Disclaimer as per art. 13 GDPR 679/2016
1. Data controller
APULIA TURISMO SRLS (henceforth referred to simply as Data Controller), with head office in LOC. PADULA, 71010 PESCHICI (FG), tel. (+39) 0884 962299, Partita IVA: 04288750716 is the processing controller for all personal data that is collected through the website.
Data Controller autonomously defines the processing purposes and methods.
e-mail address: email@example.com.
2. Data processing location
The main data processing for the web services related to this website is done in ITALY.
3. Data processing security and methods
As required by art. 32 GDPR, personal data are processed using computerised tools that are appropriate to guarantee an adequate security level against risks. Communications to and from the web server are by means of secure communications protocols with encryption algorithms TLS/SSL.
The Data Controller takes all appropriate security measures to prevent any unauthorised access, disclosure, change or destruction of the personal data. Processing is by means of automated computer and/or telematic tools, with organisational methods and logics strictly correlated to the indicated purposes. Furthermore, in certain cases other parties involved in the organisation of the website could also have access to the data (admin, commercial, marketing, legal staff, system administrators) or external parties (e.g. technical service providers, postal couriers, hosting providers, IT companies, communications agencies) who are appointed when necessary as Processing Managers by the Data Controller. The up to date list of processing managers can be requested at any time from the Data Controller.
4. Why do we collect your data?
We use your data to provide our services, for example sending your requests for information/quotations/ bookings at the holiday structures you select, to propose holiday packages and/or holiday structures, to keep you up to date about the best offers and news in open-air holidays. Data is collected if one of the following circumstances is applicable:
- The user has consented for one or more of the specified purposes.
- Processing is necessary in order to enforce a contract with the user and/or the preliminary contract measures.
- Processing is necessary to satisfy a legal obligation applicable to the Data Controller.
- Processing is necessary to pursue the user’s legitimate interests.
- The data are necessary for the technical functions of the website and/or for anonymous statistics.
Information may be requested from the Data Controller to explain the legal basis for each type of processing and, in particular, to specify whether processing is based on a law, a contract or necessary to conclude a contract.
5. Types of processed data
Among the data collected by this Website, independently or through third parties, there are Cookies and usage data. This information is not collected to be associated with identified users but could, through processing and association with data held by third parties, allow users to be identified. These data are collected to obtain anonymous statistical data on the use of the site, to check its correct functioning and in some cases for legal obligations. This category of data includes the IP addresses, the browser identifier (user agent), the addresses in the Uniform Resource Identifier (URI) of the requested resources, the time of the request, the method used in submitting the request to the server, the numeric code indicating the status of the response given by the server (e.g. successful, error) and other parameters related to the operating system and the user's computer environment. Please refer to the specific section in this document for details on the use and collection of cookies and usage data.
Data given voluntarily by the user
Optional data provision
Apart from what has been specified for surfing data, the user is free to provide the requested personal data or otherwise to use the services provided through the site. Failure to provide data relating to the fields marked with an asterisk (mandatory) will make it impossible to use the service offered. The user is responsible for the personal data of third parties that are obtained, published or shared via this website and guarantees to have the right to communicate or disseminate them, releasing the Data Controller from any liability to third parties.
6. Data storage period
The data are processed and stored for the time required for the purposes for which they were collected and then for a further period of 24 months. If the requested data is subject to economic and fiscal reporting purposes (e.g. online transaction) they are stored for 10 years. These indications are generally valid for all data processed by the site, except for processing subject to explicit consent by the user when a different storage period is indicated. With regards the technical data managed by the site, such as cookies, the storage period is defined by the technical characteristics of the cookies themselves and indicated in the specific section.
7. Which of your data we collect online
Communicating your personal data to the Data Controller, in the various ways in which they are collected on our site, could be essential to achieve the desired result. The mandatory or optional nature of the provision of data is specified from time to time - with reference to the required data - in the data collection forms and the mandatory information is marked with an asterisk (*).
If you refuse to communicate the data marked as mandatory, it will be impossible to achieve the main purpose of collecting specific data. Such refusal could, for example, make it impossible to complete a request, purchase or execute the contract of sale of the chosen product or provide other services available on the site (such as assistance, contacts with Customer Service, sending emails, use of specific site functions).
Communicating additional data, other than those marked as mandatory, is optional and a denial of such data will not have any consequence for the main purpose of the collection (on the use of the website and its services, for example).
You have the right to ask Data Controller for all the details about your personal data held by us.
8. How we use your data
The personal data is mainly processed by means of computer systems and electronic devices by Data Controller and third parties, who are carefully selected for their reliability and competence, and for carrying out essential operations to achieve the purposes strictly connected to the use of the website, its services and online sales of products through the website.
In general, the data are processed for the purposes indicated below:
- The request for information and/or reservations
- The subscription to specific services, such as, for example, the newsletter
- Sending informative and promotional communications, also of a commercial nature, advertising material and/or offers of goods and services.
- Market research, economic analysis and statistics.
The activities referred to in points b), c) and d) are subject to explicit consent by you and may be carried out by any means including, but not limited to, mail, internet, telephone, email, MMS , SMS, from Italy or from abroad (also from countries not belonging to the European Community), by Data Controller, its parent companies, subsidiaries and/or affiliates, as well as by third parties with whom Data Controller has contractual relationships connected to the performance of the aforesaid activity.
9. Processing data sent by filling in the form in the website
The user must give express consent for the use of data given by filling in the forms and said data are processed as follows:
- Personal Data collected: surname, email address, first name, telephone number and various types of data necessary for the provision of the requested service.
- The collection methods are those indicated in section 7 of this disclaimer.
- The data are used for purposes strictly connected to the management of the service. These data will not be disclosed to third parties in any way.
"According to article 13 of GDPR 679/2016, the communicated data can be used for the sole purpose of providing the requested service. It is expressly forbidden to use the data for different purposes and/or share or communicate them to third parties, either in the EU or outside the EU. In relation to the processing, the Customer may exercise the rights provided by articles 15 to 22 of GDPR 679/2016 on each communication".
10. Links to other websites
11. Interaction with social networks
These services allow you to interact with social networks directly in the pages of our site. It is assumed that every user of social networks has already given their authorization for their personal data when they registered with the network. Every operation carried out through the social networks is therefore subject to the user's privacy settings relating to each social network.
12. Users’ rights
The users (subjects to whom personal data refer) may at any time exercise the rights envisaged by the Regulations using the contacts listed in section 1 "Data Controller” of this disclaimer.
In particular, subjects can legitimately ask for the rights envisaged from art. 15 to art. 23, and specifically:
- The cancellation of all data.
- The correction/modification.
- The limitation.
- The right to oppose the automated decision-making process (profiling).
If necessary, you can also file a complaint with the local Privacy Guarantor. Here you will find the contact details of the Privacy Guarantors operating in the EEA area.