Privacy policy
Privacy Policy for the Processing of Personal Data – Website tourvespucci.it
Data Controller
99 Tour Vespucci S.r.l., Via Fulcieri Paulucci De’ Calboli 5, Rome (RM) – VAT 17592821007.
E-mail address of the Data Controller: privacy@tourvespucci.it
99 Tour Vespucci S.r.l. owns the domain https://tourvespucci.it (hereinafter, the “Site”).
Legal References
Personal data of the data subject (hereinafter, “Data Subject” or “User”) will be processed in accordance with Legislative Decree 101/2018 and Regulation (EU) 2016/679 on the protection of personal data (the “GDPR”). The processing of Personal Data will be conducted based on principles of fairness, lawfulness, transparency, and the protection of the confidentiality and rights of the Data Subject.
Types of Data Collected
Among the Personal Data collected by the Site, either independently or through third parties, are: personal data and usage data.
The Data Controller processes User’s identification data, date of birth, and e-mail address.
For usage data, please refer to the Cookie Policy (link to the Cookie Policy text).
For operational and maintenance purposes, the Site and any third-party services it uses may collect system logs, which are files that record interactions and may contain Personal Data such as the User’s IP address.
Users can always click on the icons of the platforms Facebook, Instagram, LinkedIn, X, TikTok on the Site’s pages if they wish to follow the Site’s social channels: Data Controller does not acquire any personal data of Data Subject connected to these third-party platforms.
Purposes of Data Processing
Personal Data is collected for the following purposes:
a) to allow Users to access information, register, and participate in events organized for the Amerigo Vespucci ship’s 2023/2025 world tour, including, for example, onboard visits, event participation, exhibitions, entry into villages set up near the ship.
b) to manage, as much as possible, any specific requests from Users with particular needs.
c) to send service emails to inform Users registered for events of any changes/cancellations of dates, times, and locations due to technical-organizational reasons.
d) to take images and videos at World Tour events and publishing its on the Site.
e) to send emails and request feedback from participating Users.
f) to allow access to the Site through third-party services.
g) by prior consent, to make interviews with participants to share public impressions of the organized events.
h) by prior consent, to send newsletters to keep Users updated on the stages and events of the World Tour.
i) to comply with legal obligations, responding to requests or enforcement actions, protecting its rights and interests (or those of Users or third parties), identifying any malicious or fraudulent activity.
Personal Data may be freely provided by Data Subject or, in the case of Usage Data, collected automatically during the use of the Site and/or the exchange of information through other channels and/or participation in events. Where some Data is optional, Data Subjects are free to refrain from communicating such Data without any consequence on the availability or functionality of the Service. The User assumes responsibility for the Personal Data of third parties obtained, published, or shared through the Site.
Legal Basis for Processing
The legal basis for processing operations is, for the purposes referred to in letters a) to f), the User’s adherence to the Site’s Terms of Use. For the purposes referred to in letters g) and h), the consent of the Data Subject. For the purposes referred to in letter i), compliance with legal obligations.
In cases where processing requires consent, the User is aware that withdrawal of consent could make unavailable the services offered by the Site.
Processing Methods
Data Controller takes appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of Personal Data.
Processing is carried out using IT and/or telematic tools, with organizational methods and logic strictly related to the indicated purposes. In addition to the Data Controller, in some cases, other parties involved in the management of the Site (administrative, commercial, marketing, legal, system administrators, and technical/specialized personnel) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the Data, and they may be appointed, if necessary, as Data Processors by Data Controller. The updated list of Data Processors can always be requested by Data Controller.
Location
Data is processed at the operational offices of Data Controller and in any other place where the parties involved in the processing are located. Personal Data of Data Subject may be transferred to a country other than the one in which the User is located.
Should it be necessary, for technical and/or operational reasons, to use entities located outside the European Economic Area, or should it be necessary to transfer some Personal Data to technical systems and services managed in the cloud and located outside the European Union, the processing will be carried out in compliance with the provisions of the GDPR.
All necessary precautions will always be taken to ensure the protection of Personal Data based on such transfers: a) on adequacy decisions of third-party countries expressed by the European Commission; b) on appropriate safeguards expressed by the third-party recipient pursuant to Article 46 of GDPR; c) on derogations related to specific situations under Article 49 of GDPR.
Retention Period
Personal Data is processed and stored for the time required by the purpose for which it was collected and may be kept for a longer period due to any legal obligations or based on the Users’ consent.
Specifically, Personal Data collected for the fulfillment of the Site’s Terms of Use will be retained until the end of the Vespucci Tour.
When processing is based on the User’s consent, Data Controller may retain Personal Data until such consent is withdrawn.
It remains understood that Data Controller may be obliged to retain Personal Data for a longer period to comply with a legal obligation or by order of an authority.
At the end of the retention period, Personal Data will be deleted. Therefore, at the expiration of this term, the right to access, deletion, rectification, and the right to data portability can no longer be exercised.
Cookie Policy
The Site uses Tracking Tools. For more information, Data Subjects can refer to the Cookie Policy. The use of Cookies or other tracking tools by the Site or the owners of third-party services used by the Site aims to provide the Service requested by the Data Subject, in addition to the further purposes described in this document and in the Cookie Policy.
Rights of Data Subject
Data Subjects may exercise certain rights concerning the Data processed by Data Controller.
In particular, within the limits provided by law, Data Subject has the right to:
withdraw consent at any time. Data Subject can withdraw consent to the processing of their Personal Data previously given.
object to the processing of their Data. Data Subject can object to the processing of its Data when it is done on a legal basis other than consent.
access their Data. Data Subject has the right to obtain information about the Data processed by Data Controller, certain aspects of the processing, and to receive a copy of the Data processed.
verify and request rectification. Data Subject can verify the accuracy of its Data and request that it be updated or corrected.
obtain the restriction of processing. Data Subject can request the restriction of the processing of its Data. In this case, Data Controller will not process the Data for any purpose other than their storage.
obtain the deletion or removal of their Personal Data. Data Subject can request the deletion of its Data by Data Controller.
receive their Data or have it transferred to another controller. Data Subject has the right to receive their Data in a structured, commonly used, and machine-readable format and, where technically feasible, to have it transferred without obstacles to another controller.
lodge a complaint. Data Subject can lodge a complaint with the competent data protection supervisory authority or take legal action.
Data Subjects have the right to obtain information about the legal basis for the transfer of Data abroad, including to any international organization regulated by international law or constituted by two or more countries, such as ONU, and about the security measures adopted by Data Controller to protect their Data.
To exercise their rights, Data Subjects can direct a request to Data Controller’s contact details indicated in this document. The request is free of charge, and Data Controller will respond as soon as possible, in any case within one month, providing Data Subject with all the information required by law. Any rectifications, deletions, or restrictions on processing will be communicated by Data Controller to each of the recipients, if any, to whom the Personal Data was transmitted, unless this proves impossible or involves a disproportionate effort.
Changes to the Privacy Policy
Data Controller keeps the right to make changes to this Privacy Policy at any time by notifying Data Subjects on this page and, if possible, on the Site, and, if technically and legally feasible, by sending a notification to Data Subjects via any contact information available to Data Controller. Please consult this page frequently, referring to the date of the last modification indicated below.
Last modification: June 23, 2024