Privacy Policy in accordance with art. 13 GDPR
Helloveneto - Gentes T.O. by Cogo Paolo, with registered office in Barbarano Mossano (VI), via IV Novembre n. 18, ZIP code 36048, is the Data Controller for all personal data provided while browsing the site www.slow-flow.it (the “Site”). In this Policy we will also refer to you as "Data Subject", i.e. person to whom the collected personal data refer.
The Data Controller appointed a DPO (or "Data Protection Officer"), contactable at: info@gentesviaggi.it.
If you have any doubts about the use of your data or if you wish to exercise your legal rights, you can write to: info@gentesviaggi.it.
For the data sent via the forms or by e-mail to the addresses indicated on the Site, the subject belonging to the ATI/ATS, which also includes Helloveneto-Gentes, to which the requests will be addressed, will be configured as Data Controller. The complete list of Data Controllers is available at the following link: https://slow-flow.it/chi-siamo/
Each Data Controller process your personal data for the purposes indicated on the specific form and/or to answer specific requests, in the manner set out in this policy.
Which data do we process?
The following personal data are collected through the Site:
Browsing data:
The Site's systems collect certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with you, but by its very nature could, through processing and association with data held by third parties, allow you to be identified. Among these are:
• IP address;
• URI (Uniform Resource Identifier) of the requested resources;
• the time and date of interaction with the Site;
• the type of operating system, browser used, screen resolution and other technical information about the device being used.
– Data communicated voluntarily:
The data that you communicate must refer to you or to third parties who have expressly authorized you to confer them and in this case, with the communication, you assume the related obligations and responsibilities.
How is your data processed?
Personal data are processed by informatic and/or telematic means, with organizational methods and logics strictly related to the purposes listed below.
Specific security measures are observed to prevent data loss, unlawful or incorrect use and unauthorized access.
For all occasions when the Data Controller processes your data, there is a legal basis that legitimizes the processing.
Sometimes your consent is required to process personal data. Other times, when the law allows it and subject to the respect of your fundamental rights, the Data Controller is not obliged to ask for your consent to process the data. This is the case when the data is processed for a legal obligation or following your request, which you have made by contacting the Data Controller and/or requesting certain services.
Providing data whose legal basis is consent is always optional, while in other cases failure to provide data may make it impossible to reply to your request or fulfil a legal obligation to which the Data Controller is bound.
At the end of the retention period, the personal data collected will be irreversibly deleted or anonymized.
PROCESSED DATA | PURPOSES | LEGAL BASIS |
DATA RETENTION PERIOD | ||
Navigation data: | 1) managing the Site and its navigation by the user; 2) evaluating how the user uses the Site; evaluating user preferences in navigating the Site and its sections; to properly maintain the Site in compliance with applicable legal obligations; ascertain and prosecute any unlawful conduct committed to the detriment of the Data Controller or of the users. | 6.1.b GDPR – Contract or pre-contractual measures Retention period For the technical time necessary to pursue the purposes for which the data were collected. The Data Controller may be obliged to retain personal data for a longer period to comply with a legal obligation or by order of an authority. |
Data provided in the "Let's start planning your event" form: - Name - e-mail address – data contained in the message | 1) to answer your general inquiries; 2) to forward your enquiry to the most suitable ATI/ATS member to respond to you; 3) to send you offers tailored to your interests. | 6.1.b GDPR – Contract or pre-contractual measures Retention period For the technical time necessary to pursue the purposes for which the data were collected. The Data Controller may be obliged to retain personal data for a longer period to comply with a legal obligation or by order of an authority. |
Data provided in the “Write us” form: - Name - e-mail address – data contained in the message | 1) to answer your general inquiries; 2) to forward your enquiry to the most suitable ATI/ATS member to respond to you; 3) to send you offers tailored to your interests. | 6.1.b GDPR – Contract or pre-contractual measures Retention period For the technical time necessary to pursue the purposes for which the data were collected. The Data Controller may be obliged to retain personal data for a longer period to comply with a legal obligation or by order of an authority. |
Data entered in the "Send a booking request" form: - first name and last name - e-mail address - mobile phone number – data contained in the message | 1) to answer your requests; 2) to offer you a customized tourist experience tailored to your needs. The data provided in this form will be processed by the subject offering the selected experience. | 6.1.b GDPR – Contract or pre-contractual measures Retention period For the technical time necessary to pursue the purposes for which the data were collected. The Data Controller may be obliged to retain personal data for a longer period to comply with a legal obligation or by order of an authority. |
Data contained in e-mail communications sent to the addresses indicated on the Site: | 1) to answer your requests. | 6.1.b GDPR – Contract or pre-contractual measures 6.1.c GDPR – Legal obligation Retention period For the technical time necessary to pursue the purposes for which the data were collected. The Data Controller may be obliged to retain personal data for a longer period to comply with a legal obligation or by order of an authority. |
Data collected by cookies: | 1) in the case of technical cookies, to enable certain sections of the Site to function properly; 2) in the case of analytical cookies, the data collected with your prior consent will be used to keep track of your visits to the Site and how you have used it, so that we can improve our services; 3) if they are profiling cookies, the data collected with your prior consent will be used to show you advertisements of interest to you on this Site and other companies' sites; if you do not accept them, you may still see advertisements, but not related to your interests. | 6.1.b GDPR – Contract or pre-contractual measures (Purpose n. 1) 6.1.a GDPR – Consent (Purpose nn. 2 e 3) Retention period Until the end of each session or until the end of the retention period expected for each type of cookie, unless consent is withdrawn as specified in our Cookies Policy. |
Underage users
Is the data shared with other subjects?
The personal data provided will not be disseminated, i.e. they will not be disclosed to unspecified subjects.
However, the data may be communicated to subjects defined by the Data Controller for the purposes indicated, appointed, if necessary, as Data Processors by the Data Controller. By way of example but not limited to, the following may have access to the data:
- those authorized by us to process the data, who have committed themselves to confidentiality or are under an appropriate legal obligation of confidentiality;
- those involved in the maintenance of the Site, our subcontractors and legal or tax consultants, in their capacity as autonomous Data Processors or Data Controllers;
- public authorities, where required by law or at their request.
If you accept third party cookies, the data collected from them will be shared with the parties listed in our Cookies Policy.
The updated list of Data Processors can always be requested from the Data Controller.
The Site incorporates some links to social network accounts of the Data Controller and to the websites of third parties, in order to allow easy access to the contents disseminated through them. These are merely links to such sites and no data is communicated to these platforms through the Site. Cookies can only be activated, if so provided by the external site, when you click on the relevant icons. Please note that if you navigate on the Site while logged into the social network or other providers' sites, then you have already consented to the use of cookies conveyed through this Site. The collection and use of information by third party sites and social networks is governed by their privacy policies, to which you should refer.
Which are my rights as Data Subject?
We will always ensure you control over your personal data.
In particular, you have the right to:
- request information about your personal data processed by the Data Controller and request a copy of them in a structured, readable format;
- not to be subjected to automated decisions, if you do not consent to them;
- ask the Data Controller to correct any data relating to you that is incorrect, to delete it or to use it only for certain purposes;
- withdraw any consent given.
Please note, however, that in certain limited cases we will not be able to fulfil your requests, such as in the event that we are prohibited from doing so by law or by order of an Authority.
The aforementioned rights may be exercised by written communication to be sent by e-mail to the address of the Data Controller.
If you have given your consent for certain processing, you may revoke it at any time, without prejudice to the lawfulness of the processing for the period prior to the withdrawal.
In any case, you have the right to lodge a complaint with the competent supervisory authority if you believe that the processing of your personal data is contrary to current legislation.
Where is my data stored?
Your data will only be processed within the European Economic Area. It is possible that some of our suppliers, in their capacity as Data Processors, also store data in third countries, which, however, guarantee an adequate level of protection of the rights of the Data Subject by virtue of compliance with one or more of the conditions set out in Articles 45-47 of the GDPR. Data collected through third-party cookies may be transferred to third countries in accordance with what is indicated in our Cookies Policy and in the privacy policies of the third parties. We acknowledge, however, that in cases where the service providers are US companies, US government authorities may have access to such data, if the conditions provided by law are met.
How will I be informed of any changes to this Policy?
The Data Controller will update this Policy when it considers it necessary. If there are material changes, in particular with respect to the purposes for which we use your personal data, we will notify you by e-mail, to the address you may have provided, or by means of a notice on the Site.
