Privacy Policy

Extended disclosure in accordance with EU Regulation no. 679/2016 (“GDPR”) and Legislative Decree. 196/2003 as amended by Legislative Decree 101/2018

Data controller.

The data controller is IF Imola Faenza Tourism Company s.c.a.r.l. P.IVA 00693671208 COD. FISC 04044300376

Piazza Ayrton Senna da Silva, 2 40026 Imola (BO) , henceforth referred to as “The Company”

The company , in conducting its business pays the utmost attention to the security and confidentiality of its customers’ personal data.

The Company is the Data Controller of the personal data collected on this website (hereinafter the “Site“). WHICH PERSONAL DATA ABOUT YOU MAY BE COLLECTED The Company may collect the following categories of personal data (hereinafter, collectively, the “Data“):

  • Contact data – information related to first name, last name, social security number, address, phone number, cell phone number, email address, etc.
  • Other personal data – information that you provide us about your place and date of birth, education or professional situation, etc.
  • Social Log-In Data – information related to your Social account as well as other data you provide to the Social Network used to log-in to the Site, which may be disclosed according to the privacy preferences you have set on that Social Network.
  • Site Usage Data – information about how you use the site, open or forward our communications, including information collected through cookies (you can find our Cookie Policy below).

HOW WE COLL ECT YOUR DATA The Company collects and processes your Data, depending on the service you requested, under the following circumstances better described in the section on purposes:

  • for the purchase of our products
  • If you register on the Site / download our possible APP
  • if you register for our events
  • If you write to our sales or administrative department
  • if you subscribe to our newsletters
  • whether it responds to our marketing campaigns
  • Whether other companies or business partners legitimately transfer your Data to us

If you are providing Data on behalf of someone else, you must ensure, in advance, that the data subjects have read this Privacy Notice. Please help us keep your Data up-to-date by informing us of any changes. FOR WHAT PURPOSES YOUR DATA MAY BE USED

  1. (a) Establishment and execution of contractual relations and consequent obligations.

The Company may process your Contact Data, Payment Data and Other Personal Data for the purposes of the possible establishment and execution of contractual relationships, the provision of requested services and the response to reports and complaints. The Company may also use your Contact Data, and in particular your email, to provide you with information related to the requested service. Prerequisite for processing: performance of a contract to which you are a party and fulfillment of legal obligations related to that contract. Providing it is mandatory to process your order; if you fail to do so, we will not be able to process it.

  1. (b) Operational management and purposes closely related to this in accessing the Site, particularly the restricted areas of the Site.

The Company may process your Contact Data, Other Personal Data and Social Log-In Data to enable you to complete the Site registration process and allow you to be able to access your Personal Area in order to: (i) Download documents related to the services you have purchased; (ii) Carry out other requests made through the Site. Registration on the Site may also take place, should you voluntarily decide to avail yourself of it, through the Social Log-In mechanism. In this way you will not have to enter the data necessary for registration (such as Contact Data), which will instead be communicated by the Social Network through which the Log-In is done. It should be noted that in this case the Company may process Social Log-In Data, i.e. not only those related to your Social account but also any other personal data that may be made visible according to the preferences you set or according to the privacy policy of the same Social Network. Therefore, we encourage you to review the privacy policy of your Social Network, including for further information regarding these preferences. Prerequisite for processing: fulfillment of contractual obligations to enable you to register with the Site. The provision of Contact Information is mandatory, failing which we will not be able to allow you to register on the Site.

  1. (c) Analysis and improvement of services – customer satisfaction

Your Contact Data may be processed by the Company to analyze, review and improve its services with a view to customer satisfaction. Prerequisite for processing: legitimate interest of the Company in reviewing and improving the quality of its services.

  1. (d) Sending periodic newsletters

Your Contact Data may be used by the Company in order to send you periodic newsletters, upon your explicit request through subscription to the service, containing news and insights on various topics of interest. Prerequisite for processing: performance of a contract to which the data subject is a party. The provision of data is mandatory, failing which you will not be able to subscribe and receive the newsletter.

  1. (e) Marketing to meet your needs and Profiled Marketing to provide you with promotional offers also in line with your preferences

Subject to your appropriate and specific consent, the Company may process your Contact Data and for marketing and advertising communication purposes aimed at informing you about sales promotional initiatives, carried out through automated contact methods (electronic mail, text messaging, MMS, chat, instant messaging, social networks and other mass messaging tools, push notifications, etc.) and traditional contact methods (e.g., operator telephone call, traditional mail, etc.), or for market research. Again subject to your special and specific consent, the Company may, also, process your Contact Data, Other Personal Data, Interests, Social Log Data and Site Usage Data, through statistical processing of them, creating an individual profile of you in order to send you commercial communications in line with your preferences, based on the analysis of your purchasing habits and choices. Such personalized communications could be carried out through automated modes of contact (e-mail, text messaging, MMS, chat, instant messaging, social networks and other mass messaging tools, push notifications, etc.) and traditional modes of contact (e.g., operator phone call, traditional mail, etc.). Prerequisite for processing: consent. The provision of Data is optional and failure to provide it does not affect contractual relations. This consent may be revoked, at any time, with effect for subsequent processing.

  1. (f) Sending communications for the promotion of products and services similar to the subject of a previous purchase pursuant to and to the extent permitted by Art. 130, paragraph 4, of the Privacy Code (Legislative Decree No. 196/2003, as amended by Legislative Decree 101/2018).

Your Contact Information related only to e-mail contact details may be used for promotional purposes related to products and services similar to those that are the subject of your purchase. Prerequisite for processing: legitimate interest of the Company in maintaining an effective contractual relationship with you. The provision of Data is optional and failure to provide it does not affect contractual relations. This consent may be revoked, at any time, with effect for subsequent processing.

  1. (g) Performing marketing activities on behalf of third parties on products and services of Group companies and also third parties.

Subject to your specific and appropriate consent, the Company may process, on behalf of third parties, your Contact Data for marketing activities on products and services of Group companies and also of third parties belonging mainly to the publishing, finance, economy, industry, luxury, services, telecommunications ICT, insurance and nonprofit, carried out through automated contact methods (e-mail, SMS, MMS, chat, instant messaging, social networks and other massive messaging tools, push notifications, etc ) and traditional contact methods (e.g., telephone call with operator, traditional mail, etc.) or for market research and statistical surveys. Prerequisite for treatment: consent. Failure to provide the same will not affect contractual relations. This consent may be revoked, at any time, with effect for subsequent processing.

  1. (h) Defense of rights in the course of judicial, administrative or extrajudicial proceedings, and in the context of disputes arising in connection with the services offered.

Your Contact Data and Payment Data may be processed by the Company to defend its rights or take action or even make claims against you or third parties. Prerequisite for processing: legitimate interest of the Company in protecting its rights. The provision of Data for this purpose is obligatory since failure to do so will make it impossible for the Company to defend its rights.

  1. (i) Purposes related to obligations under laws, regulations or EU legislation, provisions/requests of authorities empowered to do so by law and/or supervisory and control bodies

Your Contact Data and Payment Data may be processed by the Company to fulfill its obligations. Prerequisite for processing: fulfillment of a legal obligation. The provision of Personal Data for this purpose is compulsory since failure to do so will make it impossible for the Company to fulfill specific legal obligations. HOW WE KEEP YOUR DATA SECURE The Company uses all security measures necessary to improve the protection and maintenance of the security, integrity and accessibility of your Data. All of Your Data is stored on our secure servers (or appropriately stored hard copies) or those of our suppliers or business partners, and is accessible and usable according to our standards and security policies (or equivalent standards for our suppliers or business partners). Where we have provided you (or you have chosen) a password that allows you access to our Site, applications or services provided by us, you will be responsible for the secrecy of that password and for compliance with any other security procedures we give you. HOW LONG WE KEEP YOUR DATA We keep your Data only as long as necessary to fulfill the purposes for which it was collected or for any other legitimate related purposes. Therefore, if Data is processed for two different purposes, we will retain that data until the purpose with the longer retention period ceases, however, we will no longer process Data for that purpose whose retention period has expired. Your Data that are no longer needed, or for which there is no longer a legal basis for their retention, are irreversibly anonymized (and thus can be retained) or securely destroyed. Below are the retention times in relation to the different purposes listed above:

  1. Establishment and execution of contractual relationships and consequent obligations: the Data processed to fulfill any contractual obligation may be retained for the duration of the contract and in any case no longer than the next 10 years, in order to verify any pending obligations including accounting documents (e.g. invoices).
  2. Operational management and purposes strictly related to this access to the Site, in particular to the restricted areas of the Site: the Data processed for this purpose may be kept for the duration of the contract and in any case no longer than 10 years after the last access to the Site.
  3. Service analysis and improvement – customer satisfaction: the Data processed for this purpose may be kept for 12 months.
  4. Sending periodic newsletters: the Data processed for this purpose may be retained for the duration of the relationship, but no longer than 10 years thereafter.
  5. Marketing to meet your needs and Profiled Marketing to provide you with promotional offers also in line with your preferences: the Data processed for these purposes may be kept for 24 months after collection.
  6. Sending communications for the promotion of products and services similar to that of a previous purchase (within the meaning and to the extent permitted by Art. 130, paragraph 4 of the Privacy Code (Legislative Decree No. 196/2003, as amended by Legislative Decree 101/2018): Data processed for the purpose of promoting similar services or products may be retained for 24 months from the date of the previous purchase.
  7. Performing marketing activities on behalf of third parties on products and services of Group companies and also third parties: Data processed for marketing purposes may be kept for 24 months after collection.
  1. Defense of rights in the course of judicial, administrative or extrajudicial proceedings, and in the context of disputes that have arisen in connection with the services offered: in such cases, we will retain your Data for the time strictly necessary for the fulfillment of these purposes.
  2. Purposes related to obligations under laws, regulations or EU legislation, provisions/requirements of authorities empowered to do so by law and/or supervisory and control bodies: in such cases, we will retain your Data for the time strictly necessary to fulfill these purposes.

WHO WE MAY SHARE YOUR DATA WITH Your Data may be accessed by duly authorized employees, as well as by external suppliers, appointed as necessary as data processors, who provide support for the delivery of services. CONTACT INFORMATION The Company’s contact information can be found on the “Contact Information” page of this website The Data Protection Officer (DPO) appointed by the Company can be contacted at the following email address marked on that page. YOUR DATA PROTECTION RIGHTS AND YOUR RIGHT TO ADVOCATE COMPLAINTS TO THE CONTROL AUTHORITY Under certain conditions you have the right to request the Company:

  • access to your Data,
  • The copy of the Data you have provided to us (so-called portability),
  • The rectification of the Data in our possession,
  • The deletion of Data for which we no longer have any legal basis for processing,
  • Withdrawal of your consent if the processing is based on consent;
  • The limitation of the way we process your Data, within the limits provided by the legislation to protect personal data.

Right to object: in addition to the rights listed above, you always have the right to object at any time, for reasons related to your particular situation, to the processing of your Data carried out by the Data Controller in pursuit of its legitimate interest. In addition, she can always object at any time if the Data is processed for marketing and profiled marketing purposes. Requests to object should be addressed to the email address in the contact section. The exercise of these rights is free of charge and is not subject to formal constraints, but is subject to certain exceptions aimed at safeguarding the public interest (e.g., the prevention or identification of crimes) and interests of the Society (e.g., maintaining professional secrecy). In the event that you exercise any of the above rights, it will be the Company’s responsibility to verify that you are entitled to exercise them and to acknowledge you, as a rule, within one month. In the event that you believe that the processing of Personal Data referred to you occurs in violation of the provisions of the GDPR, you have the right to file a complaint with the Garante per la protezione dei dati personali, using the references available on the website www.garanteprivacy.it or to take appropriate legal action.

Cookie policy and cookie policy.

What are cookies A cookie is a small text file containing a certain amount of information exchanged between a website and your terminal (usually the browser) and is normally used by the website operator to store information needed to improve navigation within the website or to send advertising messages in line with the preferences expressed by the user when browsing the web. When you visit the same or any other site again the user’s device checks for the presence of a recognized cookie so that you can read the information it contains. Different cookies contain different information and are used for different purposes (efficient navigation through the pages of the same site, profiling in order to send targeted promotional messages, analysis on the number of visits to the site). In the course of browsing, the user may also receive cookies on his terminal sent by different sites or web servers (so-called third parties), on which some elements (e.g., images, maps, sounds, specific links to pages of other domains) present on the site the user is visiting may reside. More generally, some cookies (referred to as session cookies) are assigned to the user’s device only for the duration of access to the site and expire automatically when the browser is closed. Other cookies (called persistent) remain on the device for an extended period of time. The specific purposes of the different types of cookies installed on this site are described below. You can disable cookies by following the information below. Characteristics and purposes of cookies installed by the site Technical cookies: These are cookies used specifically to enable the proper functioning and enjoyment of our sites. For example, technical cookies are used for user login functionality. They are mainly provided by the site server or, in the case of the integration of external services such as social networks, by third parties. Profiling cookies: These are cookies used for the purpose of sending advertising messages in line with the preferences expressed by the user when browsing the web. They can be provided by our servers or through our site by third parties. Companies that offer or advertise their products through this site may assign cookies to users’ terminals. The categories of cookies used and the type of processing of personal data by these companies are regulated in accordance with the information made by these companies. To accept or deny these cookies provided by our servers make the choice directly from the “PREFERENCES” panel of the initial pop-up www.youronlinechoices.com/it Analytical cookies: These are cookies used for statistical analysis, to improve the site and simplify its use as well as to monitor its proper functioning. This type of cookie collects information anonymously about user activity on the site. This type of cookie is delivered exclusively by third parties, such as Google Ananlytics Options about the site’s use of cookies through browser settings The provision of all cookies, both first- and third-party, can be disabled by intervening in the settings of the browser in use; it should be noted, however, that this may render the sites unusable if cookies essential for the provision of functionality are blocked. Each browser has different settings for disabling cookies; below we offer links to instructions for the most common browsers.

 

Cookie names Type of cookie First or Third party Can be blocked Session or Persistent Expiry Time Purpose

Third-party sites. Third-party sites that can be accessed through this website are not covered by this policy. The Society disclaims any responsibility for them. The categories of cookies used and the type of processing of personal data by these companies are regulated in accordance with the information made by these companies. Further Information about the personal data processing carried out on this site. For further information on the processing of personal data collected on this site carried out please refer to the Privacy Policy and the Privacy Policy.

Privacy Policy


Dear User, Thank you for visiting our site. The SOCIETY has always paid close attention to the issues of protection of personal data processed by it not only because it is the subject of specific legislation but especially because the safeguarding of data constitutes a fundamental asset. So it is for these reasons that we constantly strive to provide our Users with an Internet experience that fully respects and protects their Privacy. Why this notice The following page describes how the site is managed with regard to the processing of personal data of users who consult it. This is also a disclosure made under the GDPR to those who interact with the web services directly provided by the Company We encourage you to review our Privacy Policy, outlined below. The Privacy Policy and Standards used the protection of personal data are based on the following principles:

1) PRINCIPLE OF RESPONSIBILITY The processing of personal data is managed over time by appropriate responsibilities identified within the corporate organization.

2) PRINCIPLE OF TRANSPARENCY Personal data are collected and subsequently processed in accordance with the principles expressed in the Privacy Policy adopted by the Company, set forth in this Privacy Policy. At the time of any provision of data, the data subject is provided with a brief but comprehensive information notice in accordance with the GDPR.

3) PRINCIPLE OF PERTINENCE OF COLLECTION Personal data shall be processed lawfully and fairly; shall be recorded for specified, explicit and legitimate purposes; shall be relevant and not exceed the purposes of processing; and shall be kept for as long as necessary for the purposes of collection.

4) PRINCIPLE OF PURPOSE OF USE The purpose of processing personal data is made known to the data subjects at the time of collection. Any new data processing, if unrelated to the stated purposes, is activated after new information to the data subject and possible request for consent, when required by the GDPR.

5) PRINCIPLE OF VERIFIABILITY Personal data are accurate and updated over time. They are also organized and stored in such a way that the data subject is given the opportunity to know, if he or she so desires, what data have been collected and recorded, as well as to check their quality and request their possible correction, integration, deletion for violation of the law or opposition to processing, and to exercise all other rights provided by the GDPR at the addresses indicated in the Notices on this page.

6) SECURITY PRINCIPLE Personal data are protected by technical, computer, organizational, logistical and procedural security measures against the risks of destruction or loss, even accidental, and unauthorized access or unauthorized processing. These measures are updated periodically according to technical progress, the nature of the data and the specific characteristics of the processing, constantly monitored and verified over time.

Third parties performing support activities of any kind for the provision of services by companies, in relation to which they perform personal data processing operations, are designated by the latter as Data Processors and are contractually bound to comply with measures for the security and confidentiality of processing. The identity of said third parties is made known to users. With the consent of the data subjects, if required by law, and in any case after adequate information specifying the various purposes, personal data may be communicated to third parties, public and private, unrelated to the company, who will process them as autonomous data controllers. Of the processing of personal data carried out by these third-party data controllers, the Company is in no way responsible. The Society also assumes no responsibility for:

  1. the rules and methods of handling personal data of other Web sites, which can be reached from our pages through links and cross-references;
  2. The contents of any e-mail services, Web spaces, chat forums provided to users.

Processing related to the web services offered by this site takes place at the offices of the companies and possibly at the offices of external data processors and is handled by data processors in charge of managing the services requested, marketing activities – where requested by the user -, data storage activities and occasional maintenance operations. Scope of data communication The personal data provided may be communicated to third parties in order to fulfill legal obligations, in execution of orders from public authorities legitimized to do so, or even to assert or defend a right in court. If necessary in connection with particular services or products requested, personal data may be disclosed to third parties who perform, as independent data controllers, functions closely related and instrumental to the provision of services or supply of products. Without communication, these services and products could not be provided. Personal data will not be disseminated unless the requested service requires it. Types of data collected, purposes and processing methods It is good for you to know that, through browsing the site, your professional and personal interests may be detected: such information, however, is collected for the sole and exclusive purpose of providing the requested services and possibly to control the quality of the services offered. Only with the express consent of the user in the legal forms, are carried out, with electronic tools, analysis and profiling activities related to purchasing and professional choices for the purpose of improving the offer of services and business information, direct sales, market research on products, services and events from the company in accordance with the interests of users. Personal data will also be processed for sending commercial and promotional information, direct sales, market research on products, services and events (hereinafter collectively referred to as “marketing activities”) of the company, and for marketing activities, directly by the company, on behalf of companies of the company Data voluntarily provided by the user The types of personal data collected and processed in the siteare those necessary for the provision of the various services provided. The data collected are processed by paper, automated and telematic means and with logic strictly related to the purposes of processing. Your fax and telephone numbers and e-mail address may also be used to provide services to you. Therefore, it is clear that if these data are not given, those services that require the use of these tools cannot be provided to you. If you do not express your consent to the use of e-mail and telephone for the purpose of advertising information or direct sales or interactive marketing communications, these tools will not be used for this purpose. Specific disclosures will be made on the pages of the site set up for the possible provision of personal data. Any voluntary sending of electronic mail to the addresses indicated on the site involves the acquisition of the sender’s address as well as any other information contained in the message; these personal data will be used for the sole purpose of performing the service or performance requested. Navigation data It is useful to know that the site’s software procedures acquire, in the course of their normal operation, some personal data (navigation data), the transmission of which is implicit in the use of Internet communication protocols. While this information is not intended to be associated with identified users, by its nature, when combined with other data held by third parties (e.g., your internet service provider), it could allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users connecting to the site, addresses in URL (Uniform Resource Locator) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the user’s operating system and computer environment. This data is used only for the purpose of anonymous statistics on the use of the site and to check its proper functioning. The Data Controller and, depending on the service requested, the Designated Managers shall retain, for a limited period according to legal regulations, the trace (LOG) of the connections/navigations made in order to respond to any requests from the judicial authority or other public body entitled to request said trace for the investigation of possible liability in case of computer crimes. Provision of data Apart from what is specified for navigation data, the user is free to provide or not to provide the personal data requested in the registration forms for the services. On such forms moreover some data may be marked as mandatory; it should be understood that such data are necessary for the provision of the requested service. If this data is not provided, the requested service cannot be provided and you will not be able to take advantage of related opportunities. At the time of any provision of data, a notice containing all the requirements dictated by the GDPR is provided to the data subject. The data subject is then called upon to give informed, free, specifically expressed and documented consent in the form required by law, where required by law. If personal data are conferred at later stages, additions may be provided to previously rendered disclosures and new processing consents may be requested. Security measures taken to protect collected data The company uses “secure” architectures and technologies to protect personal data against undue disclosure, alteration or misuse. The protections activated against personal data are intended, in particular, to minimize the risks of destruction or loss, including accidental loss, of data, unauthorized access, or processing that is not permitted or not in accordance with the purposes of collection. Individuals to whom personal data refer have the right at any time to exercise their rights as set forth in the GDPR. Requests should be addressed to the e-mail address found on the “Contact Us” page or to the specific contact information indicated in the disclosures made to users at the time of any personal data collection.


Third Party Sites
Third-party sites that can be accessed through this website are not covered by this policy. Society. disclaims any responsibility for them. The categories of cookies used and the type of processing of personal data by these companies are regulated in accordance with the information made by these companies.

Use of IP addresses

An IP address is a number automatically assigned to your computer whenever you connect to the Internet through your Internet Provider or from a corporate LAN/WAN network using the same Internet protocols. Like the home address to which others can send you material, the IP address is used by the Web site so that it can send you its own pages.
Privacy policy of digital measurement by Nielsen
https://priv-policy.imrworldwide.com/priv/browser/it/it/optout.html