Consultation of the website www.sunridetour.com (hereinafter also referred to as the “website”) may entail the processing of certain personal data of users (hereinafter also referred to as “data subjects”).
As required by current legislation (Art. 13 General Data Protection Regulation, hereinafter also referred to as the GDPR), the data controller provides users who visit the website with certain information regarding the processing of the data acquired.
THE DATA CONTROLLER IS:
Data controller: SUN RIDE DI MARGUTTI DARIO MARIO & C. SNC
VAT No.: 04599190164
WHAT DATA IS PROCESSED?
The data processed are navigation data and data provided spontaneously by the user.
DATA PROVIDED DIRECTLY BY THE USER
The Data Controller processes data provided directly by the user, i.e. personal data that the user provides voluntarily (for example, when requesting information or explanations by telephoning the numbers indicated on the website or by writing to the e-mail addresses therein).
The user may contact the Data Controller (to request information, to book an appointment, etc.), and may subscribe to certain services (newsletters, MailQ, etc.) through the appropriate forms on the pages of the site, which contain specific information that the user must read before providing the data.
The user who provides data referring to third parties (for example, by filling in forms on the site or through communication by email or telephone contact) assumes all the obligations and responsibilities provided for by the regulations in force regarding their processing, guarantees that he/she has acquired and processes the data of third parties, if transmitted, in accordance with the sector regulations referred to and indemnifies SUN RIDE DI MARGUTTI DARIO MARIO & C. SNC against claims, disputes and requests for compensation for damages related to the transfer of third party data.
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This information could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment.
WHAT ARE THE PURPOSES AND LEGAL BASES OF THE PROCESSING?
DATA PROVIDED DIRECTLY BY THE USER: PURPOSES AND LEGAL BASES
Personal data provided by the user in an optional manner by contacting the data controller are used only to process any requests made.
The legal bases for the processing of such data are therefore: the execution of pre-contractual measures.
Should it become necessary, the data may also then be used for the legitimate interest of the owner to carry out defensive activities or to assert or defend a right in court.
NAVIGATION DATA: PURPOSES AND LEGAL BASES
Surfing data are used to obtain statistical information on the use of the website, for website security purposes and to check its correct functioning, and could be used to ascertain responsibility in the event of any computer crimes to the detriment of the website.
The navigation data of users accessing the website are acquired and processed directly by the hosting provider without SUN RIDE DI MARGUTTI DARIO MARIO & C. SNC has access to it except limited to the IP of the user who fills in a form and the data acquired through third party services (such as Google Analytics) for which please refer to the information specifically prepared.
The legal basis for the processing of browsing data is the legitimate interest of the data controller consisting of defensive needs and, in the case of requests by the Authorities, the legal obligation.
WHO CAN KNOW THE DATA?
The data will be processed by employees and collaborators authorised to process them. The data may also be disclosed to the competent authorities in the event of specific requests that the data controller is required by law to comply with, to consultants or companies that provide IT supply and assistance services for activities carried out on behalf of the data controller, and to consultants for litigation management and legal assistance in the event of any disputes requiring their involvement.
The data subject may request from the Controller the list of external subjects who perform their activities as data processors.
With reference to the data acquired through the forms on the site, please refer to what is indicated in detail in the privacy notices on the pages of the site set up for their acquisition.
HOW IS THE DATA MANAGED?
The data collected are processed using IT tools and only residually on paper.
The data provided directly by the data subject are kept for the time strictly necessary to process the requests and then deleted, without prejudice to defensive needs (which may require further storage).
The navigation data of users accessing the site are acquired and processed directly by the hosting provider without SUN RIDE DI MARGUTTI DARIO MARIO & C. SNC has access to it except limited to the IP of the user who fills in a form and the data acquired through third party services (such as Google Analytics) for which please refer to the information specifically prepared.
PLACE OF PROCESSING
For data processing related to the website services, the Data Controller uses servers located within the European territory and computer systems located at the Data Controller’s head office. Adequate security measures are taken to prevent data loss, illicit or incorrect use and unauthorised access.
The use of some of the services offered by the data controller, to which the user can subscribe via a specific form on the site (as in the case of the newsletter), entails a transfer of data abroad; however, it should be noted from the outset that the data controller shall first assess whether the supplier it intends to use offers the necessary guarantees required for the transfer of data abroad.
PROVISION OF DATA
With the exception of navigation data required for computer and telematic protocols, the provision of data by users through the various methods made available is free and optional. However, failure to provide such data will result in the impossibility of being able to respond to requests made and use the services of interest.
WHAT ARE THE DATA SUBJECT’S RIGHTS?
The law recognises the data subject’s right to request from the data controller access to and rectification or erasure of the personal data concerning him or her or to object to their processing, as well as the right to data portability.
The data subject may assert his or her rights at any time, without formalities, by contacting the data controller at the email address email@example.com.
The rights recognised by current legislation on the protection of personal data are detailed below.
The right of access, i.e. the right to obtain from the controller confirmation as to whether or not personal data relating to him are being processed and, if so, to obtain access to the personal data and to the following information (a) the purposes of the processing; (b) the categories of personal data concerned; (c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients in third countries or international organisations; (d) where possible, the period for which the personal data are to be retained or, if this is not possible, the criteria used to determine that period; (e) the existence of the data subject’s right to request from the controller the rectification or erasure of personal data or the restriction of the processing of personal data concerning him or her or to object to their processing (f) the right to lodge a complaint with a supervisory authority; (g) where the data are not collected from the data subject, all available information as to their source; (h) the existence of an automated decision-making process, including profiling and, at least in such cases, meaningful information on the logic used, as well as the importance and the envisaged consequences of such processing for the data subject. Where personal data are transferred to a third country or international organisation, the data subject then has the right to be informed of the existence of appropriate safeguards relating to the transfer.
The right of rectification, i.e. the right to obtain from the controller the rectification of inaccurate personal data concerning him without undue delay. Having regard to the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, including by providing a supplementary declaration.
The right to erasure, i.e. the right to obtain from the controller the erasure of personal data concerning him without undue delay if: (a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (b) the data subject withdraws the consent on which the processing is based and if there is no other legal basis for the processing; (c) the data subject objects to the processing being carried out because it is necessary for the performance of a task carried out in the public interest or in connection with the exercise of official authority vested in the controller or for the pursuit of the legitimate interest and there is no overriding legitimate ground for the processing, or objects to the processing for direct marketing purposes (d) personal data have been unlawfully processed; (e) personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject; (f) personal data have been collected in connection with the provision of information society services to children. However, the request for erasure cannot be granted if the processing is necessary (a) for the exercise of the right to freedom of expression and information; (b) for compliance with a legal obligation requiring the processing laid down in Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (c) for reasons of public interest in the field of public health; (d) for archiving purposes in the public interest, scientific or historical research or statistical purposes, insofar as erasure might render impossible or seriously jeopardise the attainment of the objectives of such processing; or (e) for the establishment, exercise or defence of legal claims.
The right to restriction, i.e. the right to obtain that data be processed, except for storage, only with the consent of the data subject or for the establishment, exercise or defence of a legal claim or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or a Member State if: (a) the data subject contests the accuracy of the personal data, for the period necessary for the controller to verify the accuracy of the personal data; (b) the processing is unlawful and the data subject objects to the erasure of the personal data and requests instead that its use be restricted (c) although the controller no longer needs the personal data for the purposes of the processing, the personal data are necessary for the establishment, exercise or defence of legal claims;
(d) the data subject has objected to the processing carried out because it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller or in the furtherance of the legitimate interests of the data controller or a third party, pending verification as to whether the data controller’s legitimate reasons prevail over those of the data subject.
The right to portability, i.e. the right to receive in a structured, commonly used and machine-readable format the personal data concerning him/her that he/she has provided to the controller and has the right to have those data transmitted to another controller without hindrance by the controller to whom he/she has provided them, as well as the right to obtain the direct transmission of personal data from one controller to another, if technically feasible, where the processing is based on consent or on a contract and the processing is carried out by automated means. This right is without prejudice to the right to erasure.
the right to object, i.e. the right of the data subject to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or in the furtherance of the legitimate interests of the controller or a third party. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him/her carried out for such purposes, including profiling insofar as it is related to such direct marketing.
The data subject is also informed that, should he or she consider that the processing of his or her personal data is in breach of the provisions of the GDPR, he or she has the right to lodge a complaint with the Garante, as provided for in Article 77 of the Regulation itself, or to take legal action (Article 79 of the Regulation).
Navigation on the website www.sunridetour.com (hereinafter also referred to as the “website”) involves sending cookies and similar tools to the user’s terminal.
Therefore, this document provides users browsing the website with information on the cookies used or the installation of which is permitted.
WHAT ARE COOKIES?
Cookies are small text strings that the sites visited by the user send to his/her terminal (usually to the browser), where they are stored in order to be retransmitted to the same sites the next time the same user visits.
They are subdivided into technical cookies (used for the sole purpose of carrying out the transmission of a communication over an electronic communication network or to the extent strictly necessary for the provider of an explicitly requested information society service) or profiling cookies (aimed at creating profiles on the user and used to send advertising messages in line with the preferences expressed by the user during browsing).
During browsing, the user may also receive cookies on his/her terminal that are sent from different websites or web servers (so-called “third party” cookies), set directly by the operators of said websites and used for the purposes and in the manner defined by them.
These are those tools (such as pixels, web beacons, web bugs, clear GIFs or others) that allow the identification of the user or terminal and have therefore been included within the scope of the provision of the Garante Privacy of 8 May 2014.
WHAT COOKIES ARE USED?
The Site uses technical cookies, as well as third-party analytics cookies and similar third-party profiling cookies and tools.
The site uses technical cookies that ensure the normal navigation and use of the website by the user, with respect to which, pursuant to Article 122 of the Privacy Code and the Provision of the Guarantor of 8 May 2014, no consent is required from the person concerned.
More precisely, the site uses:
Expiry date: Session
Description: Apache/PHP session cookie
Type: Technical cookie
Expiry: 30 days
Type: Technical cookie
Without these cookies, the website may not function properly.
NON-TECHNICAL THIRD-PARTY COOKIES
Some non-technical third-party cookies are installed through the site, which are activated by clicking on the “OK” button inside the banner that the user sees when accessing the website.
The individual third-party cookies are listed below, as well as the links through which the user can receive more information and request deactivation of the cookies:
GOOGLE RELATED COOKIES
Certain services offered by Google Inc. (hereinafter also referred to as “Google”) are used on the website. These services involve the installation of analytics cookies – used to monitor the use of the website in order to optimise it – and profiling cookies – used to propose advertising messages in line with the user’s preferences. These are detailed below:
The Site uses Google Analytics for analysis purposes.
The data generated by Google Analytics are stored by Google as indicated in the Information Notice available here [link].
The retention time has been set at 50 months.
At the following link [link] there is the browser add-on for deactivating Google Analytics.
The Site uses Google Adwords for remarketing activities.
This is a service offered by Google that involves the installation of cookies and pixels used to propose ads more relevant to the user’s interests. These tools are used by the site owner for remarketing activities.
INSTALLATION OF COOKIES
With the exception of technical cookies, the installation of which is done to enable or facilitate the user’s navigation, the installation of other cookies and similar tools is left to the will of the user who decides to navigate on the website after having read the brief information contained in the appropriate banner.
The user can avoid the installation of third-party profiling cookies by keeping the banner (by refraining from closing it by clicking on the “OK” button) as well as by means of specific functions available on his or her browser.
HOW TO DISABLE COOKIES?
Without prejudice to what is stated above with regard to technical cookies, the user can delete other cookies through the functions indicated in this policy, in the part listing the cookies used, or directly through his or her browser.
Please note that each browser has different procedures for managing the settings. The user can obtain specific instructions through the links below.
Microsoft Windows Explorer
With regard to users surfing from mobile devices, we would like to point out that the system configurations to exclude the storage of cookies or to delete them vary depending on the brand and/or model of the device used, and it is therefore necessary to consult the instructions provided by the manufacturer.