INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA FOR CUSTOMERS PURSUANT TO ART. 13 OF EU REG. NO. 679/2016

1. Who is the data controller and how can you contact them

The Data Controller for the processing described in this notice is Caravantours Società Cooperativa, with its registered office in Via Basinio Parmense 19, Rimini – 47923 (RN), Italy, VAT No. IT04707660405 (hereinafter referred to as the “Controller”), represented by its legal representative pro tempore. For any inquiries regarding this processing, you can contact us at privacy@caravantours.it.

2. Why are you receiving this notice and what data do we process?

You are receiving this notice because you are our customer. In managing the contract we agreed upon we will process some of your personal data, and specifically: a) the data that the GDPR defines as COMMON (i.e., personal details, contact information, payment details and e-mail address).

3. What the law allows us to do

The GDPR and Legislative Decree 196/2003 (“Privacy Code”), as amended by Law 181/2018, allow us to process your personal data, as stated in the previous article, sometimes without your explicit consent. In particular, we process:
a) Your common data (see art. 2.a), without your consent, under Article 6, letter b, GDPR (application of contractual or pre-contractual measures) as well as to fulfil legal obligations (such as issuing an invoice), under Article 6, letter c, GDPR;
b) Your contact data, such as name, surname, e-mail, without your consent, to send you marketing communications (e-mail marketing). We can do this under Article 6, letter f, GDPR, on the basis of our “legitimate interest” in offering you products or services similar to those you have already purchased from us. You can, of course, choose to stop receiving communications from us at any time by writing to the address provided in Article 1 of this notice or by clicking the unsubscribe link at the bottom of each e-mail.

4. Can we proceed without this data?

It depends. Without the data specified in point 3.a we cannot sign the contract with you. The data in point 3.b will be automatically processed, but if you do not wish to be included in our mailing list you can specify it during the contract stipulation procedure or request data deletion once the contract has been signed.

5. Who can access your data

To fulfil our processing purposes (art. 2), we may grant access to your data to other parties. These parties are carefully chosen for their reliability and, when necessary, provided with strict instructions on how to protect your data. These include, for example, our external data processors (consultants, third-party companies that assist us in customer management) and our employees (collaborators and/or employees). Your data will never be disclosed.

6. Where is your data

We generally try to avoid transferring data outside the European Union. However, it is understood that, if necessary, we may need to transfer data to non-EU countries (for example, when using cloud storage tools with USA-based servers). In such cases, the Controller ensures that any transfer will comply with applicable legal provisions by subscribing agreements that guarantee a suitable level of protection and/or adopting standard contractual clauses provided by the European Commission and/or Binding Corporate Rules.

7. How long do we keep your data

Your data referred to in point 3.a will be kept for administrative and accounting purposes for 10 years from the date of collection (pursuant to art. 2220, Italian Civil Code).
Your data referred to in point 3.b will be kept for 120 months from our last interaction with you.

8. Your rights

The law in force grants you specific rights regarding your data, and in particular those stated in Articles 15 and following of the EU Regulation 679/2016 (GDPR). As an example, you can request the access to your personal data, their deletion or modification in any moment. For a comprehensive overview of your rights, please read the Regulation itself. To exercise one or more of your rights, you can write to the Controller’s contact provided in Article 1.

9. Right to file a complaint with the supervisory authority

If you believe that your data protection rights have been breached in any way, you may file a complaint with the national Data Protection Authority, as outlined in Article 77 of the GDPR, by following the procedure described on the website www.garanteprivacy.it.