Gastaldi USA is committed to protecting your privacy. We understand that your personal information is important and we take great care to ensure that it is kept safe and secure.
We collect information from you when you make a booking or request information from us. This information may include your name, address, telephone number, email address, and credit card details. We use this information to process your booking and to provide you with information about your travel arrangements.
We may also use your information to send you marketing materials and special offers. If you would prefer not to receive these, please let us know by contacting us at email@example.com.
We will not share your personal information with any third parties without your consent, except as required by law.
We take all reasonable steps to protect your personal information from loss, misuse or unauthorized access. However, please note that no data transmission over the internet can be guaranteed to be 100% secure.
Legal basis of the processing
This site processes data based on consent. With the use or consultation of this site visitors and users explicitly approve this privacy statement and consent to the processing of their personal data in relation to the methods and purposes described below, including any disclosure to third parties if necessary for the provision of a service. The provision of data and therefore the consent to the collection and processing of data is optional, the User can refuse consent, and may revoke at any time a consent already provided (tramite mail all’indirizzo firstname.lastname@example.org). However, denying consent may make it impossible to provide certain services and the browsing experience on the site may be compromised. Starting from 25 May 2018 (date of entry into force of the GDPR), this site will process some of the data based on the legitimate interests of the data controller.
Data collected and purposes
Like all websites, this site also makes use of log files in which information collected in an automated manner is kept during user visits. The information collected could be the following:
– internet protocol (IP) address;
– type of browser and device parameters used to connect to the site;
– name of the Internet service provider (ISP);
– date and time of visit;
– web page of origin of the visitor (referral) and exit;
– possibly the number of clicks.
The above information is processed in an automated form and collected in an exclusively aggregated form in order to verify the correct functioning of the site, and for security reasons (from 25 May 2018 such information will be treated according to the legitimate interests of the owner). For security purposes (spam filters, firewalls, virus detection), the automatically recorded data may possibly also include personal data such as IP address, which could be used, in accordance with applicable laws, in order to block attempts at damage to the site itself or to cause damage to other users, or in any case harmful activities or constituting a crime. Such data are never used for the identification or profiling of the user, but only for the purposes of protection of the site and its users (from 25 May 2018 such information will be treated according to the legitimate interests of the owner).
The data received will be used exclusively for the provision of the requested service and only for the time needed to provide the service. The information that users of the site deem to make public through the services and tools made available to them, are provided by the user knowingly and voluntarily, exempting this site from any liability regarding any violation of laws. It is up to the user to verify that they have permission to enter personal data of third parties or contents protected by national and international standards.
The data collected by the site during its operation are used exclusively for the purposes indicated above and kept for the time strictly necessary to carry out the activities specified. In any case, the data collected from the site will never be provided to third parties, for any reason, unless it is a legitimate request by the judicial authority and only in the cases provided by law. The data used for security purposes (block attempts to damage the site) are kept for 24 months.
PROCESSING OF PERSONAL DATA FOR CONTACT FORM
Processing of personal data
We inform you that the data that will provide to the operator of this site at the time of filling in the “contact form” (also called form mail) of the site itself, will be processed in compliance with the provisions of Legislative Decree No. 196/2003, Code in personal data protection and EU Regulation no. 2016/679.
The contact form made available on the site has the sole purpose of allowing site visitors to contact, if they so wish, the operator of the site, by sending an email to the operator via the above form. This information concerns the personal data sent by the visitor during the compilation of the contact form.
We inform you of the fact that the data that will voluntarily give through the form will be turned into an email that may be stored in the system of receiving emails used by the owner of the site. These data will not be recorded on other media or devices, nor will other data deriving from its navigation on the site be recorded.
1. PURPOSE OF THE PROCESSING OF PERSONAL DATA
The purposes of processing your data are as follows: The data you send will be used for the sole purpose of being able to contact you again through the references you left through the contact form to fulfill any requests contained in the message you sent via the contact form made available on the site.
2. NATURE OF DATA PROCESSED AND MODALITIES OF TREATMENT
1. The personal data processed will be exclusively the common data strictly necessary and relevant to the purposes referred to in paragraph 1 above.
2. The processing of the personal data provided is carried out by means of the operations or the set of operations indicated in art. 4 paragraph 1 lett. a) Legislative Decree 196/2003 and of EU Regulation no. 2016/679.
3. The treatment is carried out directly by the owner’s organization.
3. NATURE OF THE CONFERENCE AND CONSEQUENCES OF REFUSAL
There is no obligation to give the operator of this site the personal data requested in the contact form. The provision of data via contact form is optional. However, the refusal to provide for the purposes referred to in art. 1 will make it impossible to contact the operator of the website through the contact form made available on the site.
This site also acts as an intermediary for third-party cookies, used to provide additional services and features to visitors and to improve the use of the site, such as buttons for social media, or video. This site has no control over the cookies of third parties, entirely managed by third parties. As a consequence, the information on the use of these cookies and their purposes, as well as on how to disable them, are provided directly by the third parties on the pages indicated below.
Further information on Google Analytics cookies can be found on the Google Analytics Cookie Usage on Websites page.
The user can selectively disable the collection of data by Google Analytics by installing the appropriate component provided by Google on their browser (opt out).
– Facebook – (link informativa cookie)
– Twitter – (link informativa cookie)
– Linkedln – (link informativa cookie)
Transfers of data to non-EU countries
This site may share some of the data collected with services located outside the European Union area. In particular with Google, Facebook and Microsoft (LinkedIn) through social plugins and the Google Analytics service. The transfer is authorized on the basis of specific decisions of the European Union and the Guarantor for the protection of personal data, in particular Decision 1250/2016 (Privacy Shield – here the information page of the Italian Data Protection Authority), for which no further consent is required. The companies mentioned above guarantee their adherence to the Privacy Shield.
This site processes the data of users in a lawful and correct manner, adopting the appropriate security measures to prevent unauthorized access, disclosure, modification or unauthorized destruction of data. Processing is carried out using IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated. In addition to the owner, in some cases, may have access to the data categories of employees involved in the organization of the site (administrative, commercial, marketing, legal, system administrators) or external subjects (as suppliers of third-party technical services, postal couriers, hosting providers, IT companies, communication agencies).
Pursuant to European Regulation 679/2016 (GDPR) and national regulations, the User can, in accordance with the procedures and within the limits established by current legislation, exercise the following rights:
– request confirmation of the existence of personal data concerning him / her (right of access);
– know its origin;
– receive intelligible communication;
– have information about the logic, methods and purposes of the processing;
– request the updating, correction, integration, cancellation, transformation into anonymous form, blocking of data processed in violation of the law, including those no longer necessary for the pursuit of the purposes for which they were collected;
– in cases of consent-based processing, receive only the cost of any support, its data provided to the holder, in a structured and readable form by a data processor and in a format commonly used by an electronic device;
– the right to lodge a complaint with the Supervisory Authority (Privacy Guarantor – link to the Guarantor page);
– as well as, more generally, exercise all the rights that are recognized by the current provisions of the law.
Requests should be addressed to the Data Controller. In the event that the data are processed on the basis of legitimate interests, the rights of data subjects are guaranteed (with the exception of the right to portability that is not provided for by the regulations), in particular the right to oppose the treatment that can be exercised by sending a request to the data controller.
The data controller is the administrator of the site, Gastaldi & C. Spa, Sede legale Piazza Luigi di Savoia 22 – 20124 MILANO – Ufficio amministrativo Mura di S. Chiara 1 – 16128 GENOVA, tel. 01059991, Codice Fiscale: 03263930103 – Partita IVA: 03303350965, can be contacted via email at email@example.com.
Responsible for processing
The data controller is identified as the Data Controller, together with the web hosting appointed co-responsible for data processing, limited to the services provided of which it is supplier, processing the data on behalf of the owner. The web hosting co-responsible for data processing is located in the European Economic Area and acts in accordance with European standards.