The purpose of this document is to inform the natural person (hereinafter “Data Subject”) about the processing of his/her personal data (hereinafter “Personal Data”) collected by the data controller, IG Holydays s.r.l.s., with registered office in Via Castello Maniace, 57 – 96100 Siracusa, Tax Code/VAT No. 02098000892, e-mail address igholidaysinfo@gmail.com, (hereinafter “Data Controller”), via and www.igholidaysiracusa.com (hereinafter “Application”).
Changes and updates will be effective as soon as they are published on the Application. In case of non-acceptance of the changes made to the Privacy Policy, the Data Subject shall stop using this Application and may ask the Data Controller to delete his/her Personal Data.
- Categories of Personal Data processedThe Data Controller processes the following types of Personal Data voluntarily provided by the Data Subject:
- Contact Data: first name, last name, address, e-mail address, phone number, pictures, authentication credentials, any further information sent by the Data Subject, etc.
- Fiscal and payment Data: tax code, VAT number, credit card data, bank account details, etc.
- Usage Data: such as, for example, pages visited, number of clicks, actions taken, duration of sessions, etc.
- Cookies and similar technologiesCookies are not used for the transmission of personal information, and neither are persistent cookies of any kind used, i.e. systems for tracing the Data Subjects. Therefore, the Application does not acquire the Personal Data of the Data Subjects using these technologies. Use is made of session technical cookies (not persistent), strictly limited to what is necessary for the safe and efficient navigation of the Application.
- Legal basis and purpose of data processingThe processing of Personal Data is necessary:
- for the performance of the contract with the Data Subject and especially:
- fulfillment of any obligation arising from the pre-contractual or contractual relationship with the Data Subject
- support and contact with the Data Subject: to answer the Data Subject’s requests
- for legal obligations and especially:
- the fulfilment of any obligation provided for by the applicable norms, laws and regulations, in particular, on tax and fiscal matters
- for the performance of the contract with the Data Subject and especially:
- Data processing methods and receivers of Personal DataThe processing of Personal Data is performed via paper-based and computer tools with methods of organization and logics strictly related to the specified purposes and through the adoption of appropriate security measures.Personal Data are processed exclusively by:
- persons authorized by the Data Controller to process Personal Data who have committed themselves to confidentiality or have an appropriate legal obligation of confidentiality;
- subjects that operate independently as separate data controllers or by subjects designated as data processors by the Data Controller in order to carry out all the processing activities necessary to pursue the purposes set out in this policy (for example, business partners, consultants, IT companies, service providers, hosting providers);
- subjects or bodies to whom it is mandatory to communicate Personal Data by law or by order of the authorities.
- PlacePersonal Data will not be transferred outside the territory of the European Economic Area (EEA).
- Personal Data storage periodPersonal Data will be stored for the period of time that is required to fulfill the purposes for which it was collected. In particular:
- for purposes related to the execution of the contract between the Data Controller and the Data Subject, will be stored for the entire duration of the contractual relationship and, after termination, for the ordinary prescription period of 10 years. In the event of legal disputes, for the entire duration of such disputes, until the time limit for appeals has expired
- for purposes related to legitimate interests of the Data Controller, they will be stored until the fulfilment of such interest
- in compliance with legal obligations, by order of an authority and for legal protection, they shall be stored according to the relevant timeframes provided for by such obligations, regulations and, in any case, until the expiry of the prescriptive term provided for by the rules in force
- for purposes based on the consent of the Data Subject, they will be stored until the consent is revoked
- Rights of the Data SubjectData Subjects may exercise specific rights regarding the Personal Data processed by the Data Controller. In particular, the Data Subject has the right to:
- be informed about the processing of their Personal Data
- withdraw consent at any time
- restrict the processing of his or her Personal Data
- object to the processing of their Personal Data
- access their Personal Data
- verify and request the rectification of their Personal Data
- restrict the processing of their Personal Data
- obtain the erasure of their Personal Data
- transfer their Personal Data to another data controller
- file a complaint with the Personal Data protection supervisory authority and/or take legal action.
Last update: 27/04/2023