Pursuant to Legislative Decree No. 196 adopted on 30th June 2003 (“Data protection Law”), and subsequent amendments, we hereby supply you all due information about the processing of your personal data provided during your browsing activity on this website. This privacy statement applies exclusively to this website. Such statement does not apply to the other websites that the user may consult via links on the websites under the Data Controller’s domain name. Valtur S.p.A. (Sole-Shareholder Company) shall not be held liable under any circumstances for third parties’ websites. Such information has been provided according to L. Decree 196/2003, Section 13 as well as pursuant to the Recommendation 2/2001 on certain minimum requirements for collecting personal data on-line in the European Union, adopted on 17 May 2001 by the Working Party 29, the independent EU Advisory Body on Data Protection and Privacy that has been established by Directive 95/46/EC, Section 29. Namely, this Recommendation states what are that information that Data Controller shall supply to the User while visiting the website. Finally, this information is supplied in accordance with Directive 2002/58/EC, as further amended by Directive 2009/136/EC about cookies.
1. DATA CONTROLLER, under Legislative Decree no. 196/2003, Section 28, is Valtur S.p.A. (Sole-Shareholder Company), with its registered office in Milan (MI), at Via Conservatorio 15, 20122 duly represented by its authorized person. DATA PROCESSOR, under Section 29 of the aforementioned law is inter alia Valtur S.p.A.’s Group General Counsel.
PLACE OF DATA PROCESSING
Data Controller processes your data at its registered office. Your data may be processed either by Data Controller’s outsourcing service providers at their registered office.
2. CATEGORIES OF PROCESSED DATA
Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, e-mail phone number.
During their ordinary course of operation, the IT systems and software procedures required to run this website acquire certain Personal Data, whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified Data Subjects but, by its very nature, it could enable identification of the users through the processing and matching of data held by third parties.
This data category includes IP addresses or domain names of computers used by the users who visit the site, as well as the URI addresses (Uniform Resource Identifier) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file received in reply, the numerical code indicating the status of the reply from the server (done, error, etc.) and other parameters related to the operating system and the IT environment of the user.
Data provided on a discretionary basis.
If you send e-mails to the addresses enlisted in such website and/or if you fill the data collection forms, your personal data will be processed in order to reply to your request as well as supply you with the due services.
Personal data of children. Children may not give their personal data. Data Controller may not be held liable in case of any false statements made by children. Anyway, Data Controller will immediately erase such statements, if proven to be false, and consequently the relevant personal data together with any material acquired in accordance with L. Decree 196/2003, Sections 7, 8, 9 e 10.
Third-Party data. If you supply us with personal data belonging to third parties (relatives and interested parties in general), please be sure that those third parties have been correctly informed and consented to the processing of their personal data, if required in compliance with this policy statement.
PNR – Passenger Name Record
According to Opinion 2/2007 on information to passengers about transfer of PNR data to US authorities and related Annex 1 Short notice for travel between the European Union and the United States and further amendments issued by by Data Protection Working Party; as well as in light of the Directive (EU) 2016/681 of the European Parliament and of the Council on the use of PNR data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime, adopted on April 27th 2016; and finally, with respect to the Agreement between the United States of America and the European Union on the use and transfer of Passenger Name Records to the United States Department of Homeland Security (DHS), approved by Council with a decision adopted on April 26th 2012, (i) carriers operating passenger flights between the European Union and the United States as well as (ii) carriers incorporated or storing data in the EU and (iii) operating passenger flights to or from the United States shall transfer to the DHS Passenger Name Records (“PNR”) data about passengers flying between the European Union and the United States. PNR data is related to the information provided by passengers and collected by air carriers during the reservation and check-in procedures (i.e. name, dates of travel and travel itinerary, ticket information, address and phone numbers, means of payment used, credit card number, travel agent, seat number and baggage information). Furthermore, PNR may include sensitive data (i.e. information revealing racial or ethnic origin, political opinions, data concerning health etc.). DHS processes such data in order to ensure security and to protect the life and public safety. Moreover, DHS retains PNR in an active database for up to five years and later transferred in a dormant database for a period of up to ten years. Whereas, data that are related to a specific case or investigation may be retained in an active PNR database until the case or investigation is archived. Anyway, you can get more information on request from your airline or travel agent.
3. PURPOSES OF DATA PROCESSING WITH SPECIFIC CONSENT WHEN NEEDED (pursuant to D.LGS. 196/03, Section 23)
Data Controller processes your voluntarily provided data for the following purposes:
A) – browsing activity on this website;
– reply to your requested information/ quotations and/or contact us sent by filling the relevant data collection form;
– send you promotions and information in reply to your request by filling the relevant data collection form;
– fill the form in order to buy or to book on- line and consequently with respect to the carrying-out of the relevant administrative and accounting services. Namely, your personal data will be processed for those purposes related to the carrying out of organizational, administrative, financial and accounting services regardless of the category to which they belong.
– reply to your request sent by filling the form in the specific careers area of this website.
Additional specific policies are available or directly displayed in their relevant areas and in accordance with those specific services offered upon request.
B) – direct marketing: Data Controller may send you advertising materials, direct sale materials, market surveys and commercial information, through electronic means, such as e-mail, SMS (Short Message Service), instant messages, as well as through mails and the like.
Your data are recorded in a CRM database. In order to compare the marketing communication results and improve them, Data Controller may use automated means to send newsletters and advertising communications with a related report. Through these reports, Data Controller may access to any information such as: readership, information on a lead’s behaviour, the number of openings, clickers, and clicks; through which operating system and device the user reads marketing communication; any further details about the emails effectively sent, those that have been received or not received and the forwarded emails. Data Controller processes such data aiming at comparing the marketing communication results and potentially improve them.
4. MEANS OF DATA PROCESSING – DATA RETENTION
Personal data will be processed by electronic, automated and/or manual instruments through means and tools that may ensure the utmost security and confidentiality, by authorized persons in compliance with those requirements provided by D. Lgs. 196/03, Section 31 and subsequent. Your personal data will be kept for a period not exceeding the purposes for which the data have been collected and subsequently processed.
5. COMMUNICATION AND DATA DISCLOSURE
Your processed data will be kept confidential and will not be communicated or disclosed to any other person or legal entity except those companies contractually bound to Valtur S.p.A. (Sole-Shareholder Company), based in EU countries in compliance with and within the limits set out by L. Decree n. 196/2003, Section 42. Such data may be transferred to extra-EU countries in compliance with and within the limits set forth in L. Decree n. 196/2003, Sections 43 and 44 lett. b) aimed at the fulfillment of any contractual obligations and/or related purposes. Your data will be disclosed to third parties belonging to the following categories: – third-party companies providing IT and network services to Valtur S.p.A. (Sole-Shareholder Company), including email service; – any third-party consultants; – any banking and financial institutions, insurance companies covering on-line sales; – any competent authorities as prescribed by the applicable law, as recognized/enforced by any decisions or upon request; – with respect to the carrying-out of administrative and accounting services, your data may be disclosed to any companies specialize in business information, credit rating, solvency assessment and creditworthiness and/or to those specialize in debt collection. Such third parties are appointed Data Processor themselves otherwise they may operate as independent Data Controller. Appointed Data Processors are enlisted in a document that is constantly updated and available at Valtur S.p.A. (Sole-Shareholder Company), based in Milan at Via Conservatorio 15, 20122.
6. NATURE OF THE CONSENT- REFUSAL
Except for what pertains to browsing data, you may provide your personal data on an optional and discretionary basis although it may be necessary to avail of the offered services and their relevant execution. However, failure to provide such data may affect your ability to use those services. With respect to the “contact form” you shall fill in the fields with * otherwise, you can not send your requested information and have a prompt reply as referred to those purposes stated at paragraph letter a). However, failure to provide such data may affect your ability to request any information. You may provide your personal data on an optional and discretionary basis with respect to paragraph letter B). The refusal to consent to such processing will not affect the ability to avail of the services stated in paragraph letter A).
You may freely exercise your rights at any time under Legislative Decree no. 196/2003, Sections 7, 8, 9 and 10 by contacting the Data Controller or Data Processor, at the following phone number 02 30099811 or by sending an e-mail to email@example.com You have the right, at any time, to obtain from the Data Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to personal data, verify their accuracy or request their rectification or erasure (please refer to D. Lgs. 196/2003, Section 7). For the purposes of such applicable law, you may demand the restriction of processing of personal data concerning the data subject, their pseudonymization or to object to such processing.
If you do not wish to receive anymore advertising and commercial direct marketing communications through e-mail, SMS, instant messages and the like, you may unsubscribe, at anytime, by sending an e-mail to firstname.lastname@example.org with sub. “unsubscribe from automated direct marketing communications” or by clicking the link unsubscribe form newsletter, so that you will not be bothered anymore. If you do not wish to receive anymore marketing mails or operator-assisted calls you may send an e-mail to email@example.com with sub. “unsubscribe from manual direct marketing communication” so that you will not be bothered anymore. If you do not wish to receive anymore communications at all you may send an e-mail to firstname.lastname@example.org with sub. “unsubscribe from marketing” at any time so that you will not receive any kind of advertising materials, direct sale materials, market surveys and commercial information.
Data Controller reserves the right to amend, update, add or remove any part of the current privacy statement at his own discretion and at any time. Please refer to this privacy statement regularly to review the updated version. In order to make this review easier for you, our privacy statement will outline the last update. Your use of the website signifies and constitutes your assent to and acceptance of the revised privacy statement.
8. SOCIAL LOGIN
Social Login is a form of single sign-on using existing information from a social networking service to sign into a third party website by sharing basic social account information. For example, User may use social login to rapidly sign into a third-party website or to take part in a competition or to buy on-line. In short, with prior user’s consent, the social network will share user’s personal data needed to login into a third-party website, without filling the registration form.
For any further information according to L. Decree 196/2003, Section 13, please refer to Third-Party policies hereinbelow mentioned where you can find a link to the policies and, if provided, give you the option to either provide or refuse your consent:
Facebook social login: https://developers.facebook.com/docs/plugins
Twitter social login: https://support.twitter.com/articles/20170519#
Google account login: https://www.google.com/policies/privacy/
Last update: 20.02.2017
Data Controller is Valtur S.p.A. -a sole shareholder company-.