MA.GI.A S.r.l. di Parodi Mario, Via Nazario Sauro 195 – 17027 Pietra Ligure (SV) (“the Owner“) is a company operating in the tourism sector. This information is intended to inform the interested party (“User“) about the methods of processing personal data concerning him. With this information, the Owner intends to guarantee the privacy and security of the personal data of each User, in accordance with the provisions of Legislative Decree 196/2003 (hereinafter “Privacy Code“) and with EU Regulation no. 2016/679 (hereinafter “GDPR“).
Owner and managers of personal data processing
The personal data of the User are processed by MA.GI.A S.r.l. di Parodi Mario, Via Nazario Sauro 195 – 17027 Pietra Ligure (SV) as Owner of the personal data processing. More detailed information on the names of the data processing Managers can be requested by the User sending an email to the following address: email@example.com.
Types of processed data
The Owner acquires and processes the personal data of the User through the following methods:
Browsing data: while browsing online, through the IT systems and software procedures used to operate the website, the Owner acquires some data whose transmission is implicit in the use of Internet communication protocols, such as: IP addresses , the domain names of the computers used by the user, the addresses in URI (Uniform Resource Identifier) notation, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response from the server (successful, error, etc.), the country of origin, the characteristics of the browser and operating system used by the User, the various temporal connotations of the visit (for example the time spent on each page ) and the details of the itinerary followed within the Application, with particular reference to the sequence of the consulted pages, the parameters relating to the operating system and the IT environment of the User.
- Data additional categories: these are all the personal data provided by the user at the time of registration and/or access to a reserved area and in any case to the services offered by the Owner by subscription, alone or in partnership with third parties.
Contact management and messages sending: this kind of services allow to manage a database of email contacts, telephone contacts or contacts of any other type, used to communicate with the User. These services could also allow to collect data relating to the date and time of viewing of the messages by the User.
Purposes and methods of personal data processing
The personal data collected by the Owner for the purpose of concluding or executing existing contracts will be processed lawfully pursuant to art. 6 of the GDPR for the following processing purposes:
- Provide the service and / or goods requested by the User. The personal data processed by the Owner may include: name and surname, company name, name and surname of the legal representative or of the person in charge, address of residence and/or domicile and/or registered office, email address, telephone number, as well as all personal information provided to the Owner by the User at the time of signing or during the negotiation relationship.
- Send advertising, promotional and/or commercial material and, in general, marketing communications in the interest of the Owner. The personal data of the User (name and surname, company name, name and surname of the legal representative or of the person in charge, address of residence and/or domicile and/or registered office, email address, telephone number) will be processed by the Owner for these purposes with free and optional consent, with the exception of promotional and/or commercial communications relating to the services and/or products already subscribed and/or purchased by the User, for which the processing is based on a legitimate interest of the Owner (e.g. . sending newsletters and/or promotions relating to the services already subscribed). Consent can be anytime revoked.
- Detect the User experience of the platforms, products and services offered by the Owner. The personal data processing for these purposes (name and surname, company name, name and surname of the legal representative or of the person in charge, address of residence and/or domicile and/or registered office, email address, telephone number) will be carried out by the Owner upon free and optional consent of the User. Consent can be anytime revoked.
- Monitor the navigation data of the User. The consent to the data processing for these purposes, free and optional, is given by the User through the simplified method described in the information that appears when accessing the website.
Scope of data disclosure
With free and optional consent, the data of the User could be communicated to third-party companies with which the Owner has concluded or could conclude partnership agreements such as, for example: social networking and interactive platforms, mass consumption, distribution, editorial, financial, insurance humanitarian and charitable organizations, telecommunications companies or having further and different commercial and/or industrial purposes.
Third parties may become aware of your personal data as "External Data Processors", such as, for example, service providers (administrative, IT services, third party technical service providers, couriers, hosting providers, IT companies, agencies of communication etc.), consultants of the Owner (accountants, auditing firms, lawyers, etc.), banks and financial institutions, authorities and public bodies. Furthermore, the employees and/or collaborators of the Owner who are responsible for managing the contractual relationships may become aware of your data. These subjects are formally appointed by the Owner to process personal data exclusively for the purposes indicated in this statement and in compliance with regulatory provisions. The interested party has the right to obtain a list of any data processors appointed by the Owner, making a request to the Owner in the manner indicated in the following paragraph "rights of the User".
Transfers of personal data outside the EU
The Owner may transfer the personal data of the User to third parties established in States not belonging to the EU. If this circumstance should occur, the Owner ensures the adoption of adequate guarantees with the foreign companies receiving the data according to the regulatory provisions of Chapter V of the GDPR.
Redirect to external websites
The personal data of the User will be kept for a period equal to the duration of the contractual relationship in place with the Owner. Furthermore, the retention will be arranged for the period of time strictly necessary to allow the Owner to fulfill legal, administrative, fiscal and tax obligations, as well as for the time strictly necessary to allow the Owner to exercise any right of defense in judgement.
Rights of the User
The User can exercise the following rights recognized by the Privacy Code and by the GDPR regarding the personal data processing activities carried out by the Owner:
- the access: the User can request information regarding the existence or otherwise of a treatment in place with the Owner, as well as further clarifications regarding the information referred to in this Information within the limits of reasonableness and due date, as well as to receive the data;
- the rectification: the User can request to rectify or integrate the data provided or otherwise in the possession of the Owner, if these are incorrect;
- the cancellation (oblivion): the User may request the cancellation of the data acquired and processed by the Owner, if these are no longer necessary for the purposes described in the paragraph "Purposes and methods of personal data processing", provided that there are no disputes or controversies in place with the Owner, or in cases of withdrawal of consent, opposition to treatment, illegal treatment, or where there is an obligation to cancel;
- the limitation: the User may request the limitation of the processing of his personal data where one of the conditions provided by art. 18 of the GDPR and with the exception of what is explained in paragraph 2 of the same article;
- the opposition: the User can oppose to the processing of his data at any time, unless there are legitimate reasons that allow the Owner to proceed with the processing, such as, for example, the need for extrajudicial or judicial defense. If, for technical reasons, following the exercise of the right of opposition, the User continues to receive further promotional messages after 24 hours have elapsed since the request to exercise the right of opposition, the same may report the problem to the Owner using the contacts indicated in this statement;
- the portability: the User may request to receive personal data concerning him, or request their transmission to another holder in a structured format, commonly used and readable by automatic device;
- the consent withdrawal: the User can exercise the right to withdraw consent at any time, pursuant to art. 7, paragraph 3, of the GDPR without prejudice to the lawfulness of the processing activities already carried out on the basis of the consent previously given;
- the right to file a complaint: the User can act before the Control Authority where he usually resides, where he works, or before the competent one in relation to the place where the alleged violation occurred. For the territory of the Italian State, the competent Authority is the Garante per la Protezione dei Dati Personali, based in Piazza di Monte Citorio 121, 00186 - Rome (http://www.garanteprivacy.it/).
To exercise rights, report problems or ask for clarification on the processing of their personal data, the User can forward his requests by registered mail, writing to the Owner - MA.GI.A S.r.l. di Parodi Mario, Via Nazario Sauro 195 – 17027 Pietra Ligure (SV), or by sending an email to the email address firstname.lastname@example.org specifying the subject of the request.
The exercise of the aforementioned rights by the User is free of charge, except that, pursuant to art. 12, paragraphs 3 and 5, of the GDPR, having assessed the complexity of the activities to be performed in response to the request, the Owner may request a contribution from the interested party, taking into account the costs incurred and/or to be incurred. The Owner will have 30 days to find out the request of the User.
Changes to the statement
The possible and subsequent entry into force of new sector regulations as well as the constant examination and updating of the services could determine the need to modify the methods and terms described in this Information. It is therefore possible that this document may change over time. The Owner will publish any changes to this information on this page and, if the changes are relevant, will report them through a more visible notification. Previous versions of this Policy will in any case be kept and archived.
Last modified: May 6, 2020