In compliance with the obligations deriving from national (Privacy Code) and Community legislation (European General Regulation no. 679/2016) on the protection of personal data, ELESTA TRAVEL SRL respects and protects the confidentiality of visitors and users.
1 – Legal basis of treatment
The provision of data and therefore the Consent to the collection and processing of data is optional, the User may deny consent, and may revoke at any time a consent already provided. However, denying consent may result in the impossibility of providing certain services and the site navigation experience would be compromised.
The data of registered customers are processed according to the contract in progress with ELESTA TRAVEL SRL from the moment the contract is concluded.
2 – Purpose of the treatment
The processing of personal data means: recording, storage, organization, consultation, selection, extraction, comparison, processing, use, modification, interconnection, blocking, communication, cancellation and destruction, transfer or dissemination, or the combination of two or more of these operations.
The processing of data collected by the site, in addition to the purposes related, instrumental and necessary to the provision of the service, is aimed at the following purposes:
2.1 – Statistics
Collection of data and information in an exclusively aggregate and anonymous form in order to verify the proper functioning of the site, to improve the online store and the platform. None of this information is related to the physical person-user of the site, and do not allow in any way the identification.
2.2 – Security
Collection of data and information in order to protect the security of the site and its users (anti-spam filters, firewalls, virus detection) and to prevent or unmask fraud or abuse to the detriment of the website. The data is recorded automatically and may possibly also include personal data (IP address) that could be used, in accordance with the laws in force, in order to block attempts to damage the site itself or to cause damage to other users, or in any case harmful or criminal activities. Such data are never used to identify or profile the User and are deleted periodically.
2.3 – Shopping/Services
Collection of data to manage orders, provide products and services, process payments, communicate with users about orders, products, services and promotional offers, update records and, in general, manage user accounts, display content such as wish lists and customer reviews and recommend products and services that may be of interest to users.
2.4 – Ancillary activities
Communicate data to third parties who perform functions necessary or instrumental to the operation of the service, and to allow third parties to perform technical, logistical and other activities on our behalf. This site uses vendors to perform certain activities, such as fulfilling orders, delivering packages, sending traditional mail, analyzing data, providing marketing assistance, making credit card payments, and providing customer services. Suppliers only have access to personal data that is necessary to perform their tasks, and they agree not to use the data for any other purpose, and they are required to process personal data in accordance with applicable law. This category of data is only kept for the period of time necessary for the provision of the service.
2.5 – Newsletter
Perform the newsletter service for customers registered through the website through a special web page with a registration form and consent to data processing required. This page or the user administration section allows the automatic cancellation from the newsletter as well as the appropriate link at the bottom of the newsletter information. For subscriptions through written consent issued directly to the Owner, it is possible to send a request to ELESTA TRAVEL SRL.
3 – Data collected
This site collects user data in two ways.
3.1 – Data collected in an automated way
During the users’ navigation the following information can be collected and stored in the log files of the site:
Internet protocol (IP) address;
Type of browser;
Parameters of the device used to connect to the site;
Name of the internet service provider (ISP);
Date and time of visit;
The visitor’s source (referral) and exit web pages;
Number of clicks, if any.
This data is used to analyze user trends and collect data in aggregate, to administer and secure the site, and is in no way traceable to the identity of the User.
3.2 – Data provided voluntarily
The site may collect other data in case of voluntary use of services by users, such as comment services, communication (chat, contact forms and sending email), purchase (cart):
First and last name;
Physical residence address;
VAT number and/or tax code;
Company and location;
These data are provided voluntarily by the user at the time of requesting the service, or entering the comment, and will be used exclusively for the provision of the requested service and treated only for the time necessary to provide the service. Fiscal data are necessary in order to take advantage of the services provided against payment, and for billing purposes. The data collected by the site are not provided to third parties, unless it is a legitimate request by the judicial authority and only in cases provided by law. The data, however, may be provided to third parties if this is necessary for the provision of a specific service requested by the User, or for tax purposes or to perform security checks or optimization of the site.
4 – Place of treatment
The data collected by the site are processed at the headquarters of the Data Controller and at data centers within the European Economic Area (EEA), and are only handled by staff processing. Personal data are processed with automatic tools and not, for the time strictly necessary to achieve the purposes for which they were collected.
5 – Period of data retention
The data collected are processed for the time necessary for the purposes for which they were collected, and in any case not beyond the time prescribed by law. The data necessary for tax purposes are kept until the assessments relating to the corresponding tax period are defined, therefore for at least 10 years and more if the relative year is not yet prescribed for tax purposes. Upon expiry, the data will be deleted or anonymized, unless there are no further purposes for the storage of the same (e.g. warranty obligations, tax obligations).
6 – Transfer of collected data to third parties and non-EU countries
The personal data of users/customers are an essential component of our work and it is not part of our activities to transfer them to third parties. However, this site in carrying out its activities and in performing the services required by users may have to transfer some data to third parties who perform
specific tasks instrumental and related to those of the site, including: order processing (eg domain purchase), mail delivery, data analysis, marketing assistance, credit card payments, etc … The suppliers have access only to the data necessary for the performance of their specific tasks, and are required to treat them in accordance with this Policy. In the event of the transfer of a company or of production units, the personal data of the Customers fall within the assets of the company being transferred, but remain subject to the commitments provided for in this informative note, unless a new consent is requested. In the event that data is transferred to companies located outside the European Union (e.g. Google, Facebook and Microsoft – for LinkedIn and Skype), we ensure that it is transferred in compliance with the relevant regulations and in particular with the rules set out in the General Data Protection Regulation. The transfer is authorized under specific decisions of the European Union and the Italian Data Protection Authority http://www.garanteprivacy.it/home/provvedimenti-normativa/normativa/normativa-comunitaria-e-intenazionale/trasferimento-dei-dati-verso-paesi-terzi, in particular Decision 1250/2016 (Privacy Shield http://eur-lex.europa.eu/legal-content/IT/TXT/?uri=CELEX%3A32016D1250 – here the information page of the Italian Data Protection Authority http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/5306161), so no further consent is required. The user with the activation of the contract expressly consents to the transfer of data in the assumptions mentioned above.
7 – Cookies
Cookies in this category include both persistent and session cookies, they allow to distinguish between logged in users avoiding that a service is provided to the wrong user and therefore they are a consequence of an express request of the user, and moreover they are used for the security of the site and the users themselves. In the absence of such cookies, the site or some portions of it may not function properly. Cookies in this category are always sent from our domain, and no consent is required for them.
Cookies in this category are used to collect information about the correct use of the site and user behaviour for statistical analysis, to improve the site and make it easier to use. This type of cookie collects information in an anonymous form on users’ activity on the site and on the way in which they
how they arrived at the site and the pages they visited. Cookies in this category are sent from the site itself or from third party domains.
Third Party Cookies
This site also acts as an intermediary for third-party cookies, which are used in order to provide additional services and features to visitors and to improve the use of the site itself, such as social buttons. Some of these cookies are profiling cookies, i.e. they are used by third parties to collect information about users’ behavior and interests in order to provide personalized advertising.
7.2 – Refusal or revocation of consent to cookies
7.3 – Third party cookies
7.3.1 – Google Inc.
– Google Analytics: web analysis tool used to allow us to examine the use of the site by users, compile reports on site activity and user behavior, see how often users visit the site, how the site is tracked and which pages are visited most frequently. The information is combined by Google with information collected by other sites in order to create a comparative picture of the use of the site compared to other sites in the same category. Data collected: browser identification, date and time of interaction with the site, page of origin, IP. Place of data processing: USA. The data collected do not allow personal identification of users, and are not cross-referenced with other information relating to the same person. They are processed in aggregate form and anonymized (truncated to the last octet). Based on a specific agreement, Google Inc. is prohibited from cross-referencing this data with data from other services.
– Google Maps: Google service that offers street maps and location for urban businesses. It sets cookies on the pages of the maps. Data collected: number and behavior of users of the maps, information related to the page displayed, viewing preferences (zoom level, etc…). Place of data processing: USA.
– Youtube: platform, owned by Google, for sharing videos. Cookies are set when the page containing the embed is accessed and when the video is started, and do not allow the User to be identified unless he/she is already logged into the Google profile, in which case it is understood that the User has already given his/her consent directly to Google. For some videos on the site has been activated the option “advanced privacy https://support.google.com/youtube/answer/171780?expand=PrivacyEnhancedMode#privacy (no cookies)” which does not provide for the storage of information about visitors unless they voluntarily play the video. Data collected: number and behavior of users of the service, IP address, information linking visits to the site to the Google account for users already logged in, video viewing preferences. Place of data processing: USA.
Disabling cookies from Google Inc.
The data transmitted to Google are stored on Google’s servers in the USA. For further information
For further information on the use of data and their processing by Google we recommend that you read the information of Google at the following address: https://www.google.com/intl/it/policies/privacy/. Further information on Google Analytics cookies can be found on the following page: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usageL the User can selectively disable the action of Google Analytics by installing the appropriate component provided by Google on his/her browser (opt out). To disable the collection of data by Google Analytics, please refer to the link below: https://tools.google.com/dlpage/gaoptout. The User can selectively disable the DoubleClick DART Cookie by preventing its connection with his browser, at the appropriate web page: https://adssettings.google.it/authenticated?hl=it#display_optout.
7.3.2 – Facebook
7.3.3 – PayPal Inc.
DISABLING PAYPAL’S COOKIES MAY MAKE IT IMPOSSIBLE TO PROCESS PAYMENTS AND PROVIDE SERVICES.
7.3.4 – Social Plugins
This site also incorporates plugins and/or buttons for social networks, in order to allow easy sharing of content on your favorite social networks. These plugins do not set a cookie, but if it is already present on the visitor’s computer they are able to read it and use it according to their settings. The collection and use of information by these third parties are governed by their respective privacy policies to which please refer.
8 – Security measures
The Data Controller treats the data of visitors/users in a lawful and correct manner, adopting appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of data, as well as illegal use of data. The treatment is carried out by computer and / or telematic tools, with organizational methods and logic closely related to the purposes indicated, and the data are stored and maintained in secure facilities with limited access and verification of personnel. Access to information is strictly limited to authorized personnel. The website is constantly monitored for security breaches and to ensure that the information is secure. In addition to the owner, in some cases, may have access to data categories of people involved in the organization of the site (administrative staff, sales, marketing, legal, system administrators
system administrators) or external subjects (such as third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies). It is important that you adopt suitable protections against unauthorized access to your password and your computer. Always ensure that you are logged out when using a computer shared with other users.