Tours designed and leadered by our Experts

Immersive week ends to discover your passion

One day special moments within your passion

Hands-on: explore your passion with the artisans

PRIVACY POLICY – ELESTA TRAVEL SRL

In compliance with the obligations deriving from national (Privacy Code) and Community legislation (European General Regulation no. 679/2016) on the protection of personal data, ELESTA TRAVEL SRL respects and protects the confidentiality of visitors and users. This privacy policy applies both to the collection of information from the website and from other channels. 1 – Legal basis of treatment By using or consulting this website, visitors and users explicitly approve this privacy policy and consent to the processing of their personal data in relation to the methods and purposes described below, including the possible disclosure to third parties if necessary for the provision of a service. The provision of data and therefore the Consent to the collection and processing of data is optional, the User may deny consent, and may revoke at any time a consent already provided. However, denying consent may result in the impossibility of providing certain services and the site navigation experience would be compromised. The data of registered customers are processed according to the contract in progress with ELESTA TRAVEL SRL from the moment the contract is concluded. 2 – Purpose of the treatment The processing of personal data means: recording, storage, organization, consultation, selection, extraction, comparison, processing, use, modification, interconnection, blocking, communication, cancellation and destruction, transfer or dissemination, or the combination of two or more of these operations. The processing of data collected by the site, in addition to the purposes related, instrumental and necessary to the provision of the service, is aimed at the following purposes: 2.1 – Statistics Collection of data and information in an exclusively aggregate and anonymous form in order to verify the proper functioning of the site, to improve the online store and the platform. None of this information is related to the physical person-user of the site, and do not allow in any way the identification. 2.2 – Security Collection of data and information in order to protect the security of the site and its users (anti-spam filters, firewalls, virus detection) and to prevent or unmask fraud or abuse to the detriment of the website. The data is recorded automatically and may possibly also include personal data (IP address) that could be used, in accordance with the laws in force, in order to block attempts to damage the site itself or to cause damage to other users, or in any case harmful or criminal activities. Such data are never used to identify or profile the User and are deleted periodically. 2.3 – Shopping/Services Collection of data to manage orders, provide products and services, process payments, communicate with users about orders, products, services and promotional offers, update records and, in general, manage user accounts, display content such as wish lists and customer reviews and recommend products and services that may be of interest to users. 2.4 – Ancillary activities Communicate data to third parties who perform functions necessary or instrumental to the operation of the service, and to allow third parties to perform technical, logistical and other activities on our behalf. This site uses vendors to perform certain activities, such as fulfilling orders, delivering packages, sending traditional mail, analyzing data, providing marketing assistance, making credit card payments, and providing customer services. Suppliers only have access to personal data that is necessary to perform their tasks, and they agree not to use the data for any other purpose, and they are required to process personal data in accordance with applicable law. This category of data is only kept for the period of time necessary for the provision of the service. 2.5 – Newsletter Perform the newsletter service for customers registered through the website through a special web page with a registration form and consent to data processing required. This page or the user administration section allows the automatic cancellation from the newsletter as well as the appropriate link at the bottom of the newsletter information. For subscriptions through written consent issued directly to the Owner, it is possible to send a request to ELESTA TRAVEL SRL. 3 – Data collected This site collects user data in two ways. 3.1 – Data collected in an automated way During the users’ navigation the following information can be collected and stored in the log files of the site: Internet protocol (IP) address; Type of browser; Parameters of the device used to connect to the site; Name of the internet service provider (ISP); Date and time of visit; The visitor’s source (referral) and exit web pages; Number of clicks, if any. This data is used to analyze user trends and collect data in aggregate, to administer and secure the site, and is in no way traceable to the identity of the User. 3.2 – Data provided voluntarily The site may collect other data in case of voluntary use of services by users, such as comment services, communication (chat, contact forms and sending email), purchase (cart): First and last name; Email address; Physical residence address; VAT number and/or tax code; Company and location; Image (avatar); Social profiles; Geographical location. These data are provided voluntarily by the user at the time of requesting the service, or entering the comment, and will be used exclusively for the provision of the requested service and treated only for the time necessary to provide the service. Fiscal data are necessary in order to take advantage of the services provided against payment, and for billing purposes. The data collected by the site are not provided to third parties, unless it is a legitimate request by the judicial authority and only in cases provided by law. The data, however, may be provided to third parties if this is necessary for the provision of a specific service requested by the User, or for tax purposes or to perform security checks or optimization of the site. 4 – Place of treatment The data collected by the site are processed at the headquarters of the Data Controller and at data centers within the European Economic Area (EEA), and are only handled by staff processing. Personal data are processed with automatic tools and not, for the time strictly necessary to achieve the purposes for which they were collected. 5 – Period of data retention The data collected are processed for the time necessary for the purposes for which they were collected, and in any case not beyond the time prescribed by law. The data necessary for tax purposes are kept until the assessments relating to the corresponding tax period are defined, therefore for at least 10 years and more if the relative year is not yet prescribed for tax purposes. Upon expiry, the data will be deleted or anonymized, unless there are no further purposes for the storage of the same (e.g. warranty obligations, tax obligations). 6 – Transfer of collected data to third parties and non-EU countries The personal data of users/customers are an essential component of our work and it is not part of our activities to transfer them to third parties. However, this site in carrying out its activities and in performing the services required by users may have to transfer some data to third parties who perform specific tasks instrumental and related to those of the site, including: order processing (eg domain purchase), mail delivery, data analysis, marketing assistance, credit card payments, etc … The suppliers have access only to the data necessary for the performance of their specific tasks, and are required to treat them in accordance with this Policy. In the event of the transfer of a company or of production units, the personal data of the Customers fall within the assets of the company being transferred, but remain subject to the commitments provided for in this informative note, unless a new consent is requested. In the event that data is transferred to companies located outside the European Union (e.g. Google, Facebook and Microsoft – for LinkedIn and Skype), we ensure that it is transferred in compliance with the relevant regulations and in particular with the rules set out in the General Data Protection Regulation. The transfer is authorized under specific decisions of the European Union and the Italian Data Protection Authority http://www.garanteprivacy.it/home/provvedimenti-normativa/normativa/normativa-comunitaria-e-intenazionale/trasferimento-dei-dati-verso-paesi-terzi, in particular Decision 1250/2016 (Privacy Shield http://eur-lex.europa.eu/legal-content/IT/TXT/?uri=CELEX%3A32016D1250 – here the information page of the Italian Data Protection Authority http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/5306161), so no further consent is required. The user with the activation of the contract expressly consents to the transfer of data in the assumptions mentioned above. 7 – Cookies This site makes use of cookies and similar technologies. Cookies allow information to be stored about visitors’ preferences, they allow the site to be checked to ensure that it is working properly and to improve its functionality by customising the content of the pages according to the type of browser used, or to simplify navigation by automating procedures (e.g. login, site language) and to analyse how visitors use the site. This site makes use of the following categories of cookies: Technical cookies Cookies in this category include both persistent and session cookies, they allow to distinguish between logged in users avoiding that a service is provided to the wrong user and therefore they are a consequence of an express request of the user, and moreover they are used for the security of the site and the users themselves. In the absence of such cookies, the site or some portions of it may not function properly. Cookies in this category are always sent from our domain, and no consent is required for them. Analytical cookies Cookies in this category are used to collect information about the correct use of the site and user behaviour for statistical analysis, to improve the site and make it easier to use. This type of cookie collects information in an anonymous form on users’ activity on the site and on the way in which they how they arrived at the site and the pages they visited. Cookies in this category are sent from the site itself or from third party domains. Third Party Cookies This site also acts as an intermediary for third-party cookies, which are used in order to provide additional services and features to visitors and to improve the use of the site itself, such as social buttons. Some of these cookies are profiling cookies, i.e. they are used by third parties to collect information about users’ behavior and interests in order to provide personalized advertising. 7.1 – Consent for the use of cookies By using the site, continuing to browse the site, or clicking on the banner present when first accessing the site, the visitor expressly consents to the use of cookies and similar technologies, and in particular to the recording of such cookies on his terminal for the purposes indicated above, or access through cookies to information on his terminal. 7.2 – Refusal or revocation of consent to cookies The user may refuse the use of cookies and may revoke a consent already given at any time. Since cookies are linked to the browser used, THEY CAN BE DISABLED DIRECTLY FROM THE BROWSER, thus refusing/revoking consent to the use of cookies. DISABLEMENT OF COOKIES MAY PREVENT THE CORRECT USE OF CERTAIN FUNCTIONS OF THE SITE ITSELF, in particular services provided by third parties may not be accessible, and therefore may not be viewable: YouTube videos or other video sharing services; social network buttons; Google maps. Instructions on how to disable cookies via the browser, and on how to delete cookies already present on the User’s device, can be found on the following web pages: Mozilla Firefox https://support.mozilla.org/it/kb/Attivare%20e%20disattivare%20i%20cookieWindows Internet Explorer https://support.microsoft.com/en-us/help/278835/how-to-delete-cookie-files-in-internet-explorerGoogle Chrome https://support.google.com/chrome/answer/95647?hl=itOpera http://help.opera.com/Windows/10.00/it/cookies.htmlApple Safari https://support.apple.com/it-it/HT201265È You can find further information on cookies and how to manage them at www.aboutcookies.org. 7.3 – Third party cookies This privacy policy does not apply to services provided by third parties, and this site has no control over their cookies, entirely managed by third parties, and has no access to information collected collected by such cookies. As a result, information on the use of third party cookies, their purposes and how to disable them is provided directly by the third parties on the pages indicated below. Generally, the tracking of users does not involve identification of the same, unless the user has already subscribed to the service and is also not already logged in, in which case it is understood that the user has already given its consent directly to the third party at the time of registration to the service (eg Facebook). In particular, this site uses cookies from the following third parties. 7.3.1 – Google Inc. – Google Analytics: web analysis tool used to allow us to examine the use of the site by users, compile reports on site activity and user behavior, see how often users visit the site, how the site is tracked and which pages are visited most frequently. The information is combined by Google with information collected by other sites in order to create a comparative picture of the use of the site compared to other sites in the same category. Data collected: browser identification, date and time of interaction with the site, page of origin, IP. Place of data processing: USA. The data collected do not allow personal identification of users, and are not cross-referenced with other information relating to the same person. They are processed in aggregate form and anonymized (truncated to the last octet). Based on a specific agreement, Google Inc. is prohibited from cross-referencing this data with data from other services. – Google Maps: Google service that offers street maps and location for urban businesses. It sets cookies on the pages of the maps. Data collected: number and behavior of users of the maps, information related to the page displayed, viewing preferences (zoom level, etc…). Place of data processing: USA. – Youtube: platform, owned by Google, for sharing videos. Cookies are set when the page containing the embed is accessed and when the video is started, and do not allow the User to be identified unless he/she is already logged into the Google profile, in which case it is understood that the User has already given his/her consent directly to Google. For some videos on the site has been activated the option “advanced privacy https://support.google.com/youtube/answer/171780?expand=PrivacyEnhancedMode#privacy (no cookies)” which does not provide for the storage of information about visitors unless they voluntarily play the video. Data collected: number and behavior of users of the service, IP address, information linking visits to the site to the Google account for users already logged in, video viewing preferences. Place of data processing: USA. Disabling cookies from Google Inc. The data transmitted to Google are stored on Google’s servers in the USA. For further information For further information on the use of data and their processing by Google we recommend that you read the information of Google at the following address: https://www.google.com/intl/it/policies/privacy/. Further information on Google Analytics cookies can be found on the following page: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usageL the User can selectively disable the action of Google Analytics by installing the appropriate component provided by Google on his/her browser (opt out). To disable the collection of data by Google Analytics, please refer to the link below: https://tools.google.com/dlpage/gaoptout. The User can selectively disable the DoubleClick DART Cookie by preventing its connection with his browser, at the appropriate web page: https://adssettings.google.it/authenticated?hl=it#display_optout. 7.3.2 – Facebook – Remarketing and Custom Audience: set up to serve personalized ads based on the interests of the User present on the site. Also some advertising partners of Facebook may use cookies and similar technologies for tracking users. Place of data processing: USA. Facebook Privacy Policy: https://www.facebook.com/about/privacy/. For more information about Facebook’s use and purpose of cookies, please see the information at the following web address: https://www.facebook.com/help/cookies/update. The User can selectively disable the action of Facebook Remarketing at the appropriate web page of the Digital Advertising Alliance: http://optout.aboutads.info/. 7.3.3 – PayPal Inc. – PayPal makes use of cookies to allow payments to be processed correctly. It sets cookies at the time of access to the payment form in order to: process transactions and provide the PayPal Services; verify the User’s identity, including during account creation and password reset processes; resolve disputes, collect fees, and troubleshoot problems; manage risks or detect, prevent, and/or remedy fraud or other potentially illegal or prohibited activities; detect, prevent, or remedy violations of rules or related user agreements; and provide the User with customer support services; improve the PayPal Services by personalizing your user experience; measure the performance of the PayPal Services and improve their content and layout; manage and secure our information technology infrastructure; send targeted marketing communications and advertising, provide service updates and promotional offers based on your communication preferences as defined in your PayPal account and your activities while using the PayPal Services; perform credit checks, compare data to determine its accuracy, and verify with third parties. Data collected: user behavior, IP address, browser data, device data, location data, operating system, provider, date and time, first and last name, credit card and/or account number; email address. Place of data processing: USA. For more information about PayPal’s use and purposes of cookies, we recommend that you review the information at the following web address: https://www.paypal.com/it/webapps/mpp/ua/privacy-full. DISABLING PAYPAL’S COOKIES MAY MAKE IT IMPOSSIBLE TO PROCESS PAYMENTS AND PROVIDE SERVICES. 7.3.4 – Social Plugins This site also incorporates plugins and/or buttons for social networks, in order to allow easy sharing of content on your favorite social networks. These plugins do not set a cookie, but if it is already present on the visitor’s computer they are able to read it and use it according to their settings. The collection and use of information by these third parties are governed by their respective privacy policies to which please refer. Facebook https://www.facebook.com/about/privacy/ (link to https://www.facebook.com/help/cookies/ cookie policy) Twitter https://twitter.com/privacy?lang=it(link to https://support.twitter.com/articles/20170519-uso-dei-cookie-e-di-altre-tecnologie-simili-da-parte-di-twitter cookie policy) LinkedIn https://www.linkedin.com/legal/privacy-policy (link to https://www.linkedin.com/legal/cookie-policy cookie policy) Google+ https://www.google.com/intl/it/policies/privacy//(link to https://www.google.it/intl/it/policies/technologies/cookies/ cookie policy) 8 – Security measures The Data Controller treats the data of visitors/users in a lawful and correct manner, adopting appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of data, as well as illegal use of data. The treatment is carried out by computer and / or telematic tools, with organizational methods and logic closely related to the purposes indicated, and the data are stored and maintained in secure facilities with limited access and verification of personnel. Access to information is strictly limited to authorized personnel. The website is constantly monitored for security breaches and to ensure that the information is secure. In addition to the owner, in some cases, may have access to data categories of people involved in the organization of the site (administrative staff, sales, marketing, legal, system administrators system administrators) or external subjects (such as third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies). It is important that you adopt suitable protections against unauthorized access to your password and your computer. Always ensure that you are logged out when using a computer shared with other users.

Via Guglielmo Silva, 39 20149 - Milan - Italy

+39 02 36765705

info@elestatravel.com