Privacy Policy

Privacy Policy

Privacy policy
On this page, we inform the users of the website www.iatourist.com about the characteristics of the processing of personal data carried out through this website, in accordance with Regulation (EU) 2016/679 (“GDPR”).
Browsing this website is subject to prior reading of this policy, provided pursuant to Articles 13-14 of Regulation (EU) 2016/679 - hereinafter referred to as “GDPR.”


1. DATA CONTROLLER
The Data Controller for personal data is IAS Tourist - Tour Operator Italia, Viale Emilia, 30, 48015 Pinarella di Cervia (RA) – Italy.
An updated list of external data processors can be consulted by submitting a written request to the Data Controller mentioned above.
Your personal data will be processed in compliance with the legislative provisions of the aforementioned regulation and the confidentiality obligations therein.
2. DATA PROCESSED
2.1 Browsing Data
During normal operation, the computer systems and software procedures used to operate this website acquire certain personal data, whose transmission is implicit in the use of internet communication protocols. These data are used exclusively to obtain anonymous statistical information about the use of the website and to check its proper functioning. They are not collected to be associated with identified individuals, but by their nature could allow the identification of users.
This category of data includes:
  • (i) IP addresses or domain names of the computers used by users connecting to the website,
  • (ii) URI (Uniform Resource Identifier) addresses of the requested resources,
  • (iii) the time of the request,
  • (iv) the method used to submit the request to the server,
  • (v) the size of the file obtained in response,
  • (vi) the numerical code indicating the server's response status (success, error), and
  • (vii) other parameters related to the user's operating system and IT environment.
These data are deleted immediately after processing.
2.2 Data Voluntarily Provided
The optional, explicit, and voluntary provision of personal information (e.g., email address, first and last name) by users through the interfaces on the website or via email to the addresses indicated on the website entails the acquisition and processing of such data by the Data Controller and any other information contained in these communications for the purposes specified in Section 3.
3. PURPOSES OF DATA PROCESSING
The personal data of users collected during their navigation of the website will be processed for the following purposes:
  • To allow access to the public sections of the website and navigation within the site.
  • To enable users to utilize the website and learn about the services offered.
  • To register for a dedicated newsletter.
  • To fulfill obligations provided by laws or regulations.
  • To protect the Data Controller in legal proceedings.
Data processing is carried out in compliance with the limits and conditions provided by law, using automated tools, including electronic and telematic systems.
4. LEGAL BASIS FOR DATA PROCESSING
The legal basis for processing personal data for the purposes listed in Section 3 is Article 6.1(a) of the Regulation. Providing data for these purposes is optional, but failure to do so may make it impossible to fulfill the requested service.
  • Purposes 1-2 involve processing based on contractual or pre-contractual measures under Article 6.1(b).
  • Purpose 3 is based on the user's consent, in accordance with Article 6.1(a), valid until its withdrawal and no longer than 12 months.
  • Purpose 4 involves processing to comply with legal obligations under Article 6.1(c). Once data is provided, processing is necessary to fulfill legal obligations to which the Controller is subject.
  • Purpose 5 is carried out under Article 6.1(f) of the Regulation, based on the legitimate interest of the Controller.

5. CONSEQUENCES OF REFUSAL TO PROVIDE DATA
Apart from what is specified for browsing data, users are free to provide personal data requested in forms. Failure to provide such data will have no consequences except the inability to fulfill the user's request.
6. DATA PROCESSING METHODS
Data is processed mainly using electronic and IT tools and stored on electronic media, paper, or other appropriate media, in compliance with Articles 6 and 32 of the GDPR. Adequate security measures are implemented to prevent data loss, unlawful or incorrect use, and unauthorized access.
7. DATA RETENTION
The Data Controller will retain users' personal data for the period necessary to fulfill the purposes for which they were collected, always in compliance with the principles of lawfulness, purpose limitation, and data minimization as set out in Article 5 of the GDPR.
The retention period is determined based on a comprehensive evaluation of the type of personal data processed, legitimate interests, and legal requirements.
  • Data related to service purchases or accounting records is retained for 10 years from contract termination, as required by law.
  • Data provided based on consent is retained only for the duration necessary to fulfill its purpose or until consent is revoked, but not beyond 12 months.

8. PARTIES TO WHOM PERSONAL DATA MAY BE DISCLOSED
Personal data related to this processing may be disclosed to parties authorized by law or secondary/community regulations to access such data.
Data may also be shared exclusively with competent parties duly appointed to perform services necessary for the proper management of the relationship, guaranteeing the protection of the user's rights. Some data may also be disclosed to internet service providers used to manage the website's domains.
In any case, personal data will not be disseminated.
9. USER RIGHTS
The data subject has the right to obtain confirmation of whether personal data concerning them is being processed, even if not yet recorded, and to receive such data in an intelligible format.
The data subject has the right to obtain:
  • The origin of personal data.
  • The purposes and methods of processing.
  • The logic applied in case of processing using electronic tools.
  • Identification details of the Controller, processors, and designated representatives under Article 5, paragraph 2.
  • Information about parties or categories of parties to whom the data may be disclosed or who may access it as representatives, processors, or persons in charge.
The data subject also has the right to request:
  • Updates, corrections, or, if interested, integrations of the data.
  • Deletion, anonymization, or blocking of data processed unlawfully, including data no longer necessary for the purposes for which it was collected or subsequently processed.
  • Certification that the operations referred to above have been communicated to those to whom the data was disclosed unless doing so is impossible or involves a disproportionate effort.
  • Data portability.
The data subject has the right to object, in whole or in part:
  • For legitimate reasons, to the processing of personal data concerning them, even if relevant to the purpose of the collection.
  • To the processing of personal data concerning them for the purpose of sending advertising or direct sales material, conducting market research, or commercial communications.
Anyone may exercise their rights by submitting a written request to info@iastourist.com.