PERSONAL DATA POLICY IN ACCORDANCE WITH ARTICLES 13 e 14 REG. UE 2016/679 SITE USERS
In accordance with Reg. UE 2016/679 (hereinafter “Regulation”), the Data Controller provides the personal data policy referred to the data provided when a user (hereinafter “User”) visits the web site or social network pages (hereinafter “Site”).
1. Data controller
Data Controller (hereinafter “Controller”): Puglia Cycle Tours S.r.l.
Data controller information: Via San Giacomo 20, 70017 Putignano (BA), PIVA/CF 07973400729
Contact details: Estramurale a Levante 146, 70017 Putignano (BA), TEL +39 080 205 11 87; EMAIL marketing@pugliacycletours.com; PEC pugliacycletours@pec.it
2. Types of personal data collected.
The types of personal data collected and processed by the Controller especially are: biographical data, contact data, technical data (which includes IP address, login data, type of device, operating system and platform, browser language), data that User freely provides to Controller for his requests, usage data (data about how User uses the Site).
To be able to respond to User requests sent throw the forms on Site or to supply the requested services, Users must provide the data marked with appropriate symbols in forms. For the same aims, some personal data are automatically collected when using the Site (for ex. IP address). The provision of all the other data is not required and it doesn’t compromise the supplying services.
In particular:
a. When User contact Controller to obtain general information
When User contact Controller to obtain general information, the Controller may especially process biographical data, contact data, data that User freely provides for his requests.
b. When User subscribes to the newsletter service
When User subscribes to the newsletter service to receive updates about news, discounts, and advice from Controller, the Controller may especially process biographical data, contact data (e-mail address).
c. When User surf the Site
When User surf the Site, for ex. if he decides to subscribe to the community of Controller on the social media, the Controller may especially process biographical data, contact data, technical data ((which includes IP address, login data, type of device, operating system and platform, browser language), usage data.
d. To fulfil legal obligation
To fulfil legal obligation, the Controller may especially process biographical data, contact data, technical data ((which includes IP address, login data, type of device, operating system and platform, browser language), usage data.
e. When Controller has to defend or act in court
When the Controller has to defend or act in court, he may especially process biographical data, contact data, technical data (which includes IP address, login data, type of device, operating system and platform, browser language), data that User freely provides to Collector for his requests, usage data.
3. Purposes and legal basis for the processing
a. The personal data collected are processed, with automated and non-automated methods, for the following purposes and on the legal basis indicated below.
a.1 Purpose: fulfil legal obligation – Legal basis: Processing is necessary for compliance with a legal obligation to which the controller is subject (art. 6, 1, c, Regulation)
a.2 Purpose: Site management or provision of requested service – Legal basis: Processing is necessary for the performance of a contract to which the data subject is party (art. 6, 1, b, Regulation)
a.3 Purpose: Site security and functionality – Legal basis: Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (art. 6, 1, f, Regulation)
a.4 Purpose: Request management – Legal basis: Processing is necessary for the performance of a contract to which the data subject is party (art. 6, 1, b, Regulation)
a.5 Purpose: Litigation management – Legal basis: Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (art. 6, 1, f, Regulation)
b. Lastly, some personal data might be processed, with automated and non-automated methods, for further optional purposes. The Controller doesn’t need these data for subscription or to provide the requested service.
b.1 Purpose: Controller’s newsletter service – Legal basis: Consent (art. 6, 1, a, Regulation).
4. Categories of recipient
In connection with previous purposes, the Controller may communicate personal data collected to the following categories of recipient: Public bodies, public authorities; advisers and consultants; companies or organizations which provide services for the controller (for ex. IT service, or marketing service).
5. Data disclosure
Personal data will be not transfer.
6. Data transfer
The Controller may transfer personal data to third countries for ancillary reasons connected to previous purposes. If personal data will be transfer outside the European Union recipients, it will be adopted all the cautions imposed by the Regulation, and any transfer of personal data shall be based on: an adequacy decision; appropriate safeguards; binding corporate rules.
7. Data retention
Personal data will be processed by the Controller: (i) for no longer than is needed for the purposes of the contract although further retention required by law for the purpose under 3.a, that is up to 10 years from last registration; (ii) up to the expiration of the term for legal action for purpose under 3.a.5; (iii) for 5 (five) years from provision of consent for purpose under 3.b.1, except withdraw.
8. Rights of the data subject
User is entitled to exercise the following rights at any time: right of access, right to rectification, right to erasure; right to restriction of processing, right to object, right to data portability, right to withdraw the consent.
To exercise any of the above rights, User has to contact the Controller by writing to the contacts under point 1.
User has also the right to lodge a complaint with the supervisory authority of the State where he lives, work or where the violation appends (in Italy, Data Protection Authority) if he believes that the processing of his personal data by the Controller is in violation of the Regulation or applicable law.
Latest release 07/08/2023
