INFORMATION ON THE PROCESSING OF PERSONAL DATA
of our Web site users in line with article 13 of EU Regulation 2016/679
WHY PROVIDE THIS INFORMATION?
In accordance with EU Regulation 2016/679 (heretofore “Regulation”), this document describes the modalities of the way that we process the personal data of those who consult the web sites of our Company, Avi Srl accessible electronically at the following addresses: https://www.avitravel.com/
This information does not apply to any other online sites, pages or services accessible through text-to-text links that might be posted on the site with reference to resources outside the domain of the Company, Avi Srl.
DATA PROCESSING CONTROLLER
Avi Srl, Via Fuorimura 20, 80067 Sorrento (NA), VAT N° 01501111213, Tel. +390818070111, email: incoming@avitravel.com
LEGAL BASIS FOR DATA PROCESSING
Personal data pertaining to the User is processed by the Controller when:
The User has provided consent for one or more specific purposes; Note: in some jurisdictions, the Controller might be authorised to treat personal data without the consent of the User or on another legal basis, specified below, as long as the User does not oppose (“opt-out”) of such processing. In other words, EU legislation does not yet regulate the processing of personal data in terms of protection;
Processing is necessary to the execution of a contract with the User and/or to the execution of pre-contractual measures;
Processing is necessary to meet a legal obligation of the Controller;
Processing is necessary so that the Controller can execute a mission in the public interest or carry out a public function;
Processing is necessary for the pursuit of legitimate interests of the Controller or of third parties.
It is, nevertheless, possible to ask the Controller to clarify the specific legal basis for each processing of data, and, especially, to specify if the processing is based on legislation, provided for by a contract or necessary for the conclusion of a contract.
TYPE OF DATA PROCESSED AND WHY
Browsing data
Computer systems and software used by this site acquire, in the course their normal function, some personal data that need to be transmitted in order to use Internet communications protocols. This category of data includes IP addresses or domain names of the computers and terminals employed by Users, Uniform Resource Identifiers/Locators of the requested resources, time of the request(s), method used to send request(s) to the server, file(s) size obtained as a result, code number indicating the status of the server’s response (good, ends, error etc.) and other parameters relative to the operating system and computing environment of the User. This data, necessary for the use of the Web, also are processed in order to: obtain statistical information on the use of Web services (most visited pages, number of visitors by time period or by day, geographic area of provenance, etc.) and to check that services offered function correctly. Browsing data do not last for more than seven days and are cancelled immediately after their collection (except when needed by judicial Authorities to verify crimes).
Data communicated by the User
The optional, explicit and voluntary transmission of messages to the contact addresses of the Controller, as well as the compiling and forwarding of the forms on the sites of the Controller, entail the acquisition of the sender’s contact details, necessary for a response, as well as all the personal data included in the communications. Specific information will be posted on the pages of the Controller’s sites, intended for the supply of certain services. The site contains various forms to collect Users’ data. Each form is intended to allow the User to access specific services.
Users should pay particular attention to the request for consent, bearing in mind that any consent given may always and at any time be revoked by the Users themselves, using the Controller’s email address and indicating “Re: Privacy” in the subject line of the email.
DATA SUBJECT RIGHTS
As a data subject, you may, at any time, exercise your rights vis à vis the Processing Controller, in line with article 15 of the General Data Protection Regulation (GDPR), EU 2016/679:
i. obtain confirmation of the existence, or not, of your personal data, even if not yet registered, and have them communicated in intelligible form;
ii. obtain an indication of the: a) origin of this personal data; b) processing purpose and modality ; c) reason(s) for processing effected with the help of electronic instruments; d) identity of the Processing Controller, those responsible and the representative designated in line with article 3, paragraph 1, GDPR; e) subjects or categories of subjects to whom the personal data could be communicated or who could come to know it as designated representatives of the State, those responsible or in charge;
iii. obtain: a) an update, rectification or, when appropriate, integration of the data; b) cancellation, transformation into anonymous form or blockage of data processed in violation of the law, including those collected or subsequently processed; c) declaration that the operations effected on data, as of a) and b), have been made known, along with their content, to those to whom the data has been communicated or distributed, except when this appears to be impossible or requires the use of means obviously disproportionate to the protection of the Data Subject’s rights;
iv. oppose, entirely or in part: a) for legitimate reasons the processing of his/her personal data, even though pertinent to the purpose of the collection; b) processing of his/her personal data for the purpose of transmitting advertising material, direct sales, market research, commercial communications by the use of automated calling systems without the intervention of an operator, by email and/or by traditional marketing methods using telephone and/or paper sent by mail. Please note that the Data Subject’s right to opposition, described in point b) above, for purposes of direct marketing by automated means, extends to traditional means as well, and that it is still possible for the Data Subject to exercise his/her right to opposition only in part.
Consequently, the Data Subject may decide to receive communication solely by traditional means, or, solely by automated means, or even by neither one of these two types of communication.
Where applicable, you also have other rights under articles 16-21 of the GDPR:
– Right to rectification (art. 16);
– Right to cancellation – Right to erasure (“right to be forgotten”) (art.17);
– Right to restriction of processing (art. 18);
– Obligation to be notified in case of rectification or cancellation of personal data or restriction of processing (art. 19);
– Right to the portability of data (art. 20);
– Right of opposition (art. 21);
– Right to revoke, at any time, previously expressed consent to the processing of personal data;
– Right to file a claim with the Guaranteeing Authority.
RESPONSIBILITIES OF THE PROCESSING CONTROLLER
Facilitate the protection of personal data at the time of planning a processing system to protect data safety (PRIVACY BY DESIGN)
Take security measures, evaluating, in advance, any risks that could be generated by the processing system
Guarantee the transparency of data flows and processing systems
Intervene promptly in case of data breaches
Establish roles and responsibilities for every processing phase
For further information and to exercise your rights under the European Regulation, please go to Processing Controller, who, for purposes if the law, is Avi Srl, Via Fuorimura 20, 80067 Sorrento (NA), VAT N° 01501111213, Tel. +390818070111, email: incoming@avitravel.com
HOW TO EXERCISE YOUR RIGHTS AS A DATA SUBJECT
Articles 11 and 12 of the Regulation establish, in a general way, the modalities for the exercise of Data Subjects’ rights. The deadline for a response to the Data Subject is, for all rights (including the right to access), one (1) month, extendable to three (3) months in particularly complex cases; in any event, the Controller must reply to the Data Subject within one (1) month of the request, even in case of refusal.
The Controller must evaluate the complexity of the response to the Data Subject and establish the amount of any compensation that might be required, but only if the request is clearly unfounded or excessive (even repetitive) (art. 12.5), contravening the provisions of art. 9, paragraph 5, and 10, paragraphs 7 and 8, of the Regulation, or if more “copies” of personal data are requested, e.g. in the case of right to access (art.15, paragraph 3); in this case, the Controller must allow for administrative costs incurred. Normally, the response to the Data Subject should be delivered in writing and by digital means that facilitate accessibility; oral response is possible only by request of the Data Subject his/herself (art.12, paragraph1; see also art. 15, paragraph 3).
Exercise of rights is, in principle, gratis for the Data Subject, but there can be exceptions. The Controller has the right to ask for the information necessary to identify the Data Subject, who, in turn, has the obligation to supply it, by identical means (see, especially, art. 11, paragraph 2 and art. 12, paragraph 6).
RIGHT TO CLAIM
Data Subjects who consider that this site has processed their personal data in violation of the provisions of the Regulation have the right to file a claim with the Guarantor, as provided by art. 77 of the Regulation itself, or to appeal to the appropriate judicial authorities (art. 79 of the Regulation).
MODIFICATION OF THE POLICY
The Processing Controller reserves the right to modify this policy at any time, providing Users with the modifications on this page. Users, therefore, are requested to consult this page often, taking the date of the last modification, indicated on the bottom of the page, as a reference. In the event that he/she does not accept a modification to this Privacy Policy, the User must stop using this Web site and may ask the Processing Controller to remove his/her personal data from it. Until further notice, this Privacy Policy will continue to apply to all personal data collected so far.
Last modified: 25th June 2018