Information regarding the handling of personal information
If you come into contact with Consorzio Turistico della provincia di Varese you may be asked for some personal information. For this reason, we would like to provide you with the following information:
Data Controller’s identity
The Data Controller for data subjects’ personal information is the Consorzio Turistico della Provincia di Varese, via Carrobbio 2 – 21100 Varese.
Contact information for the Data Protection Manager (RPD)
The Data Controller can be contact via the email at the address firstname.lastname@example.org
Your personal information handled by the Controller are not divulged, i.e. is not provided to unspecified subjects in any possible form, including being made available or simple consultation. The information may be communicated to workers who are employed by the Controller and to some external subjects who collaborate with them. It may also be communicated to members of Consorzio Turistico della provincia di Varese, to subsidiaries and other third parties who are a part of the Varese and province tourist promotion system. It may also, within the strictly necessary limits, be communicated to subjects who must provide goods for the purpose of processing your requests, or to carry out services requested by the Controller. Lastly, it may be communicated to subjects with the right to access said information due to legislation, regulations or EU legislation.
In particular, based on the roles and working duties carried out, workers are authorised to handle your personal information, within the limits of their responsibilities and in compliance with the instructions given to them by the Data Controller. External parties who work under the Controller’s authority may also have been authorised to handle information based on the type of service they provide, the handling carried out and the nature of the information handled. External parties to whom the Controller entrusted the handling of personal information have been appointed as Data Processors.
The Data Controller will not transfer your personal information to other countries or international organisations for any reason.
The Data Controller stores and handles your personal information for the time required to fulfil the purposes stated. Subsequently, personal data will be stored, and not handled further, for the time set by the current provisions in civil and taxation law.
Data subject’s rights
In reference to articles 15 – right of access, 16 - right to rectification, 17 – right to erasure , 18 – right to restriction of processing, 20 – right to portability, 21 – right to object, 22 right to object to the automated decision-making process of the GDPR 679/16, you can exercise your rights by writing to the Data Controller at the address provided above, or by email to the address email@example.com, specifying the subject of your request, the right you intend to exercise and attaching the photocopy of an ID document that certifies the legitimacy of your request.
Each of you has the right to propose a complaint to the control authority for residency status.
Automated decision-making processes
The Data Controller does not handle information in any case that consists of automated decision-making processes about your data.
You can interact with Consorzio Turistico della provincia di Varese, for many reasons as below by browsing the website, writing an email or telephoning:
- requesting information or informational material
- book a service
- request tourist operator service packages
- request a contact
- subscribe to the newsletter
In these cases, you must know that:
Information source: The personal information handled is the information you provided by making your requests.
Purpose of data handling: the personal data are always handled for:
- processing, or following up your requests;
- allowing you to benefit from the discounts and advantages reserved for in some situations,
- providing statements of the requests made and services used,
- sending promotional communications, information and information and commercial material about activities and initiatives promoted by Consorzio Turistico della provincia di Varese and its partners by email.
Legal basis of handling: the legal basis of handling is:
- the carrying out of a contractual or pre-contractual obligation for the purpose stated in points 1, 2 and 3;
- consent, expressed through unmistakable positive action for the purpose as stated in point 4.
Revoking consent: in reference to article 6 of the GDPR 679/16, the data subject can revoke any consent that may have been provided at any time.
Revoking consent will mean that no information and communications will be sent via email.
Refusing to provide information: making the requests above, or sending an application, is always on a voluntary basis; however, in some cases, providing data is necessary, therefore refusing to do so could prevent or affect your requests from being processed or followed up.
Lastly, if your browse our website, you should know that:
some information is collected anonymously for a better website management and for statistic purposes. The IT system that supports the website, using specific programmes, produces general, anonymous statistics with aggregate data, that are used to establish which information is of greater or lesser interest, to monitor the system’s service and to identify any crisis areas. Also, for reasons of security and to ensure full availability of services for all users, website traffic control software programmes are used to identify unauthorised entry or information alteration attempts, or any attempts of hacking or damage. In order to offer a quality service, the website requires some information from the browser. Browser preferences, login and pages that are frequently used. This information helps you to understand users’ needs better, to offer an improved service.
Information confidentiality: Consorzio Turistico della provincia di Varese does not forward any personal identification information or data to third parties, other than for what is strictly necessary to those who intervene as providers of services or to manage contractual relations and consequent administrative obligations.
Lastly, we would like to inform all recipients of email that the content of all emails is to be considered as confidential. Therefore, data and information contained in them or in any attachments are for the exclusive use of recipients. People or subjects other than the recipients themselves, also pursuant to article 616 of Criminal Code, are not authorised to read, copy, amend, or diffuse the message to third parties. Anyone receiving one of our communications in error, must not use it and not forward it to anyone, but must delete it from the mail box and inform the sender. The sender’s authenticity and content are not guaranteed, except for digitally signed documents.
Also, pursuant to article 13 GDPR 679/16, we would like to inform you that our archives include email addresses for individuals, companies, bodies with which there has been previous email communication or who have spontaneously provided their email address during direct contact. We use these addresses in respect of the wishes and availability of the Data subjects to receive communications via email from our company. We would also like to inform you that all the post boxes at the domain ".....@vareseturismo.it" are company boxes and as such, are used for work-related communications. Therefore, for needs connected with operational activities, any incoming or outgoing message may be read by subjects other than the sender and/or recipient.
Listing of data subject’s rights
Pursuant to GDPR 679/16, the data subject can exercise specific rights by contacting the Data Controller, including: right to access own personal information; right to request rectification of own personal information; right to request erasure of own personal information, right to request restriction of processing of own personal information; right to request data portability; right to submit a complaint to the relevant data protection control authority.
We would like to remind you that if the data subject wishes to have more information about the handling of his/her personal information, or to exercise the above rights, he/she can write to the following address firstname.lastname@example.org
Right of access: each of you has the right to obtain confirmation of the existence or non-existence of personal data regarding yourselves, and in this case, to request access there to.
Right to rectification: each of you has the right to obtain rectification of any incorrect personal data about yourselves. Depending on the purpose of handling, you may have the right to complete your incomplete personal information, also by submitting a supplementary declaration.
Right of deletion ("right to be forgotten"): in certain circumstances, you have the right to have the personal information that concerns you deleted.
Right to limitation of handling: in certain circumstances, you have the right to obtain a limitation of handling of your personal information. In this case, the respective information will be marked and can only be handled by the Controller for certain purposes.
Right to information portability: in certain circumstances, you have the right to receive your personal information, in a commonly used, legible format and you also have the right to send them to another body without impediment.