Privacy

Information on the processing of personal data of Customers

Article 13 of Regulation 2016/679/EU (hereinafter referred to as “GDPR”)

Purpose of this notice

The companies Imperatore Travel World s.r.l.. – P.L. Ecoturismo s.r.l. – Piertour s.r.l. I Faraglioni s.r.l., situated in Via Baiola N.86, 80075 – Forio (Na), in order to optimise their resources and working in synergy with each other, in accordance with current legislation, and preserving financial and organisational autonomy, have formed a de facto group, for privacy purposes only, called the Imperatore Privacy Travel Group, coordinated by a Privacy Manager.

All the above-identified companies constituting the Imperatore Privacy Travel Group are joint Data Controllers pursuant to art. 26 of Regulation 2016/679/EU.

The Imperatore Privacy Travel Group (hereinafter also just “Privacy Group“) is committed to respecting and protecting your privacy, and therefore informs you that your personal data collected for the purposes of concluding the Agreement with the Customer and/or in the execution and/or stipulation of the same will be treated in compliance with the aforementioned legislation, in order to guarantee the rights, fundamental freedoms, as well as the dignity of natural persons, with particular reference to confidentiality and personal identity. We inform you that if the activities outsourced to you provide for the processing of personal data of third parties, as Data Controller it will be your responsibility to ensure that you have complied with the provisions of the legislation with regard to the Data Subjects concerned in order to make their treatment legitimate on our part.

Purpose and legal basis of the processing

The processing of your personal data, directly provided by you, is carried out by the “Imperatore Privacy Travel Group” for the purpose of concluding the Agreement with the Customer and/or in the context of the execution and/or stipulation of the same.

In addition, it is possible to process the personal data of third parties communicated by the Customer to the “Group“. With respect to this hypothesis, the Customer poses as an independent Data Controller and assumes the consequent legal obligations and responsibilities, releasing the Company from any dispute, claim and/or pretext for compensation for damage from treatment that may be received by the Company from third parties affected.

The travel agency outside the Group acts as an independent Data Controller with respect to the companies belonging to the “Imperatore Privacy Travel Group“.

In compliance with current legislation on the protection of personal data and without the need for specific consent from the Data Subject, the Data will be stored, collected and processed by the “Imperatore Travel Privacy Group” for the following purposes:

  1. fulfilment of contractual obligations, execution and/or stipulation of the Agreement with the Customer and/or management of any pre-contractual measures and/or management of payments, including electronic, relating to the Agreement;
  2. compliance with any regulatory obligations, tax and fiscal provisions deriving from the performance of business activities and obligations related to administrative-accounting activities.
  3. sending newsletters and communications for direct marketing purposes through email, sms, mms, push notifications, fax, paper mail, telephone calls with operator, in relation to products provided by other companies pursuant to art. 130 para. 1 and 2 of Decree Law 196/03 (hereinafter the “Code”);
  4. communication of Data to third party companies for the development of marketing strategies aimed at promoting marketing campaigns concerning the tourist services provided by the Imperatore Travel Privacy Group through email, sms, mms, push notifications, fax, paper mail and telephone calls with operator.

The legal bases of the processing for the purposes a) and b) above are articles 6.1.b) and 6.1.c) of the Regulation.

The provision of data for the aforementioned purposes is optional, but failure to provide the data and the refusal to supply it would make it impossible for the Company to execute and/or stipulate the Agreement and provide the services requested.

The legal basis for the processing of personal data for purposes c) and d) is art. 6.1.a) of the GDPR as the processing is based on consent; it should be noted that Joint Data Controllers may collect a single consent for the marketing purposes described herein, pursuant to the General Provision of the Guarantor for the protection of personal data, “Guidelines on promotional activities and combating spam” of 4 July 2013. The provision of consent to the use of data for marketing purposes is optional and if the Data Subject wishes to oppose the processing of Data for marketing purposes carried out by the means indicated herein, as well as revoke the consent given, they may do so at any time without any consequence (except for the fact that they will no longer receive marketing communications) following the indications present in the section of the “Rights of the Data Subject” of this Policy.

Finally, remember that for the processing carried out for the purpose of sending its own advertising material or direct sales or for carrying out its own market research or commercial communications in relation to products or services similar to those used by the Customer, the Company may use the email addresses or personal data pursuant to and within the limits permitted by art. 130, paragraph 4 of the Code and by the provision of the Guarantor Authority for the protection of personal data of 19 June 2008, even in the case of the absence of explicit consent. The legal basis for the data processing for this purpose is Article 6, paragraph 1(f) GDPR, without prejudice to the possibility of opposing such processing at any time, following the instructions in the “Rights of the Data Subject” section of this Privacy Notice.

The companies of the “Imperatore Travel Privacy Group” may send commercial communications relating to products and/or services similar to those already provided, pursuant to Directive 2002/58/EU, using the email details, or those based on paper, indicated by you on such occasions which you can oppose using the methods and contact details indicated below.

Methods, processing logic, storage times and security measures

Your data is collected and recorded in a lawful and correct manner for the purposes indicated above in compliance with the principles of lawfulness and provisions of Article 5, paragraph 1 of the GDPR.

Personal data processing is carried out by means of manual, computerised and telematic tools with logic strictly related to the purposes and, in any case, in such a way as to guarantee security and confidentiality.

Personal Data will be processed by the “Imperatore Travel Privacy Group” for the entire duration of the assignment and also subsequently to assert or protect their rights or for administrative purposes and/or to execute obligations deriving from the applicable pro tempore regulatory and legislative framework and in compliance with the specific legal obligations on data retention.

Sphere of communications and transferring of data

The data is communicated to third parties appointed as data processors pursuant to Article 28 of the GDPR and in particular to banking institutions, companies active in the insurance field, electronic payment management companies, marketing services companies and service providers strictly necessary for the conduct of business, or to consultants of the company, where this is necessary for tax, administrative, contractual reasons or for needs protected by current regulations.

Your personal data, or the personal data of third parties in its possession, may also be communicated to external companies, identified from time to time, to which the “Imperatore Travel Privacy Group” entrusts the execution of obligations deriving from the assignment received, to which only the data necessary for the activities requested will be transmitted. All employees, consultants, temporary staff and/or any other “natural person” who carries out their activity on the basis of the instructions received from the “Imperatore Travel Privacy Group” pursuant to art. 29 of the GDPR, are appointed “Data Processors” (hereinafter also “Data Processors”). The “Imperatore Travel Privacy Group” gives adequate operating instructions to the Appointees or to the Managers, if any, in order to guarantee the confidentiality and security of the data. Precisely with reference to the aspects of protection of personal data, the Customer is invited, pursuant to art. 33 of the GDPR to report to the “Imperatore Travel Privacy Group” any circumstances or events from which a potential data breach may arise in order to allow an immediate evaluation and the adoption of any action aimed at countering such an event by sending a communication to the email address privacy@imperatore.it or by contacting the Privacy Manager or the Data Processor.

The Data will not be disclosed. The Controller’s obligation to communicate data to Public Authorities by specific request remains valid.

The transfer abroad of your personal data may take place if it is necessary for the handling of the assignment received. For the processing of information and data that may be communicated to these Data Subjects, equivalent levels of protection adopted for the processing of the personal data of their employees will be required. In any case, only the data necessary for the pursuit of the intended purposes will be communicated, and the regulatory tools provided by Chapter V of the GDPR will be applied.

Rights of the Data Subjects

The Data Subject can exercise at any time the rights granted by law, including the right:

  1. to access their personal data, obtaining evidence of the purposes pursued by the Imperatore Travel Privacy Group Data Controller, of the categories of data involved, of the recipients to whom they may be disclosed, of the applicable storage period, and of the existence of automated decision-making processes;
  2. to obtain prompt rectification of inaccurate personal data pertaining to the Data Subject, without unjustified delays;
  3. of obtaining, in the cases provided for, the deletion of your data;
  4. of obtaining the limitation of the processing or of opposing it, whenever possible;
  5. to request the portability of the data that you have provided to the companies of the “Imperatore Travel Privacy Group“, i.e. to receive them in a structured format, commonly used and readable by an automatic device, also to transmit such data to another owner, within the limits and with the constraints provided for by art. 20 of the GDPR.

Furthermore, you can lodge a complaint with the Guarantor for the Protection of Personal Data pursuant to art. 77 of the GDPR.

For the processing referred to in point c) and d) of the purposes, the user can always revoke the consent and exercise the right of opposition to direct marketing (in “traditional” and “automated” form). Unless otherwise indicated, the opposition shall be taken as referring to data provided in the traditional and automated forms.

Responsibilities of the Data Processors

Co-owners of the treatment, pursuant to art. 26 of the GDPR, are the companies IMPERATORE TRAVEL WORLD S.R.L., Tax Code/VAT 07166580634 – P.L. ECOTURISMO S.R.L., Tax Code/VAT No.03103210633 – PIERTOUR S.R.L., Tax Code/VAT No. 06561341212– I FARAGLIONI S.R.L., Tax Code/VAT No. 07268130635,

according to the agreement of 7 February 2020, available at the following link, all domiciled in FORIO (NA) at VIA BAIOLA No. 86 – Tel. 081 333 9800.

The Privacy Manager is Ms. BUONO RITA LUISA, email privacymanager@imperatore.it

The Data Processor for the companies IMPERATORE TRAVEL WORLD S.R.L.; P.L.. ECOTURISMO S.R.L. and PIERTOUR S.R.L. is Ms. SCHIANO ANNA ANTONIA, email anna@imperatore.it

For the Joint Data Controllers

The Delegate of the Imperatore Travel Privacy Group

BUONO RITA LUISA

Documentation and consent form