Pursuant to Regulation (UE) 2016/679 and subsequent domestic legislation passed to comply with the GDPR, Parma Incoming S.r.l., as the Data Controller, wishes to inform data subjects that their personal data shall be processed lawfully, correctly and transparently, in accordance with the procedures and for the purposes illustrated below.
1. The DATA CONTROLLER is Parma Incoming S.r.l. Via Abbeveratoia 63/a 43126 – Parma, Italy - Tel. 0521 298883 Fax 0521 298826 - email: firstname.lastname@example.org - https://www.parmaincomingtravel.it/
2. DATA PROTECTION OFFICER (DPO) Parma Incoming S.r.l. has appointed its own DPO, who can be contacted by email at email@example.com
3. PURPOSES AND LEGAL BASIS OF DATA PROCESSING
The personal data provided shall be processed for the following purposes:
- fulfilment of requests received via forms contained on the website (e.g. “request information or book”, “information on MICE and conventions”).
- necessary processing in the context of a contract or for the purposes of entering into a contract and related accounting and pre-contractual activities; in this particular case, for institutional purposes, associated with and instrumental to your activities, in fulfilment of legal obligations of a contractual, statutory, accounting and tax nature. The processing of personal data required to fulfil said obligations is necessary for the correct management of the relationship, and the transfer of such data is necessary in order to fulfil the aforementioned requirements. The legal basis of the processing lies in the execution of a contract or of pre-contractual provisions, or in the legitimate interest of the Data Controller.
- marketing and communication in the context of the joint control agreement signed between Parma Incoming S.r.l. and Ascom Parma Confcommercio, Seacom S.r.l. and S.T.S. Centro Assistenza Tecnica S.r.l. (hereinafter the “Ascom Group”), such as the sending of newsletters, information, promotional, commercial and advertising material relating to offers of services and/or events and initiatives, via email or other means, including by telephone and/or by post. The legal basis of the processing lies in the expression of consent by the data subject. Failure to provide personal data will result solely in the impossibility of receiving commercial information.
4. RECIPIENTS OR CATEGORIES OF DATA RECIPIENTS
The personal data provided by you will be communicated to recipients, who will process the data acting as Data Processors (Article 28 of Regulation (EU) 679/2016) and/or as natural persons acting under the authority of the Data Controller and the Data Processor (Article 29 of Regulation (EU) 679/2016), for the purposes listed above. Specifically, the data will be communicated to: the Ascom Group; - suppliers cooperating with the data controller (e.g. hotels, restaurants); - subjects that provide services for the management of the information system and communication networks (including email); - agencies or firms for consultancy or assistance purposes; - authorities responsible for enforcement of compliance with the law and/or provisions of public bodies, upon request; - in case of administrative-accounting purposes, the data may be transmitted to companies providing business information for the assessment of solvency and payment behaviour and/or to subjects for purposes of credit collection.
The list of Data Processors is constantly updated and can be accessed by writing to firstname.lastname@example.org or at Parma Incoming's registered offices, located at Via Abbeveratoia 63/a 43126 – Parma, Italy.
5. TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY AND/OR AN INTERNATIONAL ORGANIZATION AND SAFEGUARDS
The personal data provided may be transferred to countries belonging to the European Union and to countries outside the EU, in order to comply with the aforementioned purposes.
The data will be transferred according to Article 44 - General principle for the transfer; Article 45 - Transfer on the basis of an adequacy decision; Article 46 - Transfer subject to appropriate safeguards, and specifically the data will be transferred:
- to third countries or international organizations regarding which the Commission has carried out an adequacy assessment (Article 45 of Regulation (EU) 679/2016)
- to third countries or international organizations that have provided adequate safeguards and on condition that enforceable data subject rights and effective legal remedies for data subjects are available (Article 46 of Regulation (EU) 679/2016, also with contractual clauses and the other provisions referred to in Article 46, paragraph 3)
- to third countries or international organizations on the basis of binding corporate rules for companies belonging to the same business group (Article 47 of Regulation (EU) 679/2016)
- to third countries or international organizations on the basis of derogations for specific situations (Article 49 of Regulation (EU) 679/2016)
The data subject can obtain information about data transfer safeguards by sending an email email@example.com
6. PERIOD OF DATA STORAGE OR CRITERIA FOR DETERMINING THE PERIOD
The processing will be carried out by automated means and manually, with methods and tools aimed at guaranteeing maximum security and privacy, by subjects specifically appointed to do so.
In compliance with the provisions of Article 5, paragraph 1, letter e) of Regulation (EU) 2016/679, the personal data collected shall be stored in a form that allows the data subjects to be identified for a period of time that does not exceed that necessary to fulfil the relevant purposes, and in accordance with the obligations of law (purpose “a”); if consent is given, for 10 years or until consent is withdrawn (purpose “b”).
7. COOKIES AND INTERACTION WITH OTHER WEBSITES
When surfing the web, information is collected that may enable the identification of the user. Such information is anonymous but may, due to its nature, through processing and associations, enable users to be identified. These data may be used to perform static processing of browsing behaviour.
For more information, users are invited to read the cookies policy published on the company website.
Through links present on the website, it is possible to visit the different internet pages; the links to different web portals are not subject to the control of the Data Controller who, in particular, has no control over the relevant cookies used.
8. RIGHTS OF THE DATA SUBJECTS
You have the right, at any time, to obtain from the Data Controller access to your personal data (Article 15), to rectify it (Article 16), erase it (Article 17) or restrict processing of it (Article 18). You have the right to withdraw your consent at any time without prejudice to the lawfulness of processing based on the consent given prior to its withdrawal.
You can assert your rights as established by Regulation (EU) 2016/679 by contacting the Data Controller, sending an email to firstname.lastname@example.org or writing to the headquarters of the Data Controller indicated above.
You have the right to lodge a complaint with a supervisory authority.