Data Subjects: Surfers, service users and newsletter subscribers

"DESTINAZIONE TURISTICA ROMAGNA", in its capacity as Data Controller of your personal data, pursuant to and for the purposes of Regulation (EU) 2016/679 hereinafter 'GDPR', hereby informs you that the aforementioned legislation provides for the protection of data subjects with regard to the processing of personal data and that such processing will be based on the principles of correctness, lawfulness, transparency and protection of your privacy and your rights.

In order to achieve its purposes, relating to the management of the relationship, the Data Controller needs to acquire personal data, such as, for example, your name and surname, telephone or mobile phone number, email address, tax code.

Your personal data will be processed in accordance with the legal provisions of the aforementioned legislation and the confidentiality obligations provided therein.

Purposes of processing: Provision of the service: Your data will be processed in order to respond to any requests that may be received from the forms available on the website, or to requests received by email.

Legal basis: The legal basis of the processing is contractual in the sense that data processing is envisaged in response to a request for information which is followed by a reply.

Optional purposes:
Marketing - newsletter reception service: in particular, your data shall be processed, subject to your free consent, for the purpose of receiving newsletters, either by entering your email address in the appropriate text box containing information about subscribing to the newsletter, or by checking/unchecking the appropriate box indicating "newsletter subscription" in a form.

Legal basis: The legal basis for the processing is the consent of the data subject.
Consequences of refusal for optional purposes: The provision of data is optional for you with regard to the above-mentioned purposes, and your refusal to provide such data will not compromise the continuation of the relationship or the appropriateness of the processing itself.

Consequences of non-disclosure: the processing of functional data for the fulfilment of such obligations is necessary for the proper management of the relationship and its provision is mandatory for the implementation of the above-mentioned purposes. The Data Controller also makes it known that failure to communicate, or incorrect communication, of any of the mandatory information may make it impossible for the Data Controller to guarantee the appropriateness of the processing itself.

Method of processing: Processing is carried out using manual and/or computerised and telematic tools, in such a way as to guarantee the security, integrity and confidentiality of the data in compliance with the physical and logical organisational measures provided for by the provisions in force, so as to minimise the risks of destruction or loss, unauthorised access, modification and unauthorised disclosure in compliance with the methods referred to in Articles 5, 32 of the GDPR.

Recipients: In order to carry out certain activities, or to provide support for the operation and organisation of the business, certain data may be brought to the attention of or communicated to recipients. These recipients are distinguished in:

Third parties: (communication to: natural or legal persons, public authorities, service or other body other than the data subject, data controller, data processor and authorised persons responsible for processing) including:

• Companies that manage traditional or computerised postal services
• Any other subjects whose communication of the data is necessary to achieve the purposes indicated above.

Data processors: (the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller)

• Suppliers of IT, web, or other services necessary to achieve the purposes necessary for the management of the relationship.

Within the company structure, your data will be processed only by personnel expressly authorised by the Data Controller, with assurances of the adoption of confidentiality agreements and, in particular, by the following categories of employees

• Administration;
• Other employees whose processing is necessary for the proper execution of the relationship;

Dissemination: Your personal data will not be disseminated in any way.

Transfer of data to non-EU countries: The data controller does not transfer personal data to non-EU countries. If there is a need to do so, the interested parties will be informed in advance, and guarantee measures will be adopted for the transfer to the recipients, which depending on the case may be: verification of the existence of adequacy decisions for the recipient country by the Commission, signing of standard contractual clauses, verification of the adoption of any additional measures in implementation of EDPB Recommendation 01/2020. As an exception to these guarantees, for data processing (in ref. of Art. 49 of the GDPR), where applicable, the existence of a contract or pre-contractual measures in favour of the data subject or consent to the transfer is verified.

Retention period: We inform you that, in compliance with the principles of lawfulness, purpose limitation, data minimisation, pursuant to Art. 5 of the GDPR, the retention period of your personal data is established for a period of time not exceeding the achievement of the purposes for which they are collected and processed, in case a contract is signed this retention period may cease with the forfeiture or termination of the contract, the same dsti may be retained, where applicable, for a further period of time for the purpose of the management of any litigation, the legal basis for such retention is the legitimate interest of the data controller. The retention period for data processing relating to marketing is functional to the purposes pursued by the data controller, and in any case no longer than 3 years from the last contact, or feedback received.

Data controller: the data controller, pursuant to the regulations is "DESTINAZIONE TURISTICA ROMAGNA", with registered office and operational headquarters in Piazzale Federico Fellini, 3 - 47921 Rimini (RN), VAT no.: 04382230409 in the person of its legal representative pro tempore. By sending an e-mail to the following address info@lanotterosa.it you may request further information regarding the data provided.

The Data Protection Officer ("DPO") is Studio Paci & C. Srl (Contact person Dr. Gloriamaria Paci) who can be contacted at the following address: dpo@studiopaciecrl.it and telephone: 0541 1795431

EU Reg. 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22, 23 - Data Subject's Rights

1. The data subject shall have the right to obtain confirmation as to whether or not personal data concerning him/her exist, even if not yet recorded, and communication of such data in intelligible form.

2. The data subject shall have the right to be informed:

a. the origin of the personal data
b. the purposes and methods of processing
c. the logic applied in the event of processing carried out with the aid of electronic instruments
d. the identity of the data controller, data processors and the representative designated pursuant to Article 5(2)
e. the entities or categories of entity to whom or which the personal data may be communicated or who or which may get to know said data in their capacity as designated representative(s) in the State's territory, data processor(s) or person(s) in charge of the processing.

3. The interested party has the right to obtain

a. the updating, rectification or, where interested therein, integration of the data;
b. the cancellation, transformation into anonymous form or blocking of data processed in breach of the law, including data whose retention is unnecessary for the purposes for which the data was collected or subsequently processed
c. certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected
d. portability of the data.

4. The data subject has the right to object, in whole or in part:

a. on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;
b. to the processing of personal data concerning him/her for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication.

Complaint: Interested parties, meeting the requirements, also have the right to lodge a complaint with the Garante as supervisory authority in accordance with the established procedures. For any further information, and in order to assert the rights recognised to you by the European Regulation, you may contact the data controller at the references given above.

Consent
Formula for acquiring the consent of the data subject

Your consent to receive the newsletter will be recorded (IP address, email address, date and time) by ticking the box below the email entry, or by placing/clicking in the appropriate box, and in conjunction with pressing the "send" / "ok" button. This consent will be stored in order to prove that it has been given, and to allow you to unsubscribe at any time, in addition to all the other rights set out above.