THE PERSONAL DATA PROCESSING European Regulation n. 679/2016 Articles 13-14 General Data Protection Regulation (GDPR) – Legislative Decree n. 101 10/08/2018
In compliance with the European Regulation n.679/2016 (in acronym GDPR), we would like to inform you that the personal data, from you provided or from us acquired during our activities, that we need to execute the services we offer you, will be treated in the respect of the current privacy policy regulations and principles of correctness, lawfulness, transparency , protection of your privacy and rights.
The data controller is SPERLONGA TURISMO SOCIETA' COOPERATIVA CONSORTILE A R.L. – VAT no.02207400595. On behalf of LA ROCCA LEONE ARMANDO , Legal representative, who is the responsible for the legitimate and correct use of your personal data and that you may contact for any information or request to the following contact details:
Address: Piazza Fontana, 1 - 04029 SPERLONGA (LT)
Email:info@sperlongaturismo.it
CEM (certified email):
Telephone:0771-557524
We collect and treat your personal data for the following processing purposes described hereby, together with the law references:
PURPOSES |
PERSONAL DATA |
LEGAL REFERENCE |
To carry out activities with the customer on the basis of pre-contractual agreements or agreements;
|
By way of example and not exhaustive: names, fiscal code, |
European General Data Protection Regulation, (in force since 24th May 2016) GDPR 2016/679 Art. 6 letters b – c. |
To send you promotional emails, letters or phone messages about our products and services
|
By way of example and not exhaustive: names, fiscal code, |
European General Data Protection Regulation, (in force since 24th May 2016) GDPR 2016/679 Art. 7 |
Concerning the processing of your personal data, as informed herewith, in any moment You’re entitled to express:
On the other hand, you have a legal obligation to provide your personal data as required by the law, otherwise you shall be subject to penalties, in accordance with the current legislation regarding data processing.
We are committed to ensuring that Your data will be treated according to the principles of correctness, lawfulness, transparency and data minimization (privacy by design). The data processing will be performed also through computerized systems designed to store, manage and transmit the data. We will use instruments that guarantee, moreover, security and confidentiality, the integrity of systems and services, avoiding the risk to loose accidently, destroy or misuse data and reasonable measures must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are promptly erased or rectified, according to the art. 32 GDPR 2016/679.
Personal data are communicated by the data controller mainly to third parties and/or subjects who are involved in the activities or services concerning the established relationship to meet such legal obligations such as :
- All the people authorised by the personal data controller, carrying out necessary activities closely related to the provision of services;
- To third party companies or other private or public parties, collaborators like employees, professionals, services providers from bodies or associations, firms for the protection of contractual rights and credit recovery;
- Credit institutions or digital payment, Banks (for the management of receipts and payments, reimbursements for contractual services);
- E –mail service providers ( servers for email – sending)
- Subjects, bodies or competent authorities to whom we are obliged to communicate personal data to fulfil legal obligations, to prevent violations or frauds;
- Security and Legal authorities, Tax authorities, (on specific request) and other bodies for legal purposes;
- IT services companies
- Non-economic Public bodies (Interchange system)
Moreover, Your data may be made accessible to employees and/or external partners of the Data Controller as persons in charge of and/or responsible for internal processing for the performance of the purposes above.
DATA TRANSFER ABROAD
The management and storage of your personal data will take place on servers located within the European Union and/ or non-EU countries of the data controller and / or its appointed third party companies.
In such cases, the Holder hereby ensures that the transfer of non-EU data will be carried out in accordance with the applicable legal provisions by stipulating, if necessary, the agreements that guarantee an adequate level of protection and/or by adopting the standard contractual clauses provided for by the GDPR ( in particular contractual clauses which provide an adequate level of data protection approved by the EU Commission) or besides the hypothesis above mentioned, by referring to the derogations provided in the GDPR ( in particular, according to the customer/user’s express consent or according to the execution of the agreement concluded by the customer/user). Third party companies are duly appointed as Responsible for Data Processing.
DATA HOLDING PERIODS
The data controller will process your personal data for the time necessary to fulfil the above purposes and , in any case, for no longer than the terms defined by current law regulation. The data collected for fiscal purposes will be stored until the verifications on the correspondent tax years won’t be defined, that means for at least 10 years and more, if the tax year is not still required for fiscal purposes. At the moment of the expiring date, your data will be erased or anonymised , except for the fulfilment of other purposes (eg. Guarantee supply obligations, tax obligations) art. 5 GDPR.
SPERLONGA, 26/12/2024