This privacy notice is provided pursuant to Article 13 of Regulation (EU) 2016/679 – the General Data Protection Regulation (GDPR) – to individuals who register in the reserved area of the website turismotorino.org.
Types of Data Processed
The data processed includes:
- First and last name;
- Date of birth;
- Email adress and mobile number;
- City and country;
- Authentication credentials
Purpose and Legal Basis for Processing
The data is processed for the following purposes:
- To enable the creation and management of a personal account, through wich users can view the status of their purchases and booking.
- Legal basis: performance of a contract (Art.6(1)(b) GDPR
- To send periodic commercial and/or promotional communications regarding events and activities promoted by the Data Controller (newsletter).
- Legal basis: consent (Art.6(1)(a) GDPR
- To perform statistical analyses (e.g., on the geographic origin of website users).
- Legal basis: legitimate interest (Art.6(1)(f) GDPR
Withdrawal of Consent
Users may withdraw their consent to receive the newsletter at any time. In case of withdrawal, the Data Controller will cease sending commercial and/or promotional communications.
Nature of Data Provision
The provision of personal data marked with an asterisk (*) is mandatory for the creation of a personal account.
Data Recipients
Collected data may be disclosed to:
- Authorized personnel of the Data Controller (employees and collaborators);
- External parties appointed as Data Processors (e.g., website manager, mailing and newsletter service providers);
Additionally, data may be disclosed to entities legally entitled to access it under applicable laws, regulations, or EU legislation.
Data will not be disseminated.
A complete and updated list of Data Processors is available upon request.
Data Transfers
The Data Controller does not transfer personal data to third countries or international organizations. However, the use of cloud services is reserved. In such cases, any data transfer will occur only to providers operating in countries deemed adequate under Article 45 GDPR, those adhering to the EU–U.S. Data Privacy Framework, or those providing appropriate safeguards pursuant to Article 46 GDPR.
Further information regarding such transfers and/or a copy of the applicable safeguards may be obtained by contacting the Data Controller.
Data Subject Rights
Data subjects may exercise their rights under Articles 15–22 of the GDPR, where applicable to the nature of the processing. In particular, they may request:
- Confirmation of whether personal data concerning them is being processed, and if so, obtain access to such data (right of access);
- Rectification of inaccurate data and completion of incomplete data (right to rectification);
- Erasure of data (right to erasure), unless retention is required by law or justified by the Data Controller’s legitimate interest;
- Restriction of data processing (right to restriction);
- Data portability – the right to receive the data in a structured, commonly used, and machine-readable format and transmit it to another controller – only if the processing is based on consent or a contract (right to data portability);
- Objection to the processing of personal data on grounds relating to their particular situation (right to object).
In particular, the Data Controller reminds data subjects of their right to object pursuant to Article 21 GDPR.
To exercise any of the above rights, data subjects may contact the Data Controller using the email address provided above, clearly indicating the subject of the request, the right being exercised, and any information necessary to identify the requester and verify the legitimacy of the request.
Data subjects also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali).