INFORMATION ON THE PROTECTION OF PERSONAL DATA PURSUANT TO ARTICLES 13, 14 OF THE EU REGULATION 2016/679
This information provided below describes, as required by the EU Regulation 2016/679 (General data protection regulation – thereinafter GDPR), how our Company processes personal data, meaning information related to an identified or identifiable natural person (data subject)
The data controller is Zani Viaggi (VAT NUMBER 02594070167), located in via Magni 2/A – 24125 Bergamo – Italy, acting by its legal representative, Mr. /Mrs.Giovanna Marilena Zani.
The legal basis for processing personal data are:
– that the processing is necessary for the performance of a contract to which the traveller is a party, according to purposes 2.a), 2.c), 2.f);
– that the processing is necessary for fulfilling the steps request by the traveller for entering into a contract, according to purpose 2.b);
– data subject’s consent according to purposes 2.d), 2.e) and also for processing special categories of personal data according to article 9 GDPR
– that the processing is necessary for compliance with a legal obligation to which the controller is subject according to the purpose 2.g)
– that the processing is necessary for the purpose of a legitimate interest pursued by the controller or by a third party, except when this legitimate interest is overridden by the data subject’s interests, fundamental rights, freedoms.
Except for what concerns direct marketing purposes, data communication is a contractual requirement in order to satisfy traveller’s requests and to process travel reservations and other above-mentioned purposes. Data subject is obliged to provide personal data: the failure in providing such data could prevent the above-mentioned performances.
The data subject shall have the right to withdraw his or her consent at any time according to article 7 GDPR. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent.
The controller retains personal data for as long as necessary to fulfil the purposes it was collected for (e.g. processing travel reservations). The controller shall also retain personal data for the period of limitation set by law for the exercise or defence of legal claims and for the period imposed by law, to satisfy any legal requirements (e.g. 10 years according to fiscal legislation).
– third parties involved in the transaction, other industry stakeholders (e.g. IATA, travel companies, …) and partners who act on their behalf, as necessary to perform the contract that the controller has with travellers
– software providers
– technology services, security services, legal, financial/accounting and other similar professional advisers
– banks and financial institutions to perform business process (such as payment, credit card processing,…)
– insurance companies
– Authorities appointed in the protection of natural persons with regard to the processing of personal data or in other matters which involve personal data (e.g. finance police, Garante per la protezione dei dati personali,…).
1.The data subject shall have the following rights:
– right of access (article 15 GDPR): to obtain information about the personal data under processing, such as the purpose of the processing, the timing of data retention; to obtain a free copy of personal data
– right of rectification of inaccurate personal data, without undue delay (article 16 GDPR)
– right to erasure (right to be forgotten) of personal data concerning him or her, without undue delay (article 17 GDPR)
– right to restriction of processing such as when data subject contest the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data (article 18 GDPR)
– right to data portability: to receive personal data which the data subject has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided (article 20 GDPR)
– right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject (article 22 GDPR)
– right to lodge a complaint with a supervisory authority (e.g. Garante per la protezione dei dati personali) (article 77 GDPR)
– right to an effective judicial remedy against a supervisory authority or against a controller or processor (article 78,79 GDPR).
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her (article 21 GDPR). Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing: the personal data shall no longer be processed for direct marketing purpose.
To exercise the above-mentioned rights please contact Privacy dept. at [email protected] or write a mail to Zani Viaggi – Privacy dept, via Magni 2/A, 24125 Bergamo – Italy.
Le Groupe Zani est un ensemble de plusieurs entreprises
opérant dans le secteur du tourisme et des transports.
100% énergie propre Multiutility
100% CO2 free Multiutility
© 2024 Zani Viaggi srl | Via Magni 2A Bergamo – 24125 BG | C.F. e P.I. 02594070167