INFORMATION SHEET IN ACCORDANCE WITH
ARTICLE 13 OF (EU) REGULATION NO. 679/2016 (“GDPR”)
This website collects some of its users’ Personal Data
TOUREXP SRL (VAT No. 07497270723)
Address: Via G. Capruzzi, 326 – 70124 BARI, ITALY
Email address of the Data Controller: email@example.com
TYPES OF DATA COLLECTED
Some of the Personal Data collected by this website, whether autonomously or through third parties, includes: name, surname, telephone number, various types of Data, use Data, Cookies and website.
The Personal Data can be freely supplied by the User or, in the case of usage Data, it can be collected automatically during use of this website.
Unless otherwise specified, all the Data requested by this Website is obligatory. If the User refuses to supply the Data it could be impossible for the website to perform the service. If the website indicates some Data as optional, users are free to refrain from communicating such Data without any effect on the availability of the service or its operation.
Users who are unclear about which Data is obligatory are encouraged to contact the Data Controller.
Any use of the Cookies – or other tracing tools – by this website or by the Data Controllers of third parties used by this website, unless otherwise specified, has the purpose of supplying the Service requested by the User, in addition to other purposes described in this document and in the Cookies Policy, if available.
The User assumes responsibility for the Personal Data of third parties obtained, published or shared through this website, and guarantees right to communicate or to share them, freeing the Data Controller from any responsibility towards third parties.
METHODS AND LOCATION OF THE DATA PROCESSING
The Data Controller will adopt the appropriate methods of security aimed at blocking unauthorised access, disclosure, modification or deletion of Personal Data.
The processing is carried out by IT and/or internet tools with organisational methods and logic strictly linked to the purposes indicated. In some cases, in addition to the Data Controller other persons involved in the organisation of this Website (administration, commercial, marketing, legal and system administration staff) may have access to the Data and, if necessary, the Data Controller may nominate Data Processors. The up to date list of Data Processors can be requested from the Data Controller at any time.
Legal basis for processing
The Data Controller Processes Personal Data regarding the User in the event of any of the following conditions:
- the User has given consent for one or more specific purposes; N.B.: in some jurisdictions the Data Controller may be authorised to process Personal Data without the consent of the User or any other legal basis specified as follows, until the User opts out of this processing. However, this is not applicable as long as the processing of Personal Data is regulated by European Union legislation with respect to the protection of Personal Data;
- the processing is necessary for the execution of the contract with the User and/or the execution of pre-contractual measures;
- the processing is necessary for fulfilling a legal obligation to which the Data Controller is subject;
- the processing is necessary for a task of public interest or for exercising the public powers vested in the Data Processor;
- The processing is necessary for pursuing the legitimate interest of the Data Controller or third parties.
It is possible to request the Data Controller at any time, to clarify the solid legal basis of each process and particularly to specify if the processing is based on the legislation required by a contract or if it is necessary for concluding a contract.
The Data is processed at the operational offices of the Data Controller and in any other place in which the parties involved in the processing are located. For further information contact the Data Controller.
The User’s Personal Data may be transferred to a country which is different from the one in which the User is located. To obtain further information on the processing location the User can refer to the section relating to the processing of Personal Data.
The User has the right to obtain information regarding the legal basis for the transfer of Data outside the European Union or to an organisation of international public law or constituted by two or more countries, such as the U.N. for example, as well as organisations relating to the security measures for protecting the Data adopted by the Data Controller.
Should any of the transfers described above take place, the User can refer to the respective sections of this document or ask the Data Controller for information by contacting them at the addresses provided at the beginning of this document.
Period of storage
The Data is processed and stored for the time requested for the purposes for which it was collected.
- The Personal Data collected for purposes linked to the execution of a contract between the Data Processor and the User will be processed until the execution of the contract is completed.
- The Personal Data collected for purposes connected to the legitimate interest of the Data Controller will be stored until the above interests have been met. The User can request further information on the legitimate interest of the Data Controller in the related sections of this document or by contacting the Data Controller.
When the processing is based on the consent of the User, the Data Controller can store the Personal Data for a longer period until said consent had been revoked. In addition, the Data Controller may be obliged to store the Personal Data for a longer period in compliance with legal obligations or by order of an authority.
At the end of the storage the Personal Data will be deleted. Therefore, at the expiry of this time limit the right of access, deletion, rectification and the right to Data portability can no longer be exercised.
PURPOSE OF PROCESSING THE DATA COLLECTED
The User’s Data is collected to allow the Data Controller to supply his services, as well as for the following purposes: Contacting the User, Managing contacts and sending messages, Payment management, Hosting and backend infrastructure, Displaying content from external platforms, Statistics, Tag management , Heat Mapping and recording sessions and Comments on the contents.
To obtain further detailed information for the purposes of processing and the Personal Data relevant to a certain purpose, the User can refer to the relative section of this document.
DETAILS ON THE PROCESSING OF PERSONAL DATA
Personal Data is collected for the following purposes and using the following services:
CONTACTING THE USER
Contact form (this website)
By completing the contact form with his or her Data, the User allows its use for responding to their requests for information, for a quotation or of any other nature indicated in the form’s header.
Personal Data collected: email, name and various types of Data.
This type of service is functional to the centralised management of tags or script used in the website.
The use of these services involves the flow of the User’s Data through them and, if necessary, in their retention.
Google Tag Manager (Google LLC)
Google Tag Manager is a tag management service supplied by Google LLC.
Personal Data collected: Cookies and usage data.
HOSTING AND BACK-END INFRASTRUCTURE
The function of this type of services is to host Data and files that allow this website to function and allows the distribution and supply of ready to use infrastructure for supplying specific functions of this website.
Some of these services function through servers located in different geographical locations, making it difficult to determine the exact place in which the Personal Data is stored.
Exasys Srl is a company that supplies a hosting service.
The services contained in this section allow the Data Controller to monitor and analyse traffic data and are used to keep track of the User’s behaviour.
Google Analytics (Google Inc.)
Google Analytics is a web analysis service supplied by Google Inc. (“Google”). Google uses the Personal Data collected for the purpose of tracing and examining the use of this website, preparing reports and sharing them with the other services developed by Google. Google could use Personal Data to contextualise and personalise announcements on its own advertising network.
Personal Data collected: Cookies and usage information.
DISPLAY OF CONTENTS ON EXTERNAL PLATFORMS
This type of services allows the display of, and interaction with, contents hosted on external platforms on the pages of this website.
If a service of this type is installed, it is possible that, even if Users do not use this service, it will collect traffic data regarding the page in which it is installed.
Widget Instagram (Instagram, Inc.)
Instagram is a service for the display of images managed by Instagram, Inc. that allows this website to integrate such contents within its own pages.
Personal Data collected: Cookies and usage data.
Widget Google Maps (Google Inc.)
Google Maps is a service for the display of maps managed by Google Inc. That allows this website to integrate these contents within its own pages.
Personal Data collected: Cookies and usage Data.
Google Fonts (Google Inc.)
Google Fonts is a service for the display of styles of characters managed by Google Inc. That allows this website to integrate these contents within its own pages.
Users can exercise specific rights in reference to Data processed by the Data Controller.
In particular, the User has the right to:
- withdraw consent at any time.
The User can withdraw previously given consent for the processing of his or her own Personal Data
- oppose the processing of Personal Data.
The User can oppose the processing of his or her Personal Data when this occurs on a legal basis different from that given consent for. Further details on the right of opposition are indicated in the section below.
- access to their Personal Data.
The User has the right to obtain information on the Data processed by the Data Controller on specific aspects of the processing and to receive a copy of the Data processed.
- verify and request rectification.
The User can verify the accuracy of his or her Data and to request updating or correction.
- obtain limitation to the processing.
Under certain conditions the User can request the limitation of the processing of his or her Data. In this case the Data Controller will not process the Data for any other purpose, except for their storage.
- obtain the deletion or removal of Personal Data.
Under certain conditions the User may request the deletion of his or her Data by the Data Controller.
- receive Personal Data, or to transfer the data to another Data Controller
The User has the right to request his or her Data in a structured format which is in common use and easily readable on an automatic device and, when technically possible, to obtain its transfer to another Data Controller without hindrance. This disposition is available when the Data is processed with automated tools and the processing is based on the User’s consent or on contractual measures connected to it.
- make a complaint.
The User can make a complaint to the relevant control authority for the protection of personal data or to take the matter to court.
Details on the right to opposition
When the Personal Data being processed is of public interest, for exercising the public powers vested in the Data Controller or for pursuing the legitimate interest of the Data Controller, the User has the right to oppose the processing for reasons connected to their specific situation.
Users are advised that, where their Data is processed for the purposes of direct marketing, they can oppose the processing without supplying any explanation. To discover if the Data Controller is processing data for the purposes of direct marketing, Users can refer to the respective section of this document.
How to exercise your rights
In order to exercise User rights, Users can send their request to the Data Controller’s addresses contained in this document. The requests are presented free of charge and are processed by the Data Controller as quickly as possible, within a month in all cases.
FURTHER INFORMATION ON PROCESSING
Defence in court
The User’s Personal Data may be used by the Data Controller in court or in the preparatory phases of any establishment for the defence purposes against abuse of the use of this website or of connected services by the User.
The User declares that he or she is aware that the Data Controller may be obliged to reveal Data by order of a public authority.
System and maintenance log
For requirements connected to operation and maintenance, this website and any third parties connected to it may collect system logs, in other words, files that record interactions and which can also contain Personal Data, such as the User’s IP address.
Information not contained in this policy
Further information regarding the processing of Personal Data can be requested at any time from the Data Controller through the contact details supplied.
Answer to the request “Do Not Track”
This Website does not support requests for “Do Not Track”.
To find out more about third party services used that support it, the User is invited to consult the respective privacy policies.
Whenever modifications are made concerning the legally-based consent processes, the Data Controller will once more request the User’s consent, if necessary.
DEFINITIONS AND LEGAL REFERENCES
Personal Data (or Data)
Personal data includes any information that can, directly or indirectly, even in connection with any other information, including a personal identification number, identifying a person or making a person identifiable.
This is data collected automatically through this website (also by third party applications integrated into this website) amongst which are: IP addresses or the names of the computer domains used by the User that connect to this website, addresses in URI (Uniform Resource Identifier) format, time of the request, the method used for sending the request to the server, the size of the file received in response, the numeric code indicating the status of the server’s reply (successful, error, etc), the country of origin, the characteristics of the browser and the operating system used by the visitor, the various temporal connotations of the visit ( for example, the time spent on each page) and details regarding the itinerary followed within the Application with specific reference to the sequence of the pages consulted, the parameters concerning the User’s operating system and the IT environment.
Unless otherwise specified, the individual that uses this website coincides with the interested party.
The individual to whom the Personal Data refers.
Data Processor (or Processor)
Data Controller (or Owner)
The individual, legal person, public authority, service or other organism that, individually or with others, determines the purposes and the means of the processing of Personal Data and the tools adopted, including security measures regarding the operation and use of this website. Unless otherwise stated, the Data Controller is the owner of this website.
This website (or this Application)
The hardware or software tools through which the User’s Personal Data is collected and processed.
The Service provided by this website as defined in the relative terms (if present) on this site/application.
European Union (or EU)
Except where otherwise specified, the any reference to the European Union contained in this document shall be extended to all the current member States of the European Union and the European Economic Area.
A small portion of the data stored within the User’s device.
This privacy information sheet is published on the basis of the multiple legislative systems, including Articles 13 and 14 of (EU) Regulation 2016/679.
Unless otherwise specified, this privacy information sheet refers exclusively to this website.