Website privacy policy

This page describes how to manage the site in relation to the processing of personal data of users who consult it.
The information according to Reg. (EU) 2016/679 and of the Recommendation n. 2/2001 of WP29, provides indications for the collection of personal data on-line, and, in particular, the methods, timing and nature of the information that the data controller must provide to users when they connect to web pages of your site, regardless of the purpose of the link.

Data Controller
Following consultation of this site, data relating to identified or identifiable persons may be processed.
The “owner” of their treatment is A-GROUP S.r.l., based in Cuneo (Italy), Viale degli Angeli 26, 12100

Place of data processing
The treatments connected to the web services of this site take place at the headquarters of A-GROUP S.r.l of the site hosting service provider and are only handled by personnel in charge of processing, also for occasional maintenance operations.
No data deriving from the web service is disseminated.
The personal data provided by users are used only to perform the service or provision requested and are communicated to third parties only if this is necessary for this purpose.

Types of data processed
– Navigation data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or domain names of the computers used by users connecting to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s computer environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.
– Data provided voluntarily by the user
The optional, explicit and voluntary sending of data through forms and forms on the site or via e-mail to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data entered in the missive.
Specific summary information will be progressively reported or displayed on the pages of the site prepared for particular services on request.

Reserved area
The information (including images) that the user uploads to the reserved area are protected by encryption and authentication systems and are accessible only to authorized users, ie those directly involved and / or the intermediaries involved. This information is not the subject of dissemination operations. The processing of personal data present and downloadable from the private area complies with the provisions of the law and may require explicit authorization from the data subject to process data after verification of adequate information.

Cookies
No personal data of users is acquired by the site in this regard.
The use of c.d. session cookies (which are not stored permanently on the user’s computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe browsing and efficient site.
I c.d. session cookies used on this site avoid the use of other technologies that could compromise the privacy of users’ browsing and do not allow the acquisition of personal identification data.
Finally, the site incorporates cookies and other elements (tags, pixels, and cc.) Of third parties (autonomous and on which the owner has no responsibility) that also perform profiling activities and for which you refer to the respective sites:

https://www.google.com/policies/technologies/cookie/
https://www.facebook.com/about/privacy/cookie

Newsletter
The e-mail contacts used for sending the periodic newsletter come from voluntary registration by the recipient to whom a confirmation request is always submitted, as well as information acquired in a context of sale of products or services of the owner or otherwise similar for which exists the legitimate interest of the data controller in sending communications and information on their events, products, services and training courses. It is emphasized that the contacts were not recovered from public subscriber directories. If communications are not of interest to the recipient, it is possible to avoid any further contact by clicking on the appropriate link contained in each message, or by writing to the addresses below, exercising their right to cancel the newsletter. The newsletter is prepared through the GetResponse service which could include the transfer of personal data in the USA under the protection of the Privacy-Shield.

E-commerce and Payments
Data can be processed for the management of the trolleys, the orders, the possible profile of the registered user and include personal data, addresses, purchase list, notifications and notes.
Personal data supplied also processed through third parties (company for home delivery, for mailing and for data entry) for the administrative management of orders and purchases; the management of any participations in loyalty programs; the processing of anonymous statistics linked to the detection of purchase behavior; sending advertising material related to products and offers through the use of email or telephone messages.
The payment system provides for the communication of some data to the banks providing the service (Paypal) and by the credit card banks, autonomous holders

Optional provision of data
Apart from that specified for navigation data, the user is free to provide personal data for specific requests on products and / or services.
Failure to provide such data may make it impossible to obtain what has been requested.
For completeness it should be noted that in some cases (not subject to the ordinary management of this site) the Authority can request news and information pursuant to Article 157 of Legislative Decree no. 196/2003, for the purpose of monitoring the processing of personal data. In these cases the answer is mandatory under penalty of administrative sanction.

Legal basis. Possible management of consent to treatment
When necessary, outside the cases in which the pre-contractual obligation applies, the legitimate interest of the owner as well as of third parties, and in any case after reading the information, the interested party is required to give his consent to the processing and to the communication of personal data for the purposes and within the described limits, otherwise the Data Controller will be unable to process the data in order to carry out and implement the services requested by the interested party or offered to him.

Method of treatment
Personal data are processed using automated tools for the time strictly necessary to achieve the purposes for which they have been collected and will be kept, in general, as long as the purposes of the processing persist according to the category of data processed.
Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.

Rights of the interested parties
At any time the interested party may: exercise his / her rights (access, rectification, cancellation, limitation, portability, opposition, absence of automated decision-making processes) when foreseen and where the conditions are met for the data controller, in accordance with Articles. from 15 to 22 of the GDPR; to propose a claim to the Guarantor (www.garanteprivacy.it); and if the treatment is based on consent, revoke the consent given, taking into account that the withdrawal of consent does not affect the lawfulness of the treatment based on consent before revocation.

Contact
Requests should be addressed to the Data Controller A-group srl through the address info@a-grouptourism.it