Privacy Policy
Information on the processing of personal data. Date last updated: November 2, 2020 (18:31:11)
Hereby, pursuant to the EU Regulation No.679/2016 (hereinafter GDPR) and the specific compatible national legislation, Matteo Rainisio, based in Corso Italia, 60 Pietra Ligure SV, Tax Code/VAT No. RNSMTT77R27E632A as "Data Controller" (hereinafter "Owner"), informs about the ways and circumstances under which it will process the personal data and information provided by accessing theflightclub.it website , which Matteo Rainisio owns.
Type of data being processed
-
Personal Data
The personal data processed by the Data Controller are as follows: first name, last name, date of birth, gender, telephone number, residential address, zip code, telephone number, and e-mail address. Please refer to the specific section of this policy for complete details.
-
Navigation data
This is the information collected automatically by the Owner, through the Site, newsletters or third-party applications. These include: date and time, IP addresses, addresses in URI (Uniform Resource Identifier) notation, the time of the request, the method used in submitting the request to the server, the size of the response, the status code in numerical form, as well as browser and operating system, language, country.
-
Cookie
Cookies are small text files sent from the site to the data subject's terminal (usually the browser), where they are stored and then transmitted back to the site on the same user's next visit. A cookie cannot retrieve any other data from the user's hard drive or transmit computer viruses or acquire email addresses. Each cookie is unique to the user's web browser. Some of the functions of cookies may be delegated to other technologies. In this document, the term 'cookies' is intended to refer both to cookies proper and to all similar technologies. For more information on the use of cookies, see the Cookie Privacy document on this Site.
Active forms on the site
The site contains one or more information request forms, which the User can use to request information from the Owner. The data provided is used with the sole purpose of providing the service to the User. In some request forms, there may be an option to be able to use the data for commercial, marketing, etc. purposes. The User will have the option to accept or not accept this feature, not affecting the functioning of the contact form.
The Site contains forms for newsletter subscription. By filling out these forms, data are collected for the purpose of sending commercial information, promotions by the Owner, using various technical tools. The User is informed that the Owner may also use external technological tools for sending communications, such as mailgun, mailchimp, and others. For completeness, the respective privacy policies are provided below, which can be consulted by accessing the links.
MAILGUN: https://www.mailgun.com/gdpr
MAILCHIMP: https://kb.mailchimp.com/accounts/management/about-the-general-data-protection-regulation
Legal Basis and Purpose of Processing
-
Data essential for contractual execution
Subject to obtaining the User's consent, the data will be processed for the purposes solely related to the provision of the specific service. For example, in the case of an information request, the data will be used solely to respond to the User by providing the requested information. For the performance of contractually required services, these data are indispensable
-
Promotional, commercial and marketing purposes
Subject to obtaining explicit consent from the User, the processing of data will take place for the purposes of sending by the Data Controller, on a periodic basis, commercial communications, initiatives, discounts and offers from the Data Controller or third parties. May be the subject of data processing, those entered by the "Data Controller" on the Site, if obtained directly from the "Data Controller" or third parties in any case with compliance with the regulations in force. In any case, the User's data will not under any circumstances be communicated and/or transferred to third parties.
Owner, appointees and data processors
-
Data controller
The owner of the processing of data provided by users is the Owner, as defined in the premises, in the person of its legal representative pro tempore.
-
Persons in charge of processing
The subjects appointed by the Owner may become aware of your data since they are in charge of the execution of certain processing operations connected and instrumental to the provision of the service and/or the further purposes allowed by the User.
-
Data Processors
In order to technically manage the above, the Owner has appointed the following individuals as external data processors:
- Edinet S.r.l., Corso Italia, 66 Pietra Ligure SV
Mode of treatment
The processing of personal data will be carried out by manual or electronic means, in a manner strictly related to the purposes indicated above and in any case, in such a way as to ensure the security, protection and confidentiality of the data. In addition, it is further specified that the processing of personal data is carried out in a manner that minimizes the risks of destruction or loss, even accidental, of the data themselves, unauthorized access or processing that is not permitted and not in accordance with the purposes of collection. In particular, in the processing of data, the Data Controller and the individuals identified as data processors will use organizational, physical and logical measures suitable to ensure the security and confidentiality of the data, with the use of any most appropriate measures to ensure the classification, storage and confidentiality of the data. Personal data may be processed by employees, collaborators and consultants of the Data Controller, specifically appointed as data processors, for the performance of specific operations necessary for the pursuit of the aforementioned purposes, under the direct authority and
responsibility of the Owner and in accordance with the instructions to be given by the Owner.
Data recipients
The data communicated by the User will NOT be transferred under any circumstances to third parties for purposes other than those for which they have been specifically authorized. This is without prejudice to the cases (e.g. security needs by the P.S. Authorities, etc.) specifically indicated by EU Regulation 679/2016).
Period of data retention
At any time, the User may object to the processing of personal data by sending an email to the address indicated in the "Holder's Contact Information" section of this policy. In the case of newsletters, the User will also have the option to unsubscribe independently from the list in question by using the link at the bottom of any email message received from said list. Even after unsubscribing, some data may be retained. For example, data related to consents, data that might be the subject of a request by the Authority to combat illegal activities, billing data i.e. invoices issued. In case the sending of communications is established on the basis of the exercise of a contract with the Data Controller, it will not be possible to delete the User's data until it is concluded and/or until the parties have exercised withdrawal, in accordance with current regulations.
Transfer of data to non-EU countries
The Data Controller may use services offered by third party companies, which will process your data as data controllers and in accordance with the instructions given to them by the Data Controller. It is possible that some of the processing carried out by data processors may take place outside the territory of the European Union, such as in the USA. In these cases, the Controller uses legal means in order to ensure adequate protection for your personal data (e.g., by requiring such counterparties to sign Standard Contractual Clauses or by complying with other specific protection standards proposed or suggested by the European Union and the Data Protection Authority).
User Rights
As a data subject, you are granted the following rights over the personal data collected and processed by the Data Controller as part of the processing outlined above:
-
Right of access
Art 15: You have the right to obtain confirmation from the Controller whether or not personal data is being processed concerning you and if so, to obtain access to the personal data and the following information: (i) the purposes of the processing; (ii) the categories of personal data in question; (iii) the recipients or categories of recipients to whom your personal data have been or will be disclosed, in particular if recipients in third countries or international organizations; (iv) when possible, the expected period of retention of personal data or, if this is not possible, the criteria used to determine this period; (v) the right to lodge a complaint with a supervisory authority.
-
Right of rectification, opposition and cancellation
Art 16: You have the right to obtain the rectification of inaccurate personal data concerning you as well as, taking into account the purposes of the processing, the right to obtain the integration of incomplete personal data, including by providing a supplementary declaration. In addition, you have the right to obtain the erasure of personal data concerning you if any of the following reasons exist: (i) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (ii) the data are being processed unlawfully; (iii) you have withdrawn the consent under which the Controller had the right to process your data and there is no other legal basis for the Controller to process the data; (iv) you have objected to the processing activity and there is no overriding legitimate reason; (v) the personal data must be erased to comply with a legal obligation. However, the Data Controller has the right to disregard the exercise of the above rights of erasure if the right to freedom of expression and information prevails or for the exercise of a legal obligation or to defend its own right in court. At any time, you can object to the processing even for only one of the above-mentioned processing purposes.
-
Right to erasure ("right to be forgotten")
Art. 17: The User has the right to obtain from the Data Controller the deletion of personal data concerning him/her without undue delay and the Data Controller has the obligation to delete personal data without undue delay, if there is one of the reasons mentioned in Art. 17 par.1 lett. a,b,c,d,e,f, par.2, par.3 lett. a,b,c,d,e.
-
Right to restriction of processing
Art 18: You have the right to obtain from the Controller the restriction of processing: (i) for the period necessary for the Controller to verify the accuracy of such personal data concerning him/her whose accuracy you have contested; (ii) in case of unlawful processing of his/her personal data; (iii) when he/she needs his/her data to be processed for the establishment, exercise or defense of a legal claim; (iv) for the period necessary for the verification as to whether the legitimate reasons of the Controller prevail over his/her request to object to the processing.
-
Right to data portability
Art 20: You have the right to receive in a structured, commonly used and readable format your personal data provided to the Data Controller and processed by it on the basis of consent, as well as the right to transmit such data to another Data Controller designated by it without any hindrance.
-
Right of opposition
Art.21: The User has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her pursuant to Article 6(1)(e) or (f), including profiling on the basis of these provisions. If personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you carried out for such purposes, including profiling insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.
Holder's contact information
The User may exercise his or her rights at any time by making a request to be sent to the Controller as data controller by e-mail to the address [email protected]