Privacy Policy

PRIVACY POLICY PURSUANT ARTICLE 13 OF ITALIAN LEGISLATIVE DECREE NO. 196/03 AND EU REGULATION NO. 679/2016

This page contains the description of the management procedures regarding the processing of personal data acquired through this site and other related services. To learn more about how we collect, use and manage data about the cookies please read our cookies policy.

TE.DI. Tour Operator SRL, with registered offices in Via F.sco Francavilla 5, Castellana Grotte (BA), Italy 70013 and operative headquarter in 56, Via della Conciliazione, Putignano (BA), Italy 70017, VAT No. IT 07987700726, in its role as data controller (hereinafter, “Data Controller” or TEDI TOUR) in the person of its legal representative pro tempore Serena Termite,

would like to inform you,

pursuant to art. 13 of Italian Legislative Decree No. 196 of 6.30.2003 (hereinafter identified as “Privacy Code”), directive 2009/136/EC and subsequent amendments and art. 13 and 14 of EU Regulation No. 2016/679 – General Data Protection Regulation (hereinafter, “GDPR“) that your data will be processed in the following manner and for the following purposes:

1. OBJECT OF THE PROCESSING

The Data Controller processes personal data (such as your first name, last name, company name, address, telephone number, email address, banking and payment details, hereinafter identified as “personal data” or also “data”) that you have communicated or we have collected as follows:

  • during visits to www.teditour.com or teditour.com websites (including www.teditour.it and teditour.it domains and subdomains, hereinafter, www.teditour.com), property of TE.DI. Tour Operator SRL;
  • when you register a personal account on the website www.teditour.com;
  • when you purchase of a product or service offered by TEDI TOUR;
  • via telephonic activities;
  • by filling in the forms on TEDI TOUR websites;
  • through the purchase of commercial databases or public documents/information.

 

Specific information about data

  • Connection data

The IT systems and the software procedures used in the operation of this web site acquire, during their normal processing, some personal data, the transmission of which is necessary in the use of the Internet communication protocols.

These deal with information that is not gathered to be associated to identified parties, but which by their nature could, through processing and associations with data held by third parties, allow the identification of the users. Under this category of data we find the IP addresses or the computer domain names used by the users that connect to the site, the addresses in URI (Uniform Resource Identifier), notation of the resources requested, the time of the request, the method used in submitting the server request, the dimension of the file received, the numeric code indicating the status of the answer given by the server (successful, error, etc.) and other parameters related to the operating system and the user’s IT environment.

Aims and juridical basis of the processing (GDPR – art.13, comma 1, lett. c)

This data is used only to receiving anonymous statistical information on the use of the site and to control its correct functioning. The data could moreover be used to ascertain the responsibility in case of presumed IT crimes to the damage of the site (legitimate interests of the owner).

Communication scopes (GDPR – art.13, p. 1, lett. e, f)

The data is processed exclusively by in-house staff, duly authorized and trained in data processing (GDPR – art.29) and shall not be disclosed to external parties, diffused, or transferred to countries outside the EU. Only in cases of investigation, this data may be placed at the disposal of the competent authorities.

Data conservation period (GDPR – art.13, p. 2, lett. a)

This data is usually kept for brief periods, except for possible prolonged connections related to investigation activities.

Data submission (GDPR – art.13, p. 2, lett. f)

The data is not submitted by the party involved but acquired automatically by the site’s technological systems.

  • Sign up

The sign up allows the creation of the user to be used to make purchases on the www.teditour.com.

Aims and juridical basis of the processing (GDPR – art.13, p. 1, lett. c)

All the data requested is used for the creation of the profile and the administrative/operating management of the purchases made.
The processing is done to comply with the contract and pre-contract obligations (product purchase) with the clients and the relevant law obligations (GDPR – art.6, p. 1, lett. b, c).
Also a specific, free and informed consent is requested (GDPR – art.6, p.1, lett. a) and documented through a specific checkbox (GDPR – art.7, p.1).

Communication scope (GDPR – art.13, p. 1, lett. e, f)

The data is processed exclusively by duly authorized staff trained in data processing (GDPR – art.29). For the sole purpose of data maintenance, the company that furnished the technological platform and its assigned staff may access the data. The data shall not be diffused or transferred to countries outside the EU.

Data conservation period (GDPR – art.13, p. 2, lett. a)

The data is kept for a time compatible with the purposes of the gathering and, however, up to the user’s possible request for cancellation.

Data submission (GDPR – art.13, p. 2, lett. f)

Failure to submit the data implies the impossibility to complete the registration and make purchases.

  • Newsletter subscription

The newsletter allows for constant and in-depth information compared to useful information of the reference sector, on events and initiatives, products/services offered and promotional offers.

Aims and juridical basis of the processing (GDPR – art.13, p. 1, lett. c)

Only the email address is requested for the sole aim of sending the newsletter. Registration is subordinated to the acceptance of the specific, free and informed consent (GDPR – art.6, p. 1, lett. a), documented through the specific checkbox (GDPR – art.7, p.1).

Communication scope (GDPR – art.13, p. 1, lett. e, f)

The data is treated exclusively by duly authorized staff trained in data processing (GDPR – art.29). For the sole purpose of site maintenance, the company that furnished the technological platform and its assigned staff may access the data. The newsletter data management platform, on behalf of TEDI TOUR, it’s Mailchimp. For any information on how this service acquires, manages and processes data, it is possible to consult the legal area of Mailchimp. The data will be transferred to the USA.

Data conservation period (GDPR – art.13, p. 2, lett. a)

The data is kept up to the user possibly and freely decides to “unsubscribe” any time through the link, contained in writing with every message sent.

Data submission (GDPR – art.13, p.2, lett. f)

Failure to confer the email address and consent shall entail the impossibility to obtain the newsletter service.

  • Request for information

The page allows the interested party to request information. Identification and contact data is requested.

Aims and juridical basis for processing (GDPR – art.13, p. 1, lett. c)

The identification and contact data are requested in order to be able to answer the visitor’s contact requests. The sending of requests is subordinated to the specific, free and informed consent (GDPR – art.6, p.1, lett. a), documented through the specific checkbox (GDPR – art.7, p. 1)

Communication scopes (GDPR – art.13, para. 1, lett. e, f)

The data is processed exclusively by duly authorized staff trained in data processing (GDPR – art.29). For the sole purpose of site maintenance, the company that furnished the technological platform and its assigned staff may access the data. The data shall not be diffused or transferred to countries outside the EU.

Data conservation period (GDPR – art.13, p. 2, lett. a)

The data is kept for periods compatible with the purpose of the gathering.

Data submission (GDPR – art.13, p. 2, lett. f)

Submission of data in the obligatory fields is needed in order to be able to receive an answer, while the optional fields are used to furnish the staff with further useful elements to facilitate contact.

  • Cookies

To learn more about how we manage the cookies please carefully read our cookies policy.

2. PROCESSING METHODS AND PURPOSES

The processing of your personal data is carried out through the operations indicated in art. 4 of the Privacy Code and art. 4 (2) of the GDPR, and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation, and erasure of data.

Your personal data are subjected to both paper and electronic and/or automated processing.

The Data Controller will process your personal data for the time necessary to fulfill the aforementioned purposes and in any case for no more than 20 years from the termination of the relationship for the purposes of providing services or until the request is made for the erasure of data that was gathered for marketing purposes.

Your personal data are processed:

A. Without your express consent (art. 24, letters a, b and c of the Privacy Code and art. 6, letters b and e of the GDPR) for the following service purposes:

  • fulfillment of pre-contractual, contractual, and tax obligations deriving from existing relationships with you;
  • fulfillment of the obligations established by Italian law, by a regulation, by European Community legislation, or by order of an Authority (for example relating to anti-money laundering);
  • exercising of the rights of the Data Controller, for example the right to defense in court.

B. Only with your specific and distinct consent (Articles 23 and 130 of the Privacy Code and Article 7 of the GDPR), for the following marketing purposes:

  • sending you newsletters or commercial communications via email, regular mail, text messages and/or telephone;
  • sending you advertising material on products or services offered by the Data Controller;
  • sending you invitations to events or other specific marketing initiatives;
  • sending you communications about updates on www.teditour.com.

All the data are processed legally, correctly and in transparency towards the party involved, in compliance with the general principles provided by art.5 of the GDPR.

Specific safety measures are complied with to prevent the loss of data, illicit or incorrect usage and unauthorized access.

3. DATA ACCESS

Your data may be rendered accessible for the purposes referred to in Article 2.A and 2.B:

  • to employees and collaborators of the Data Controller of the Group companies in Italy and abroad, in their capacity as agents and/or internal staff involved in the processing and/or system administrators;
  • to third-party companies or other subjects (merely by way of example, business partners, credit institutes, professional firms, consultants, insurance companies for the provision of insurance services, etc.) who carry out outsourcing activities on behalf of the Data Controller, in their capacity as external processing managers.

4. COMMUNICATION OF THE DATA

Without the need for express consent (pursuant to art. 24, letters a, b, and d of the Privacy Code and Article 6, letters b and c of the GDPR), the Data Controller may communicate your data for the purposes referred to in Article 2.A to supervisor authorities, judicial authorities and to those subjects to whom communication is mandatory by law for the accomplishment of said purposes.

These subjects will process the data in their roles as independent data controllers.

Your data will never be disclosed.

5. DATA TRANSFER

Personal data treated by TEDI TOUR are stored on servers located within the European Union. In some cases that the use of third-party services not located in EU territories, connected to the activities on www.teditour.com, the Data Controller guarantees the transfer of non-EU data will take place in accordance with the applicable legal provisions, subject to stipulation of the standard contractual clauses provided by the European Commission.

6. NATURE OF DATA PROVISION AND CONSEQUENCES OF REFUSAL TO ANSWER

The provision of data for the purposes referred to in art. 2.A is mandatory. In their absence, we cannot guarantee the services outlined in art. 2.A.

Instead, the provision of data for the purposes referred to in Article 2.B is optional. You can, therefore, decide to provide no data or to subsequently deny the possibility of processing data which had been provided earlier. In this case, you will not be able to receive newsletters, commercial communications, and advertising material concerning the services offered by the Data Controller.

However, you will still be entitled to the services referred to in art. 2.A.

7. RIGHTS OF DATA SUBJECTS

In your role as an interested subject, you have the rights set forth in art. 7 of the Privacy Code and art. 15 of the GDPR, and more precisely:

  1. to obtain confirmation of the existence or non-existence of your personal data, even if it has not yet been registered, and communication of the same in an intelligible form;
  2. to be informed about:
    A. the source of the personal data;
    B. the purposes and methods of the processing;
    C. the logic applied to the processing, if carried out with the help of electronic means;
    D. the identification of the data controller, data processors, and the representative designated in accordance with art. 5, paragraph 2 of the Privacy Code and art. 3, p. 1 of the GDPR;
    E. the entities or categories of entities to which your personal information may be disclosed and which could gain knowledge of it in their roles as designated representatives within the country, as data processors, or as staff members involved in data processing.
  3. to obtain:
    A. updating, rectification or, when interested, integration of data;
    B. the erasure, conversion into an anonymous account, or blocking of data processed unlawfully, including data which need not be kept for the purposes for which the data was collected or subsequently processed;
    C. confirmation that those to whom the data is communicated or disclosed are notified of the actions referred to under points (a) and (b), including their content, unless the fulfillment thereof proves impossible or involves using methods that are clearly disproportionate to the right being protected;
  4. to object, in whole or in part:
    A. for legitimate reasons, to the processing of your personal data, even if pertinent to the purpose for which it was collected;
    B. to the processing of your personal data for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication through the use of automated call systems without the intervention of an operator via email and/or through traditional marketing methods by telephone and/or regular mail.Please note that the opposition of the data subject, as set out in point (b) above, extends from automated methods to traditional ones for direct marketing purposes. Where applicable, you also have the rights referred to in art. 16-21 of the GDPR (Right to rectification, right to erasure, right to restrict processing, right to data portability, right to objection), as well as the right to lodge a complaint with a Supervisory Authority.

8. METHODS FOR EXERCISING RIGHTS

You can exercise your rights at any time by sending:

  • a registered, return receipt letter to TE.DI. Tour Operator SRL – registered offices in Via F.sco Francavilla 5, Castellana Grotte (BA), Italy 70013;
  • an email to the following address: info@teditour.com;
  • a certified email to the following address: di.touroperatorsrl@pec.it.

You can request removal from our mailing lists clicking here, and by doing so you will no longer receive commercial information.

You can request the erasure of all your personal data clicking here.

9. DATA CONTROLLER, DATA PROCESSOR AND PROCESSING STAFF

The Data Controller is TE.DI. Tour Operator SRL, with registered offices in Via F.sco Francavilla 5, Castellana Grotte (BA), Italy 70013 and operative headquarter in 56, Via della Conciliazione, Putignano (BA), Italy 70017, VAT No. IT 07987700726.

As per Italian Legislative Decree No. 196/03, the updated list of Data Processors and the staff (authorized) involved in processing is kept at the registered offices of the Data Controller.

Read also our cookie policy.

Last update: 28 June 2023