ARTICLES 13 AND 14 OF REGULATION (EU) 2016/679
Data subjects: Navigators, service users and newsletter subscribers
Pursuant to and for the purposes of Regulation (EU) 2016/679, hereinafter referred to as the ‘GDPR’, “DESTINAZIONE TURISTICA ROMAGNA”, in its capacity as Data Controller of your personal data, hereby informs you that the aforementioned legislation provides for the protection of data subjects with regard to the processing of personal data and that such processing will be based on the principles of correctness, lawfulness, transparency and protection of your privacy and your rights.
In order to achieve its purposes, relating to the management of the relationship, the Data Controller needs to acquire personal data such as, merely by way of example, name and surname, telephone or mobile phone number, email address and tax code.
Your personal data will be processed in accordance with the legal provisions of the above-mentioned legislation and the confidentiality obligations provided for therein.
Purposes of processing: Provision of the service: your data will be processed in order to respond to any requests that may be received via the forms available on the website, or to requests received by email.
Legal basis: The legal basis for data processing is contractual, as data processing is carried out in response to a request for information, followed by a reply.
Marketing – newsletter sending service: in detail, your data will be processed, following your consent, for sending newsletters, by inputting your email address in the text box containing information regarding subscription to the newsletter or by ticking/unticking the relevant box indicating “newsletter subscription” on a form.
The legal basis for processing is the consent of the data subject.
Consequences of refusal for optional purposes: The provision of data is optional for data subjects with regard to the above-mentioned purposes, and refusal to allow data processing does not affect continuation of the relationship or the adequacy of the processing itself.
Consequences of non-communication: the processing of functional data for the fulfilment of these obligations is necessary for the correct management of the relationship and the provision of such data is mandatory to implement the above-mentioned purposes. The Data Controller also points out that failure to communicate the mandatory information or incorrect communication of the same, may make it impossible for the Data Controller to guarantee the adequacy of the processing itself.
Processing methods: Processing is carried out using manual and/or IT and electronic tools, in such a way as to guarantee the security, integrity and confidentiality of the data, in compliance with the physical and logical organisational measures laid down by applicable provisions, in order to minimise the risk of destruction or loss, unauthorised disclosure, access or modification, in compliance with the methods set out in Articles 6 and 32 of the GDPR.
Recipients: In order to carry out certain activities, or to provide support for the operation and organisation of the activity, certain data may be brought to the attention of or communicated to recipients. These subjects include:
Third parties: (communication to: natural or legal persons, public authorities, service or organisations other than the data subject, the data controller, the data processor and those authorised to carry out data processing) including:
· Companies operating traditional or digital postal services
· Any other subjects to whom data communication is necessary in order to achieve the above-mentioned purposes.
Data processors: (the natural or legal person, public authority, services or other organisation that processes personal data on behalf of the data controller);
· Providers of computer, web, or other services required in order to achieve the purposes necessary for managing the relationship.
Within the company structure, user data will only be processed by personnel expressly authorised to do so by the Data Controller, with guarantees of the adoption of a confidentiality agreement and in particular, by the following categories of employees:
· Other employees who need to process the data to ensure correct execution of the relationship;
Disclosure: Your personal data will not be disclosed in any way.
Transfer of data to third countries: The data controller does not transfer personal data to non-EU countries. If there is a need to do so, data subjects will be informed in advance and security measures will be adopted for transfer to the recipients. Depending on the case, this may be: verification of the existence of adequacy decisions for the recipient country by the European Commission, signing of standard contractual clauses, verification of the adoption of any additional measures in implementation of EDPB Recommendation 01/2020. As an exception to these guarantees, for data processing (with reference to Art. 49 of the GDPR), where applicable, the existence of a contract or pre-contractual measures in favour of the data subject or consent to the transfer shall be verified.
Retention period: Please be informed that, in compliance with the principles of lawfulness, purpose limitation and data minimisation, pursuant to Art. 5 of the GDPR, the retention period for your personal data is established for a period of time not exceeding the achievement of the purposes for which they were collected and processed. In the event a contract is signed, this retention period may cease with the forfeiture or termination of the contract. The same data may be retained, where applicable, for a further period of time for the purpose of handling any disputes that may arise; the legal basis for such retention is the legitimate interest of the data controller. The retention period for data processing related to marketing is functional to the purposes pursued by the data controller and in any case, shall not be longer than 3 years from the last contact or feedback received.
Data controller: pursuant to applicable law, the data controller is “DESTINAZIONE TURISTICA ROMAGNA“, with registered office and operational headquarters at Piazzale Fellini, 3 – 47921 Rimini (RN), Italy, Tax Code: 91165780403, in the person of its legal representative pro tempore.
By sending an e-mail to firstname.lastname@example.org users can request further information on the data provided.
Reg. (EU) 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22, 23 – Rights of the data subject
1. The data subject shall have the right to obtain confirmation of the existence or otherwise of personal data concerning him or her, even if not yet recorded, and its communication in intelligible form.
2. The data subject shall have the right to be informed of:
a. the origin of the personal data;
b. the purposes and methods of processing;
c. the logic applied in the event of processing carried out using electronic means;
d. details of the identity of the data controller, the data processors and the representative designated pursuant to Article 5(2);
e. the recipients or categories of recipients to whom the personal data may be communicated or who may become aware of such data in their capacity as designated representative(s) in the State’s territory, data processor(s) or those in charge of processing.
3. The data subject shall have the right to obtain:
a. the updating, rectification or, where interested in so doing, integration of the data;
b. the cancellation, transformation into anonymous form or blocking of data processed in breach of the law, including data whose retention is not necessary for the purposes for which the data were collected or subsequently processed;
c. certification to the effect that the operations as per letters a) and b) have been notified, also with regard to their contents, to the subjects to whom the data were communicated or disclosed, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right being protected;
d. data portability.
4. The data subject shall have the right to object, in whole or in part:
a. for legitimate reasons, to the processing of personal data concerning him or her, even if pertinent to the purpose of collection;
b. the processing of personal data concerning him or her for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication.
Complaints: Where applicable, data subjects shall also have the right to lodge a complaint with the Italian Data Protection Authority, in its role as supervisory authority, in accordance with the established procedures. For any further information and to assert the rights provided for data subjects by the European Regulation, contact the data controller as mentioned above.
Formula for obtaining consent from the data subject
The consent of the data subject to receive the newsletter will be recorded (IP address, email, date and time) by ticking the box below the email entry or by ticking/clicking on the appropriate box, in conjunction with pressing the “send” / “ok” button. Such consent will be stored to prove it has been given, and to allow the data subject to unsubscribe at any time, in addition to all the other rights mentioned above.