Information notice
Privacy Policy concerning the processing of personal data pursuant to articles 13-14 of (EU) Regulation 2016/679
Data subject: Navigatori del portale go.trueitalianexperience.it.
Your personal data will be processed in accordance with the terms of the above legal provisions and the confidentiality obligations contained therein.
In addition, the Data Controllers may become aware of special categories of personal data and in detail: , health conditions. The processing of personal data for these special categories is carried out in compliance with Article 9 of the GDPR.
Furthermore, for the purpose of the aforesaid processing, the Data Controllers may become aware of personal data relating to criminal convictions or offences pursuant to Article 10 of the GDPR and in particular: .
Purposes and legal basis of processing: specifically, your data will be processed for the following purposes, relating to the fulfilment of legal obligations:
- Managing of controversy;
- legal compliance with regard to taxation and accounting.
Your data will also be processed for the following purposes relative to the performance of measures connected to contractual or preliminary obligations:
- After sales support;
- Clients management;
- Electronic payment instruments;
- management of cookies required for the portal;
- Report management during sales operations;
- Sale of services through e-commerce;
- For statistic purposes and analysis of browsing and users.;
- Technical and functional access to the web site. No date is kept after browser closure.
Further to your consent, your personal data may be used for the following purposes:
- management of non-technical marketing cookies for the portal;
- management of non-technical statistical cookies for the portal.
Your contribution of data is optional with regard to the abovementioned purpose, and any refusal of consent will not affect the continuation of the relationship or the congruency of the processing.
Processing procedures. Your personal data may be processed by the following ways:
- using electronic calculators running softwares managed by third parties;
- Using electronic calculators running self-managed softwares or directly engineered;
- collecting data by computer or on Internet.;
- computer processing.
All data are processed in compliance with the procedures specified in articles 6 and 32 of the GDPR and with the adoption of the appropriate security measures required.
- Admnistration office;
- internal operators to manage the web portal;
- IT Department;
- Marketing office.
Disclosure. Your data may be disclosed to external entities for the correct management of the relationship and specifically for the following categories of Recipients, including all the duly designated Data Processors:
- banks and lenders;
- pension and welfare institutions;
- Public/private subjects whose data transmission is mandatory or necessary in compliance with regulations or functional to the relationship management;
- web service provider for the management and maintenance of the platform.
Communications to Third Parties: Your data may be communicated to external parties for the proper management of the relationship and in particular to the following categories of recipients identified as Third Parties:
- Cookiebot - https://www.cookiebot.com/en/cookie-declaration/;
- Facebook - https://www.facebook.com/about/privacy/;
- Google - https://policies.google.com/privacy?hl=en;
- Google reCAPTCHA - https://privacy.google.com/take-control.html;
- Hotjar - https://www.hotjar.com/legal/compliance/opt-out;
- Salesforce - https://www.salesforce.com/company/legal/.
Distribution: Your personal data will not be distributed in any way.
Your personal data may also be transferred, only for the aforesaid purposes, to the following countries:
- EU countries, and in particular: - Microsoft 365: In accordance with the Microsoft 365 Service Use Agreement, Microsoft’s online services will be used to store data (onedrive for Business, sharepoint, Office 365,...), in such a situation Microsoft will store the following Company Data at rest only within the European Geographical Area: https://docs.microsoft.com/it-it/microsoft-365/enterprise/eu-data-storage-locations?view=o365-worldwide as can be seen from the document published by Microsoft itself at this link. The GEOS data center is available in Germany and France and allows you to store data in your country, if the company is located there. The data centers of the European Union are located in Austria, Finland, France, Ireland and the Netherlands.;
- Travel Compositor: the transfer is cross-border, therefore within the EU, to servers such as Travel Compositor hosted in Spain;.
Data Storage Period. In accordance with the principles of lawfulness, limitation of purpose and minimisation of data, pursuant to art. 5 of the GDPR, the data storage period for your personal data is:
- 0.02 giorni: Hotjar,;
- 1 giorni: Google Analytics,;
- 365 giorni: Hotjar, Salesforce, , Cookiebot;
- 730 giorni: Google Analytics,;
- 90 giorni: Facebook, Google,;
- set for a timing not larger than the one which implies its purpose achievement, given the aim to collect data, and collected and processed for the execution and fulfillment of contract purposes;
- set for a timing not larger than the supplied services fulfillment;
- established as a period of time not exceeding the purposes for which the data were collected and processed and complying with the compulsory times required by law.;
- Permanente: Google, ,;
- Sessione: Hotjar, Google Analytics, Oracle, ,.
Cookie management: in case you have doubts or concerns about the use of cookies you can always intervene to prevent the setting and reading, for example by changing the privacy settings in your browser in order to block certain types.
Since each browser - and often different versions of the same browser - also differ significantly from each other if you prefer to act independently through the preferences of your browser, you can find detailed information about the procedure required in the guide of your browser. For an overview of the most common browsing modes, please visit www.cookiepedia.co.uk.
Advertising companies also allow you to opt out of receiving targeted ads, if desired. This does not prevent the setting of cookies, but interrupts the use and collection of some data by these companies.
For more information and cancellation options, visit www.youronlinechoices.eu/.
Contitolare: i contitolari del trattamento dei dati, ai sensi della Legge e nella persona del loro rappresentante pro tempore, sono:
- Trueitalian Experience S.r.l. (via Ermete Conti 7 , 42020 San Polo D'Enza (RE); VAT no.: 02893710356; contactable as follows: E-mail: info@trueitalianexperience.it) in the person of Maurizio Rota;
- Gattinoni Travel Network S.r.l. (Via Statuto 2 , 20121 Milano (MI); VAT no.: 02713750137)
Il responsabile della protezione dei dati (DPO) designato da Trueitalian Experience S.r.l. ai sensi dell'art.37 del GDPR è:
- Jaera s.r.l. (Piazza Della Repubblica 32 , 20124 Milano (MI); VAT no.: 10557200960; contactable as follows: E-mail: dpo@trueitalianexperience.it).
You are entitled, by application to the Data Processor, to obtain the erasure (right to be forgotten), restriction, updating, rectification and portability of your personal data, to object to their processing, and in general to exercise all your rights under articles 15, 16, 17, 18, 19, 20, 21 and 22 of the GDPR.
You may also examine whenever you like the updated version of the present report by connecting to the following web site https://www.privacylab.it/informativa.php?20824450432&lang=en.
Regulation (EU) 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22 - Rights of the Data Subject
1. The data subject has the right to obtain confirmation as to whether or not personal data concerning him or her exist, regardless of their being already recorded, and disclosure of such data in intelligible form, and the right to lodge a complaint with the supervisory authority.
2. The data subject has the right to be informed of:
- the source of the personal data;
- the purposes and methods of processing;
- the logic applied if the data are processed by electronic devices;
- the entities or categories of entity to whom or which the personal data may be disclosed and who or which may get to know said data as designated representative in the State's territory, as data processors or as persons in charge of the processing.
3. The data subject is entitled to obtain:
- the updating, rectification or, where interested therein, integration of the data;
- the erasure, anonymisation or blocking of data that have been unlawfully processed, including data whose retention is not necessary for the purposes for which they were collected or subsequently processed;
- certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were disclosed or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared to the right that is to be protected;
- the portability of the data.
4. The data subject has the right to object, in whole or in part:
- on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;
- to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.