This document informs Users about the technologies that help this Application to achieve the purposes described below. Such technologies allow the Owner to access and store information (for example by using a Cookie) or use resources (for example by running a script) on a User’s device as they interact with this Application.
For simplicity, all such technologies are defined as “Trackers” within this document – unless there is a reason to differentiate.
For example, while Cookies can be used on both web and mobile browsers, it would be inaccurate to talk about Cookies in the context of mobile apps as they are a browser-based Tracker. For this reason, within this document, the term Cookies is only used where it is specifically meant to indicate that particular type of Tracker.
Some of the purposes for which Trackers are used may also require the User’s consent. Whenever consent is given, it can be freely withdrawn at any time following the instructions provided in this document.
This Application uses Trackers managed directly by the Owner (so-called “first-party” Trackers) and Trackers that enable services provided by a third-party (so-called “third-party” Trackers). Unless otherwise specified within this document, third-party providers may access the Trackers managed by them.
The validity and expiration periods of Cookies and other similar Trackers may vary depending on the lifetime set by the Owner or the relevant provider. Some of them expire upon termination of the User’s browsing session.
In addition to what’s specified in the descriptions within each of the categories below, Users may find more precise and updated information regarding lifetime specification as well as any other relevant information – such as the presence of other Trackers – in the linked privacy policies of the respective third-party providers or by contacting the Owner.
Activities strictly necessary for the operation of this Application and delivery of the Service
This Application uses so-called “technical” Cookies and other similar Trackers to carry out activities that are strictly necessary for the operation or delivery of the Service.
This type of service helps the Owner to manage the tags or scripts needed on this Application in a centralised fashion.
This results in the Users’ Data flowing through these services, potentially resulting in the retention of this Data.
Google Tag Manager (Google Ireland Limited)
Google Tag Manager is a tag management service provided by Google Ireland Limited.
Personal Data processed: Tracker.
Other activities involving the use of Trackers
Displaying content from external platforms
This Application uses Trackers to provide a personalised user experience by improving the quality of preference management options, and by enabling interaction with external networks and platforms.
This type of service allows you to view content hosted on external platforms directly from the pages of this Application and interact with them.
This type of service might still collect web traffic data for the pages where the service is installed, even when Users do not use it.
Font Awesome (Fonticons, Inc. )
Font Awesome is a typeface visualisation service provided by Fonticons, Inc. that allows this Application to incorporate content of this kind on its pages.
Personal Data processed: Tracker and Usage Data.
This Application uses Trackers to measure traffic and analyse User behaviour with the goal of improving the Service.
The services contained in this section enable the Owner to monitor and analyse web traffic and can be used to keep track of User behaviour.
Google Analytics (Google Ireland Limited)
Google Analytics is a web analysis service provided by Google Ireland Limited (“Google”). Google utilises the Data collected to track and examine the use of this Application, to prepare reports on its activities and share them with other Google services.
Google may use the Data collected to contextualise and personalise the ads of its own advertising network.
Personal Data processed: Tracker and Usage Data.
• AMP_TOKEN: 1 hour
• _ga: 2 years
• _gac*: 3 months
• _gat: 1 minute
• _gid: 1 day
Google Ads conversion tracking (Google Ireland Limited)
Google Ads conversion tracking is an analytics service provided by Google Ireland Limited that connects data from the Google Ads advertising network with actions performed on this Application.
Personal Data processed: Tracker and Usage Data.
• IDE: 2 years
• test_cookie: 15 minutes
How to manage preferences and provide or withdraw consent
There are various ways to manage Tracker related preferences and to provide and withdraw consent, where relevant:
Users can manage preferences related to Trackers from directly within their own device settings, for example, by preventing the use or storage of Trackers.
Additionally, whenever the use of Trackers is based on consent, Users can provide or withdraw such consent by setting their preferences within the cookie notice or by updating such preferences accordingly via the relevant consent-preferences widget, if available.
It is also possible, via relevant browser or device features, to delete previously stored Trackers, including those used to remember the User’s initial consent.
Other Trackers in the browser’s local memory may be cleared by deleting the browsing history.
Locating Tracker Settings
Users can, for example, find information about how to manage Cookies in the most commonly used browsers at the following addresses:
• Google Chrome
• Mozilla Firefox
• Apple Safari
• Microsoft Internet Explorer
• Microsoft Edge
Users may also manage certain categories of Trackers used on mobile apps by opting out through relevant device settings such as the device advertising settings for mobile devices, or tracking settings in general (Users may open the device settings and look for the relevant setting).
Consequences of denying consent
Users are free to decide whether or not to grant consent. However, please note that Trackers help this Application to provide a better experience and advanced functionalities to Users (in line with the purposes outlined in this document). Therefore, in the absence of the User’s consent, the Owner may be unable to provide related features.
Owner and Data Controller
Titolare del trattamento dei dati personali Marco Travel By Emme Servicie Tour Operator di Candusso Marco, frazione Spineto 245/1 Castellamonte (TO) nella persona di Samuele De Marie direttore Tecnico del suddetto.
Recapiti: telefono 3456933865, indirizzo email firstname.lastname@example.org, PEC email@example.com .
Marco Travel By Emme Service tratterà i dati personali da Te conferiti al momento della registrazione allo Store.
Owner contact email: firstname.lastname@example.org
Since the use of third-party Trackers through this Application cannot be fully controlled by the Owner, any specific references to third-party Trackers are to be considered indicative. In order to obtain complete information, Users are kindly requested to consult the privacy policies of the respective third-party services listed in this document.
Given the objective complexity surrounding tracking technologies, Users are encouraged to contact the Owner should they wish to receive any further information on the use of such technologies by this Application.
Definitions and legal references
Personal Data (or Data)
Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.
Information collected automatically through this Application (or third-party services employed in this Application), which can include: the IP addresses or domain names of the computers utilised by the Users who use this Application, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilised to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilised by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User’s IT environment.
The individual using this Application who, unless otherwise specified, coincides with the Data Subject.
The natural person to whom the Personal Data refers.
Data Processor (or Data Supervisor)
Data Controller (or Owner)
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Application. The Data Controller, unless otherwise specified, is the Owner of this Application.
The means by which the Personal Data of the User is collected and processed.
The service provided by this Application as described in the relative terms (if available) and on this site/application.
European Union (or EU)
Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.
Cookies are Trackers consisting of small sets of data stored in the User’s browser.
Tracker indicates any technology – e.g Cookies, unique identifiers, web beacons, embedded scripts, e-tags and fingerprinting – that enables the tracking of Users, for example by accessing or storing information on the User’s device.
This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation).
PRIVACY NOTICE PURSUANT TO ARTS. 12 AND 13 OF EU REGULATION no. 679/2016 AND CONSENT TO THE PROCESSING OF PERSONAL DATA
Information pursuant to art. 13, paragraph 1
A) Controller and contacts
The data controller is Samuele De Marie encharged by Marco Travel By Emme Servicie di Candusso Marco Tour Operator, frazione Spineto 245/1 Castellamonte (TO) Italy. tel.: +39 3456933865 – email: email@example.com
You are informed by the data controller that your personal data will be processed:
– pursuant to articles 12 and 13 of EU Regulation no. 679/2016 (General Data Protection Regulation, referred to hereinafter as the “GDPR”), by specifically authorized parties only for the purposes and using the methods which will be specified hereinbelow in relation to the operation of the ilturistico.it web portal.
You are informed furthermore that data processors are also used by the Controller to perform its activity in compliance with the provisions of GDPR 679/2016.
B) Scope and purposes of processing When you use our services you accept that your personal data will be processed. Personal data means any data that can be related to you, such as your:
a. first and last names
b. email address
c. telephone number
These data will be processed in the ways and forms provided for under the GDPR for the performance of the website´s functions. In particular, the data you have provided or will provide to us are collected in order to offer you the services requested, to inform you on our business activities, or to propose a tailored service more in keeping with your specific needs.
In particular, the personal data you supply to the Controller will be processed for the following
– to comply with specific requests you make to the Controller through the Website and its communication tools (contacts area and similar);
– to provide information relating to the services of the Controller further to requests you may make by email, the contacts form and any other means of communication including phone or fax;
– to subscribe to the newsletter and receive marketing messages and information relating to the sector in which the Controller operates, subject to your having given your consent by checking the relevant box;
– other purposes which are additional to or connected to those listed above and fall within the sphere of the website’s activities.
This privacy notice only refers to the above-mentioned website, ilturistico.it
Legal basis for processing
• Art. 6 paragraph 1 (b) of the GDPR, relating to the performance of a contract to which the data subject is party or the taking of steps prior to entering into a contract at the request of the data subject.
This legal basis is of a merely optional and not mandatory nature, with the only consequence being that the Controller may be unable to deliver the above-mentioned services of direct communication or contractual/pre-contractual performance. In any case, data subjects may withdraw consent at any time with immediate effect, interrupting the services and activities referred to.
C) The processing is not based on art. 6 paragraph 1 (f)
D) Recipients and categories of recipients of the data collected
In relation to the above-mentioned purposes, the data may be disclosed to the following parties and/or categories of parties, or may be disclosed to organizations and/or persons performing services, either internally or externally, on behalf of the Data Controller. For greater clarity, these include without being limited to: parties – inside or outside the company
– which provide computing and telematic services for the management of the IT system used by the Controller and telecommunications networks; parties which the Controller reserves the right to appoint as processors; tax authorities and other companies or public entities in compliance with regulatory obligations; authorities with jurisdiction and/or supervisory bodies for compliance with legal obligations.
In no event are personal data transferred or sold to third parties.
Information pursuant to art. 13 paragraph 2
A) Period of storage of the data
Pursuant to art. 5 of the GDPR, in accordance with the principles of lawfulness, limitation of purposes and storage and minimization of data, your data will be stored in compliance with the law and for the length of time necessary for the performance of the activities referred to in the purposes given above for tax, accounting and administrative requirements, to document our activity, to respond to your data recovery requirements, and for the time required to ensure defence before courts.
B) Rights of data subjects
Right of Access and Rectification
Pursuant to art. 15 of the GDPR, as data subject you have the right to obtain from the Controller confirmation of whether or not personal data relating to you is processed, and to obtain access to said data and to all the information referred to in art. 15, paragraph 1 (a) to
(h) through the issuing of a copy of the processed data in a structured, commonly used, machine-readable and interoperable format.
Pursuant to art. 16 of the GDPR, as data subject you have the right to obtain from the Controller the rectification and/or completion of the processed data if they are not updated and/or are inaccurate and/or incomplete.
Right to Erasure and Right of Restriction
Pursuant to art. 17 of the GDPR, as data subject you have the right to obtain without undue delay from the Controller the erasure of personal data concerning you only in the cases provided for under art. 17 paragraph 1 (a) to (f), with the exception of the cases specifically provided for by art. 17 paragraph 3.
Pursuant to art. 18 paragraph 1 (a) to (d) of the GDPR, as data subject you have the right to request and obtain from the Controller the restriction of the processing of your personal data, or that said data not be subject to further processing or alteration. The Controller guarantees that the restriction of processing is implemented using appropriate technical means ensuring its inaccessibility and inalterability.
Right to Data Portability
Pursuant to art. 20 of the GDPR, as data subject you have the right to receive from the Controller the personal data concerning you which has been processed using automated means in a structured, commonly used and machine-readable format, and also have the right to transmit those data to another controller, or to obtain direct transmission of said data by the Controller, where technically feasible, to another specifically identified data controller.
Right to Object
Pursuant to art. 21 of the GDPR, as data subject you have the right to object at any time to the processing of personal data concerning you on grounds relating to your particular situation in the event of the processing of your data being necessary (1) for the performance of a task carried out for reasons of public interest and/or in relation to the exercising of official authority vested in the Controller; (2) for the pursuance of a legitimate interest of the Controller or a third party; (3) for profiling activities if carried out by the Controller on the basis of the preceding points. You also have the right to object to the processing of your personal data on grounds relating to your particular situation if they are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89 paragraph 1 of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
Method of exercising the above rights
You may exercise your above rights by emailing a request to firstname.lastname@example.org, or
by registered mail with return receipt requested addressed to Marco Travel By Emme Servicie di Candusso Marco Tour Operator, frazione Spineto 245/1 Castellamonte (TO) – Italy.
Receipt of your request will be confirmed, and you will be provided with information relating to the request within 1 (one) month of its receipt. If necessary, and taking into consideration the complexity and number of requests, this deadline may be extended by 2 (two) months, subject to justification being sent within 1 (one) month of the receipt of the request.
All the recipients to whom the data have been transmitted, as identified under art. 4, paragraph 1 (9) of the GDPR, will be informed of any rectifications, erasures, limitations and objections, unless it proves to be impossible and/or involves disproportionate effort.
Should the Controller have reasonable doubts concerning your identity following the sending of a request for rectification, erasure, limitation or objection, further information will be requested by email in order to confirm said identity.
In the event of the Controller failing to comply with your request within 1 (one) month of its receipt, you will be informed by the Controller of the reasons for this failure to comply and of your right to lodge a complaint with the supervisory authority (Data Protection Authority), as specified pursuant to art. 13 paragraph 2 (d) and regulated by article 77 and subsequent articles of the GDPR.
C) Right to complain
Pursuant to art. 77 of the GDPR, as data subject you have the right to lodge a complaint with a supervisory authority in accordance with the methods indicated in said article.
The reference Authority is the Italian Data Protection Authority:
D) Automated decision-making and profiling
The Controller informs you that no automated decision-making processes – in other words processes aimed at taking decisions based only on technological means on the basis of predetermined criteria (without human involvement) – are used for the purposes of processing your personal data, and no profiling is performed in order to use your personal data to analyze or predict aspects concerning performance at work, economic situation, health, personal preferences or interests, reliability or behaviour, location or movements etc.
Processing methods – how do we ensure the protection of your data?
The processing of the personal data you disclose is performed by means of the operations indicated in art. 4 (2) of the GDPR, and to be precise: “collection, recording, organisation, storage, consultation, processing, alteration, selection, retrieval, alignment, use, combination, disclosure, erasure or destruction of the data”.
The personal data you disclose are subjected to automated processing for the time which is strictly necessary in order to achieve the purposes for which they have been collected and using technical and organizational methods employed to prevent the loss, illegal or improper use and unauthorized access to the data, and therefore such as to guarantee a level of security appropriate to the risk pursuant to art. 32 of the GDPR by suitably authorized parties in compliance with the provisions of art. 29 of the GDPR, or employees and/or associates of the Controller in their capacity as authorized parties and/or system administrators who may perform consultation, use, processing, alignment and any other appropriate operations in compliance with the provisions of law necessary to guarantee, among other things, the confidentiality and security of the data, as well as their accuracy, updating and relevance in accordance with the declared purposes and methods.
In particular, unless specified otherwise herein the personal data you disclose will be subject to processing only at the registered offices of the data controller and will not therefore be disseminated, and pursuant to art. 13 paragraph 1 (e) they may only be processed by authorized parties and/or external data processors (professional individuals and/or associations), including explicitly the hosting provider and/or technical personnel assigned to the management and/or maintenance of the website, but only and exclusively for the purposes expressly and specifically indicated a