Visit
Convention Bureau
Travel Trade
Schools
Media
Partner + Sponsorship
To do and to seeEventsTerritoryAccommodationWhere to eatPlan your trip
HomeInformation on the processing Personal DataPrivacy notice for individuals purchasing products or booking serivices

Privacy notice for individuals purchasing products or booking serivices

This privacy notice is provided pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 – General Data Protection Regulation (GDPR) – to individuals who purchase products or book services/activities (e.g. “Torino+Piemonte Card”, “Royal Pass”, and “Welcome Tour”) via the Controller’s website or at information points.

 

Source and Type of Data

The data processed are those requested in the purchase/booking forms.

 

Purpose and Legal Basis of Processing

Personal data are processed for the following purposes:

  1. To fulfill the purchase/booking request for the product or service/activity (including issuing the Card/Pass granting access) and to manage follow-up communication and customer support;
    • Legal basis: performance of a contract (Art. 6(1)(b) GDPR)
  2. To register online purchases and allow the user to view bookings and orders in their personal account section;
    • Legal basis: performance of a contract (Art. 6(1)(b) GDPR)
  3. To comply with accounting and tax obligations related to the purchase of products or services;
    • Legal basis: compliance with a legal obligation (Art. 6(1)(c) GDPR)
  4. To manage potential disputes, both in and out of court;
    • Legal basis: legitimate interest of the Controller (Art. 6(1)(f) GDPR); protection or defense of a right in legal or extrajudicial proceedings
  5. To send promotional and informational content via email about activities and initiatives promoted by Turismo Torino e Provincia s.c.r.l.;
    • Legal basis: consent (Art. 6(1)(a) GDPR)
  6. To perform analytical activities aimed at sending personalized promotional and/or informational communications tailored to the data subject’s profile;
    • Legal basis: specific consent (Art. 6(1)(a) GDPR)

 

Withdrawal of Consent

Pursuant to Article 7 GDPR, the data subject may withdraw their consent at any time for the purposes described in point 6. Withdrawal of consent will result in the cessation of promotional communications, both generic and personalized.

 

Nature of Data Provision

Providing personal data is essential in order to purchase or book the product or service. Failure to provide the required data will make it impossible to fulfill the request.
Providing data is also mandatory for compliance with legal obligations related to the purchase.


However, data provision for the purposes stated in points 5 and 6 is optional and refusal will have no effect on the ability to complete the purchase or booking, but will prevent the Controller from sending promotional communications.

 

Data Retention

The data collected will be retained to meet accounting and tax obligations until the expiration of administrative retention periods.
For marketing and promotional purposes (points 5 and 6), data will be processed until consent is withdrawn.

 

Data Recipients

The data may be communicated to and processed by:

  • Authorized personnel (employees and collaborators);
  • External entities appointed as Data Processors;
  • Public authorities (e.g. Tax Agency – Agenzia delle Entrate).

Data may also be communicated to entities legally entitled to access it under applicable laws, regulations, or EU legislation.

 

Data Transfers

The Controller does not transfer personal data to third countries or international organizations. However, cloud-based services may be used. In such cases, data will be transferred only to providers located in countries recognized as adequate under Article 45 GDPR, or who have adhered to the EU–U.S. Data Privacy Framework, or provided appropriate safeguards in accordance with Article 46 GDPR.


More information on data transfers and the safeguards applied can be obtained by contacting the Controller.

 

Data Subject Rights

The data subject may exercise the rights granted under Articles 15–22 GDPR. Specifically, they may request:

  • Confirmation of whether their personal data is being processed and, if so, obtain a copy (right of access);
  • The rectification of inaccurate data and the completion of incomplete data (right to rectification);
  • The erasure of personal data unless subject to legal obligations or legitimate interests (right to erasure / right to be forgotten);
  • The restriction of data processing (right to restriction);
  • The transfer of their personal data to another controller (right to data portability), only for processing based on consent or contract.


The Controller particularly reminds the data subject of their right to object to processing under the terms of Article 21 GDPR. However, the Controller may deny the request if compelling legitimate grounds for the processing exist.


To exercise these rights, the data subject must contact the Controller, specifying the subject of the request, the right being exercised, and providing any documentation necessary to verify their identity.

 

Right to Lodge a Complaint

The data subject also has the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali).

Uffici del Turismo
Tourist Offices

Find out when and where you can find us

Newlsetter
Newsletter

Keep in touch with us

Atp
Mangébin Logo Footer
Residenze Reali Footer
Logo Outdooractive Green White Rgb 1368x360