1. Home
  2. Privacy and terms

Privacy and terms

PERSONAL DATA PROCESSING POLICY


This page describes the website management methods with reference to the processing of personal data of the users who visit it, as well as the methods and purposes of processing personal data.

This policy is also provided pursuant to art. 13-14 EU Regulations 2016/679 to those who interact with the web services that can be accessed electronically through the addresses: https://www.incomingexperience.it/index.cfm/it/(online bookings portal) and www.incomingexperience.it (information portal). Both addresses, despite having two different purposes, are linked to the same website, hereinafter also referred to as “site”.

This site is owned by CONSORZIO TURISTICO INCOMING EXPERIENCEthat manage and maintain this site with the aim to supply information and notices regarding the products or services offered.

The policy is provided only for the site and not for any other Websites that can be consulted through our links, of which CONSORZIO TURISTICO INCOMING EXPERIENCE have by no means responsibility.

CONSORZIO TURISTICO INCOMING EXPERIENCE, Torino (TO), Via Berthollet, 19 – 10125, as Data Controller in charge for the processing of Your personal data, pursuant to and in accordance with the EU Regulations 2016/679 - GDPR, herewith inform You that the aforesaid Regulations provide for the protection of the parties involved with reference to the processing of the personal data and that such processing will be carried out according to the principles of correctness, lawfulness, transparency and of protection of Your privacy and of Your rights.

Your personal data will be processed according to the law provisions of the aforesaid regulations and to the confidentiality obligations provided for therein.

 

TYPES OF DATA PROCESSED

Browsing Data

The computer systems and the software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the usage of the Internet communication protocols. These information are not collected with the aim of linking them to any identified parties who are involved, but by their very nature they may, through processing and association with the data held by third parties, allow to identify the users. This category of data includes the IP addresses or the domain names of the computers used by any visitors connecting to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the server query method, the size of the file obtained in response, the code indicating the status of the reply given by the server (successful, error, etc.) and other parameters related to the operating system and to the IT system of the user. These data will only be used to obtain anonymous statistical information on the usage of the site and to check its proper operation and will be cancelled immediately after their processing. The above-mentioned data may be used to check responsibility in case of any hypothetical computer crimes against the site.

 

 

Personal Data provided voluntarily by the users

The discretionary, explicit and voluntary dispatch of e-mails to the address linked to this site and, in particular, the compilation of the form – in the section “Ask for information” – with insertion of personal data (name, surname, address, town, phone, e-mail) for specific requests, entail the subsequent acquisition of the sender’s address, that is needed to reply to inquiries, as well as any other personal data inserted in the form.

Specific summary information will be reported or displayed in the website pages devoted to specific services (newsletters, marketing, inquiries, bookings and payment) and, where needed in accordance with the regulations, the specific consents to the users’ personal data processing are requested.

In the website sections “Ask for Information” or, as an alternative, directly by sending a message to the e-mail address linked to the site, the User can write communications to the data Controller, by inserting in the form “message” any information that can contain data that can be classified as “special categories of personal and/or legal data” (see articles 9-10 Regulation). The data Controller emphasize from now on that they have no interest in collecting and storing, or even using, this type of personal data, unless strictly necessary for the performance of the activities related to the services requested.

Purchase data

At the time of order we collect your purchase data, including order number, details on the services that are purchased, details on payment method, delivery and billing addresses.

Payment data

We collect the payment data that you give us for the execution of payment. These data include IBAN and BIC, namely the account number and bank code, credit card data. We receive further data on the payments from external payment management services and economic information services with which we cooperate in order to manage payments and verify solvency. We transmit to our payment management services only those data that are needed for the execution of payment. Payment data also include additional data directly related to the execution of payment and the solvency check. These include, for example, any data that the external services providers use for identification purposes, as for example your Paypal ID.

 

CONSEQUENCES OF REFUSAL TO PROVIDE DATA

Apart from what is indicated for the browsing data, the user is free to provide his personal data indicated in the form in the section “Ask for Information”. Failure to provide such data may make it impossible to obtain what is requested.

For the purposes of newsletters and marketing, the data Controller provides for the collection of the User’s consent in order to comply with the requirements of fairness and transparency. The party involved may at any time withdraw his consent to the processing of his personal data for the aforementioned purposes.

PROCESSING METHODS

The data are processed mainly with electronic and IT tools and they are stored both on IT tools as well as on paper and any other suitable means, in compliance with articles 6, 32 of the GDPR and by adopting the appropriate safety measures to prevent the loss of data, illegal or incorrect usage and unauthorized access.

We inform you that, in order to provide a complete service, our portal may contain links to other websites, which are not managed by ourselves. Therefore we are not responsible for any mistakes, contents, cookies, publication of unlawful contents contrary to ethics, advertisements, banners or files that are not compliant with the regulations in force, and for the compliance with the Privacy laws by websites that are managed by ourselves to which reference is made. In order to improve our service we would appreciate an immediate notice of any failures, violations or suggestions to the address info@incomingexperience.it

Your data will only be processed by personnel expressely authorised by the Data Controller.

 

PURPOSES OF THE DATA PROCESSING


The data will be processed for the following purposes:

- give the chance to access the public sections of the site;

- processing the requests for information on the services provided (guided tours, experiences, proposals);

- allow the purchases and the provision of the services offered;

- send periodic communications via the e-mail newsletter service;

- send periodic commercial and / or promotional communications through the direct marketing service managed directly by the data Controller by e-mail;

- carry out the obligations required by laws or regulations;

- allow constant monitoring of the effectiveness of the service proposed;

- monitor and analyse traffic data to keep track of user behaviour (most visited pages, number of visitors per time slot or per day, geographical areas of origin).

 

LAWFULNESS AND LEGAL BASIS OF THE PROCESSING

The data processings used to manage the periodic communications made through the newsletter and the direct marketing services are carried out with the specific consent of the user. The processings used for all the other aforesaid purposes are based on the fulfillment of legal and contractual obligations as well as on the legitimate interests of the data Controller.

PARTIES TO WHOM PERSONAL DATA MAY BE DISCLOSED

The personal data related to the processing under consideration can be disclosed also to parties which are granted the right to access Your personal data by law or secondary and / or community regulations. Your data may only be disclosed to competent parties duly appointed to carry out the services needed for a correct management of the relationship (for example, but not limited to: consortium and non-associated hotels, tour operators, insurance companies, event organasing committee), with guarantee of protection of the rights of the person involved.  Furthermore some data may be communicated and disclosed to those Internet operators used by CONSORZIO TURISTICO INCOMING EXPERIENCE for their domains.

Your personal data will not be disclosed in any way.

DATA RETENTION PERIOD

We inform you that, in compliance with the law, limitation of purposes and minimisation of data, pursuant to article 5 of the GDPR, the period of retention of Your personal data is established for the period needed to carry out the services requested.

Reg.to UE 2016/679: Artt. 15, 16, 17, 18, 19, 20, 21, 22 – Rights of the Data Subject

1. The data subject has the right to obtain confirmation as to whether or not personal data concerning him exist, even if not yet recorded, and to have them communicated in an intelligible form.

2. The data subject is entitled to obtain the indication:

• of the source of the personal data;
• of the purposes and methods of the processing;
• of the logic applied in case of treatment with the aid of electronic instruments;
• of the identification data of the owner, of the managers and of the representative appointed in accordance with article 5, paragraph 2;
• of the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the territory of the State, managers or agents.

3. The data subject has the right to obtain:

• the update, the rectification or, when interested, the integration of the data;
• the deleting, the conversion into anonymous form or the blocking of data processed in violation of the law, including data whose retention is not necessary for the purposes for which the data were collected or subsequently processed;
• the certification that the operations referred to with the letters a) and b) have been brought to knowledge, also regarding their content, of those to whom the data were communicated or distributed, unless this requirement proves impossible or involves a manifestly disproportionate to the protected right;
• data portability.

4. The interested parties have the right to oppose, completely or partly:

• for reasons legitimate to data processing that concern the interested parties;
• personal data processing that concerns them for the pourpose of sending material regarding advertising, direct sales or research;
• market or commercial communication.

Furthermore, if the party involved considers that the processing of his data is against the regulations in force, he may lodge a complaint with the personal data protection Authority pursuant to art. 77 of the Regulation 2016/679.

In order to exercise the rights listed above, the party involved shall send a written request to the address info@incomingexperience.it

 

THE DATA CONTROLLER

The data Controller is CONSORZIO TURISTICO INCOMING EXPERIENCE, Torino (TO), Via Berthollet 19 - 10125, represented by their pro tempore legal representative.

 

 

COOKIES

Below is the link through which the user can view the cookie policy: https://www.incomingexperience.it/index.cfm/it/cookie-policy/