At Malatesta Viaggi s.r.l. we are committed to taking utmost account when it comes to how we collect, use and protect the personal data you provide us when you register for any of our services or when you browse our website.
Our aim is to give our partners the best possible customer service and making you feel confident that your data is safe and secure with us is part of it.
In accordance with art. 13 of the European Union’s General Data Protection Regulation 2016/679, also known as GDPR, our privacy notice explains what types of personal data we collect, why and how, as well as the choices you have, including how to access and update your personal data.
The personal data you agree to provide us are stored and processed in our IT devices in order to meet the contractual obligations with you as a customer/user. Agreement on data provision is mandatory as it is necessary to provide you with the services you have requested.
The data controller is Malatesta Viaggi s.r.l., based in Via Macanno 38/n – 47923 Rimini (RN) Italy.
PURPOSES OF DATA PROCESSING
The data you provide are stored by Malatesta Viaggi s.r.l. for the following purposes, still in accordance with the European Union’s General Data Protection Regulation 2016/679:
1. to allow registration or access to the area of our website reserved for registered users and to ask for a quotation
2. to send you newsletters, catalogues and advertising material
3. to allow access to the online catalogue
4. to allow the submission of applications through the section “Work With Us”
5. to save cookies and similar technologies such as analytics on your computer and devices
6. to share them with third parties exclusively to provide you with the services and products you have requested or to execute what law requires
7. to execute the data subject’s request to exercise his/her own rights
8. to ensure a right and lawful data processing and to protect its privacy also adopting proper security measures
The forms to fill in on our website include either data that are strictly necessary to get what you are interested in and that – if not provided – do not allow us to manage your request and optional data. Mandatory fields are generally marked with an asterisk.
The data you provide us through our website are processed by electronic or digital devices for the above-mentioned purposes and in compliance with current security legislation.
LEGITIMATE INTERESTS PURSUED BY THE CONTROLLER
Upon your consent, Malatesta Viaggi S.r.l. will process your data to send you promotional, advertising, information material and special offers and to carry out marketing actions relevant to your online purchase habits and preferences, as well as for distance selling, for opinion polls and market research, for interactive commercial messages. Special categories of personal data (ex art. 9 and 10 of the EU Regulation 2016/679), directly or indirectly provided, will not be used to profile the data subject.
Promotional and information material will be sent by e-mail or mail to the address provided by the user. Data provided for the above-mentioned purposes may be used by Malatesta Viaggi even on behalf of third parties, however, without transmitting them the data provided by the data subject.
RECIPIENTS OF THE PERSONAL DATA
In order to provide the data subject with the services he/she has required, data shall be made available to third parties, who act as processors and who supply services aimed at satisfying the user’s request (e.g. mailing service companies, banking institutions, website provider) or to whom data are necessary to comply with the law or procedures or Community legislation. They may be made available to police forces (e.g. for crime prevention and repression, even IT crimes), to the magistracy, to public authorities and institutions for the exercise of their official mission in their own fields or in case the subject needs to assert or defend his/her own rights in court. The list of names of the above-mentioned third parties can be requested directly to Malatesta Viaggi S.r.l. by post or email.
Personal data will be made available to parties expressly authorized by Malatesta Viaggi S.r.l. – and as needed named or entrusted with data processing – whose processing operations are essential to fulfil the above-mentioned purposes. People entrusted with data processing are generally service providers, such as administration services, information services, customer care services for actual or potential clients, marketing and sales, call centres.
The data provided will not be sent outside the European Union.
We will retain personal data for different periods depending on the purpose for which it was collected:
1. registration to the website / request for quotation: until the user asks for cancellation
2. shipping of newsletters, catalogues and promotional material: until the user asks for cancellation
3. access to the online catalogue: until the user asks for cancellation
4. CVs: applications will be stored just in case the applicant has given his/her own express consent for data processing at the bottom and in any case no longer than 5 years
5. installation of technical cookies and analytics tools on your desktop computer or mobile devices: until the user asks for cancellation
6. data sharing with third parties exclusively to provide the data subject with the services and products he/she has requested or to execute what law requires: until the user asks for cancellation or for the time required or permitted by law
7. to execute the data subject’s request to exercise his/her own rights: until the user asks for cancellation
8. to ensure a right and lawful data processing: for the time required by law
The personal information retention periods are documented in our record of processing activities.
RIGHTS OF DATA SUBJECTS
Data subjects have the following rights::
– Right of access to the personal data (Art. 15 UE GDPR 2016/679)
– Right to rectification (Art. 16 UE GDPR 2016/679)
– Right to erasure (Art. 17 UE GDPR 2016/679)
– Right to restriction of processing (Art. 18 UE GDPR 2016/679)
– Right to data portability (Art. 20 UE GDPR 2016/679)
– Right to object (Art. 21 UE GDPR 2016/679)
If the data controller has obtained the data upon data subject’s consent, the data subject shall have the right to withdraw his or her consent at any time.
Furthermore, in case the data subject thinks one or more of his/her rights have been infringed, he/she can lodge a complaint with the Data Protection Supervisory Authority of his/her own country. Please find below the link to the Italian Data Protection Supervisor to know more about the procedures to follow in Italy:
We also specify that no automated decision-making is used by Malatesta Viaggi S.r.l.
All above-mentioned rights shall be exercised at any time and for free writing to Malatesta Viaggi S.r.l. Via Macanno 38/N – 47923 Rimini (RN) Italy or to [email protected]
SECURITY OF PERSONAL DATA
The level of security Malatesta Viaggi S.r.l. guarantees to keep your personal data confidential, including “firewall” and data transmission through SSL (Secure Socket Layer), are currently the highest possible. Furthermore, specific techniques are used to protect data from non authorized access by third parties.
In any case Malatesta Viaggi S.r.l. takes appropriate and preventive security measures to safeguard confidentiality, integrity, completeness, availability of personal data. In compliance with the regulation on the security of personal data processing, Malatesta Viaggi uses technical, logistic and organization devices in order to prevent damages, losses – even casual/accidental – wrong and non authorized use of the data. Similar preventive security measures are taken by the third parties (in charge of data processing) who were entrusted with data processing on behalf of Malatesta Viaggi S.r.l. and provided with behavioural rules and instructions to security procedures by Malatesta Viaggi, which in turn supervises their right usage by people in charge.
Malatesta Viaggi S.r.l. is not responsible for false information sent directly by the data subject (e.g. wrong e-mail or postal address or other personal data), as well as for information about him/her provided by a third party, even fraudulently.
In their normal operation, computer systems and software that make our website work properly acquire some data whose transmission is implicit in the usage of internet communication protocols. Those data are not collected to be associated to registered users, but, by their very nature, they may lead to the identification of the users through the processing and the association with data held by third parties. This data category includes IP addresses or computer domains used by the users who browse our website, URI addresses (Uniform Resource Identifier), request time, type of request to the server, file size of the server response, the numeric status code that indicates the type of server response (successful, error or similar) and further features of the user’s operating system and type of device. Those data are only used to get anonymous statistical information on the website use and to check its right operation and are deleted immediately after their processing. Data may be used to find out guilty parties in case of hypothetical computer crimes against our website.