PERSONAL DATA PROCESSING POLICY PURSUANT TO ARTICLE 13 OF REGULATION (EU) 2016/679
Data Subjects: users consulting the website www.romagnabike.com owned by DESTINAZIONE TURISTICA ROMAGNA
WHY THIS INFORMATION
Pursuant to Regulation (EU) 2016/679 (hereinafter, the “Regulation” or “GDPR”), this page describes the methods for processing the personal data of users consulting the Website owned by DESTINAZIONE TURISTICA ROMAGNA, which can be electronically accessed at the address www.romagnabike.com.
The information contained herein does not concern other sites, pages or online services that may be reached via any hypertext links published on this Website and refer to resources outside the domain of www.romagnabike.com.
DATA CONTROLLER
Following consultation of the Website, data relating to identified or identifiable natural persons may be processed.
The Data Controller is DESTINAZIONE TURISTICA ROMAGNA, with registered office and operational headquarters at Piazzale Federico Fellini 3 – 47921 Rimini (RN), having VAT no. 04382230409.
DATA PROTECTION OFFICER
The Data Protection Officer (DPO) is the company Studio Paci & C. Srl (in the person of Gloriamaria Paci), contactable via emailing dpo@studiopaciecsrl.it or phoning +39 0541-1795431.
TYPES OF DATA PROCESSED, PURPOSE OF PROCESSING AND LEGAL BASIS
1) Browsing data
Legal basis: “Processing of data necessary for browsing the website” – contractual obligation – Article 6(1)(b) GDPR
As part of their normal operation, the computer systems and software procedures used to operate this Website acquire
some personal data, the transmission of which is implicit in the use of Internet communication protocols.
This category of data includes IP addresses or the domain names of computers and terminals utilised by users, the addresses in URI/URL (Uniform Resource Identifier/Locator) form of the requested resources, the time of the request, the method adopted to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the operating system and the user’s IT environment.
This data, necessary for browsing the Website and for benefiting from the information it contains, is likewise processed by the Data Controller for the purposes of:
- Obtaining aggregate and anonymous statistical information on the use of the Website (most visited pages, number of visitors per time period or per day, geographical areas of origin of visitors, etc.);
- Checking the correct usability of the contents offered by the Website;
- Preventing or counteracting any possible cybercrime or fraudulent use of the functionalities available on the Website, also with a view to reconstructing security incidents and their traceability.
Retention period:
In compliance with the principles of lawfulness, purpose limitation and data minimisation, in accordance with Article 5 of the GDPR, browsing data will be stored for a period strictly necessary for achieving the technical purposes described above, for which the data was collected and processed, except in the event of the need to ascertain criminal offences by the judicial authorities.
2) Data communicated by the user
Legal basis: “Processing of data necessary for browsing the website” – contractual obligation – Article 6(1)(b) GDPR
The optional, explicit and voluntary sending of messages to the contact addresses of DESTINAZIONE TURISTICA ROMAGNA, private messages sent by users to the institutional profiles/pages or via social media (where possible), as well as the completion and forwarding of forms present on the DESTINAZIONE TURISTICA ROMAGNA websites, entail the acquisition of the sender’s contact details, necessary for replying, as well as all the personal data included in the same communications.
Specific information is published on the pages of the Website set up for the provision of certain services and, where necessary, the user’s consent is collected, upon informing the user of the purpose of and options for such provision.
Retention period:
The data communicated by the user is retained for the time necessary for handling individual requests, whereas any subsequent storage for statistical purposes shall entail the anonymisation of such data (except for any need to ascertain criminal offences by the judicial authorities).
3) Cookies and other tracking systems
Use is made of:
- Technical cookies necessary for user navigation, facilitating the correct navigation of the Site and the usability of its contents for the user. Legal basis: “Processing necessary for the performance of a contract”.
- Analytical cookies utilised to process aggregate statistical analyses on the user’s fruition of and interaction with the Website. This is subject to the user’s consent. Legal basis: “Consent”.
- Profiling cookies that render it possible to collect information about the preferences expressed by the user in the context of browsing and to process reports intended to be used for targeted advertising and marketing campaigns. Legal basis: “Consent”.
Information on data processing, the purpose, duration and complete management of cookies, including their consent and revocation, can be found in the Cookie Management document also available at the base of the page.
DATA RECIPIENTS
The recipients of the data collected as a result of consulting some of the services listed above are certain entities designated by the Data Controller as Data Processors pursuant to Article 28 of the Regulation, along with other additional service providers in the field of web-agencies, digital communication, system support and any other digital service providers, a full list of which can be requested by writing to info@destinazioneromagna.emr.it.
Some data and information may be transmitted or acquired by persons identified as Autonomous Data Controllers, with such data related to cookies that are usually anonymised before being sent for statistical purposes. If transfer to non-EU countries is envisaged, the safeguards enacted – as described in Section 6 of this document – will be listed.
The personal data collected is likewise processed by the DESTINAZIONE TURISTICA ROMAGNA staff, who act on the basis of specific instructions provided with regard to the purposes and methods of processing.
PROCESSING SAFETY
The personal data transmitted and retained for the time necessary for the stated purposes is protected by specific technical and organisational security measures with reference to Article 32 of the Regulation, capable of permanently guaranteeing the confidentiality, integrity, availability and the ability to promptly restore the availability of and access to the personal data in the event of a physical or technical incident, including against the risks of destruction, loss, alteration, unauthorised disclosure of or access to – be it accidental or unlawful – the personal data transmitted, stored or otherwise processed.
TRANSFER OF PERSONAL DATA TO COUNTRIES OUTSIDE THE EU
The Data Controller does not transfer personal data to non-EU countries. If the need should arise, Data Subjects will be informed in advance and safeguards will be enacted for the transfer to the recipients which, as the case may be, include verification of the existence of decisions regarding the adequacy of the recipient country by the Commission, the signing of standard contractual clauses and the verification of the adoption of any additional measures in transposition of the European Data Protection Board (EDPB) Recommendation 01/2020. Notwithstanding these safeguards, the data processing (in reference to Article 49 of the GDPR, where applicable), the existence of a contract or pre-contractual measures in favour of the Data Subject or consent to the transfer shall be verified.
DATA SUBJECT RIGHTS
Data Subjects have the right to obtain from DESTINAZIONE TURISTICA ROMAGNA, in the appropriate cases, access to, rectification of and erasure of their personal data, along with the limitation of the processing and portability thereof or to object to the processing and revoke consent (where used as a legal basis) with reference to Articles 15 to 22 of the Regulation.
The request is to be made through the contact details of DESTINAZIONE TURISTICA ROMAGNA, with registered office and operational headquarters at Piazzale Federico Fellini 3 – 47921 Rimini (RN), or by contacting the Data Protection Officer of Studio Paci & C. Srl (in the person of Gloriamaria Paci), contactable via the email address dpo@studiopaciecsrl.it and telephone number +39 0541 1795431.
To exercise your rights, a template has been prepared and is available on the website of the Data Protection Authority at the link: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/9038275.
RIGHT TO LODGE A COMPLAINT
Data Subjects who believe that the processing of their personal data carried out through this Website is in breach of the provisions of the Regulation have the right to lodge a complaint with the Data Protection Authority, as provided for in Article 77 of the Regulation, or else may refer the matter to the appropriate courts of law (Article 79 of the Regulation). The template for lodging a complaint is available on the website of the Data Protection Authority at the link: https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/4535524.