Privacy Policy

Pursuant to Articles 13 and 14 of EU Regulation No. 679 of 2016 every data subject has the right to be informed about the purposes and methods by which the personal data provided will be processed

DESTINATION 2 ITALIA S.r.l. a single member, in accordance with its Privacy policy,

INFORM you of the following:

Data Controller

DESTINATION 2 ITALIA S.r.l. a single member

Galleria Sala dei Longobardi 2, 20121 Milan, Italy

D.P.O. Designated Contacts

Lawyer Marco Paramucchi, Via Saluzzo n.45 – 00182 – Rome

Email: privacy@destinationitalia.com

As the data controller, pursuant to Art. 13 LD. 30.6.2003 n. 196 (hereinafter, “Privacy Code”) and Art. 13 EU Regulation no. 2016/679 (hereinafter, “GDPR”) your data will be processed in the following manner and for the following purposes.

Types of Data Collected

Among the Personal Data collected by this Facility, either independently or through third parties, are: Usage Data, first name, last name, phone number and email, payment system data, financial economic data.
Personal Data may be freely provided by you or, in the case of Usage Data, automatically collected during the use of third-party applications.
Unless otherwise specified, all Data required by this facility are mandatory. If you refuse to disclose them, it may be impossible for this facility to provide the Service to you. In cases where this facility designates certain Data as optional, you are free to refrain from providing us with such Data, without affecting the availability of the Service or its operation.
If you have any questions about which Data is mandatory, please contact the Data Controller.

Purpose of processing

Your personal data are processed:A) without your express consent (art. 24 lett. a), b), c) Privacy Code and art. 6 lett. b), e) GDPR), for the following Service Purposes:- to conclude contracts and/or professional assignments with the Controller and Contact you.- to fulfill pre-contractual, contractual and tax obligations arising from existing relationships with you;- to fulfill obligations under the law, a regulation, EU legislation or an order of the Authority (such as anti-money laundering);- to exercise the rights of the Controller, for example, the right to defense in court; B) Only after your specific and distinct consent (Articles 23 and 130 Privacy Code and Art. 7 GDPR), for the following Marketing Purposes:- to send you via e-mail, mail and/or sms and/or telephone contacts, newsletters, commercial communications and/or advertising material on products or services offered by the Owner and detection of the degree of satisfaction on the quality of services;- to send you via e-mail, mail and/or sms and/or telephone contacts commercial and/or promotional communications of third parties (e.g., business partners, insurance companies).

We would like to point out that if you are already our customer, we may send you commercial communications regarding services and products of the Controller similar to those you have already used, unless you disagree (art. 130 c. 4 Privacy Code).

Method and place of processing of collected Data

Mode of treatment

The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data. All security measures are reported in the Data Processing Register, Privacy art.30 of the GDPR.
The processing is carried out by means of computer and/or telematic tools, with organizational methods and logic strictly related to the indicated purposes. In addition to the Data Controller, in some cases, other subjects involved in the organization of this Facility (administrative, sales, marketing, legal, system administrators) or external subjects (such as third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) also appointed, if necessary, Data Processors by the Data Controller may have access to the Data. The updated list of Data Processors can always be requested from the Data Controller.

Without the need for express consent (ex art. 24 lett. a), (b), (d) Privacy Code and Art. 6 lett. (b) and (c) GDPR), the Data Controller may disclose your data for the purposes set out in (Purposes of Processing 2.A) to Supervisory Bodies (e.g. , PRIVACY GUARANTORITY), Judicial Authorities, insurance companies for the provision of insurance services, as well as to those parties to whom disclosure is required by law for the fulfillment of the said purposes. These parties will process the data in their capacity as autonomous data controllers. Your data will not be disseminated.

Legal basis for processing

The Data Controller will process your Personal Data if one of the following conditions exists:- you have given consent for one or more specific purposes; Note: In some jurisdictions, the Data Controller may be authorized to process Personal Data without your consent or another of the legal bases specified below, until you expressly deny consent to such processing. However, this does not apply if the processing of Personal Data is governed by European legislation on the protection of Personal Data New European Regulation 679/2016.- the processing is necessary for the performance of a contract and/or the execution of pre-contractual measures;- the processing is necessary to fulfill a legal obligation to which the Data Controller is subject;- the processing is necessary for the performance of a task of public interest or for the exercise of public authority vested in the Data Controller;- the processing is necessary for the pursuit of the legitimate interest of the Data Controller or third parties.

However, it is always possible to request the Data Controller to clarify the concrete legal basis of each processing and in particular to specify whether the processing is based on law, required by a contract, or necessary to conclude a contract

Place of Treatment

The Data are processed at the operational headquarters of the Data Controller and at any other place where the parties involved in the processing are located. For more information, contact the Holder.
Your Personal Data may be transferred to a country other than the one in which you are located. You may refer to the section on Personal Data Processing Details to obtain more information about the processing location.

You have the right to obtain information regarding the legal basis for the transfer of Data outside the European Union or to an international organization under public international law or constituted by two or more countries, such as the UN, as well as regarding the security measures taken by the Data Controller to protect the Data.If any of the transfers just described take place, you may refer to the respective sections of this document or request information from the Data Controller by contacting him at the contact details given at the beginning.

Retention period

Data are processed and kept for the time required by the purposes for which they were collected.

Therefore:- Personal Data collected for purposes related to the performance of a contract between you and the Controller will be retained until the performance of that contract is completed. – Personal Data collected for purposes attributable to the legitimate interest of the Data Controller will be retained until that interest is satisfied. You can obtain more information regarding the legitimate interest pursued by the Owner in the relevant sections of this document or by contacting the Owner.

When processing is based on your consent, the Controller may retain Personal Data longer until that consent is revoked. In addition, the Controller may be obliged to retain Personal Data for a longer period in compliance with a legal obligation or by order of an authority.At the end of the retention period Personal Data will be deleted. Therefore, at the expiration of this period the right of access, deletion, rectification and the right to Data portability can no longer be exercised.

Your Rights

In your capacity as data subject, you have the rights under Art. 7 Privacy Code and Art. 15 GDPR and specifically the rights to:- obtain indication of: a) the origin of your personal data; b) the purposes and methods of processing; c) the logic applied in case of processing carried out with the aid of electronic instruments; d) the identification details of the data controller, data processors and the designated representative pursuant to Art. 5, paragraph 2 Privacy Code and Art. 3, paragraph 1, GDPR; e) of the subjects or categories of subjects to whom your personal data may be communicated or who may become aware of them in their capacity as designated representative in the territory of the State, managers or appointees;- obtain confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communication in intelligible form;- obtain: a) the updating, rectification or, when you have interest, the integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept in relation to the purposes for which the data were collected or subsequently processed;- certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;to object, in whole or in part: a) for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of collection; b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated calling systems without the intervention of an operator by e-mail and/or through traditional marketing methods by telephone and/or paper mail. – Please note that the right to object, set out in point b) above, for direct marketing purposes through automated modalities extends to traditional ones and that, in any case, it remains without prejudice to the possibility for you to exercise your right to object even partially. Therefore, you can decide to receive only communications through traditional modalities or only automated communications or neither type of communication.- where applicable, you also have the rights set forth in Articles 16-21 GDPR (Right to rectification, right to be forgotten, right to limit processing, right to data portability, right to object), as well as the right to complain to the Data Protection Authority.

Details of the right to object

When your Personal Data are processed in the public interest, in the exercise of public authority vested in the Controller or in pursuit of a legitimate interest of the Controller, you have the right to object to the processing on grounds related to their particular situation.

Please note that if your Data were processed for direct marketing purposes, you can object to the processing without providing any reasons. To find out whether the Controller processes data for direct marketing purposes you can refer to the respective sections of this document.

How to exercise rights

To exercise your rights, you can direct a request to the Holder’s contact details given in this document. Requests are filed free of charge and processed by the Holder as quickly as possible, in any case within one month.

More information about the treatment

Litigation defense

Personal Data may be used by the Owner in legal proceedings or in the preparatory stages to its possible establishment for the defense against abuse in the use of this Application or related Services.
The Data Controller may be obliged to disclose Data by order of public authorities.

Information not contained in this policy

Further information in relation to the processing of Personal Data may be requested at any time from the Data Controller using the contact details.

Changes to this privacy policy

The Data Controller reserves the right to make changes to this privacy policy at any time by giving notice and sending you a notification through one of the contact details held by the Data Controller. If the changes affect processing whose legal basis is consent, the Controller will re-collect your consent as necessary.

Are you an agency?