2. Data controller and contact details
The subject in charge of personal data processing (which independently decides on the purposes and methods of processing, as well as on the security procedures to be applied in order to ensure the confidentiality, integrity and availability of data) is turital Srl, in the person of its legal representative Massimo Testa, with registered office in Via Cuma2, email address firstname.lastname@example.org, certified email address: turital @legalmail.it
3. Data processor
The data controller is Massimo Testa
4. Legal basis of the processing and purpose of the processing
The processing of personal data provided by the data subject in connection with the contract is necessary in order for the data controller to fulfil its contractual obligations.
The processing is also aimed at the fulfilment of legal obligations connected with the contract, with particular regard to accounting, tax, social security, health and safety obligations, as well as for the purposes of carrying out all the necessary and obligatory administrative procedures useful for the proper management of the existing contractual relationship.
5. Optional or compulsory nature of providing data
The provision to the data controller of the personal data that are requested on the various occasions of collection may be necessary for the pursuit of the purposes identified in the information notice, or optional.
The compulsory or optional nature of the provision of data is specified from time to time – with reference to the individual information requested – at the time of the individual data collection, by appending an appropriate character (*) to the compulsory information.
Any refusal to communicate to Turital Srl some of your data marked as compulsory will make it impossible to pursue the main purpose of the specific data collection: such a refusal may, for example, make it impossible for the data controller to receive your reservation, execute your contract or carry out the services offered . On the other hand, providing Turital srl with further data, other than those marked as compulsory, is optional and does not entail any consequence with regard to the pursuit of the main purpose of the collection (e.g. the use of the website and its services, as the case may be).
6. Data processing by third parties
Personal data, if provided in order to make a reservation or for the purpose of entering into a contract for a stay, may be communicated
– to employees and collaborators of the Controller, in their capacity as persons in charge and/or internal data processors and/or system administrators;
– to third party companies or other entities (by way of example, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.) that perform outsourcing activities on behalf of the Controller, in their capacity as external data processors
7. Rights of data subject
The data subject is acknowledged
1. the right to access, at any time, their personal data and, consequently, to receive confirmation as to whether or not personal data concerning them exist, even if not yet recorded, and their communication in intelligible form within 1 month of the request
2. the right to know the purposes of the processing, the categories of personal data, the recipients to whom the data are or will be communicated and, where possible, the period of storage of the data or the criteria used to determine that period
3. the right (even after withdrawal of consent) to erasure, anonymisation or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed
4. the right to have the data updated, corrected or, where interested, supplemented
5. the right to restriction of processing when it has been carried out in breach of the lawfulness of processing (as an alternative to the deletion of the data)
6. the right to data portability with exclusive regard to automated processing, i.e. the right to receive, in a commonly used and machine-readable format, the personal data provided to the data controller for transmission to another controller
7. the right to object to the processing of personal data and to lodge a complaint with the Data Protection Authority (Garante dati personali) for legitimate reasons or for processing operations that differ from those relevant to the purpose of collection
8. the right to object to the processing of personal data for the purpose of sending advertising or direct marketing material or for carrying out market research or commercial communication; the provision of this data is optional and subject to the expression of consent as specified below.
8. Procedures for the exercise of rights by the interested party
The interested party may exercise its rights by addressing its requests to the Data Controller, Tutital Srl in the person of its legal representative Massimo Testa with registered office in via Cuma 2 Rome also by sending communications to the following e-mail address email@example.com
9. Method of processing the data of those who navigate on the website
The processing of personal data is mainly carried out electronically and telematically by the data controller and by other parties who, suitably selected for their reliability and competence, carry out operations instrumental to the pursuit of purposes strictly connected to the use of the website, its services and the management/collection of bookings as well as the management of payment systems through the portal.
In general, data are processed for the provision of the following services available by accessing our site:
1. registration to the site, in order to use the relevant services;
2. subscription to specific and additional services, such as our newsletter and other similar services;
3. collection of bookings and related activities
4. payment management; in this case, the data provided during the purchase process (name, surname, address, payment card number, delivery address if different from the billing address) will be sent directly to the banking circuit which will use the data to process your payment request;
5. anti-fraud control; in accordance with Chapter IV, art. 25, c. 6 “Transfer of personal data to Third Countries” of Directive 95/46/EC, the data may be transferred to countries outside the EU or the European Economic Area which guarantee, in any case, an adequate level of protection of personal data. In any case, the processing will be carried out in accordance with the procedures set out in this policy and the provisions of law;
6. management of technical, commercial requests.
10. Duration of processing
Personal data collected will be processed and stored for a period of 5 months, after which it will be deleted or made anonymous.
Data collected for marketing and profiling purposes will be kept for a period not exceeding 3 years, after which it will be deleted.
11. Cross-border data processing
At the time of publication of this notice, the data controller does not envisage or assume the cross-border processing of personal data.
12. Identification of subjects during navigation
When processing data that may directly or indirectly identify a person, the data controller observes a principle of strict necessity.
For this reason, the website has been configured in such a way that the use of personal data is kept to a minimum: therefore, data processing is excluded when the purposes pursued in individual cases can be achieved through the use of anonymous data (such as, for example, in market research aimed at improving services) or through other means that allow the identification of the person concerned only in case of necessity or at the request of the authorities and police (such as, for example, for data relating to traffic and permanence on the website or your IP address).
In some cases, as expressly indicated below in the notice, the data will be subjected – subject to express consent – to processing aimed at creating profiles based on preferences or to send promotional information
The site uses:
– TECHNICAL COOKIES to save your session and to perform other activities strictly necessary for the operation of this Website, for example in relation to traffic distribution.
– PREFERENCE AND STATISTICAL COOKIES to save navigation preferences and optimise the User’s browsing experience. These Cookies include, for example, those for setting the language or for the management of statistics by the Site Owner.
– This policy is drawn up on the basis of multiple legislative orders, including Articles 13 and 14 of Regulation (EU) 2016/679. Unless otherwise specified, this policy relates exclusively to this Website.
14. Security measures
The owner cannot guarantee to its users that the measures taken for the security of the site and the transmission of data and information on the site limit or exclude any risk of unauthorised access or dispersion of data by devices belonging to the user: the user is therefore advised to equip himself with appropriate software for the protection of network data transmission, both incoming and outgoing (such as up-to-date antivirus systems) and to check that the Internet service provider has taken appropriate measures for the security of network data transmission (such as firewalls and spam filters).