This page describes the website management methods with reference to the processing of personal data of the users who visit it, as well as the methods and purposes of processing personal data.
This policy is also provided pursuant to art. 13-14 EU Regulations 2016/679 to those who interact with the web services that can be accessed electronically through the addresses: http://www.incomingexperience.it/index.cfm/it/(online bookings portal) and www.incomingexperience.it (information portal). Both addresses, despite having two different purposes, are linked to the same website, hereinafter also referred to as “site”.
The policy is provided only for the site and not for any other Websites that can be consulted through our links, of which CONSORZIO TURISTICO INCOMING EXPERIENCE have by no means responsibility.
CONSORZIO TURISTICO INCOMING EXPERIENCE, Torino (TO), Via Berthollet, 19 – 10125, as Data Controller in charge for the processing of Your personal data, pursuant to and in accordance with the EU Regulations 2016/679 - GDPR, herewith inform You that the aforesaid Regulations provide for the protection of the parties involved with reference to the processing of the personal data and that such processing will be carried out according to the principles of correctness, lawfulness, transparency and of protection of Your privacy and of Your rights.
Your personal data will be processed according to the law provisions of the aforesaid regulations and to the confidentiality obligations provided for therein.
TYPES OF DATA PROCESSED
The computer systems and the software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the usage of the Internet communication protocols. These information are not collected with the aim of linking them to any identified parties who are involved, but by their very nature they may, through processing and association with the data held by third parties, allow to identify the users. This category of data includes the IP addresses or the domain names of the computers used by any visitors connecting to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the server query method, the size of the file obtained in response, the code indicating the status of the reply given by the server (successful, error, etc.) and other parameters related to the operating system and to the IT system of the user. These data will only be used to obtain anonymous statistical information on the usage of the site and to check its proper operation and will be cancelled immediately after their processing. The above-mentioned data may be used to check responsibility in case of any hypothetical computer crimes against the site.
Personal Data provided voluntarily by the users
The discretionary, explicit and voluntary dispatch of e-mails to the address linked to this site and, in particular, the compilation of the form – in the section “Ask for information” – with insertion of personal data (name, surname, address, town, phone, e-mail) for specific requests, entail the subsequent acquisition of the sender’s address, that is needed to reply to inquiries, as well as any other personal data inserted in the form.
Specific summary information will be reported or displayed in the website pages devoted to specific services (newsletters, marketing, inquiries, bookings and payment) and, where needed in accordance with the regulations, the specific consents to the users’ personal data processing are requested.
In the website sections “Ask for Information” or, as an alternative, directly by sending a message to the e-mail address linked to the site, the User can write communications to the data Controller, by inserting in the form “message” any information that can contain data that can be classified as “special categories of personal and/or legal data” (see articles 9-10 Regulation). The data Controller emphasize from now on that they have no interest in collecting and storing, or even using, this type of personal data, unless strictly necessary for the performance of the activities related to the services requested.
At the time of order we collect your purchase data, including order number, details on the services that are purchased, details on payment method, delivery and billing addresses.
We collect the payment data that you give us for the execution of payment. These data include IBAN and BIC, namely the account number and bank code, credit card data. We receive further data on the payments from external payment management services and economic information services with which we cooperate in order to manage payments and verify solvency. We transmit to our payment management services only those data that are needed for the execution of payment. Payment data also include additional data directly related to the execution of payment and the solvency check. These include, for example, any data that the external services providers use for identification purposes, as for example your Paypal ID.
CONSEQUENCES OF REFUSAL TO PROVIDE DATA
Apart from what is indicated for the browsing data, the user is free to provide his personal data indicated in the form in the section “Ask for Information”. Failure to provide such data may make it impossible to obtain what is requested.
For the purposes of newsletters and marketing, the data Controller provides for the collection of the User’s consent in order to comply with the requirements of fairness and transparency. The party involved may at any time withdraw his consent to the processing of his personal data for the aforementioned purposes.
The data are processed mainly with electronic and IT tools and they are stored both on IT tools as well as on paper and any other suitable means, in compliance with articles 6, 32 of the GDPR and by adopting the appropriate safety measures to prevent the loss of data, illegal or incorrect usage and unauthorized access.
We inform you that, in order to provide a complete service, our portal may contain links to other websites, which are not managed by ourselves. Therefore we are not responsible for any mistakes, contents, cookies, publication of unlawful contents contrary to ethics, advertisements, banners or files that are not compliant with the regulations in force, and for the compliance with the Privacy laws by websites that are managed by ourselves to which reference is made. In order to improve our service we would appreciate an immediate notice of any failures, violations or suggestions to the address firstname.lastname@example.org
Your data will only be processed by personnel expressely authorised by the Data Controller.
PURPOSES OF THE DATA PROCESSING
The data will be processed for the following purposes:
- give the chance to access the public sections of the site;
- processing the requests for information on the services provided (guided tours, experiences, proposals);
- allow the purchases and the provision of the services offered;
- send periodic communications via the e-mail newsletter service;
- send periodic commercial and / or promotional communications through the direct marketing service managed directly by the data Controller by e-mail;
- carry out the obligations required by laws or regulations;
- allow constant monitoring of the effectiveness of the service proposed;
- monitor and analyse traffic data to keep track of user behaviour (most visited pages, number of visitors per time slot or per day, geographical areas of origin).
LAWFULNESS AND LEGAL BASIS OF THE PROCESSING
The data processings used to manage the periodic communications made through the newsletter and the direct marketing services are carried out with the specific consent of the user. The processings used for all the other aforesaid purposes are based on the fulfillment of legal and contractual obligations as well as on the legitimate interests of the data Controller.
PARTIES TO WHOM PERSONAL DATA MAY BE DISCLOSED
The personal data related to the processing under consideration can be disclosed also to parties which are granted the right to access Your personal data by law or secondary and / or community regulations. Your data may only be disclosed to competent parties duly appointed to carry out the services needed for a correct management of the relationship (for example, but not limited to: consortium and non-associated hotels, tour operators, insurance companies, event organasing committee), with guarantee of protection of the rights of the person involved. Furthermore some data may be communicated and disclosed to those Internet operators used by CONSORZIO TURISTICO INCOMING EXPERIENCE for their domains.
Your personal data will not be disclosed in any way.
DATA RETENTION PERIOD
We inform you that, in compliance with the law, limitation of purposes and minimisation of data, pursuant to article 5 of the GDPR, the period of retention of Your personal data is established for the period needed to carry out the services requested.
Reg.to UE 2016/679: Artt. 15, 16, 17, 18, 19, 20, 21, 22 – Rights of the Data Subject
1. The data subject has the right to obtain confirmation as to whether or not personal data concerning him exist, even if not yet recorded, and to have them communicated in an intelligible form.
2. The data subject is entitled to obtain the indication:
• of the source of the personal data;
• of the purposes and methods of the processing;
• of the logic applied in case of treatment with the aid of electronic instruments;
• of the identification data of the owner, of the managers and of the representative appointed in accordance with article 5, paragraph 2;
• of the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the territory of the State, managers or agents.
3. The data subject has the right to obtain:
• the update, the rectification or, when interested, the integration of the data;
• the deleting, the conversion into anonymous form or the blocking of data processed in violation of the law, including data whose retention is not necessary for the purposes for which the data were collected or subsequently processed;
• the certification that the operations referred to with the letters a) and b) have been brought to knowledge, also regarding their content, of those to whom the data were communicated or distributed, unless this requirement proves impossible or involves a manifestly disproportionate to the protected right;
• data portability.
4. The interested parties have the right to oppose, completely or partly:
• for reasons legitimate to data processing that concern the interested parties;
• personal data processing that concerns them for the pourpose of sending material regarding advertising, direct sales or research;
• market or commercial communication.
Furthermore, if the party involved considers that the processing of his data is against the regulations in force, he may lodge a complaint with the personal data protection Authority pursuant to art. 77 of the Regulation 2016/679.
In order to exercise the rights listed above, the party involved shall send a written request to the address email@example.com
THE DATA CONTROLLER
The data Controller is CONSORZIO TURISTICO INCOMING EXPERIENCE, Torino (TO), Via Berthollet 19 - 10125, represented by their pro tempore legal representative.
Cookies are a textual element which is put in the fixed disc of a computer or other device by the supplier of the online service to the visitors of the internet site. Cookies may collect information on the habits of the visitors about the use of the aforesaid Internet site, by recording the activities of their computer or other device referred to the above mentioned site, for example when making purchases.
COOKIES may be:
Owner cookies (or first-party cookies)
The owner cookies are cookies that are saved directly in the computer or any other device. They can include session cookies and persistent cookies (described below).
The owner cookies can be used to track the actions carried out by the computer or any other device of the user when visiting the website, for example for anaysis purposes.
The third-party cookies are cookies that are managed by third parties that can collect and track some browsing data. This site uses the Google Analytics service (described in browsing and statistical data collected by third parties)
The period of time that elapses from the moment when the Internet browser is opened and when it is closed is named the browsing session. Session cookies are cookies stored on the visitor’s computer or other device of the visitor during a navigation session, but that expire and are usually deleted at the end of a browsing session.
Persistent cookies are cookies stored in the visitor’s computer or other device after the end of the above mentioned browsing session, but that will remain in the computer or other device after the end of the above mentioned browsing session (for example password registration). The persistent cookies allow the websites to identify the computer or other device of the visitor when these are used to access again one of our websites, after the end of a browsing session and at the beginning of a new browsing session, mainly to help the visitor to reconnect quickly to our site.
This site, for technical reasons, uses the following types of cookies:
- technical and session cookies, for example to avoid that – where expected – the user needs to input the password multiple times to access the restricted sections of the website, or to store the language preference, or to store some technical features of the browser used for navigation (including acceptance of cookies).
- third-party cookies (Google Analytics) to monitor the statistics of access to this site (in aggregate).
Cookies can be restricted by changing the browser settings (guidance provided below):
For Internet Explorer:
Click “Tools” at the top of the browser window and select “Internet Options”.
In the “Options” window, select the "Privacy" tab.
To enable cookies, set the cursor to “Medium” or lower.
To block all cookies, move the cursor to the top.
Click "Tools" in the browser menu and select "Options".
Select the panel "Privacy".
To enable cookies, select “Accept cookies from sites”.
To disable cookies, uncheck "Accept cookies from sites ".
Click on the wrench icon in the browser toolbar
Click “Advanced settings ".
In the section "Privacy", click the button "Contents settings ".
To enable cookies in the section "Cookies", select "Allow local data to be set "; this will enable both first-party and third-party cookies. To enable first-party cookies only, select “Block all third-party cookies, with no exceptions”.
To disable cookies, in the section "Cookies" select “Block sites from setting any data”.
If it is not already open, start Safari.
Select Safari > Preferences, then click Privacy.
In the section "Block cookies", specify if and when Safari should accept cookies from Websites.
To see information on the options, click on the computer, then click Details.
If you wish to see which Websites store cookies on the computer, click Details.
For all other browsers and mobile devices:
To restrict cookies on any other browsers or on a mobile device please visit the official Webpage of the browser or device manufacturer or check the documentation provided by them.
For more information on cookies and their use, visit:
All About Cookies.org www.allaboutcookies.org
BROWSING AND STATISTICAL DATA COLLECTED BY THIRD PARTIES
As a common practice with Internet, this site uses statistical analysis tools provided and managed by third parties that can collect and “track” some browsing data.
The tools belonging to third parties used in this site are as follows:
- Google Analytics and Google Maps (both provided by: Google Inc. 1600 Amphitheatre Parkway - Mountain View CA 94043, USA)
INFORMATION ABOUT GOOGLE ANALYTICS
If you do not want your data to be collected by Google Analytics, you can also download the official “opt out” plugin for your browser, by clicking here.
Any queries regarding the data related to this data processing information shall be addressed to the data Controller (Google Inc.).
Authentication Operator OPERATORS