CONSORZIO GRADO TURISMO, with operational headquarters in Viale Dante Alighieri 72, Grado (GO) 34073 (hereinafter, "Owner"), as data controller, informs you in accordance with Legislative Decree no. 196/2003 as amended to Legislative Decree no. 101/2018 (hereinafter, "Privacy Code") and EU Regulation no. 679/2016 (hereinafter also, "GDPR") that your data will be processed in the following ways and for the following purposes:
1) Object of processing
The Owner processes the personal, identifying and non-sensitive data of the Consortium members (by way of example, company name, first name, surname, tax code, VAT number, e-mail, telephone number - hereinafter, "identifying data" or even "data") and of those who want to join the events and initiatives of the Consortium; these data are communicated voluntarily and spontaneously when requesting information and/or booking and/or directly by e-mail or telephone.
2) Objectives of the treatment
The identification data are processed, pursuant to art. 6 comma 1 lett. B and C, without the express consent, for:
- to allow membership of the Consortium;
- to allow the participation to the events organized by the Consortium;
- insert the data of the Consortium members on the websites and/or thematic magazines managed by the Owner and by the partners of the Owner;
- manage and process billing services;
- manage and process requests for quotations;
- manage and process requests for collaboration;
- fulfil pre-contractual, contractual and fiscal obligations arising from existing relationships;
- fulfil the obligations provided for by law, a regulation, Community legislation or an order of the Authority;
- prevent or detect fraudulent activities or abuse harmful to the website;
- exercise the rights of the Owner, for example the right of defence in court;
- send via e-mail and/or ordinary mail communications concerning the Consortium and the activities carried out by it.
3) Methods of data processing and retention times
The processing of personal data is carried out through the operations indicated and precisely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data are processed both on paper and electronically and automatically.
The Data Controller will process personal data for the time necessary to fulfill the above purposes and in any case for no longer than 10 years from the termination of the relationship for the Service Purposes, except for the exercise of the rights of the data subject and/or other legal obligations.
4) Access to data
The data may be made accessible for the purposes set out in art. 2):
- To employees and collaborators of the Data Controller, in their capacity as internal data processors and/or system administrators;
- To external companies or professional firms that perform outsourcing activities on behalf of the Data Controller, in their capacity as external data processors.
5) Communication of data
Without the express consent of the data subject, the Data Controller may communicate the data for the purposes set forth in art. 2) to employees and collaborators of the Data Controller, in their capacity as authorized and/or responsible for the processing, judicial authorities as well as to all other subjects to whom the communication is obligatory by law for the fulfilment of the indicated purposes and/or to collaborators for administrative, fiscal and accounting management and/or to fulfil specific legal obligations or for whom external suppliers have been identified. The data will not be disclosed.
6) Data transfer
The management and storage of personal data takes place on servers located within the European Union of the Owner and/or third party companies appointed and duly appointed as Data Processors. Currently the servers are located in Italy. The data will not be transferred outside the European Union.
7) Nature of the provision of data and consequences of refusal to respond
The provision of data for the purposes referred to in art. 2) is mandatory. In case of lack of consent, the Services referred to in art. 2) cannot be performed.
8) Rights of The interested party
The interested party, has the rights under Art. 15 GDPR and precisely of:
A.To obtain confirmation of the existence or not of personal data concerning him/her, even if not yet recorded and their communication in an intelligible form;
B.Obtain the indication:
- The origin of the personal data;
- The purposes and methods of processing;
- The logic applied in case of processing carried out with the aid of electronic instruments;
- The identification data concerning data controller, data processors and the designated representative; and the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated representative(s) in the State's territory, data processor(s) or person(s) in charge of the processing;
- The updating, rectification or, when interested therein, integration of the data;
- The cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
- The certification that the operations referred to in art. 8.A) and 8.B) have been notified, also as regards their content, to those to whom the data were communicated, unless this requirement proves impossible or involves a manifestly disproportionate to the protected right;
D.Oppose, in whole or in part:
- For legitimate reasons to the processing of personal data concerning him/her, even if pertinent to the purpose of collection;
- To the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising or marketing material by e-mail and/or traditional marketing methods by telephone and/or paper mail.
- Where applicable, he also has the rights under Articles 16-21 EU Regulation 679/2016 (Right of rectification, right to be forgotten, right to limitation of processing, right to data portability, right of opposition), as well as the right to complain to the Guarantor Authority.
9) Procedures for the exercise of rights
You can exercise your rights at any time by sending:
- A registered letter addressed to: CONSORZIO GRADO TURISMO Viale Dante Alighieri 72, Grado (GO) 34073
- A PEC at firstname.lastname@example.org
10) Owner, manager and persons in charge
The Data Controller is CONSORZIO GRADO TURISMO Viale Dante Alighieri 72, Grado (GO) 34073, in the figure of the pro-tempore legal representative. The updated list of data processors and persons in charge of processing is kept at the headquarters of the Data Controller.