Privacy policy area media

Privacy Policy for the Processing of Personal Data on the tourvespucci.it Website


MEDIA SECTION
Data Controller
99 Tour Vespucci S.r.l., Via Fulcieri Paulucci De’ Calboli 5, Rome (RM) – VAT No. 17592821007. Data Controller’s e-mail address: privacy@tourvespucci.it 99 Tour Vespucci S.r.l. owns the domain https://tourvespucci.it (hereinafter referred to as the “Site”).

Legal References
The personal data of Data Subject (hereinafter, “Data Subject”) will be processed in accordance with Legislative Decree 101/2018 and the EU Regulation 2016/679 on the protection of personal data (the “GDPR”). The processing of Personal Data will be based on principles of fairness, legality, transparency, and the protection of confidentiality and the rights of the Data Subject.

Types of Data Collected
Data Subject is a journalist registered with the Journalists’ Register. Data Controller reserves the right to verify the role and company of the Data Subject who registers in the Media Area of the Site before validating the registration to the Media section of the Site.
Among the Personal Data collected by the Site, independently or through third parties, there are: Personal Data and Usage Data.
Among the Personal Data, the Data Controller processes the Data Subject’s personal information, role, company, and e-mail address.
For Usage Data, refer to the Cookie Policy (link to the Cookie Policy text).
For operational and maintenance needs, the Site and any third-party services used by it may collect system logs, i.e., files that record interactions and may also contain Personal Data, such as the Data Subject’s IP address.

Purposes of Data Processing
Personal Data is collected for the following purposes:
a) to allow Data Subjects to access media area information, such as press releases, videos, photos, interviews, newspaper articles, etc.;
b) to comply with legal obligations, respond to requests or executive actions, protect their rights and interests (or those of Users or third parties), detect any malicious or fraudulent activity.
Personal Data may be freely provided by Data Subject or, in the case of Usage Data, collected automatically during the use of the Site. In cases where some Data are optional, Data Subjects are free to refrain from communicating such Data, without this having any consequence on the availability of the Service or its operation. Data Subject assumes responsibility for the Personal Data of third parties obtained, published, or shared through the Site.

Legal Basis of Processing
The legal basis for the processing operations is, for the purposes referred to in letter a), the consent of the Data Subject; for the purposes referred to in letter b), the fulfillment of legal obligations.
In cases where processing requires consent, Data Subject acknowledges that withdrawal of consent could make unavailable the services offered by Site in the dedicated Media section.
The Site may request certain permissions from Facebook and Google to allow access to the Site through the Data Subject’s Facebook and Google accounts; this may involve the collection of information, including Personal Data, from them, subject to the Data Subject’s authorization of the privacy policies of these platforms.

Methods of Processing
Data Controller takes appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of Personal Data.
Processing is carried out using IT and/or telematic tools, with organizational methods and logic strictly related to the purposes indicated. In addition to Data Controller, in some cases, other subjects involved in the management of the Site (administrative, commercial, marketing, legal, system administrators, and technical/specialized personnel) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the Data, also appointed, if necessary, as Data Processors by Data Controller. The updated list of Data Processors can always be requested from Data Controller.

Location
Data is processed at the operational offices of Data Controller and any other place where the parties involved in the processing are located. The Personal Data of Data Subject may be transferred to a country other than the one in which Data Subject is located.
If, for technical and/or operational reasons, it is necessary to use subjects located outside the European Economic Area, or it is necessary to transfer some of the Personal Data to technical systems and services managed in the cloud and located outside the European Union, the processing will be carried out in accordance with the provisions of the GDPR.
It is understood that all necessary precautions will always be adopted to ensure the protection of Personal Data by basing such transfer: a) on adequacy decisions of the third-party recipient countries expressed by the European Commission; b) on appropriate guarantees expressed by the third-party recipient pursuant to art. 46 of the GDPR; c) on the derogations related to specific situations pursuant to art. 49 of the GDPR.

Retention Period
Personal Data is processed and stored for the time required by the purpose for which it was collected and may be stored for a longer period due to any legal obligations or based on the consent of Data Subjects.
When processing is based on the Data Subject’s consent, Data Controller may retain Personal Data until such consent is withdrawn.
It is understood that Data Controller may be obliged to retain Personal Data for a longer period to comply with a legal obligation or by order of an authority.
At the end of the retention period, Personal Data will be deleted. Therefore, at the end of this term, the right of access, deletion, rectification, and the right to data portability can no longer be exercised.

Cookie Policy
The Site uses Tracking Tools. To learn more, Data Subjects can consult the Cookie Policy (link to Cookie Policy). Any use of Cookies or other tracking tools by the Site or the owners of third-party services used by the Site has the purpose of providing the Service requested by the Data Subject, in addition to the further purposes described in this document and in the Cookie Policy.

Rights of Data Subject
Data Subjects may exercise certain rights concerning the Data processed by Data Controller.
In particular, within the limits provided by law, Data Subject has the right to:
withdraw consent at any time. Data Subject can withdraw consent to the processing of their Personal Data previously given.
object to the processing of their Data. Data Subject can object to the processing of its Data when it is done on a legal basis other than consent.
access their Data. Data Subject has the right to obtain information about the Data processed by Data Controller, certain aspects of the processing, and to receive a copy of the Data processed.
verify and request rectification. Data Subject can verify the accuracy of its Data and request that it be updated or corrected.
obtain the restriction of processing. Data Subject can request the restriction of the processing of its Data. In this case, Data Controller will not process the Data for any purpose other than their storage.
obtain the deletion or removal of their Personal Data. Data Subject can request the deletion of its Data by Data Controller.
receive their Data or have it transferred to another controller. Data Subject has the right to receive their Data in a structured, commonly used, and machine-readable format and, where technically feasible, to have it transferred without obstacles to another controller.
lodge a complaint. Data Subject can lodge a complaint with the competent data protection supervisory authority or take legal action.
Data Subjects have the right to obtain information about the legal basis for the transfer of Data abroad, including to any international organization regulated by international law or constituted by two or more countries, such as ONU, and about the security measures adopted by Data Controller to protect their Data.
To exercise their rights, Data Subjects can direct a request to Data Controller’s contact details indicated in this document. The request is free of charge, and Data Controller will respond as soon as possible, in any case within one month, providing Data Subject with all the information required by law. Any rectifications, deletions, or restrictions on processing will be communicated by Data Controller to each of the recipients, if any, to whom the Personal Data was transmitted, unless this proves impossible or involves a disproportionate effort.

Changes to the Privacy Policy
Data Controller keeps the right to make changes to this Privacy Policy at any time by notifying Data Subjects on this page and, if possible, on the Site, and, if technically and legally feasible, by sending a notification to Data Subjects via any contact information available to Data Controller. Please consult this page frequently, referring to the date of the last modification indicated below.
Last modification: June 23, 2024