Holiday System S.r.l., with registered office in via Giacomo Matteotti 1/E 38065 Mori (TN), Tax Code and VAT number 01554560225, as Data Controller, informs you, pursuant to Article 13 of EU Regulation 2016/679 (Regulation on the protection of personal data, hereinafter “GDPR”), about the essential elements of the processing carried out and illustrated below.
We would like to point out that our company operates in full compliance with the applicable Italian legislation on personal data protection and with the GDPR, recognizing its utmost importance.
Before proceeding with browsing, we therefore invite you to carefully read this information notice (hereinafter “Notice”), as it contains important information on the protection of personal data and on the security measures adopted to ensure their confidentiality.
This Notice, moreover:
is intended only for the website holidaysystem.it (“Site”) and does not apply to other websites that may be consulted via external links;
is to be understood as information provided pursuant to Article 13 of the GDPR to those who interact with the Site.
Below are the essential elements of the processing carried out.
Personal data means any information relating to an identified or identifiable natural person, with particular reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more elements characteristic of their physical, physiological, mental, economic, cultural or social identity.
The personal data collected by the Site are as follows:
Browsing data: the IT systems of the Site collect certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to identify you, but by its very nature could, through processing and association with data held by third parties, allow you to be identified. This data includes, for example, IP addresses or domain names of the devices used to connect to the Site, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (successful, error, etc.) and other parameters relating to your operating system and IT environment;
Data provided voluntarily: through the Site you may voluntarily provide personal data, for example, name, contact details, billing address for the purchase of our products through the online registration service available on our Site. We will use this data in compliance with the applicable legislation, assuming that it refers to you. If the data refers to third parties, you act as an independent data controller, assuming all legal obligations and responsibilities. In this regard, you grant the broadest indemnity against any dispute, claim, request for compensation for damages from processing, etc. that may be received by our company from third parties whose personal data have been processed through your use of the Site in violation of the applicable legislation currently in force;
Cookies and similar technologies: we collect personal data through cookies. More information on the use of cookies and similar technologies is available here.
Specifically, your personal data are processed for the following purposes and legal bases:
site display and browsing (activities related to the proper provision of the various functions requested by you, for security reasons and for ascertaining responsibility in the event of hypothetical cyber crimes against the Site, as well as to obtain anonymous statistical information on the use of the Site and to check its correct functioning); the legal basis is the contract and pre-contractual measures (Art. 6.1, letter b, GDPR);
activities related to contact management (activities involving the processing of personal data such as name, surname, subject); the legal basis is the contract and pre-contractual measures (Art. 6.1, letter b, GDPR);
activities related to the execution of a contract to which you are a party, including the pre-contractual phase (examples include: provision of a service through the “online registration” section on the Site, registration to the newsletter service, etc.); the legal basis is the contract and pre-contractual measures (Art. 6.1, letter b, GDPR);
statistical research/analysis on aggregated or anonymous data (activities that do not involve the processing of personal data, as they do not involve user identification and are used, for example, to measure the functioning of the Site, traffic and user interest);
activities related to the establishment and/or exercise and/or defense of rights (examples include disputes relating to the proper performance of contractual relationships, formal notices, debt collection); the legal basis is legitimate interest (Art. 6.1, letter f, GDPR);
other activities carried out in compliance with legal obligations/orders of Authorities (such as communication to third parties); the legal basis is legal obligation (Art. 6.1, letter c, GDPR);
maintenance of IT systems and devices (persons responsible for maintenance and repair of the Site may accidentally have access to your personal data. These are occasional and unforeseeable events, in any case without identification purposes and limited to the duration of the maintenance/repair intervention); the legal basis is legitimate interest (Art. 6.1, letter f, GDPR).
We do not carry out processing with automated decision-making processes.
We do not carry out profiling activities, except for profiling via cookies. More information on the use of cookies and similar technologies is available here.
Specific notices will be published on the pages of the Site set up for the provision of certain services (e.g. “online registration” service).
Your personal data will be retained for the time strictly necessary to fulfill the purposes described above and to comply with legal obligations.
In particular, for site display and browsing your data are deleted immediately at the end of the browsing session, unless they are necessary for the exercise or defense of rights; for contact management activities your personal data are deleted once the purpose of contact, response or correspondence has been definitively fulfilled; for activities related to the execution of a contract to which you are a party (including the pre-contractual phase), your personal data are retained for the entire duration of the contractual relationship and, once concluded, will be retained for the purposes of establishing/exercising/defending a right; for activities related to the establishment and/or exercise and/or defense of rights, until the time allowed by national legislation to protect one’s interests (Articles 2946 and 2947 of the Italian Civil Code), subject to further retention in case of interruption of limitation periods; for activities carried out in compliance with legal obligations/orders of Authorities and for maintenance of IT systems and devices, referring to personal data already available for the other purposes indicated in this Notice, retention periods coincide with those identified from time to time for the aforementioned purposes.
The processing of your personal data, for the purposes described above, may be carried out without your consent.
The provision of your data that you undertake to provide contractually or by legal obligation is mandatory and constitutes a necessary requirement for the conclusion of the contract; failure to provide such data will make it impossible for us to proceed with contracts and related obligations. Any other provision of your personal data (e.g. for sending requests not yet formalized in a contract or for browsing the site) is purely optional. The only consequence of failure to provide optional data will be the impossibility of providing or performing the requested services.
Your Personal Data may also be communicated to third parties, for technical and operational needs strictly related to the purposes indicated above, and in particular to the following categories:
subjects necessary for the provision of services offered by the Site, including by way of example the sending of emails and analysis of Site operation, who typically act as data processors of our company;
entities, professionals, companies or other structures appointed by us for processing related to the fulfillment of contractual, administrative, accounting, insurance and management obligations related to the ordinary conduct of our economic activity, also for debt collection purposes;
public authorities and administrations for purposes related to the fulfillment of legal obligations or to parties entitled to access them by virtue of legal provisions, regulations, EU legislation;
banks, financial institutions or other entities to whom the transfer of such data is necessary for carrying out our business activity in relation to the fulfillment of contractual obligations undertaken towards you;
providers of installation, assistance and maintenance services of IT and telematic systems and all services functionally connected and necessary for the performance of contractual services;
persons authorized by us to process data who have undertaken to maintain confidentiality or have an adequate legal obligation of confidentiality (e.g. employees and collaborators).
The Data Controller does not transfer personal data outside the European Economic Area. However, the Controller reserves the right to use cloud services; in such case, service providers will be selected from those providing adequate guarantees in compliance with applicable legislation.
The processing of your personal data will take place both electronically and in paper form.
Processing will, however, be carried out mainly using IT tools and in any case in compliance with minimum security and confidentiality measures. In particular, technical, IT, organizational, logistical and procedural security measures have been implemented to prevent loss, unlawful or improper use of data and unauthorized access.
Rights of the data subject and complaint to the Supervisory Authority
We inform you that, with regard to the processing of your personal data, you may exercise the following rights:
Right to obtain access to your personal data (Art. 15 GDPR): you may contact us to know whether your personal data are being processed and to receive the information required by law;
Right to rectification (Art. 16 GDPR): obtain correction of inaccurate personal data or completion of incomplete data;
Right to erasure/right to be forgotten (Art. 17 GDPR): obtain deletion of your personal data in cases provided by law;
Right to restriction of processing (Art. 18 GDPR): obtain that your personal data are only stored, excluding other processing activities, in cases provided by law;
Right to data portability (Art. 20 GDPR): obtain your personal data in a structured, commonly used and machine-readable format and have them transmitted directly to another controller, where provided by law;
Right to object (Art. 21 GDPR): object to further processing of your personal data for reasons related to your particular situation, unless our compelling legitimate grounds prevail, in cases provided by law;
Right to withdraw consent (Art. 7.3 GDPR): withdraw consent at any time where processing is based on consent.
To exercise the above rights, you may use the contact details of the Data Controller provided in this Notice.
The exercise of rights is free of charge and not subject to any formal requirement.
We also inform you of your right to lodge a complaint with the competent Data Protection Authority. Please note that, pursuant to Art. 77.1 GDPR, the complaint may be lodged with the Authority of the place where you habitually reside, work or where the alleged violation occurred.
The Data Controller is: Holiday System S.r.l.
email: gdpr@holidaysystem.it
phone: 0464 423854
postal address: via Matteotti 1/E, 38065 Mori (TN)
This Notice is effective as of October 18, 2018. We reserve the right to modify or simply update its content, in part or in full, also due to changes in applicable legislation. The updated Notice will be promptly published on this Site. We therefore invite you to regularly visit this page to review any updates.