Stampa
Downtown S.r.l.
VIA SAMBUCA PISTOIESE 65
00138 Roma (ROMA)
P.IVA 12900071007
PEC: downtownsrl1@legalmail.it
Cod. Doc. 21759.51.473097.2722269

Information notice

Privacy Policy concerning the processing of personal data pursuant to articles 13-14 of (EU) Regulation 2016/679

Data subject: Website users.

Downtown S.r.l. with operational headquarters in Via Sistina n.79 - Rome and registered office in Via Sambuca Pistoiese n.65 - Rome, in its capacity of Data Controller with regard to the processing of your personal data pursuant to (EU) Reg. 2016/679 (hereinafter the 'GDPR'), hereby informs you that the said regulation protects data subjects with regard to the processing of their personal data and that the said processing will take place in a fair, lawful, transparent manner which protects your privacy and your rights.

Your personal data will be processed in accordance with the terms of the above legal provisions and the confidentiality obligations contained therein.

During the indicated processing, the Controller may operate on common categories of personal data and in detail: Any other data that may be provided voluntarily by the user to the Data Controller, Browsing data( IP addresses or domain names of computers used by users connecting to the site; time of request; method used in submitting the request to the server (good end, error etc.)other operating system and browser parameters used by the user , contact details, data relating to purchases or use of services, personal data

Purposes and legal basis of processing: specifically, your data will be processed for the following purposes, relating to the fulfilment of legal obligations:

  • Manage and maintain network and IT systems.

Your data will also be processed for the following purposes relative to the performance of measures connected to contractual or preliminary obligations:

  • Follow up the requests of the interested party and manage pre-contractual obligations or contracts;
  • Manage user requests received through contact forms.;
  • Provide and manage booking services;.

Your data will also be processed for the following purposes necsseries to pursue data controller's legitimate interest:

  • Manage and maintain network and IT systems;
  • Prevent and/or detect any abuse and defend the rights and interests of the title.

Further to your consent, your personal data may be used for the following purposes:

  • Sending commercial information by email.

Your contribution of data is optional with regard to the abovementioned purpose, and any refusal of consent will not affect the continuation of the relationship or the congruency of the processing.

Processing procedures. Your personal data may be processed by the following ways:

  • computer processing.

All data are processed in compliance with the procedures specified in articles 6 and 32 of the GDPR and with the adoption of the appropriate security measures required.

Your data will only be processed by persons specifically authorised by the Data Controller, and specifically by the following categories of authorized persons:

  • Admnistration office;
  • Marketing office;
  • in the context of HR management.

Disclosure. Your data may be disclosed to external entities for the correct management of the relationship and specifically for the following categories of Recipients, including all the duly designated Data Processors:

  • consultant and freelance professionals, also working as firms;
  • web service provider for the management and maintenance of the platform.

Distribution: Your personal data will not be distributed in any way.

Your personal data may also be transferred, only for the aforesaid purposes, to the following countries:

  • The processing of personal data will be limited to the areas of circulation and processing of personal data of countries within the European Union, with an express prohibition to transfer them to countries outside the EU, which do not guarantee an adequate level of protection, or, in the absence of the means of protection provided by EU Regulation 2026/679. In cases where the transfer of data to non-EU countries is necessary, this will take place in compliance with the limits and conditions set out in Articles 44 - 46 of Reg. EU 2016/679. Pursuant to and for the purposes of the Adequacy Decision of 10 July 2023 (EU-US Data Privacy Framework), taken in accordance with art. Article 45, paragraph 3, GDPR, is without prejudice to the case of the transfer of data only to companies resident in the USA participating in the EU-US framework for the protection of personal data.

Data Storage Period. In accordance with the principles of lawfulness, limitation of purpose and minimisation of data, pursuant to art. 5 of the GDPR, the data storage period for your personal data is:

  • 10 years from the receipt of the request, with regard to the purpose of handling requests by the data subject;
  • 13 months, with regard to compliance with system administrators;
  • For as long as it takes to manage user requests.

Data Controller: the Data Controller, as defined by the Law, is Downtown S.r.l. (VIA SAMBUCA PISTOIESE 65 , 00138 Roma (ROMA), VAT no. 12900071007) in the person of its current legal representative, can be contacted at the following e-mail address: privacy@progetti turistici.com

You are entitled, by application to the Data Controller, to obtain the erasure (right to be forgotten), restriction, updating, rectification and portability of your personal data, to object to their processing, and in general to exercise all your rights under articles 15, 16, 17, 18, 19, 20, 21 and 22 of the GDPR.

You may also examine whenever you like the updated version of the present report by connecting to the following web site https://www.privacylab.it/informativa.php?21759473097&lang=en.

Regulation (EU) 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22 - Rights of the Data Subject

1. The data subject has the right to obtain confirmation as to whether or not personal data concerning him or her exist, regardless of their being already recorded, and disclosure of such data in intelligible form, and the right to lodge a complaint with the supervisory authority.

2. The data subject has the right to be informed of:

  1. the source of the personal data;
  2. the purposes and methods of processing;
  3. the logic applied if the data are processed by electronic devices;
  4. the identification data concerning the Data Controller, the Data Processors and the representative designated as per article 5, comma 2;
  5. the entities or categories of entity to whom or which the personal data may be disclosed and who or which may get to know said data as designated representative in the State's territory, as data processors or as persons in charge of the processing.

3. The data subject is entitled to obtain:

  1. the updating, rectification or, where interested therein, integration of the data;
  2. the erasure, anonymisation or blocking of data that have been unlawfully processed, including data whose retention is not necessary for the purposes for which they were collected or subsequently processed;
  3. certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were disclosed or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared to the right that is to be protected;
  4. the portability of the data.

4. The data subject has the right to object, in whole or in part:

  1. on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;
  2. to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.