Privacy Policy, in accordance with Articles 13 and 14 of EU Regulation 2016/679 and the Privacy Code (Legislative Decree 196/2003), as amended by Legislative Decree 101/2018.
1 INTRODUCTION
For the Life Beyond Tourism Movement TTD SB s.r.l, with registered office in Florence, Via Panciatichi, 16 (hereinafter referred to as the “Company” or the “Controller” or the “Movement”), your privacy and the security of your personal data are particularly important. For this reason, we collect and process them with the utmost care and attention, adopting specific technical and structural measures to ensure their security during processing. With this notice, we inform you about the purposes and methods of processing your personal data, in accordance with Article 13 of the European General Data Protection Regulation No. 679/2016 (hereinafter referred to as the “EU Regulation” or “GDPR”) and the Privacy Code Legislative Decree 196/2003, as amended by Legislative Decree 101/2018 (hereinafter referred to as the “Regulation”). This notice is provided only for the Movement’s website and not for other websites that may be accessed by the user through links (for which reference is made to the respective privacy policies). The reproduction or use of pages, materials, and information contained within the website, by any means and on any medium, is not permitted without the prior written consent of the Movement. Copying and/or printing is allowed for strictly personal and non-commercial use (for requests and clarifications, contact the Movement at the addresses indicated below). Other uses of the content, services, and information on this site are not permitted. Regarding the content offered and the information provided, the Movement will make reasonable efforts to keep the content of the website reasonably updated and reviewed, without offering any guarantee as to the adequacy, accuracy, or completeness of the information provided, explicitly declining any responsibility for any errors or omissions in the information provided on the website.
2 Data Controller
For any questions or requests related to the processing of your personal data, you can contact us by sending a request to the following contacts.
Company Name: Life Beyond Tourism Movement TTD SB s.r.l
Registered Office Address: Via Panciatichi, 16, Florence
Contact details: privacy@lifebeyondtourism.org
Website: www.luoghiparlanti.com
The company has not appointed a Data Protection Officer (DPO), as the conditions do not require it.
The use of the website, including those intended for tablets and/or smartphones, by the Customer and/or the User implies full knowledge and acceptance of the content and any instructions included in this version of the notice published by the Movement when accessing the site. The Movement informs that this notice may be modified without prior notice, and therefore recommends periodic reading.
3 Types of Data Processed
Browsing Data
The computer systems and software procedures used to operate this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters relating to the user’s operating system and computer environment.
Such data, necessary for the use of web services, is also processed for the following purposes:
Obtaining statistical information about the use of services (most visited pages, number of visitors per hour or day, geographical areas of origin, etc.).
Checking the proper functioning of the offered services.
Remarketing activities.
Data communicated by the user.
The voluntary sending of messages to contact addresses, private messages sent by users/visitors to social media profiles/pages (where this possibility is provided), as well as the optional completion and submission of forms on our website, involve the acquisition of contact data from the sender as well as all personal data included in the communications.
The optional, explicit, and voluntary sending of emails to the addresses indicated in the appropriate section of the Website, as well as the completion of questionnaires, communication through social networks, call centers, etc., involve the subsequent acquisition of some of your personal data, including those collected through the use of related services, necessary to respond to requests. We also inform you that when using a mobile connection to access content and digital services offered directly by the Movement or by our Partners, it may be necessary to transfer your personal data to these third parties. Please note that you may access the Website or connect to areas where you may be able to publish information using blogs or bulletin boards, communicate with others, for example, from the Movement’s page on Facebook®, LinkedIn®, YouTube®, and other social networking sites, review products and offers, and post comments or content. Before interacting with such areas, we invite you to carefully read the Terms of Use, considering that, in certain circumstances, the published information may be viewed by anyone with internet access, and all the information you include in your publications may be read, collected, and used by third parties.
Photographs or event images
We also want to draw your attention to the fact that the data processed by the Movement may sometimes consist of photographic images and video recordings collected during exhibitions, conferences, museum contexts, events, and demonstrations for institutional purposes, public relations, and commercial communications. Such data may be processed in printed and/or audiovisual form, through any means of dissemination such as the internet or social networks.
Minors’ data
We specify that on the occasion of visits by families, school groups, students to the event venue or for the performance of educational activities, also organized by the relevant institutes, in our equipped classrooms, it may be necessary to process the data of minors for accounting and reporting purposes, including fiscal purposes.
The processing of minors’ data is lawful only through the express consent of those exercising parental authority. In the case of visits and/or educational activities organized by schools or educational institutions, agreements will be made with the Data Controller in order to collect the consent for the processing of data by parents or legal guardians.
4 Purpose and Legal Basis of Processing
The following table indicates the purposes and legal bases that make the processing of collected data lawful.
Purpose Legal Basis of Processing
A Contractual purposes, i.e., the pursuit of instrumental and/or complementary purposes related to the request for enrollment in activities organized by the Movement (e.g., exhibitions, events, guided tours, workshops, educational activities). Performance of pre-contractual and contractual negotiations (Art. 6(1)(b) GDPR), legitimate interest (Art. 6(1)(f) GDPR).
B Marketing activities, newsletter subscription, sending of commercial communications to the interested party, also by third parties, satisfaction surveys, market research, and statistical analysis. Consent of the data subject (Art. 6(1)(a) GDPR).
C Management of payment activities. Performance of the contract (Art. 6(1)(b) GDPR).
D Profiling activities, analysis, also automated, only through.
5 Mandatory or Optional Provision of Data
The provision of data listed in the previous Table is mandatory, with the exception of data collected for marketing and profiling purposes as described in letters B, D, and F, for which the provision is optional.
6 Cookies
A cookie is a small text file that is sent to your browser and, if accepted, stored on your computer (or alternatively on your smartphone/tablet or any other device used to access the Internet). This usually occurs each time you visit a website. The Movement uses cookies for various purposes, aiming to provide you with a fast and secure digital experience. For example, they allow you to maintain an active connection to the protected area while browsing through the website pages.
The cookies stored on your device cannot be used to retrieve any data from your hard drive, transmit computer viruses, or identify and use your email address. Each cookie is unique to the browser and device you use to access the Website. Typically, cookies are used to improve the functioning of the website and enhance the user’s experience, although cookies can also be used to deliver targeted advertising messages (as specified below). For more information on what cookies are and how they work, you can visit the website “All about cookies” at http://www.allaboutcookies.org.
For detailed information about Cookies, please refer to the dedicated page on the website www.luoghiparlanti.com.
7 Data Recipients
Your personal data will also be transmitted to third parties utilized by the Movement. These third parties have been adequately selected and provide sufficient guarantees for compliance with personal data processing regulations. They have been appointed as data processors under Article 28 of the Regulation and are required to perform their activities according to specific instructions given by the Movement and under its control.
These third parties may belong to the following categories:
Third parties utilized by the Movement for the proper execution of contracts and related administrative management: financial operators, internet service providers, social platforms, IT service specialized companies, legal advisors, labor consultants, tax consultants, group companies (etc.).
Commercial partners of the Data Controller: financial operators, social platforms, IT service specialized companies, marketing companies.
A specific and updated list of these third parties is available at the headquarters of the Movement and can be requested by the data subject.
Please note that your personal data will not be disclosed to third parties for their own promotional purposes and will not be disseminated in any way.
Furthermore, your data may be disclosed to the Police Forces and the Judicial and Administrative Authorities in accordance with the law, for the detection and prosecution of crimes, the prevention and protection against threats to public security, as well as to enable the Movement to exercise or protect its rights or the rights of third parties before the competent authorities, and for other reasons related to the protection of the rights and freedoms of others.
8 Extra-EU Data Transfer
Please note that some of the third parties mentioned in paragraph 6 may be located in countries outside the European Union but still offer an adequate level of data protection, as determined by specific decisions of the European Commission. The transfer of your personal data to third parties located in non-EU countries that do not ensure an adequate level of protection will only be carried out with your consent or after the Movement and such parties have entered into specific agreements containing safeguard clauses and appropriate guarantees for the protection of your personal data, commonly known as “standard contractual clauses,” also approved by the European Commission. Alternatively, the transfer may be necessary for the conclusion and performance of a contract between you and the Movement or for the management of your requests.
9 Data Retention
We inform you that your data will be stored for a limited period of time, which varies depending on the type of processing activities in compliance with the Movement’s Data Retention Policy and its specific purposes.
By way of example and not exhaustively, please note:
The data of a user registered for the newsletter service will be stored and processed until a request for deletion is made.
The data of a user processed in relation to connected activities will be stored and processed for a period not exceeding the time necessary to achieve the purposes and, in any case, for a reasonable time and in compliance with the data retention policy.
Data processed for profiling and analysis purposes, including automated processing, will be processed for a period not exceeding the time necessary to achieve the purposes and comply with legal regulations and individual provisions of the Personal Data Protection Authority.
Data collected in the context of using services offered by the Movement, such as sending commercial communications, will be kept until the termination of the service or the cancellation of the user’s subscription.
At the end of these periods, your data will be permanently deleted or irreversibly anonymized by the Movement.
10 Your Rights as a Data Subject
We inform you that you have the right to exercise the following rights regarding the personal data subject to this information:
Right of access and rectification (Articles 15 and 16 of the EU Regulation): You have the right to access your personal data and request that it be corrected, modified, or supplemented. If desired, we will provide you with a copy of your data in our possession.
Right to erasure (Art. 17 of the EU Regulation): In cases provided for by applicable legislation, you can request the erasure of your personal data. Once your request is received and analyzed, we will cease the processing and delete your personal data if found legitimate.
Right to restriction of processing (Art. 18 of the EU Regulation): You have the right to request the restriction of the processing of your personal data in the case of unlawful processing or if the accuracy of the personal data is contested by the data subject.
Right to data portability (Art. 20 of the EU Regulation): You have the right to request from the Data Controller your personal data in order to transmit it to another controller, in cases provided for by the mentioned article.
Right to object (Art. 21 of the EU Regulation): You have the right to object at any time to the processing of your personal data based on the legitimate interest of the Data Controller, by providing the reasons justifying your request. Before accepting it, the Data Controller will assess the grounds of your request.
Right to lodge a complaint (Art. 77 of the EU Regulation): You have the right to lodge a complaint with the competent supervisory authority for the protection of personal data if you believe that a violation of your rights related to the processing of your personal data has occurred or is ongoing.
Right to withdraw consent (Art. 13 of the EU Regulation): For the processing of personal data based solely on your consent, you have the right to withdraw your consent at any time by contacting the Data Controller.
You can exercise your rights at any time with regard to specific processing of personal data carried out by the Movement as the Data Controller, using the contact details provided in point 2 of this information.
11 Processing Methods, Logic, Retention Periods, and Security Measures
The processing is carried out, also using electronic or automated means, by the Movement and/or by third parties authorized by the Movement to store, manage, and transmit the data. The processing of data will be carried out with organizational and processing methods of your personal data, including the logs generated by accessing and using the web services, products, and services related to the aforementioned purposes, in a way that ensures the security and confidentiality of the data. The processed personal data will be stored for the periods established by the applicable regulations.
Regarding data security, in the sections of the website designed for specific services where personal data is requested from the user, the data is encrypted using a security technology called Secure Sockets Layer (SSL). SSL technology encrypts information before it is exchanged over the Internet between the user’s computer and the central systems of the Movement, making it incomprehensible to unauthorized individuals and ensuring the confidentiality of the transmitted information. In addition, transactions made using electronic payment tools are carried out directly using the platform of the Payment Service Provider (PSP), and the Movement only retains the minimum set of information necessary to manage any disputes. In relation to the protection of personal data, the user/customer is invited, in accordance with Article 33 of the GDPR, to report to the Movement any circumstances or events that may result in a potential “personal data breach” in order to allow for an immediate assessment and the adoption of any actions to counter such an event, by sending a communication to privacy@lifebeyondtourism.org.
The measures implemented by the Movement do not exempt the Customer from exercising due care in the use, where required, of passwords/PINs of adequate complexity, which should be periodically updated, especially if the Customer suspects they have been compromised or known by third parties. It is also important for the Customer to handle such information with care, keeping it inaccessible to third parties in order to prevent improper and unauthorized use.
Data Controller:
Movimento Life Beyond Tourism TTD SB s.r.l
This information is up to date as of April 28, 2023.