[NA] – Italy, in its capacity of Autonomous Controller of the data processing, will inform about the use of the personal data either supplied by you or otherwise acquired in the course of their activity. Source of personal data The personal data possessed by Direct Tourist Service srl is collected from the customers or third parties, such as for example when acquiring external data for commercial purposes, market research, direct offers of services or products. For these data, an informative document will be delivered upon registration, in any case no later than the date in which the first communication is given. In any case, all data shall be processed in full compliance with the above Act and the privacy obligations that have always guided our Company. Following data will be collected: – IP Address of the user; – personal e-mail address; – URL address. In connection with specific transactions or products required by the Customer, Direct Tourist Service srl may come into possession of data that the Law defines as sensitive data, as they can disclose the customer’s membership to association or information on his health life. A specific and expressed consent declaration is required by law to process such data. Purposes of the data processing The personal data you supplied are processed within the normal activity of Direct Tourist Service srl and for the following purposes: – to complete and support data access; – to execute a transaction the user is carrying out; – to comply with legal obligations; – for operative and managing requirements.
Data Processing Methods For the purposes above, the data processing is performed by means of manual, IT and telematic tools, by applying referred logics that are strictly correlated to the purposes above, and in such a way so as to guarantee privacy and security. In any case, the data protection is guaranteed even when new service channels are activated, such as on-line banking and multimedia e-commerce. The tools used for the data processing are suitable to safeguard security and privacy; the processing may also make use of automated tools to store, handle and transmit personal data. Entities or categories of entity to which the personal data may be communicated For technical and organization reasons to develop most of their activity, Direct Tourist Service srl , also avail themselves of the collaboration of external companies in building up and managing the relations with their Customers. In particular, these are entities operating in the following fields: – carrying out all the necessary operations to execute the orders received by the customers; – management of payment services, credit cards, tax payments and available funds, etc; – controlling of frauds and collection of debts; – auditing. Without the consent of the data subject to the disclosure to third parties and to the relevant processing, Direct Tourist Service srl shall only execute those operations that do not include such disclosure. We inform you that while awaiting such consent and should you request the performance of specific operations and services different from those proposed, he execution of the same by Direct Tourist Service srl to be considered as a provisional expression of consent limited to the processing of the operations and services requested. All the categories to which personal data can be transferred, will use said ata as Controllers pursuant to Legislative
Decree no. 196/2003, being totally unrelated to the original data processing carried out at Direct Tourist Service srl . The personal data under possession of Direct Tourist Service srl may be communicated to other entities that may get to know said data in their capacity of data processors or persons in charge of the processing. A complete and constantly updated list of the offices and persons in charge of the processing at Direct Tourist Service srl , which process personal data can be obtained from the respective Legal Seats of the Companies. The personal data processed by the Bank are not object of dissemination. Rights referred to in Section 7 Finally, we’d like to inform you that, pursuant to Section 7 Legislative Decree no. 196 of 30 June 2003, a data subject may exercise specific rights. In particular, a data subject shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him/her exist and communication of such data in intelligible form. A data subject shall have the right to be informed of the source of the personal data, of the purposes and methods of the processing, of the logic applied to the processing when this is carried out by using electronic means, of the identification data regarding the data controller and data processor. A data subject shall have the right to obtain cancellation, anonymization or blocking of data that have been processed unlawfully, as well as updating, rectification or, where interested herein, integration of the data. A data subject shall have the right to object, on legitimate grounds to the processing of data concerning him/her for the purpose of sending advertising materials or direct selling. The rights referred to in Section 7 may be exercised by the agency of a person in charge of the processing and by making written request by letter to the data processor. A data subject may grant, in writing, power of attorney or representation to natural persons, entities, associations or organizations in connection with the exercise of the rights as per Section 7. The data subject may also be assisted by a reliable person of his/her choice. Further information can be requested in written form from the legal offices of Direct Tourist Service srl.
Controllers of the data processing is Direct Tourist Service srl.