Privacy policy
LOL.TRAVEL WEBSITE PRIVACY POLICY
Privacy Policy - Article 13 of EU Regulation 2016/679 ("GDPR Regulation")
PREMISE
What is this document? This document is the Privacy Policy Statement regarding the processing of personal data related to the www.lol.travel portal. Who should use this document? This Privacy Policy Statement is intended for all Customers who interact with the portal. Why has this document been created? Article 13 of the GDPR (EU Regulation 2016/679) requires that you (the Data Subject) are adequately informed on your personal data that is processed and on the entities that processes such data, in order to ensure correctness and transparency. Below, therefore, the following aspects will be clearly outlined:
Which laws does this document make reference to? The Privacy Policy Statement is made available to users taking into account the combined effect of:
a) The General Data Protection Regulation EU 2016/679 (GDPR);
b) Legislative Decree 196/2003 (Privacy Code), as amended by Legislative Decree 101/2018 and subsequent amendments and integrations.
PRIVACY POLICY STATEMENT
Article 13 of the GDPR (EU Regulation 2016/679) requires that you (the Data Subject) are adequately informed on your personal data that is processed and on the entities that processes such data, in order to ensure correctness and transparency.
Privacy Policy - Article 13 of EU Regulation 2016/679 ("GDPR Regulation")
PREMISE
What is this document? This document is the Privacy Policy Statement regarding the processing of personal data related to the www.lol.travel portal. Who should use this document? This Privacy Policy Statement is intended for all Customers who interact with the portal. Why has this document been created? Article 13 of the GDPR (EU Regulation 2016/679) requires that you (the Data Subject) are adequately informed on your personal data that is processed and on the entities that processes such data, in order to ensure correctness and transparency. Below, therefore, the following aspects will be clearly outlined:
- who will process your personal data (the Data Controller and the Data Processors)
- which specific pieces of personal data will be processed
- the purposes for which personal data is processed
- how long will the personal data be retained
- what are your rights
Which laws does this document make reference to? The Privacy Policy Statement is made available to users taking into account the combined effect of:
a) The General Data Protection Regulation EU 2016/679 (GDPR);
b) Legislative Decree 196/2003 (Privacy Code), as amended by Legislative Decree 101/2018 and subsequent amendments and integrations.
PRIVACY POLICY STATEMENT
Article 13 of the GDPR (EU Regulation 2016/679) requires that you (the Data Subject) are adequately informed on your personal data that is processed and on the entities that processes such data, in order to ensure correctness and transparency.
-
The Easy Market Spa company (with registered address in Strada Statale Consolare 51/c 47924, Rimini, Italy, Rimini Companies Register, Tax Code and VAT Number 03109340400, Tel: +39 0541 797510, Fax: +39 0541 489908. email privacy@easymarket.travel PEC: legale@pec.easymarketcrs.it
DATA PROTECTION OFFICER (DPO/RPD)
The Data Protection Officer is Mr Giuseppe Rapone, email dpo@easymarket.travel, PEC: globalconsultingrapone@pec.it -
Your personal data shall be collected and processed for the following purposes:
- Fulfilment of legal, regulatory and secondary legislation obligations:
- the legal basis for this data processing is the need to fulfil a legal obligation to which the Data Controller is subject; moreover, the retention period of data processed for this purpose is the duration of the contract and, after the termination thereof, for a further 10 years and, in the case of judicial litigation, for the entire duration of the same, until the terms of practicability of such appeals have been exhausted;
- the provision of personal data is compulsory as there is a legal obligation to do so, and any refusal will result in the impossibility of fulfilling legal obligations.
- Management of the tourism service:
- the legal basis for this data processing is the need to execute a contract to which the Data Subject is party, or to perform any pre-contractual measures adopted at the request of the Data Subject;
- the retention period of data processed for this purpose is the duration of the contract and, after the termination thereof, for a further 3 years;
- the provision of personal data is mandatory as there is a contractual obligation and any refusal to provide such data will make it impossible to carry out the existing contractual relationship.
- Management of the user's "abandoned cart" as a prerequisite to the purchase of the "tourism service":
- the legal basis for this data processing is the pursuit of the legitimate interests of the Data Controller, reminding the Data Subject of the status of their "shopping cart", by sending an electronic communication (email, etc.);
- the retention period of data processed for this purpose is 5 days;
- the provision of personal data is optional; moreover, the eventual refusal shall make it impossible for pre-contractual relationships to take place.
- Sending information and promotional materials pertaining to the activities carried out by the Data Controller (newsletters, offers, etc.) concerning products and services similar to services already rendered in the past, surveys and analysis of customer satisfaction,..:
- the legal basis for this data processing is the pursuit of the legitimate interests of the Data Controller, where the Data Subject is party to a contract;
- data processed for this purpose shall be retained until the Data Subject wishes to unsubscribe from using the promotional communication/newsletters service.
- Sending information and promotional materials pertaining to the activities carried out by the Data Controller (newsletters, offers, etc.), research and market analysis, including in anonymous form:
- the legal basis for this data processing is the express consent of the Data Subject;
- data processed for this purpose shall be retained until the Data Subject wishes to unsubscribe from using the promotional communication/newsletters service.
- Registration and processing of personal data for profiling purposes and sending of personalised promotional communications, based on the tastes and interests of the data subject during his/her experience on the lol.travel website:
- the legal basis for this processing is the consent expressed by the data subject;
- the storage period of the data processed for this purpose is until the data subject revokes his/her consent to the profiling.
- Service, optional and subject to payment, of sending communications via SMS for confirmation of booking:
- the legal basis for this processing is the consent given by the data subject;
- the storage period of data processed for this purpose is until the conclusion of the purchased tourist service.
- Fulfilment of legal, regulatory and secondary legislation obligations:
-
Persons under 18 years of age are not permitted to provide any personal data. The Data Controller shall not be liable in any way for the collection of personal data, as well as any false statements, provided by persons under 18 years of age, and, in any case, where deemed necessary, the Data Controller shall make use of the right of access and deletion provided by the legal guardian or person exercising their parental rights.
-
Your personal data may be shared for the above mentioned purposes, with: subjects that typically act as Data Processors, i.e. individuals, companies or professionals who provide assistance and consulting services to the Data Controller on accounting, administrative, legal, tax, financial and debt collection matters, in relation to the supply of services; parties with whom it is necessary to interact for the provision of services; subjects, bodies or authorities to whom it is mandatory to communicate your personal data pursuant to applicable legal provisions or orders from the authorities; personnel expressly authorised by the Data Controller, necessary to carry out activities strictly related to the provision of services, who have committed to the privacy and confidentiality of the data or have an appropriate legal obligation of confidentiality and who have received adequate instructions to carry out such tasks; The full list of Data Processors is available by sending a written request to the Data Controller.
-
Some of your personal data is shared with recipients who may be located outside the European Union. The Data Controller ensures that the processing of personal data by such recipients shall take place in compliance with the GDPR. The transfers of data may be based on a decision of adequacy or on the Standard Contractual Clauses approved by the European Commission. Additional information is available from the Data Controller.
-
The Data Controller, for the purpose of the conclusion or the execution of the contract, adopts an automated decision-making process pertaining to the processing of personal data, including profiling, referred to in Article 22 of the GDPR and aimed at customising the price list based on the customer's origin.
-
The Data Subjects are entitled to request from the Data Controller, in the appropriate cases, access to their personal data and correction or deletion thereof or restriction of the processing or to object to the processing of their data (Articles 15 et seq. of the GDPR). The relative application to the Data Controller can be submitted using the email address made available to the Data Subject.
-
The Data Subjects are entitled to request from the Data Controller, in the appropriate cases, access to their personal data and correction or deletion thereof or restriction of the processing or to object to the processing of their data (Articles 15 et seq. of the GDPR). The relative application to the Data Controller can be submitted using the email address made available to the Data Subject.
-
The data subjects that deem that the processing of their personal data has breached the provisions of the GDPR, have the right to file a claim to the Data Protection Authority (https://www.garanteprivacy.it), as set forth by art. 77 of the GDPR, or to file a claim before the judicial authority (art. 79 of the GDPR).Requests can be addressed to the Data Controller or to the our Data Protection Officer: dpo@easymarket.travel
-
The Data Controller reserves the right to change this Privacy Policy Statement at any time. The current version is published at the following link: https://www.lol.travel/it/privacy-and-cookie-policy