www.koretraveler.com – http://https://www. koretraveler.com/it
Why this policy
This page describes the methods and management of the website with respect to the processing of the personal data of the users who visit it.
This policy is provided also pursuant to Art. 13-14 of Reg. EU 679/16 and the current Italian laws on the protection of personal data, Italian Legislative Decree no. 196/2003 as amended and supplemented, in particular those introduced by Italian Legislative Decree no. 101/2018 to those who interact with the web services of the website www.koretraveler.com, accessible electronically from the address https://www.koretraveler.com/it (hereinafter referred to as the website) and not for other external websites possibly connected thereto that can be consulted by the user through links on the website.
This document incorporates the contents of the Privacy Policy applied by the Personal Data Protection Authority with regard to the processing of personal data of users connecting to the official website http://www.garanteprivacy.it.
It is the intention of the company Project Earth s.r.l., with registered office in Via per Curnasco 52 – 24127 Bergamo (BG) Italy – VAT no./tax code: 04599800168, PEC certified email: projectearthsrl@pec.it in the person of its legal representative pro tempore, owner of the website www.koretraveler.com, to align its privacy policies with the provisions of Reg. EU 679/16 and also with the cautions and procedures that the Guarantor has specified precisely in the Privacy Policy document published on the Authority’s official website.
Processing of personal data means any operation or set of operations carried out with or without the aid of automated processes and applied to personal data or set of personal data, even if not registered in a database, such as the collection, recording, organization, structuring, storage, processing, selection, blocking, adaptation, or alteration, retrieval, consultation, use, disclosure by transmission, dissemination any other form made available, alignment or combination, restriction, erasure or destruction.
-
Data Controller
The data controller is the company Project Earth s.r.l., with headquarters in Via per Curnasco 52 – 24127 Bergamo (BG) Italy – VAT no./tax code: 04599800168 PEC certified email: projectearthsrl@pec.it in the person of its legal representative pro tempore.
-
Types of data collected
The Personal Data collected from this website includes:
Data provided voluntarily
The optional, explicit and voluntary sending of emails to the addresses indicated on the Portal entails the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal information included in the message.
Specific summary privacy policies will be shown or displayed on the website pages that are used for providing services on demand.
Data provided for sending the newsletter will be processed by the website’s data controller. Consent for sending the newsletter will be provided in the relevant form in the dedicated section.
Browsing data
In the course of their normal operation, the computer systems and software procedures used to operate the website acquire some personal data whose transmission is implicit in the use of internet communication protocols.
This category of data includes IP addresses or computer domain names used by users connecting to the website, etc.
Unless otherwise specified, any use of Cookies – or other tracking tools – by this website or the owners of third-party services used by this website is for the purpose of identifying the User and recording their preferences for purposes strictly related to the provision of the service requested by the User.
The User assumes responsibility for third-party Personal Data posted or shared through this website and warrants that they have the right to disclose or disseminate them, releasing the Data Controller from any liability to third parties.
-
Method and place of processing of the Data collected
Processing methods
The Data Controller processes Users’ Personal Data by taking appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of the Personal Data in order to satisfy legal requirements and to protect the rights of data subjects
The processing of data may be carried out either by using paper or electronic, computer and online tools in a manner and with instruments suitable to guarantee the security and confidentiality of the data, and may consist, in addition to their collection, in their recording, organization, storage, consultation, processing, modification, selection, retrieval, alignment, use, combination, blocking, disclosure, erasure and destruction in accordance with the provisions of Article 4, no. 2) of the GDPR. In addition to the Data Controller, in some cases the Data may be accessible to other categories of appointees involved in the organization of the website (administrative, sales, marketing, legal, system administrators) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies), where necessary appointed as Data Processors by the Data Controller. An up-to-date list of Data Processors can always be obtained from the Data Controller.
Place
The Data are processed at the Data Controller’s operational offices and at any other location where the parties involved in the processing are located.
For more information, contact the Data Controller.
-
Legal basis for the processing
The Data Controller processes Personal Data related to the User if one of the following conditions exists:
- The User has given consent for one or more specific purposes. Note: In some jurisdictions, the Data Controller may be authorized to process Personal Data without the need for the User’s consent or another of the legal bases specified below, as long as the User does not object (“opt-out”) to such processing. However, this does not apply if the processing of Personal Data is regulated by European legislation on the protection of Personal Data.
- Processing is necessary for the performance of a contract with the User and/or the execution of pre-contractual measures.
- Processing is necessary to fulfill a legal obligation that the Controller is subject to.
- The processing is necessary for the performance of a task of public interest or the exercise of public authority vested in the Data Controller.
- Processing is necessary for the pursuit of a legitimate interest of the Data Controller or third parties.
However, it is always possible to ask the Data Controller to clarify the legal basis of each procedure and in particular to specify whether the processing is based on law, required by a contract or necessary to conclude a contract.
-
Storage period
Data are processed and stored for the time required by the purposes for which they were collected, and in any case within the terms of the law.
The User may obtain additional information by contacting the Data Controller.
At the end of the storage period, the Personal Data will be deleted. Therefore, upon the expiration of this period, the right of access, erasure, rectification and the right to Data portability can no longer be exercised.
-
Purposes for the processing of the Data collected
User Data is collected to enable the Data Controller to provide its Services, as well as for the following purposes: Statistics and Contacting the User.
To obtain further detailed information on the purposes of the processing and the Personal Data concretely necessary for each purpose, the User may refer to the pertinent sections of the website.
-
Disclosure and dissemination of the data
The data will not be disseminated and will be processed by the employees of the Company, who act as persons authorized to process data based on the tasks performed and for which they have been adequately trained. The data may be disclosed to external parties including Data Processors appointed under Article 28 of the GDPR. Specifically, the data may be disclosed to the following categories of parties, including but not limited to: banks and companies specializing in payment management and credit insurance, legal and consulting firms, parties assigned to audit the company’s financial statements, public authorities or administrations for legal requirements, Italian and foreign suppliers, financing and transportation companies.
Please note that a detailed list of Data Processors is available at the operational headquarters of Project Earth s.r.l.
For all the purposes set out in this policy, your data may also be disclosed abroad, in and outside the European Union, in accordance with the rights and guarantees provided by current law, subject to verification that the country in question guarantees an adequate level of protection in accordance with the provisions of the GDPR.
-
User Rights
With regard to the aforementioned data, all rights under Articles 15, 16, 17, 18, 20 and 21 of the GDPR may be exercised, specifically:
- a) The right to access the personal data and to obtain information about the Data processed by the Data Controller, about certain aspects of the processing, and to receive a copy of the processed Data.
- b) Their correction if inaccurate.
- c) The deletion of the data.
- d) The restriction of the processing when certain conditions are met, in which case the Data Controller will not process the Data for any purpose other than its preservation;
- e) Opposition to processing, when it is done on a legal basis other than consent.
- f) The right to data portability, i.e., to receive the personal data provided in a structured, commonly used, machine-readable format and to have them transferred to another Data Controller without impediment.
In the event of a violation of these provisions, the data subject has the right to lodge a complaint with the competent Personal Data Protection Supervisory Authority or to take legal action.
-
Withdrawal of consent
The consent given may be withdrawn at any time, without this affecting the lawfulness of any processing based on the consent given before the withdrawal and further processing of the same data based on legal grounds other than such consent, such as the fulfillment of contractual and legal obligations.
-
How to exercise one’s rights
To exercise one’s rights, Users may submit an informal request to the Data Controller by sending a communication to the company Project Earth s.r.l., with headquarters in Via per Curnasco 52 – 24127 Bergamo (BG) Italy – VAT no./tax code: 04599800168, PEC certified email: projectearthsrl@pec.it – email: contact@koretraveler.com.
Such requests are made free of charge and processed by the Data Controller as quickly as possible.
Types of data collected
-
Defense in court
The User’s Personal Data may be used by the Data Controller for its own defense in court or in the preparation thereof in the event of improper use of the data or of related services by the User.
The User declares that they are aware that the Data Controller may be required to disclose Data at the request of public authorities.
-
Specific disclosures
Upon the User’s request, in addition to the information contained in this privacy policy, this Website may provide the User with additional and contextual disclosures regarding specific services, or the collection and processing of Personal Data.
This website does not support “Do Not Track” requests.
To find out whether any third-party services used support them, the User is encouraged to consult their respective privacy policies.
-
Changes to this privacy policy
The Data Controller reserves the right to make changes to this privacy policy at any time by giving notice to Users on this page. Therefore, please consult this page often, taking the date of the last update shown at the bottom as a reference. If you do not accept the changes made to this privacy policy, you must cease using this website and may ask the Data Controller to remove your Personal Data. Unless otherwise specified, the previous privacy policy will continue to apply to the Personal Data collected up to that point.
If the changes affect processing whose legal basis is consent, the Data Controller will ask for the User’s consent once again, if necessary.
-
Definitions and legal references
Personal Data (or Data)
Personal data refers to any information relating to a natural person who is identified or identifiable, even indirectly, by referring to any other information, including a personal identification number.
Usage Data
This is the information collected automatically by this website (or by the third-party applications that this website uses), including: the IP addresses or domain names of the computers used by the User who connects with this website, the addresses in URI (Uniform Resource Identifier) notation, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.), the country of origin, the characteristics of the browser and operating system used by the visitor, the various times associated with the visit (e.g., the length of time spent on each page) and the details of the path followed within the website, with particular reference to the sequence of pages viewed, the parameters relating to the User’s operating system and computer environment.
User
The individual using this website, who must coincide with or be authorized by the Data Subject and whose Personal Data are being processed.
Data Subject
The natural or legal person the Personal Data refers to.
Data Processor
The natural person, legal entity, public administration, or any other entity, association, or body entrusted by the Data Controller with the processing of the Personal Data, in accordance with the provisions of this privacy policy.
Data Controller
The natural person, legal entity, public administration, or any other entity, association, or body that is responsible, including jointly with another data controller, for decisions regarding the purposes, methods of processing of the personal data, and the tools used, including the security profile, with respect to the operation and use of this website. Unless otherwise specified, the Data Controller is the owner of this website.
Service
The Service provided by this website as defined in the relevant terms (if any) on this website.
European Union (or EU)
Unless otherwise specified, any reference to the European Union in this document is understood to extend to all current member states of the European Union and the European Economic Area.
Cookie
A small quantity of data stored on the User’s device.
Legal references
Notice to European Users: this privacy policy is prepared on the basis of current law, including Articles 13-14 of Reg. EU 679/2016 as amended and supplemented.
Unless otherwise specified, this privacy policy refers to this website only.
Data collection for sending the newsletter
Having read the above policy, the user declares for all legal purposes to have understood and to have full knowledge that consenting to the sending of the newsletter and checking the form provided in the relevant section indicates consent to the processing of data and receiving the newsletter, agreeing to communicate any withdrawal of consent to receiving the newsletter in the future.
Hotel membership and check availability data collection
The submission of data via the form completed by the user/visitor and used to contact the selected lodging facility is mandatory and necessary to respond to the submitted requests, as well as to recontact the sender if it is necessary to offer assistance or get feedback on the service provided by the contacted lodging facility. The privacy policy regarding the data conferred in this manner will be viewable in the relevant sections of the website.
Having read the above policy, the user declares for all legal purposes to have understood and to have full knowledge that consenting to the sending of the contact form to the lodging facility and checking the form provided in the relevant section, their data will be used to provide the service requested.
The user consents to the processing and storage of data sent to the lodging facility and retained by the data controller in order to possibly be contacted by the website regarding commercial or promotional initiatives or for surveys on satisfaction with the service offered.
January 9, 2023