumbria.com domain. This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow you to identify users. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of computer crimes against the site: except for this possibility, the data on web contacts do not persist for more than seven days.
(d) Special categories of personal data
In the event that through the GUSI s.r.l.s. the collection of particular categories of personal data is carried out pursuant to art. 9 Regulation (EU) 2016/679, the interested party will be informed in advance and put in a position to express – in accordance with the law – the relative consent.
IV. – Nature of the provision, data sources
The provision of personal data is not usually mandatory but, in some cases, it is necessary, and therefore mandatory, to allow the interested party to benefit from the services and features of the site.
IV.1. – Data whose provision is necessary
IV.1.1. – The provision of certain personal data is necessary, and therefore mandatory, to fulfill specific requests; the interested party is always free not to provide their personal data, but in this case it may be impossible for GUSI s.r.l.s. satisfy your requests, meet your needs or allow you to use, in their entirety, all the functions available on the website poloturisticoumbria.com
IV.1.2. – It is necessary to provide personal identification data and particular categories of data for:
- be able to use the online assistance service, which allows access to this booking system using the contact form on the website,
- be able to use the product purchase service, which allows citizens to purchase software products via the Web at GUSI s.r.l.s. .
IV.1.3. – These identification data will be processed – exclusively in order to satisfy the explicit request of the interested parties – both on paper and electronic media, and will be stored by GUSI s.r.l.s. for a maximum of three years from the last action carried out within the site.
After these retention times, the personal identification data will be deleted or anonymized automatically.
IV.2. – Sources of data
Data collection is carried out directly from the interested party, through his interactions with the website poloturisticoumbria.com
V. Purpose of the processing
GUSI s.r.l.s., in addition to the necessary treatments in relation to legal obligations, regulations, or deriving from an order of the Authority, will carry out, exclusively with the consent of the interested party, where necessary, the operations necessary to allow the same to benefit from the services and the functionality of the website poloturisticoumbria.com; in particular:
- managing the relationship with GUSI s.r.l.s.;
- purposes strictly connected and instrumental to the management of the aforementioned relationship (eg. for the acquisition of pre-contractual information and to execute services and operations, as contractually agreed);
- purposes related to monitoring the progress of customer relations and credit and fraud risk controls related to the services provided by GUSI s.r.l.s.;
- fulfill specific requests of the interested party .
- Methods of processing personal data
In relation to all the purposes indicated in the previous paragraphs, personal data will be subject to computer and paper processing and processed by specific IT procedures in order to customize the services that GUSI s.r.l.s. is able to deliver.
The data will be processed in such a way as to guarantee its logical and physical security and confidentiality, and may be carried out using manual, IT and telematic tools designed to store, transmit and share the data. The logic of the processing will be strictly related to the purposes pursued.
VI.1. – Data Retention Policy
In relation to the purposes referred to in letter (V.3), namely the proposition of commercial or promotional information, the related processing which, in accordance with the provisions of the Provision of the Guarantor Authority for the protection of personal data referred to in doc. web n. 1103045, will not be subject to sensitive data / particular categories of data, it will take place, by the Owner, subject to the consent of the interested party, for no more than 24 months from the collection exclusively on aggregate data.
VI.2. – Data security and retention
Personal data will be stored within the European Union, the related security policies are reviewed in accordance with the relevant Best Practices.
VI.3. – Profiling
VII. – Data recipients and transfers abroad
VII.1. – Data processing managers and authorized / designated persons
The following may become aware of the personal data referred to in this information, as Data Processors or Authorized / Designated for processing:
- within GUSI s.r.l.s., qualified personnel, each limited to their skills and duties and on the basis of the tasks assigned and the instructions given;
- outside GUSI s.r.l.s., third parties, also specifically designated as Data Processors of which GUSI s.r.l.s. uses for various services and exclusively to carry out these services – each limited to their own skills and duties and on the basis of the tasks assigned and the instructions given.
VII.2. – Communication (to specific external subjects) of the data
GUSI s.r.l.s., for ordinary management, accounting and administrative activities, may communicate personal data, after obtaining consent in accordance with the law, where required, in compliance with security measures, to third party service providers for the sole purpose of performing the service. requested by the interested party, such as: postal services company; law firms and notaries; consultants, also in associated form; other service companies; as well as to other subjects in compliance with any legal obligations (such as insurance institutions, police forces, judicial authorities, etc.).
VII.3. – Transfer of personal data abroad
GUSI s.r.l.s. does not transfer personal data abroad on its own initiative. However, some third parties, service providers, may have their servers physically located abroad (as in the case of an e-mail provider). In such eventualities, the transfer of data abroad will take place exclusively in the context of and in compliance with Regulation (EU) 2016/679, articles 44 ff.
VII.4. – Dissemination (to indeterminate external subjects) of the data
In no case will personal data be disclosed.
VIII. – Rights of the interested party.
Articles 15 to 22 of Regulation (EU) 2016/679 confer on the interested parties the exercise of specific rights. Art. 15 recognizes the right of interested parties to access their personal data and to obtain a copy thereof. The right to obtain a copy of the data must not affect the rights and freedoms of others. With the request for access, the interested party has the right to obtain from GUSI s.r.l.s. confirmation or not whether personal data is being processed and to know the purposes and categories of data processed, the third parties to whom the data are communicated and if the data are transferred to a non-EU country with adequate guarantees. The interested party also has the right to know the retention time of their personal data and has the right to request the correction of inaccurate data and the integration of incomplete ones, the cancellation (right to be forgotten) under the conditions indicated by art. 17, the limitation of the processing, the withdrawal of consent, the portability of data and the right to oppose, at any time and without having to provide justifications, to the processing for direct marketing purposes. The rights may be exercised by e-mail from GUSI s.r.l.s. , or by ordinary mail to the address on the home page. The interested party who believes that the processing of their personal data violates the provisions of Regulation (EU) 2016/679 or of the internal legislation on the protection of personal data, has the right to lodge a complaint with the Guarantor Authority for the Protection of Personal Data. based in Rome, pursuant to art. 77 Regulation (EU) 2016/679 and / or to appeal to the judicial authority. To exercise these rights, or to obtain any other information regarding them and, more generally, the processing of personal data, requests may be sent via e-mail or by post, to the addresses on the homepage. Before GUSI s.r.l.s. can provide or modify any information, it may be necessary to verify the identity of the applicant.
IX. Withdrawal of Consent Privacy Questions Access and Feedback
The right to withdraw consent to the processing of personal data is recognized at any time by the interested party, by communicating the intention to GUSI s.r.l.s..
X. – Data Controller
Is GUSI s.r.l.s..
XI. – Responsible for the treatment
The complete list of data processors is available at the Headquarters. This mandatory information is subject to updating, depending on any changes in the applicable legal provisions.