Information on the processing of personal data
(Pursuant to European Regulation No. 679/2016 and Legislative Decree 196/03 and subsequent amendments)
A. Registration on the website
B. Travel booking website
A. Registration on the website
We inform you that, for relations with its users and clients,ACI blueteam SpA collects the data referred to them, qualified as "personal data" by EU Regulation 2016/679. The legislation first provides that those who process personal data are required to inform the interested party about which data are processed and about certain elements
qualifying the processing which, in any case, must take place with correctness, lawfulness and transparency, protecting your confidentiality and your rights.
Therefore, according to the provisions of article 13 EU Regulation 2016/679 we provide the following information:
Data Controller and Data Protection Officer
The Data Controller of your personal data is ACI blueteam SpA, based in Luisago (Italy), Via Risorgimento, 70. The Company has appointed a Data Protection Officer who supports the Data Controller regarding the application of national and European legislation on data protection, cooperating with the Supervisory Authority and acting as a contact point with interested parties. The Data Protection Officer can be reached at the
following address: privacy@blueteamtravel.it.
Nature of processed data
We process the following personal data: name, surname, address, country, telephone, e-mail, security data (e.g., password for account creation), which are necessary for carrying out contractual relationships with clients and users. We do not process any data that can be classified as sensitive pursuant to art. 9 GDPR or data relating to convictions or crimes pursuant to art. 10 of EU Regulation 2016/679.
Purpose of the processing and legal basis
The collected data will be processed for the following purposes:
a) create an account
b) create, maintain, and update user accounts on our platform and authenticate users
c) send newsletters, information and offers on
travel products and services.
The processing will take place based onpre-contractual measures, relating to registration, adopted at the request of
the interested party.
Regarding the point referred to in letter c), theprocessing will take place based on the explicit consent issued.
Methods of processing and storage times
The processing of data takes place using tools andprocedures suitable to guarantee their security and confidentiality and can becarried out with the aid of electronic tools. No automated decision-making
processes are adopted.
The data will be processed for the entire duration of the relationship and subsequently, for the fulfillment of legal obligations and for administrative and commercial purposes, within the limit of 10 years unless used for further periods at the request of the judicial authorities and other public authorities or to enforce our rights.
Transfer of data to a non-EU country
Your data may also be communicated and transferred to subjects operating in countries located outside the European Economic Area, especially in the United States for the use of cloud services. In any case, the transfer of your data will be carried out based on adequate guarantees as required by the GDPR, in particular standard contractual clauses (SCCs).
Obligation or right to provide data and consequences of any refusal
With regard to the data that we are obliged to know, in order to provide the services requested by you and fulfill the
obligations established by laws, regulations and community legislation, or by provisions issued by Authorities legitimated by the law and by bodies of supervision and control, failure to provide them by the user will make it
impossible to establish or continue the relationship, to the extent that such data are necessary for its execution.
Communication and dissemination
The data collected through the website are not "disseminated" by us, with this term meaning giving them knowledge to
indeterminate subjects in any way, including by making them available or by consulting them. The data is also not disclosed to third parties.
Rights of the interested party
At any time, the interested party may exercise their rights, listed below, in accordance with the provisions of EU Regulation 679/2016 and the national legislation in force:
Right of access: the interested party has the right to obtain confirmation as to whether personal data concerning them are being processed and, in this case, to obtain access to personal data. At any time, you can request access to the following information: the purposes of the processing, the categories of data processed, the recipients to whom your personal data are or will be communicated, the data retention period, the existence of rights in your favor, the origin of the data and the eventual existence of an automated process.
Right of rectification: the interested party has the right to obtain from the data controller the correction of inaccurate personal data concerning them without undue delay. Furthermore, they have the right to obtain the
integration of incomplete personal data, also by providing a supplementary declaration. In this case, the data controller will be obliged to inform each recipient to whom the personal data have been transmitted about any
corrections.
Right of cancellation: the interested party has the right to obtain the cancellation of personal data concerning them without undue delay and to request cancellation. Furthermore, if your data have been made public, the data controller will delete them and will take reasonable measures, including technical ones, to inform the recipients who are processing the personal data of the interested party's request to delete any copy of their personal data. Right to treatment limitation: if the interested party deems it appropriate, they can request the limitation of the processing of personal data concerning them and limit their treatment in the future. In this case, the data controller will communicate any limitations regarding the processing to each of the recipients to whom the personal data have been transmitted, unless this proves impossible or involves a disproportionate effort. Right to object to processing: the interested party has the right to object at any time, for reasons connected with their particular situation, to the processing of personal data concerning them.
Right to withdraw consent: in the case of a treatment based on consent, the interested party may revoke the consent given for the treatment. However, this act does not affect the validity of the processing carried out by the controller up to that moment.
Right to lodge a complaint with the Supervisory Authority: where the interested party believes that their data has been processed illegitimately and violates the rules and principles regarding the protection of personal data, they have
the right to contact the Supervisory Authority (Guarantor Privacy) to lodge a complaint, according to the procedures defined by the latter.
B. Travel bookingwebsite
We inform you that, for relating with its users and clients, ACI blueteam SpA collects the data referred to them, qualified as "personal data" by EU Regulation 2016/679.
First of all, the legislation provides that those who process personal data are required to inform the interested party about which data are processed and about certain elements qualifying the processing which, in any case, must take place with correctness, lawfulness and transparency, protecting your confidentiality and your
rights.
Therefore, according to the provisions of articles 13 EU Regulation 2016/679 we provide the following information.
Data Controller and Data Protection Officer
The Data Controller of your personal data is ACI blueteam SpA, based in Luisago (Italy), Via Risorgimento, 70. The Company has appointed a Data Protection Officer who supports the Data Controller regarding the application of national and European legislation on data protection, cooperating with the Supervisory Authority and acting as a contact point with interested parties. The Data Protection Officer can be reached at the following address: privacy@blueteamtravel.it.
Nature of the data processed
We process the following personal data (including data concerning minors): name, surname, address, country, telephone, e-mail, date and place of birth, Tax Code, I.D. details; payment data; travel data; special data (e.g. relating to food intolerances); data relating to any travel companions, which are necessary to finalize the booking. Purpose of the processing and legal basisAll collected data are processed for the following purposes:
a) book the requested travel/service
b) send newsletters, information and offers on travel products and services.
The treatment will take place, in relation to the purposes:
referred to in letter a) for the execution of the contract signed between the parties
referred to in letter b) based on the explicit consent issued.
Methods of processing and storage times
The processing of data takes place using tools and procedures suitable to guarantee their security and confidentiality and can be carried out with the aid of electronic tools. No automated decision-making processes are adopted. The data will be processed for the entire duration of the relationship and subsequently, for the fulfillment of legal obligations and for administrative purposes and within the limit of 10 years unless used for further periods at the request of the judicial authorities and other public authorities or to assert our rights. Regarding the marketing purpose, the data will be kept for no more than 24 months from the end of the relationship between the parties, unless the right to withdraw consent is exercised.
Transfer of data to a non-EU country
Your data may also be communicated and transferred to subjects operating in countries located outside the European Economic Area, especially in the United States for the use of cloud services. In any case, the transfer of your data will be carried out based on adequate guarantees as required by the GDPR, in particular standard contractual clauses (SCCs).
Obligation or right to provide data and consequences of any refusal
Regarding the data that we are obliged to know in order to provide the services requested by you and fulfill the obligations established by laws, regulations and community legislation, or by provisions issued by Authorities legitimated by the law and by supervisory bodies and control, failure to provide them by the user will make it impossible to establish or continue the relationship, to the extent that such data are necessary for its execution. The provision of data for marketing purposes is optional and their processing, which requires the consent of the data subject expressed at the time of activation of the requested services and which remains valid until the same is revoked, can be used to improve products and services. Failure to provide it will not affect the provision of the
requested services and/or the contractual relationship.
Communication and dissemination
The data collected through the site are not "disseminated" by us, with this term meaning giving them knowledge to indeterminate subjects in any way, including by making them available or consulting them. The personal data of the interested party may instead be "communicated" by us (with this term meaning the disclosure of it to one or more specific subjects) to:companies that provide transport services, hospitality, rental of means of transport, activities and excursions, insurance, or companies that mediate such services through online platforms (by
way of example only: GDS - Global Distribution System - such as Amadeus, Saber; OTA - online travel agency-; Bed Bank - hotel data banks-) and who operate as Autonomous Data Controllers; third party service providers. We share
personal data with third parties in connection with the provision of services and the management of our business (for example, for processing credit card payments, customer support, business analytics, fraud prevention and
compliance). These third-party service providers are required to protect all personal data we share with them and may not directly use any personallyidentifiable data other than to provide the services for which we have entered
a contract.
Rights of the interested party
At any time, the interested party may exercise their rights, listed below, in accordance with the provisions of EU Regulation 679/2016 and the national legislation in force:
Right of access: the interested party has the right to obtain confirmation as to whether personal data concerning them are being processed and, in this case, to obtain access to personal data. At any time, you can request access to the following information: the purposes of the processing, the categories of data processed, the recipients to whom the personal data are or will be communicated, the data retention period, the existence of the rights in your favor, the origin of the data and the possible existence of an automated process.
Right of rectification: the interested party has the right to obtain from the data controller the correction of inaccurate personal data concerning them without undue delay. Furthermore, they have the right to obtain the integration of
incomplete personal data, also by providing a supplementary declaration. In this case, the data controller will be obliged to inform each recipient to whom the personal data have been transmitted about any
corrections.
Right of cancellation: the interested party has the right to obtain the cancellation of personal data concerning them without undue delay and to request cancellation. Furthermore, if your data are made public, the controller will delete them and will take reasonable measures, including technical ones, to inform the data controllers who are processing personal data of the request of the interested party to delete any copy of their personal data. The Foundation will take
all appropriate technical and organizational measures so as not to disturb them
anymore.
Right to limitation of treatment: if the interested party deems it appropriate, they can request the limitation of the processing of personal data concerning them and limit its treatment in the future. In this case, the data controller
will communicate any limitations to the processing to each of the recipients to whom the personal data have been transmitted, unless this proves impossible or involves a disproportionate effort.
Right to object to processing: the interested party has the right to object at any time, for reasons connected with their particular situation, to the processing of personal data concerning them. Right to withdraw consent: in the case of a treatment based on consent, the interested party may revoke the consent given for the treatment. However,
this act does not affect the validity of the processing carried out by the controller up to that moment. Right to lodge a complaint with the Supervisory Authority: where the interested party believes that their data has been processed illegitimately and violates the rules and principles regarding the protection of personal data, they have the right to contact the Supervisory Authority (Guarantor Privacy) to lodge a complaint, according to the procedures defined by the latter.