INFORMATIVA PRIVACY

(art. 13 of EU Regulation 679/2016) In compliance with the provisions of art. 13 of EU Reg. 2016/679 (European Regulation for the protection of personal data - hereinafter “ GDPR ”), information is provided regarding the processing of personal data carried out through the website Salento.it (hereinafter “ the Site ”) and the mobile application called “ Booking.Salento.it ” (hereinafter “APP”).

 

1. Data controller

International performance marketing SRL (VAT number IT 05191770758), registered office Vi Leonidion, 5 – Martano (LE). E-mail: info@salento.it (hereinafter “ Owner ”) 

2. Data Protection Officer (DPO)

The Owner has appointed a data protection officer who can be contacted at the email address info@salento.it

3. Object of the treatment

The data subject to processing are:

  • connection IP address;
  • information relating to the device used;
  • location information;
  • pages visited;
  • common data released for membership to the services

furthermore, for the registered User:

  • name, surname, postal address, e-mail, date of birth, telephone number;
  • information related to reservations made/events purchased;
  • features used, including login/logout from your personal profile;
  • information about preferences and interests

4. Purpose and legal basis of the processing

  1. a) Personal data will be processed for the following purposes:
  • account registration and profile creation;
  • use the features of the Site and the APP;
  • manage any requests for assistance or information.

The legal basis for the processing for the purposes referred to in letter a) is Article 6 letter b) of the GDPR:

the execution of a contract to which the interested party is party or the execution of pre-contractual measures adopted at the request of the same.

Providing data is not mandatory but is a necessary requirement to perform the requested services.

Failure to provide them therefore makes it impossible to process them.

  1. b) Personal data will also be processed to fulfill a legal obligation to which the Data Controller is subject (pursuant to Article 6 letter c) of the GDPR.
  2. c) The data may be processed for the pursuit of the legitimate interest of the Data Controller provided that the interests or fundamental rights and freedoms of the interested party do not prevail, taking into account the reasonable expectations of the interested party based on his relationship with the Data Controller and in particular for the prevention of fraud or, to a strictly necessary and proportionate extent, to guarantee the security of networks and information.

The legal basis for processing for the purposes referred to in letter c) is Article 6 letter f) of the GDPR.

  1. d) With reference only to Users who have made a reservation and/or used the services and/or activities offered, the data will be processed to send communications, via email, relating to:
  • suggestions for activities and experiences to do in the area of interest (eg near the accommodation facility where the User is staying);
  • offers and/or discounts dedicated to the User on the occasion of his/her birthday;
  • requests for feedback on the activity/service the User has used.

The interested party may object at any time to receiving such communications through the specific unsubscribe function, contained in the emails, or by contacting the Data Controller at the contact details referred to in point 1. The legal basis for processing for the purposes referred to in letter d) is Article 6 letter f) of the GDPR: the legitimate interest of the Data Controller.

  1. e) With the prior consent of the interested party, personal data will be processed:
  • to inform the User, via email, SMS, MMS, of services, initiatives and events promoted by the Data Controller;
  • analyze, even automatically, the User’s consumption, tastes and preferences in order to provide the latter with information on services or initiatives in line with his interests. The automated decision-making process envisaged in the processing of this data does not produce any legal effect for the interested parties and it is excluded that it affects them in a similar way.
  • to provide the User with information regarding places and services of interest in the surrounding area.

The legal basis for processing for the purposes referred to in letter d) is Article 6 letter a) of the GDPR: the Interested Party has given consent to the processing of their data for one or more specific purposes. Providing data is optional but is a necessary requirement to pursue the indicated purposes.

User data will also be used in aggregate and anonymous form to perform statistical analyses.

5. Processing methods

The processing of personal data will take place with or without the aid of computer systems.

The Owner undertakes to guarantee the logical and physical security and confidentiality of the personal data processed, implementing all technical and organizational measures appropriate to the processing.

6. Data retention

Personal data, collected for the purposes referred to in point 4, will be processed and stored for the time necessary to pursue the purposes for which they were collected and in any case within the limitation periods established by law.

In particular, the data will be processed:

  • for the purpose of creating and registering the profile: until the profile is deleted;
  • for purposes related to the booking service: for 10 years from the date of booking;
  • for marketing purposes: until consent is revoked;
  • for profiling activities: until consent is revoked but in any case no later than 18 months from the collection or renewal of consent itself.

The User’s location data is not stored by the Data Controller.

Once the retention period has expired, the data will be deleted or anonymized to be used for statistical purposes.

7. Data recipients

Personal data is accessible to:

  1. i)      employees and/or collaborators of the Data Controller in their capacity as persons authorized to process data;
  2. ii) commercial partners and/or service providers who carry out outsourcing activities on behalf of the Data Controller in their capacity as external data controllers, carrying out activities connected, instrumental or in support of those of the Data Controller. The list of data controllers is available at the contact details in point 1 of this information notice.

The Data Controller may also communicate the User’s data to third parties (Public Bodies, Police Forces or other public and private entities), exclusively for the purpose of fulfilling contractual, legal and/or community legislation obligations.

In any case, the data will not be disclosed nor will data that are prohibited by law from being disclosed be communicated.

8. Data transfer

No data transfers outside the EU or to international organizations are foreseen.

In the event that, for the execution of the functions of the Site or the APP, such transfers should be carried out, the Data Controller will adopt all the adequate guarantees provided for in articles 44 and 54 of the GDPR, including the adequacy decisions and the standard contractual clauses approved by the European Commission.

9. Rights of the interested party

In accordance with the provisions of Articles 15 to 21 of the GDPR, the User, as the Interested Party, may exercise the rights indicated therein and in particular:

  • Right of access (Article 15, GDPR). Obtain confirmation as to whether or not personal data concerning you are being processed and, where that is the case, receive information relating, in particular, to: the purposes of the processing, the categories of personal data processed and the period of retention, and the recipients to whom the data may be communicated.
  • Right to rectification (Article 16, GDPR). Obtain, without undue delay, the rectification of inaccurate personal data and the integration of incomplete personal data.
  • Right to erasure (Article 17, GDPR). Obtain, without undue delay, the erasure of personal data, in the cases provided for by the GDPR.
  • Right to restriction (Article 18, GDPR). Obtain from the Data Controller the restriction of processing, in the cases provided for by the GDPR.
  • Right to portability (Article 20, GDPR). Receive in a structured, commonly used and machine-readable format, the personal data provided to the Data Controller, as well as obtain that the same are transmitted to another controller without impediments, in the cases provided for by the GDPR.
  • Right to object (Article 21, GDPR). Object to the processing of your personal data, unless there are legitimate grounds for the controller to continue processing.

It is possible to exercise the above rights and revoke the consents given by simply sending a request to the Data Controller or to the DPO at the respective addresses indicated in point 1.

The User also has the right to lodge a complaint with the supervisory authority pursuant to Article 77 of the GDPR ( https://www.garanteprivacy.it/ ).

This information is written in Italian. In the event of a conflict between translations in different languages, the Italian version will prevail.