PRIVACY NOTICE – Pursuant to EU Regulation 679/2016
EU Regulation 679/2016 lays out rules to secure the right to data protection. Your personal data will be handled in accordance with the provisions of the Regulation with full respect for your rights, fundamental freedoms and your dignity and in observance of the principles of fairness, lawfulness and transparency.
We inform you that:
1) The data you provide will be processed in your interest for the following purposes:
- activities relating to the services you requested, in particular for the organization of meetings, conferences, congresses and training events (mandatory conferment);
- fulfillment of legal and accounting or administrative obligations and the management of contracts (mandatory conferment);
- sending communications, notices or newsletters regarding our new initiatives and services, associated companies, partners or customers (optional conferment).
2) In accordance with the security requirements, your data will be subjected to processing through computer systems, printed materials and images. The processed data will not be transferred outside the EU;
3) You provide your personal data through your explicit consent for the processing. Your data will be retained for a period of 10 years after the end of the present contract;
4) Processing typically concerns personal data. Your personal data will not be disseminated and will be protected according to security measures provided for by the law;
5) In order to complete and/or deliver a service in your interest or to which you agreed, we may share your data with:
- public, welfare or insurance organizations, associations or other public or private entities exclusively for the purpose of fulfilling specific legal obligations;
• freelance professionals who may execute a service to which you agreed.
6) The data controller is RENBEL TRAVEL srl, via Valpolicella 1 – 37124 Italy. The Data Processor is Renbel Travel’s legal representative, Mr Matteo Bellomi. A Data Protection Officer (DPO) is not required given the type of data processing operations we perform.
7) As the interested party, you have the following rights:
• Right to be informed. Before data collection, you have the right to know how your data will be collected, processed and stored, and for what purpose;
• Right to access data. After data collection, you have the right to access it and know how your data have been processed and stored and for what purpose;
• Right to rectification. You have the right to edit your data if they are inaccurate or incomplete;
• Right to erasure (or right to be forgotten). You have the right to have your personal data erased forever (except for other legal obligations, especially in the case of reporting to public institutions or data protection authorities);
• Right to restrict processing. You can restrict or block the use of your data;
• Right to data portability. You have the right to move, copy or transfer your personal data;
• Right to object. You have the right to prohibit your data from being processed without your explicit consent;
• Right to object to automated decisions. You have the right to not be subject to decisions based solely on algorithms or automations.
In accordance with the applicable regulations, this is inform you that, pursuant to EU Regulation 679/2016 (GDPR), the data you provide will always, and in any circumstances, be processed in accordance with the relative obligations and in compliance with the aforementioned regulation.
Renbel Travel srl. undertakes the commitment to comply with the regulations on the protection of personal data in order to ensure secure, controlled and confidential navigation based on art. 5 of the GDPR (data processing based on the principles of correctness, lawfulness and transparency) and art. 6 (lawfulness of processing).
According to art. 1 of EU Regulation 679/2016 (GDPR), commonly referred to as ‘EU Reg.’ (Subject matter and objectives of data processing), art. 2 (Material scope), art. 4 (Definitions) and art. 99 (Coming into force of the GDPR), ‘processing’ means any operation or set of operations that are performed, whether or not by automated means, on personal data, where by personal data it is meant any information concerning a natural personal (the ‘data subject’), whether identified or identifiable (an identifiable natural person is one who can be identified, directly or indirectly, in particular, by reference to an identifier, such as a name, an identification number, location data, an online identifier or one more elements characterising the person’s physical, physiological, genetic, mental, economic, cultural or social identity), or a set of personal data, such as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, profiling (according to art. 22 of the GDPR, profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements of the natural person), erasure or destruction.
The Controller of the data you supply is Renbel Travel srl VAT no./Tax code 01975510239 with registered office in Via Valpolicella 1 – 37124 Verona, Italy.
Purposes of data processing
The personal data you supply are processed in connection with contractual, statutory or General Regulation obligations, to:
– Sign contracts for the services supplied by the Controller;
– Meet pre-contractual, contractual and taxation obligations arising from the relationship
established with you;
– Fulfil the obligations provided for by the law, a regulation, a community directive or an
order of the Authority (e.g., for anti money laundering purposes);
– Exercise the rights of the Controller, e.g., the right to defence in court proceedings;
– Meet the requirements concerning the collection of participation quotas;
– Meet obligations arising from taxation and VAT rules.
It should be noted that, in connection with the purposes of data processing as described above, entering personal data is required and failure to do so, or the provision of incomplete or erroneous data, may result in the impossibility of performing the intermediation activity and make it impossible for Renbel Travel srl to fulfil its contractual obligations, as set out in the mandate agreement.
Pursuant to art. 1 (data processing objectives and subject matter) and art. 7 (explicit consent) of EU Reg. 679/2016 (GDPR), we inform you that by compiling, sending in or authorising this form, exclusively with your explicit consent, you will be able to:
– Send out training and/or information material (newsletters);
– Perform studies, statistical and market researches;
– Send out advertising and/or information material on new products and services offered by
Renbel Travel srl and/or third parties with whom the aforementioned
company has entered into commercial and/or marketing agreements;
– Assess the degree of user satisfaction and evaluate customer loyalty building activities;
– Send out or communicate your data to third parties with whom Renbel Travel srl has established relationships or has entered into commercial agreements;
– Meet legal obligations in general.
Training and/or information material (newsletters) will be sent for free to the email address you provide. Moreover, you can withdraw from our newsletters at any time by following the instructions set out in the emails you will receive.
We also inform you that, besides the right to withdraw, in your capacity as data subject, you have the right to access your data (Art. 15), rectify (Art. 16), erase (Art. 17), restrict the processing of your data (Art. 18) and receive notices concerning variations (Art. 19), the right to the portability of data (Art. 20) and the right to object the processing thereof (Art. 21).
Data processing modalities
Your personal data will be processed by means of tools that can ensure the security and confidentiality of the data, as per art. 24 of EU Reg.679/2016 (GDPR), with and without the aid of automated means suitable to store, process and transmit the data.
The tools used to process the data will comply with the instructions imposed by art. 25 of EU Reg. 679/2016 (GDPR) on data protection by design and by default.
At any time you may revoke the consent given and/or oppose the processing of your data by sending a notice to the Controller of your personal data via an e-mail message to our PEC (certified mail) address: email@example.com.
Rights of the data subject
- In accordance with the provisions set out in arts. 15 to 21 of EU Reg. 679/2016 (GDPR), you have the right to:
– obtain from the Controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access the personal data and the following information: (Art. 15);
– where personal data are transferred to a third country or to an international organisation, be informed of the appropriate safeguards pursuant to arts. 44-45-46-47 and 49 of EU Reg. (GDPR) 679/2016 relating to the transfer;
– learn the purposes and modalities of the processing;
– be informed of the logic applied in the event of data processing by means of electronic tools and, where applicable, of the existence of an automated decision-making process, including the profiling operations, as described in article 22, paragraphs 1 and 4, and, at least in this case, receive significant information on the logic used as well as the importance and the consequences envisaged for the data subject;
– be told who the data controller and the data processors are; – be informed of the subjects, or categories of subjects, to whom personal data may be communicated;
– obtain from the data controller without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, as the data subject you have the right to have incomplete personal data completed, also by providing a supplementary statement sent at a later data (Art. 16).
– obtain from the controller the erasure of personal data concerning you (Art. 17) without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (Art. 17); 4.5.2016 Law 119/43 Official Journal of the European Union IT
- b) the data subject withdraws the consent on which the processing is based according to article 6, paragraph 1, letter a) (the data subject has given consent to the processing of his or her personal data for one or more specific purposes), or article 9, paragraph 2, letter a), and where there is no other legal ground for the processing;
- c) the data subject objects to the processing pursuant to article 21, paragraph 1, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to article 21, paragraph 2;
- d) the personal data have been unlawfully processed;
- e) the personal data have to be erased for compliance with a legal obligation set out in a
European Union or Member State law to which the controller is subject;
f) the personal data have been collected in relation to the offer of information society
services referred to in article 8, paragraph 1. • obtain from the data Controller the restriction of processing provided for in article 18;
- have the Controller inform each of the addressees to whom the personal data have been communicated any rectification or erasure or restriction of processing performed pursuant to article 16, article 17, paragraph 1, and article 18, unless this proves impossible or entails a disproportionate effort. The data Controller informs the data subject of the names of such addressees, if the data subject requests it (Art. 19);
- receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format, and transmit those data to another controller without hindrance from the controller to which the personal data have been provided (Art. 20);
- object, on grounds relating to your particular situation, at any time, to processing of personal data concerning you pursuant to article 6, paragraph 1, letters e) o f), including profiling based on those provisions. The controller shall no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims (Art. 21);
- object at any time to processing of personal data concerning you for purposes of the transmission of advertising material or commercial information material for which explicit consent is required;
- exercise your natural right, and, as necessary, the right to lodge a complaint, for any form of infringement, with the national and European supervisory authorities (EU Reg. 679/2016 (GDPR), articles 77, 78, 79).
- Where the controller has made the personal data public and, pursuant to paragraph 1, is obliged to erase the personal data, account duly taken of the technology available and the cost of implementation, the controller shall take reasonable steps, including technical measures, to inform the controllers who are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of his/her personal data.
3 Paragraphs 1 and 2 shall not apply to the extent that processing is necessary: a) for exercising the right of freedom of expression and information; b) for compliance with a legal obligation which requires processing by an EU or a Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official powers vested in the controller; c) for reasons of public interest in the area of public health in accordance with article 9, paragraph 2, letters h) and i) as well as article 9, paragraph 3; d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with article 89, paragraph 1, in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or e) for the establishment, exercise or defence of legal claims;
Duration of relationship
The personal data processed shall be stored for the entire duration of the relationship of association, mandate or adherence to the services offered, and, in the event of revocation and/or termination of the relationship for any cause whatsoever, for the time period provided for in article 19 of L.D. 35/2017.
Where the subject providing his/her personal data is under the age of 16, data processing is lawful only and to extent by which the consent is given or authorised by the person having parental responsibility for the person whose identifier data and copies of ID documents have been acquired (Articles 6 and 8 of EU REG. 679/2016 (GDPR)). According to EU Reg. 679/2016, we inform you that, on account of its organisation chart, the structure that serves as data Controller is not required to use an external Data Protection Officer (D.P.O.), as provided for, and described, in articles 37, 38 and 39 of EU Reg. 679/2016. Similarly, having prepared a detailed risk assessment (using a tool called Risk Assessment Document – RAD) with the aid of a professional, it does not have to carry out a Data Protection Impact Assessment (DPIA) (Art. 35 of the GDPR).
We inform the data subject that the Controller, as provided for in article 29 of the GDPR, has organised mandatory training courses for its authorised staff, so as to ensure that every person is fully informed and made aware of how their data are processed.
We also wish to inform you that, in the event of an external attack, data breach, disaster recovery, big data analyses, total or partial loss of data, the Controller shall adopt and put in place all the measures required according to articles 33 and 34 of the GDPR, and such infringements shall be immediately notified both to the data subject and to the bodies in charge (in some cases within 72 hours of detection of the infringement).
For infringements of disclosure requirements or other offences against the rights of the data subject, administrative sanctions shall be imposed on the data Controller pursuant to article 83 of EU Reg. 679/2016 (GDPR), which may also lead to the suspension of the activities of the Controller (Art. 81 of the GDPR).
As specified in art. 94, EU Reg. 679/2016 (GDPR) supersedes de facto, in its entirety, Directive 95/46/EC, Art. 29, and comes into effect on 25 May 2018 (Art. 99).
Description of cookies
Cookies are small text files containing packets of information exchanged between a website and your device (normally a browser) and are used by the website administrator to store the information necessary to improve a user’s navigation experience and send advertising messages in keeping with the preferences expressed by a user when vising the website. When a user visits the same site, or any other site, his/her device checks for a recognisable cookie and reads the information contained in it. Different cookies contain different information and are used for different purposes (efficient navigation through the pages of a website; profiling with a view to sending targeted promotional messages; measuring traffic on a website).
While surfing the Internet, your device may also receive cookies coming from different websites or different servers (the so-called third-party cookies), which may contain one or more elements (e.g., images, maps, sounds, links to other domain pages) present in the site you are visiting. Some cookies (referred to as session cookies) remain in your browser only as long as you surf through the site and automatically expire when the browser is closed. Other cookies (referred to as persistent) are stored in your browser for a prolonged period of time. The specific purposes of the different types of cookies used by this site are described below.
Characteristics and purposes of the cookies used by this site
Technical cookies are used to ensure the proper functioning and use of our site. For instance, they enable the user to register and log in. For the most part. they are sent from the server of our company, Renbel Travel srl, but they can also come from third parties, for instance, when a site provides for external services, such as the use of social media. These cookies belong to two categories:
-Persistent cookies: when the browser is closed, these cookies are not destroyed and are retained until a predetermined expiry date,
-Session cookies: these cookies are deleted the moment the browser is closed These cookies are sent by our server and are designed to make sure that the site is viewed correctly and the services offered work properly. They are always used and are received by the users visiting the Site, unless the users have altered the settings of their browsers (which compromises their capacity to view the web pages correctly).
Cookies integrating products and software functions of third parties
These cookies are used to integrate. into the pages of the site. functions developed by third parties, such as icons and preferences expressed in social media, with the aim to share the contents of the Site or to enable third party software services (e.g., software designed to generate maps and additional software offering other services) to be used.
These cookies are sent by third-party domains and by partner sites offering their functions on the pages of the Site.
The cookies in this category are used for statistical analyses, to improve the performance of the site, make it easier to use and monitor its proper functioning. These cookies are used to collect, in anonymous form, information on the behaviour of the users visiting the Site. Analytics cookies are sent exclusively by third-party domains.
All cookies, whether sent by our server or sent by third parties, can be disabled by altering the settings in your browser preferences, but it should be noted that by doing so you could undermine the usability of a site, if you disable the cookies indispensable to site operation.
Third-party sites that may be accessed from our site are not covered by this policy notice.
Renbel Travel srl shall not be held responsible for any consequences
arising from access to such sites. For the types of cookie used and the way personal data
For any request or any question you may have, you can contact the Data Processor at our
email address firstname.lastname@example.org or our certified email address email@example.com
You can give your consent, or opt our of, all the cookies that require the user’s consent,
through one or more of the following modalities:
-By configuring your browser preferences or the software used to navigate the site.
-By changing the settings for the use of third-party services.
However, both solutions could make it impossible to use or view parts of this site.
To see how to disable cookies from your browser, click the following links to the
How to disable the cookies relating to third-party services:
Google services Facebook Twitter
The Data Controller Renbel Travel srl