GUIDELINES AS PER ART. 13 AND 14 – EU REGULATION 2016/679
Data subjects
Website users
Personal data processing
The website’s management procedures are described here: www.italiansroots.com, whose owner is Tourist Services Srl. These guidelines are drafted following Art. 13 of Regulation 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons in the processing of personal data. These guidelines are drafted for the Rhegion Travel website and not for other websites that user may access through their link.
Data controller
Following the consultation of this website, data referring to identified or identifiable persons can be processed.
Data controller: email: marilu@rhegiontravel.it, Business name: Tourist Services Srl legally registered in Località Finocchiaro snc 88050 Sellia Marina (Cz).
Place of data and recipient processing
The processing relating to this website’s web services takes place in Italy at server farms “Server Farm DATA4 GROUP Via Monzoro, 101-105 – 20007 Cornaredo (MI).” Said parties are suppliers of Titanka SPA (primary processor), with a registered office in Strada degli Angariari, 46 47891 Falciano RSM, which carries out email maintenance and data operations.
Type of data processed
Browsing data
Software applications designated for the Rhegion Travel website correctly acquire certain personal data submitted via safe protocols. Such data are not collected to be associated with identified individuals but may allow to identification of users through data processing and crosschecking with other data possessed by third parties. This category of data includes the IP address, browser’s identifier (user agent), URI (Uniform Resource Identifier) addresses to resources requested, the request time, the method used in submitting the request to the server, the numerical code indicating the status of the server response (e.g. successful, unsuccessful) and other parameters relating to the operating system and the user’s IT environment. These data are used with the sole purpose of extracting anonymous statistical information on the use of the website to check its correct functioning.
Data voluntarily supplied by the user
To access some of the services available on the Rhegion Travel website – the optional and voluntary insertion of certain identification data may be requested (email, name, contacts, and information needed to provide the required service).
Purposes and lawful basis
Service provision
Personal data supplied by users making use of the services provided by Rhegion Travel (i.e.: through web browsing, and form filling for various requests) are used for the sole purpose of carrying out the service or performance required. The lawful basis for the processing is the fulfilment of pre-contractual conditions to fulfil your request.
Further communication following a stay
Following the purchase of a stay, Rhegion Travel shall forward to the user further communication even of a commercial nature regarding its services. The aforementioned lawful basis of the processing is the legitimate interest of the data controller (cons. 47 GDPR).
Direct marketing
In case of specific consent (by subscribing to the newsletter) Rhegion Travel shall send via email information on new products, promotions and other special offers. The user will be entitled to deactivate the service at any time through the dedicated procedure and/or methods indicated below for the exercise of his/her rights. The aforementioned lawful basis of the processing is the user’s consent. Specific explanatory information, if needed, will be published or shown on the website pages used for further and specific services on request.
Data storage period
The data storage period is defined by the requested service’s purposes and for a further period of 36 months. Should the requested information be part of an online transaction, such data shall be stored for economic or fiscal accounting purposes for 10 years. As regards technical data managed by the website, such as cookies, the storage period is defined according to the cookie’s technical characteristics as specified in the table “List of cookies”. The storage period of personal data will be automatically extended for a further period of 36 months whenever new consent to the processing of personal data is given and/or every time users access the services provided by entering their log-in credentials (e.g. Login personal account).
Optionality of data provision
Except for what has been specified regarding browsing data, the user is free to supply to Rhegion Travel the personal data requested to benefit from the services provided through the website. Failure to provide data relating to the fields marked by the asterisk (mandatory) will result in the impossibility of accessing such services.
Processing procedures and safety
The processing of personal data occurs via information systems designed to guarantee data safety and privacy in compliance with the appropriate safety measures under art. 32 GDPR, via safe communication protocols with SSL encryption algorithms.
Your data will be processed by the aforementioned laws and privacy obligations in effect. Good practices are defined by the Italian Data Protection Authority issued provision “Guidelines on Marketing and against Spam – July 4, 2013” (published in the Official Gazette no 174 on July 26 2013), Guidelines on Personal Data Processing for online Profiling – March 19 2015 and Guidelines on Automated individual decision-making and Profiling for the EU Regulation 2016/679.
Data transfer to non-EU countries and guarantees of adequacy
The service provider in charge of the maintenance and management services for the Rhegion Travel website is DIGITAL FARM by Roberto Maiocchi – 2726 Creston Dr Los Angeles CA 90068 USA, a non-EU country web agency that has accepted the European framework on personal data processing by adopting the December 21, 2018 law no 171 that guarantees compliance with the GDPR and other sub-processors providing services for technological infrastructure, connectivity, and hosting services such as Bluehost, Inc. 560 Timpanogos Parkway, Orem, Utah 84097, USA. While waiting for the adequacy assessment procedures to be initiated by the European Commission, data processing is allowed if the data subject has signed a contract or a pre-contractual agreement or has expressed consent to the data transfer after being informed of the risks involved in the procedure (art. 49 GDPR – derogations involved in specific situations). Further data transfers to non-EU countries may occur when using Facebook, Google and other social networks or when turning to service providers located in the US. Such data processing is guaranteed under the “Privacy shield” agreements, signed by individual companies.
Recipients
To carry out business activities and to provide support in organising and maintaining said activities, some of the data might be transferred or reported to recipients. Recipients are divided into the following categories: Third parties, processors and sub-processors and authorised personnel under the authority of the controller or the processor.
Third Parties
Natural and legal people, public authorities, services and other entities that do not include the data subject, the data controller or the data processor and sub-processors. In case data processing should concern administrative or accounting purposes, legal obligations, customer management and contracts, the data can be transferred to:
- Companies managing traditional and electronic postal services;
- Companies registering domain names;
- Other subjects, if data transfer is necessary for the fulfilment of the aforementioned purposes or legal obligations.
Data processors and sub-processors
Natural or legal people, public authorities, services and other entities that process personal data on behalf of the data controller – Titanka SPA is the primary data processor working with other sub-processors operating as service providers in the fields of technological facilities, connectivity and hosting services, such as Semplify LLC, located in San Marino. Semplify LLC is also working with a sub-processor for service provision: Server Farm DATA4 GROUP Via Monzoro, 101-105 – 20007 Cornaredo (MI), Italy, where the data are located. Other possible IT service providers necessary to carry out service provision operations may be located in the US and operating under the “Privacy Shield” adequacy agreement.
Inside our company
Your data will be processed solely by personnel explicitly authorised by the data controller, assuring the use of suitable instruction, training, and privacy agreement observation by the following categories:
– Company management.
Data publishing
Your data will not be published in any way.
Rights of data subjects
The data subjects (subjects to which the data are referring) can at any moment exercise the rights stated in the Regulation through a dedicated personal area. It is possible to access said area by requesting the link via the dedicated procedure in the footnote of this information note. A further procedure for the exercise of the Regulation rights, in case the user subscribed to the newsletter, can be used via the dedicated link appearing in the footnote of the email received. Specifically, users will be entitled to enforce rights under art. 15 through art. 23, and in particular: 1. Erasure of all data. 2.rectification/alteration 3.Restriction. 4. Portability. 5 . Right to object to automated decision-making (profiling). If needed, report any other request in the note field. The data subjects, should the requirements be met, have the right to issue a claim to the Data Protection Authority by the necessary procedures. For further information and to exercise these rights recognised by the European regulation you can address the data controller following the aforementioned references.
Data subjects’ right exercise
The requests can also be sent using the following contacts:
Data controller: Email: marilu@rhegiontravel.it, Business name: Tourist Services Srl legally registered in Località Finocchiaro snc 88050 Sellia Marina (Cz).
Having read the information note and acquisition of the data subject’s consent
The undersigned data subject, having received the information provided by the data controller as per Art. 13 and 14 of the GDPR, states he has read the present information note on data processing for service provision and to allow Rhegion Travel to correctly manage and duly process data. Said information note also states the data processor operating on behalf of Rhegion Travel is Titanka SPA located in San Marino Republic, a non-EU country that has adopted the 171/2018 law in compliance with the GDPR and is currently waiting for the adequacy assessment procedures to be initiated by the European Commission.
Consent
As evidence of your explicit and unambiguous consent, we will register time, date, IP address and your e-mail. We remind you that you can exercise the aforementioned rights at any moment by clicking on the link located on the footnote of the received messages or by contacting us through our communication channels.
Extended information note on the use of cookies
Extended information note on the use of cookies and under the measure of the Privacy Authority n. 229/2014, for those interacting with the web services of Rhegion Travel accessible from the internet addresses www.italiansroots.com
The website of Rhegion Travel uses cookies and similar technologies to guarantee the correct functioning of procedures and enhance users’ experiences in online applications. This document provides detailed information on the use of cookies and similar technologies, how they are used by Rhegion Travel and how to manage them.
Definitions
Cookies are small text strings that websites visited by users send to their terminal (usually the browser), where they are memorized to be eventually resent to the same website when the same user visits the website again. Cookies are stored based on the user’s preference by the single browser on a specific device (computer, tablet, smartphone).
Cookie types
Based on their characteristics and use, cookies can be distinguished into different categories:
Fundamental cookies
Cookies are mandatory to manage log-in and access to the functions reserved to the website, generally for the updating of pages by web editors. The length of these cookies is strictly limited to the working session (they are deleted once the browser has been closed). Their deactivation affects the use of services accessible from log-in. The public part of the website can still be used normally.
Technical cookies (of analysis and performances)
These cookies are used to collect and analyze traffic and the anonymous use of the website. These cookies, without identifying the user, allow, for instance, to detect if the same user returns to the website at a later time. They also allow to monitor the system and enhance performance and usability. Some website pages can www.italiansroots.com to memorize the user’s preferences relating to the size of the font and the preferred displaying mode (graphics, high contrast or text) to access contents. The deactivation of said cookies may be performed without any functionality loss.
Profiling cookies
These are permanent cookies used to identify anonymously and not) the user’s preferences and enhance his/her navigation experience.
Length of cookie
Some cookies (session cookies) remain active only until the browser is closed or the log-out command is executed. Other cookies “survive” the closing of the browser and are available even in the user’s later sessions. These cookies are called persistent and their duration is established by the browser at the time of their creation. Navigation through the website pages www.italiansroots.com, users can interact with all the websites managed by third parties that can create or modify profiling or persistent cookies. The temporary storage of every single cookie can be viewed in the table “list of cookies”.
Management of cookie
The user can decide whether to accept or reject cookies via the browser settings. The total or partial deactivation of cookies may affect website functionalities but it will not prevent the navigation. The setting can be specifically defined for every website and web-based application. The following are the web resources which illustrate how to proceed for every main browswer: Chrome, Firefox, Internet Explorer, Opera, Safari.
List of cookie
Google Analytics
www.italiansroots.com can include elements transmitted by Google Analytics, a web traffic analytical provider supplied by Google Inc. (“Google”). These are third-party cookies used to collect and analyze information on users’ behaviours anonymously on the website of Rhegion Travel by visiting users. These cookies are used to store non-personal information. Google Analytics protects the privacy of its data. For further information, click the following link: https://support.google.com/analytics/answer/6004245. The user can selectively deactivate the action of Google Analytics by installing on its browser the opt-out component supplied by da Google: https://tools.google.com/dlpage/gaoptout.
Third-party profiling cookies
The website www.italiansroots.com may use third-party profiling cookies. These cookies are used to trace the web navigation of users and create profiles on their tastes, habits, choices, etc. Through these cookies, advertising messages matching the preferences shown by users themselves during navigation can be transmitted to the user’s email. Said cookies can exchange information and trace the navigation of users who subscribed to one of the available services. For further details or to deny consent to third-party cookies it is possible to click on the link in the following table.
List of third-party cookies
Google Tag Manager (Google Ireland) | read the information | denies consent |
Google AdWords (Google Ireland) | read the information | denies consent |
DoubleClick (Google Ireland) | read the information | denies consent |
read the information | denies consent | |
read the information | denies consent |