Privacy policy newsletter

Privacy Policy for Personal Data Processing Website tourvespucci.it

NEWSLETTER SUBSCRIPTION

Data Controller
99 Tour Vespucci S.r.l., Via Fulcieri Paulucci De’ Calboli 5, Rome (RM) – VAT 17592821007.
E-mail address of the Data Controller: privacy@tourvespucci.it
99 Tour Vespucci S.r.l. owns the domain https://tourvespucci.it (hereinafter, the “Site”).

Regulatory References
The personal data of Data Subject (hereinafter, “Data Subject” or “User”) will be processed in accordance with Legislative Decree 101/2018 and Regulation (EU) 2016/679 on personal data protection (the “GDPR”). The processing of personal data will be based on principles of fairness, lawfulness, transparency, and protection of confidentiality and rights of the Data Subject.

Types of Data Collected
Data Controller processes the e-mail addresses of Data Subjects. Other personal data (IP address and other usage data) are tracked via Cookies, whose policy can be viewed here (link to Cookie policy).
For operational and maintenance purposes, the Site and any third-party services it uses may collect system logs, which are files that record interactions and may also contain personal data, such as the User’s IP address.
Users can always click on the icons of Facebook, Instagram, LinkedIn, X, Tik Tok platforms present on the Site’s pages if they wish to follow the Site’s social channels: the Data Controller does not acquire any personal data of the Data Subject connected to these third-party platforms.

Purposes of Data Processing
Personal data is collected for the following purposes:
a) by specific consent, to send newsletters to keep updated on the stages and events of the World Tour;
b) to fulfill legal obligations, respond to requests or enforce actions, protect its own rights and interests (or those of Users or third parties), identify any malicious or fraudulent activity.
Personal data may be freely provided by the User or, in the case of usage data, collected automatically during the use of the Site through Cookies. In cases where some data is optional, Users are free to abstain from communicating such data without any consequences on the availability or operation of the Service. The User is responsible for the personal data of third parties obtained, published, or shared through the Site.

Legal Basis of Processing
The legal basis for processing operations is, for the purposes under point a), the consent of the Data Subject. For the purposes under point b), compliance with legal obligations.
Where processing requires consent, the User acknowledges that the withdrawal of consent could make unavailable the services offered by the Site.

Processing Methods
Data Controller takes appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of personal data.
Processing is carried out using IT and/or telematic tools, with organizational methods and logics strictly related to the indicated purposes. In addition to the Data Controller, in some cases, other parties involved in the Site’s management (administrative, commercial, marketing staff, legal advisors, system administrators, technical/specialized personnel) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communication agencies) may have access to the data, also appointed, if necessary, as Data Processors by the Data Controller. The updated list of Data Processors can always be requested from the Data Controller.

Location
Data is processed at the operational offices of Data Controller and any other places where the parties involved in the processing are located. The User’s personal data may be transferred to a country different from the one in which the User is located.
Should it be necessary, for technical and/or operational reasons, to use entities located outside the European Economic Area, or to transfer some of the personal data to technical systems and services managed in the cloud and located outside the European Union, the processing will be carried out in accordance with the provisions of Regulation (EU) 2016/679.
It is understood that all necessary precautions will always be taken to ensure the protection of personal data based on the transfer: a) on adequacy decisions of the third-country recipients expressed by the European Commission; b) on adequate guarantees expressed by the third-party recipient under Article 46 of GDPR; c) on the derogations for specific situations under Article 49 of GDPR.

Retention Period
For processing based on the User’s consent, Data Controller may retain personal data until the consent is withdrawn. For processing based on legal obligations, data will be processed for specific legal purposes or to comply with an authority’s order.
At the end of the retention period, personal data will be deleted. Therefore, after this period, the right to access, deletion, rectification, and the right to data portability can no longer be exercised.

Rights of Data Subject
Data Subjects may exercise certain rights concerning the Data processed by Data Controller.
In particular, within the limits provided by law, Data Subject has the right to:
withdraw consent at any time. Data Subject can withdraw consent to the processing of their Personal Data previously given.
object to the processing of their Data. Data Subject can object to the processing of its Data when it is done on a legal basis other than consent.
access their Data. Data Subject has the right to obtain information about the Data processed by Data Controller, certain aspects of the processing, and to receive a copy of the Data processed.
verify and request rectification. Data Subject can verify the accuracy of its Data and request that it be updated or corrected.
obtain the restriction of processing. Data Subject can request the restriction of the processing of its Data. In this case, Data Controller will not process the Data for any purpose other than their storage.
obtain the deletion or removal of their Personal Data. Data Subject can request the deletion of its Data by Data Controller.
receive their Data or have it transferred to another controller. Data Subject has the right to receive their Data in a structured, commonly used, and machine-readable format and, where technically feasible, to have it transferred without obstacles to another controller.
lodge a complaint. Data Subject can lodge a complaint with the competent data protection supervisory authority or take legal action.
Data Subjects have the right to obtain information about the legal basis for the transfer of Data abroad, including to any international organization regulated by international law or constituted by two or more countries, such as ONU, and about the security measures adopted by Data Controller to protect their Data.
To exercise their rights, Data Subjects can direct a request to Data Controller’s contact details indicated in this document. The request is free of charge, and Data Controller will respond as soon as possible, in any case within one month, providing Data Subject with all the information required by law. Any rectifications, deletions, or restrictions on processing will be communicated by Data Controller to each of the recipients, if any, to whom the Personal Data was transmitted, unless this proves impossible or involves a disproportionate effort.

Changes to the Privacy Policy
Data Controller reserves the right to make changes to this Privacy Policy at any time by notifying Data Subjects on this page and, if possible, on the Site, and, if technically and legally feasible, by sending a notification to Data Subjects via any contact information available to Data Controller. Please consult this page frequently, referring to the date of the last modification indicated below.
Last modification: June 23, 2024