Privacy Policy

This information notice is provided, pursuant to Art. 13 of EU Regulation 2016/679 (GDPR), to users who interact with the website of Idi Travel Srl, accessible online at: http://www.iditravel.com, corresponding to the homepage of the site.

This policy describes the management methods of the company’s official website only.

Additional information may be provided within the different access channels, divided according to the topics addressed. Other notices may be included within the Site in relation to specific services.

Data Controller
I.D.I. TRAVEL s.r.l.
Via Torino, 2 – 31021 Mogliano Veneto (TV)

Types of Data Processed and Methods of Collection

Browsing Data – Log files

It is possible to access the Site without being required to provide any personal data. During their normal operation, the IT systems and software procedures used to operate this website collect certain data (the transmission of which is implicit in Internet communication protocols) that are not associated with directly identifiable users.

The collected data include the IP addresses of users connecting to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, and the numeric code indicating the status of the server's response (successful, error, etc.).

These are technical/informatic data that do not provide personal information about the user and are not collected to be associated with identified individuals, but are aggregated and anonymized to:

verify the correct functioning and ensure security of the Site;
improve service quality and provide usage statistics;
assess liability in case of hypothetical computer crimes against the site.

Data Provided Voluntarily by the User

The voluntary and explicit sending of emails to the addresses published on the website entails the subsequent acquisition of the sender’s/user’s address and related data, necessary to respond to requests and/or provide the requested service.

Such processing will always comply with the principles of fairness, lawfulness, transparency, and data protection as required by the GDPR. Before activating a specific service, appropriate information will be provided, and—where necessary—consent to the processing of personal data will be collected. Consent may subsequently be withdrawn at any time, resulting in the termination of the use of the related service.

Failure to provide consent or its withdrawal does not entail any consequence, except for the impossibility of using the Site and/or the requested service or obtaining more detailed information about the company’s activities.

In any case, personal data may be processed when necessary to pursue the Data Controller’s legitimate interest or based on a legal obligation. In particular, consent for the processing of browsing and log data is not required, as these data are processed for a legitimate interest (Recital 47 of the GDPR).

Provision of Data

Apart from what is specified for browsing data, the provision of personal data for the purposes described above is optional. Failure to provide such data may make it impossible to access certain services offered by the site.

Methods of Data Processing

Personal data are processed using automated tools for the time strictly necessary to achieve the purposes for which they are collected, in compliance with the principles of lawfulness, purpose limitation, and data minimization pursuant to Art. 5 of the GDPR, and within the mandatory retention periods prescribed by law.

Specific security measures are adopted to prevent data loss, unlawful or improper use, and unauthorized access.

Communication and/or Disclosure of Data

Your data will not be disclosed but may be communicated to companies contractually associated with the organization, in accordance with and within the limits of the GDPR.

Personal data are stored on servers located within the European Union. However, the Data Controller may transfer the servers outside the EU if necessary. In such cases, data transfers will occur in compliance with applicable laws, including the adoption of the Standard Contractual Clauses issued by the European Commission, and users will be informed.

Data may be communicated to third parties belonging to the following categories:

entities providing IT system and telecommunications network management services (including email services);
firms or companies providing assistance and consultancy services;
competent authorities for legal obligations and/or public authority requests.

These subjects act as Data Processors or independently as separate Data Controllers. The list of Data Processors is constantly updated and available at the company’s headquarters. Any further communication or disclosure will occur only with your explicit consent.

Existence of Automated Decision-Making Processes

The Data Controller informs users that this website does not employ automated decision-making processes, nor profiling systems.

Minors

This Site and the Data Controller’s Services are not intended for individuals under the age of 16, and the Data Controller does not knowingly collect personal information related to minors. If such data are unintentionally collected, they will be promptly deleted upon users’ request.

Data Subject Rights
Data subjects have the right to receive information from the Company regarding the processing of their personal data by emailing: privacy@iditravel.com

Right of Access:
We are transparent about the data we collect and how we use it. You may contact us at any time to access the information we hold about you.

Right to Rectification:
You have the right to obtain the correction of inaccurate or incomplete information and request its update and/or modification.

Right to Erasure:
Send a request to delete all data concerning you, and we will process your request within 30 days.

Right to Restriction:
You have the right to request that the Data Controller restrict the processing of your data.

Right to Data Portability:
Upon request, we will export your data so that it can be transferred to third parties in a structured, commonly used, machine-readable format.

Right to Object:
You may opt out at any time from specific uses of your data (newsletters, automated emails, etc.).

Right to Lodge a Complaint:
If you believe your rights have not been respected, you may lodge a complaint with the competent authority as indicated on: http://www.garanteprivacy.it or by email at: urp@gpdp.it