Information pursuant to art. 13 of the Regulation (EU) n. 679/2016 (“GDPR”)
Lakinion Travel By Meridia Tour srl (hereinafter “Lakinion Travel”) protects the confidentiality of personal data and guarantees to them the necessary protection from any event that could put them at risk of violation.
As required by the European Union Regulation no. 679/2016 (“GDPR”), and in particular to the art. 13, below we provide the user (“Concerned”) with the information required by law concerning the processing of their personal data..
Who we are and what data we process (article 13, paragraph 1 letter A, article 15, letter B GDPR)
Lakinion Travel By Meridia Tour srl, in the person of its legal representative p.t., with operational headquarters in Botricello (CZ), Via Nazionale n. 254, operates as Data Controller and can be contacted at firstname.lastname@example.org and collects and / or receives information concerning the data subject, such as:
|Data Category:||Exemplification of data types|
|Personal data||name, surname, physical address, nationality, province and municipality of residence, landline and / or mobile phone, fax, social security number, e-mail address.|
|Bank details||IBAN bank details and bank / postal data (except credit card number)|
|Data of telematic traffic||data log in|
Lakinion Travel does not require the data subject to provide data c.d. “Particulars”, that is, according to the provisions of the GDPR (art. 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical convictions, or union membership, as well as genetic data, data biometrics designed to uniquely identify a natural person, data relating to a person’s health or sexual life or sexual orientation. In the event that the service requested to Lakinion Travel requires the processing of such data, the interested part will receive prior notice and will be required to give appropriate consent.
For any information and / or request, the interested part may contact the data controller at the following addresses:
LAKINION TRAVEL By Meridia Tour srl
Via Nazionale, 254
88070 – Botricello (CZ)
Tel. 0961 963832 – 320 6650655
Fax 0961 966126
For what purposes we need the data of the interested part (Article 13, 1st paragraph GDPR)
The data are used by the Data Controller to process the registration request and the supply contract of the chosen Service (s), manage and execute the contact requests sent by the Interested Part, provide assistance, comply with legal and regulatory obligations. of which the Holder is held according to the activity exercised. In no case will Lakinion Travel resell the personal data of the interested part to third parties or use them for undeclared purposes.
In particular, the data of the interested part will be processed for:
A) registration and contact requests and / or information material
The processing of personal data of the interested part takes place to carry out the preliminary activities and consequent to the registration request, to the management of requests for information and to contact and / or sending information material, as well as for the fulfillment of any other obligation arising.
The legal basis of these treatments is the fulfillment of the services related to the request for registration, information and contact and (or sending information material and compliance with legal obligations.
B) management of the contractual relationship
The processing of personal data of the interested part takes place to carry out preliminary activities and consequent to the purchase of one or more Services, the management of the relevant Service, the provision of the Service itself, the related invoicing and the management of the payment, the treatment complaints and / or service reports and the disbursement of the same and the fulfillment of any other obligation arising from the contract.
The legal basis of these treatments is the fulfillment of the services inherent in the contractual relationship and compliance with legal obligations.
C) promotional activities on Services / Products similar to those purchased by the Interested Part (Recital 47 GDPR)
The data controller, even without your explicit consent, may use the contact details provided by the interested part, for the purpose of direct sale of their Services / Products, limited to the case in which the Services / Products are similar to those object of the sale, unless the interested part explicitly objects.
D) the commercial promotion activities on Services / Products different from those purchased by the interested part
The personal data of the interested part may also be processed for purposes of commercial promotion, for surveys and market research with regard to Services / Products that the Data Controller offers only if the data subject has authorized the processing and does not object to this.
This treatment can be automated, in the following ways:
- telephone contact;
and can be done:
- if the interested part has not revoked his consent for the use of the data;
- if, in the case the treatment of which takes place through contact with the telephone operator, the person concerned is not registered in the register of oppositions referred to in the D.P.R. n. 178/2010;
The legal basis for such processing is the consent given by the interested part prior to the processing itself, which can be revoked by the interested part freely and at any time.
The personal data of the interested part may also be processed for profiling purposes (such as analysis of the selected Services / Products, to propose advertising messages and / or commercial proposals in line with the choices made by the same users) only if the person concerned has provided an explicit and informed consent. The legal basis of such processing is the consent given by the interested part prior to the processing itself, which can be revoked by the interested part freely and at any time.
F) the protection of minors
The Services / Products offered by the Data Controller are reserved to subjects legally able, on the basis of the national reference legislation, to conclude contractual obligations.
The Data Controller, in order to prevent illegal access to its services, implements prevention measures to protect its legitimate interest, such as the control of the tax code and / or other checks, when necessary for specific Services / Products, the correctness of the data identification of identity documents issued by the competent authorities.
Communication to third parties and categories of recipients (Article 13, 1st paragraph GDPR)
The personal data will be communicated mainly to third parties and / or recipients whose activity is necessary for the performance of the activities related to the relationship established and to meet certain legal obligations, such as::
|Third part suppliers and people connected to the Holder||Provision of services related to the requested service|
|Credit and / or bank / postal institutions||Management of collections, payments, reimbursements related to the contractual service|
|External professionals / consultants||Fulfillment of legal obligations, exercise of rights, protection of contractual rights, recovery of credit|
|Formally delegated subjects or having a recognized legal title||Legal representatives, curators, tutors, etc|
The Data Controller imposes on the third part own suppliers and on the Representatives of the treatment the respect of security measures equal to those adopted towards the interested part, restricting the perimeter of action of the Manager to the treatments connected to the requested service.
The Data Controller does not transfer your personal data to countries where the GDPR (non-EU countries) is not applied, unless there are specific indications to the contrary for which you will be informed in advance and your consent will be requested if necessary.
The legal basis of these treatments is the fulfillment of the services inherent to the relationship established, compliance with legal obligations and the legitimate interest of Lakinion Travel to carry out the necessary treatments for these purposes.
What happens if the Data Subject does not provide his data identified as necessary for the execution of the requested service? (Article 13, paragraph 2, letter E GDPR
The collection and processing of personal data is necessary to follow up the requested services as well as the provision of the requested Service. If the person concerned does not provide the personal data expressly provided for as necessary in the registration form or contract, the Data Controller will not be able to process the processing of the requested services and / or the contract and the Services connected to it; nor to the obligations that depend on them
What happens if the Data Subject does not give consent to the processing of personal data for commercial promotion activities on Services other than those purchased?
In the event that the interested part does not give his consent to the processing of personal data for such purposes, said processing will not take place for the same purposes, without this having effects on the provision of services requested, nor for those for which he has already consent if requested. In the event that the interested part has given consent and should subsequently withdraw or oppose the treatment for commercial promotion activities, his data will no longer be processed for such activities, without this having consequences or detrimental effects for the data subject and for the requested services.
How we process the data of the interested part
The Data Controller provides for the use of adequate security measures to preserve the confidentiality, integrity and availability of the personal data of the interested part and imposes similar security measures on third parties and on the Managers..
Where we process the data of the interested part
The personal data of the interested part are kept in paper, computer and electronic archives in countries where the GDPR is applied (EU countries)
How long are the data of the interested part stored? (Article 13, paragraph 2, letter A GDPR)
One of the principles applicable to the processing of your Personal Data concerns the limitation of the retention period, governed by Article 5, paragraph 1, point e) of the Regulation that states “Personal Data are stored in a form that allows the identification of data subjects for a period of time not exceeding the achievement of the purposes for which they are processed; Personal Data may be stored for longer periods provided they are processed exclusively for archival purposes in the public interest, for scientific or historical research or for statistical purposes, in accordance with Article 89, paragraph 1, without prejudice to the implementation of technical measures and adequate organizational requirements required by this regulation to protect the rights and freedoms of the interested part “.
In light of this principle, your Personal Data will be processed by the Data Controller limited to what is necessary for the pursuit of the purposes set out in Section II of this Information. In particular, your Personal Data will be processed for a period of time equal to the minimum necessary, as indicated in Recital 39 of the Rules, ie until the termination of the contractual relations between you and the Data Controller without prejudice to an additional retention period which may be imposed by law as also provided for by Recital 65 of the Rules.
With regard to the processing carried out to achieve the purposes set out in Section II of this Information, the Data Controller may lawfully process your Personal Data until you communicate, in one of the methods provided for in this Notice, your intention to revoke the consent to one or all the purposes for which you have been asked. Any revocation of the consent will, in fact, require the Data Controller to cease the processing of your Personal Data for these purposes.
What are the rights of the interested part? (Articles 15-20 GDPR)
As required by Article 15 of the Rules, you can access your Personal Data, request correction and updating, if incomplete or erroneous, request cancellation if the collection was made in violation of a law or regulation, as well as oppose to the treatment for legitimate and specific reasons.
In particular, we list below all your rights that you can exercise, at any time, against the Data Controller:
- Right of access: you will have the right, in accordance with Article 15, paragraph 1 of the Rules, to obtain from the Data Controller the confirmation that a Personal Data Processing is in progress and, if so, to obtain the access to such Personal Data and to the following information: a) the purposes of the processing; b) the categories of Personal Data in question; c) Recipients or categories of Recipients to whom your Personal Data have been or will be communicated, in particular if Recipients of third countries or international organizations; d) whenever possible, the retention period of the Personal Data provided or, if not possible, the criteria used to determine this period; e) the existence of the right of the interested part to request the Data Controller to rectify or delete Personal Data or limit the processing of personal data concerning him or to oppose their processing; f) the right to lodge a complaint with a supervisory authority; g) if the Personal Data are not collected from the Data Subject, all information available on their origin; h) the existence of an automated decision-making process, including the profiling referred to in Article 22, paragraphs 1 and 4 of the Rules and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such treatment for the interested part. All this information can be found in this information that will always be available to you within the privacy section of each of the Internet sites.
- Right of rectification: you can obtain, in accordance with Article 16 of the Regulation, the correction of your Personal Data that are incorrect. Taking into account the purposes of the processing, moreover, you can obtain the integration of your Personal Data that are incomplete, also by providing an additional declaration.
- Right to cancel: you can obtain, in accordance with Article 17, paragraph 1 of the Rules, the cancellation of your Personal Data without undue delay and the Data Controller will have the obligation to delete your Personal Data, if there is even one of the following reasons: a) Personal Data are no longer necessary with respect to the purposes for which they were collected or otherwise processed; b) you have withdrawn the consent on which the processing of your Personal Data is based and there is no other legal basis for their processing; c) you are opposed to the processing pursuant to Article 21, paragraph 1 or 2 of the Rules and there is no longer any legitimate overriding reason to proceed with the processing of your Personal Data; d) your Personal Data has been processed unlawfully; e) it is necessary to delete your Personal Data in order to comply with a legal obligation provided for by a community or national law. In some cases, as foreseen by article 17, paragraph 3 of the Regulation, the Data Controller is entitled not to provide for the cancellation of your Personal Data if their processing is necessary, for example, for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest, for purposes of archiving in the public interest, scientific or historical research or for statistical purposes, for the assessment, exercise or defense of a right in court.
- Right to limit the processing: you can obtain the limitation of treatment, in accordance with Article 18 of the Rules, if one of the following hypotheses occurs: a) you have contested the accuracy of your Personal Data (the limitation will continue for the period necessary for the Data Controller to verify the accuracy of such Personal Data); b) The processing is illegal but you are opposed to the deletion of your Personal Data asking, however, that it is limited use; c) although the Data Controller no longer needs it for the purposes of processing, your Personal Data are used for the assessment, exercise or defense of a right in court; d) you are opposed to the processing pursuant to Article 21, paragraph 1, of the Rules and you are awaiting the verification of the possible prevalence of the legitimate reasons of the Data Controller with respect to yours. In case of limitation of treatment, your Personal Data will be processed, except for storage, only with your consent or for the assessment, exercise or defense of a right in court or to protect the rights of a other natural or legal person or for reasons of significant public interest. We will inform you, in any case, before this limitation is revoked.
- Right to data portability: you can, at any time, request and receive, pursuant to Article 20, paragraph 1 of the Regulation, all of your Personal Data processed by the Data Controller in a structured format, in common and legible use, or request transmission to another data controller without impediments. In this case, it will be your responsibility to provide us with all the exact details of the new data controller to whom you intend to transfer your Personal Data by providing written authorization.
- Right to oppose: pursuant to Article 21, paragraph 2 of the Rules and as also reiterated by Recital 70, you may object, at any time, to the processing of your Personal Data if these are processed for direct marketing purposes, including profiling to the extent that it is related to such direct marketing.
- Right to lodge a complaint with the supervisory authority: without prejudice to your right to appeal to any other administrative or jurisdictional office, if you believe that the processing of your Personal Data carried out by the Data Controller is in violation of the Rules and / or applicable law you can propose a complaint to the competent authority for the protection of personal data.
How and when can the data subject oppose the processing of personal data? (Article 21 GDPR)
To exercise all your rights as identified above, simply contact the Data Controller in the following ways
- writing to the Personal Data Processing Manager at Lakinion Travel By Meridia Tour srl, Via Nazionale, 254 – 88070 Botricello (Cz);
- sending an e-mail to the email@example.com mailbox to the attention of the person in charge of the processing of personal data.
- by calling the telephone number +39 0961 963832 and asking for the person in charge of processing personal data.
To whom can the interested part submit a complaint? (Article 15 GDPR)
Without prejudice to any other action in administrative or judicial proceedings, the interested part may lodge a complaint with the competent supervisory authority on the Italian territory (Authority for the protection of personal data) or those carrying out its duties and exercising its powers in the Member State where the GDPR violation took place.
This information is subject to updates and always available via our websites:
In case of doubts concerning our privacy, do not hesitate to contact us.