Data controller is DOIT VIAGGI di I.T.P. S.R.L. headquartered in Padua Via Tiziano Aspetti 246. The legal representative is ALBERTO BENINI and can be contacted at: firstname.lastname@example.org
The travel agency DOIT VIAGGI di I.T.P. S.R.L. headquartered in Padua Via Tiziano Aspetti 246 (hereafter “TA”), as the data controller, in compliance with art. 13 of the General Data Protection Regulation 679/2016 (hereafter “GDPR”), provides the following information about the processing of personal data that You, as the data subject, have told us:
- To organize a tour package;
- To facilitate the purchase of linked travel arrangements;
- To act as a mediator in purchasing a tourist package organized by third parties or individual tourist services provided by third-party providers (ex: hotel managers, carriers,);
- To act as a mediator in purchasing additional financial/insurance services linked to the tourist packages/services subsidied or purchased individually (medical insurance policies – luggage insurance policy; cancellation; travel assistance; consumer credit);
- To fulfil the task concerning the issue of visas;
- To register on our website and/app or to fill out the forms available on our website or in the app.
Purpose and legal basis of the processing
In addition, the data you provided could include some personal data laid down both in the GDPR and in Italian harmonisation legislation as “sensitive” (ex: health data, judicial data). Sensible data will be processed according to the purposes mentioned below and only with Your express consent.
- Purpose related to contractual services. Your personal data will be processed in order to fulfil the obligations under the negotiation and the contract on the organisation of the tourist package, namely to the term to facilitate the purchase of linked travel arrangements or to the term of intermediation to purchase individual tourist services or otherwise to perform the contractual obligations arising from all contractual relationships, including the negotiation phase, laid down in paragraphs a) to f), in order to allow ADV to optimally provide a service, especially for:
- Terminating, managing and performing the contractual relationships between You and ADV;
- Answering to your questions;
- Notices concerning the purchased package or tourist services or other additional and ancillary services (e.g. policy concerning the purchased tourist services; amendment of contract terms; cancellations);
- Legal purposes. Your personal data will also be processed:
- To enforce legal obligations, regulations, national, Community and international legislation or laws arising from provisions issued by an Authority authorised to do so by law;
- To assess, perform and/or defend in judicial proceedings a right of TA;
- To fulfil the obligations in the field of taxation and accounting;
- To fulfil the obligations with regard to the legislation on health and safety for travellers;
- To fulfil the obligations with regard to the legislation on passenger and freight transport;
- Purposes related to business and statistics. Your personal data will also be processed for purposes related to the work carried out by ADV and for the development of statistics and market research in anonymous form.
- Additional purpose. In addition, provided that you give explicit consent, your personal data will also be processed for:
- Marketing purposes, which comprise: ADV promotional activities, carried out both with automated methods (e.g. email, text messages, instant messaging applications, etc.) and with non-automated methods (e.g. regular mail, phone calls with operators, etc.)
- Profiling activities, or rather analysis of your travel preferences and market research with the aim of improving our range of services and commercial information by making them more suited to your interests. Such activity may also occur through the administration of satisfaction surveys and/or the use of profiling cookies used while browsing our websites and apps.
Data processing for marketing purposes (so both for promotional and profiling activities) may occur only with your consent.
Cookies are information entered on the user’s browser when you visit a website or use a social network with your PC, smartphone or tablet. Each cookie contains various data such as the server name from which it comes, a numeric identifier, etc.. Cookies can remain in the system for the duration of a browsing session (that is, until the browser is closed) or for a more prolonged period and can contain a unique identification code.
The cookies present on this website are the following:
DOITVIAGGI.COM ESSENTIAL TECHNICAL COOKIES
Simple cookies used to maintain the session on the website and being able to navigate from one page of the web site to another while keeping possible preferences. It is automatically deleted when the user leaves the website.
COOKIES FROM GOOGLE
COOKIES FROM FACEBOOK
Content embedded by other website
Articles on this website may include embedded content (e.g. videos, images, articles, etc.). Content embedded from other websites behave exactly in the same way as if the visitor has visited the other web site. These websites can collect data about you, store cookies on your browser, embed additional third-party tracking, and monitor your interaction with that embedded content, including the tracking of your interaction with the embedded content if you have an account or if you are connected to those websites.
Nature of providing personal data and consequences for any refusal
Data provision is optional. However in the absence of the requested data for the purposes set out in points a) and b) (purposes related to the contract performance and to the law) the performance required or part of it cannot be carried out and you won’t make use of the aforementioned opportunities. The provision of optional data will enable TA to improve its services in order to increasingly match the personal interests of its customers. Provision of personal and sensible data is voluntary; however, in the absence of such consent TA might not be able to comply with some contractual obligations related to the processing of such data.
Categories of personal data recipients
Your data will not be disclosed. Your data might be shared, solely for the aforementioned purposes, with the following categories of subjects:
- TA internal staff, as data processors;
- Tourism service providers included in the sold packages, or who supply related or single services purchased from TA;
- Insurance companies supplying ancillary benefits related to the purchased packages and tourist services;
- Individuals, companies, associations or professional practices supplying services or assistance activities for TA in order to protect its own rights (for example, chartered accountants, lawyers, tax advisors, auditors, auditing or due diligence consultants, etc.);
- Individuals, companies, or agencies supplying marketing services or doing consulting work for TA;
- Individuals whose right to access your data is recognized by legal provisions and by secundary legislation or by provisions issued by authorities authorized to do so by law, such as airport authorities, port authorities, customs authorities and border control authorities.
Transfer of personal data outside of the European Union
Your personal data might be transferred abroad to third party companies belonging or not to the European Union, always for the aforementioned purposes. In the case of transfer of data to countries outside the European Union, such countries will provide an adequate level of protection based on a specific decision made by the European Commission or alternatively the addressee will be contractually bound to data protection with an adequate standard comparable to the protection provided by the GDPR.
Storage of personal data
Personal data will be stored for a period not exceeding the time required to achieve the purposes for which the data were collected and subsequently processed. Your personal data will be stored for the entire duration of the contract concluded with You and also for a subsequent period:
- Within the deadlines set by the current legislation;
- Within the deadlines set the secundary legislation requiring data storage (e.g. tax declarations)
- Within the period necessary to protect the rights of the data owner in the event of any disputes related to the provision of our services.
Personal data collected and processed for profiling purposes will be stored for a period up to ten (10) years at the end of which the data is authomatically erased or permanently made anonymous.
Rights of the data subject
In any moment, under art. 15 and 22 of the GDPR, also in relation to profiling activities, you have the right to:
- Request access to your personal data and to information related that data to the data controller; request that inaccurate data are swiftly corrected or integrated to the incomplete data; request deletion of data that concern you (upon the occurrence of one of the conditions specified art. 17, paragraph 1 of the GDPR and in compliance with the exceptions laid down in paragraph 3 of the same article); request a restriction on the processing of your personal data (in the event of one of the hypotheses laid down in art. 18, paragraph 1 of the GDPR);
- Request and obtain from the data controller – in instances where the legal basis for processing is the contract or the consent, and the processing is carried out by automated means – your personal data in a structured format and readable by an automatic device, also in order to communicate this data to another data controller (the so-called right to portability of personal data);
- Object at any time to the processing of your personal data in the event of specific situations which affect you;
- To withdraw your consent in any moment, limited to the cases in which data processing is based on your consent for one or more specific purposes and it concerns common personal data (e.g. date and place of birth or place of residence), or special categories of personal data (e.g. data revealing your racial origin, political opinions, religious beliefs, medical status or sex life). Data processing based on consent and carried out prior to the withdrawal, in any case, preserves its lawfulness;
- File a complaint with a supervisory authority, the Italian Data Protection Authority (Autorità Garante per la protezione dei dati personali – www.garanteprivacy.it).