Privacy Policy of Apricot Viaggi S.a.s.

Privacy disclaimer

PRIVACY POLICY PURSUANT TO ARTICLE 13 OF EU REGULATION 679/2016

Pursuant to Article 13 of the European Regulation 679/2016 (hereinafter GDPR), this privacy policy is provided regarding the protection of natural persons concerning the processing of personal data. We kindly ask the service subscriber to carefully read the following information, which contains useful guidance on the processing of personal data connected to the services provided by Apricot Viaggi S.a.s.

Data Controller and Personal Data Protection Officer

The Data Controller is Marcello Vettori, legal representative of Apricot Viaggi S.a.s., located in Serravalle Pistoiese (PT), via Statale Lucchese 183.

For information, contact: info@apricotviaggi.it

Object of Data Processing

The data processed include: personal details, contact information such as phone number, email address, references, and specific requests. Personal data provided will only be processed to fulfill the client's requests and for all related activities, including establishing and managing contractual relationships of any kind, as defined by relevant laws.

Providing the requested data is essential for the service; refusal to provide such data will prevent the request from being fulfilled. Data processing will be carried out manually and through IT procedures, and the data will not be disclosed.

Purpose of Data Processing

Data processing will enable activities related to the establishment and management of services provided by Apricot Viaggi S.a.s. to the client, as stated in the contract.

The data will be processed lawfully, fairly, and with the utmost confidentiality, primarily using electronic and IT tools, and stored on digital, paper, or other suitable media, in compliance with minimum security measures as per the Code and the Regulation.

Only with explicit consent provided by selecting the appropriate checkbox, the data may be used to send commercial information, newsletters, invitations, etc.

Legal Basis for Processing

The legal basis legitimizing the processing of voluntarily provided or automatically collected personal data (via email or communications) is the execution of a contract or pre-contractual measures requested by the client.

Processing and Retention Methods

Processing will be carried out both automatically and manually, in compliance with Article 32 of GDPR 2016/679 on security measures, by authorized personnel, and following Article 29 of GDPR 2016/679. The service PrivacyWEB, accessible online at:
https://apricot.datipersonali.net, will be used.

In case of a breach (or any act against the personal data held), notification will be sent via:
https://apricot.datipersonali.net.

Data will be stored only for the time necessary to achieve the purposes for which they were collected and processed, as per Article 5 of GDPR 2016/679, and with explicit consent.

Consequences of Failure to Provide Personal Data

Regarding personal data necessary for contract execution or legal obligations (e.g., accounting or tax records), failure to provide such data will prevent the contractual relationship from being established.

Data Communication

The Data Controller may disclose the data for purposes mentioned in Article 2 to supervisory bodies, judicial authorities, and others legally required to fulfill the stated purposes. Communication to Farmindustria's control bodies follows the latest update of its transparency code (October 26, 2018).

Some processing activities may be performed by third parties, designated as Data Processors. These parties are contractually required to adopt adequate technical and organizational measures to ensure data confidentiality and security (Article 32 of the Regulation).

Profiling and Data Disclosure

Personal data will not be disclosed or subjected to automated decision-making processes, including profiling.

Data Subject Rights

Under the GDPR, you have the right to:

Request access to your personal data and related information, rectify inaccuracies, or complete incomplete data.
Request the deletion of your personal data under the conditions outlined in Article 17, Paragraph 1 of GDPR, and exceptions in Paragraph 3.
Limit the processing of your personal data under the circumstances outlined in Article 18, Paragraph 1 of GDPR.
Obtain your data in a structured, machine-readable format (data portability) if the legal basis is contract or consent, and processing is automated.
Object at any time to processing based on specific circumstances.
Withdraw consent at any time, applicable to data processing based on consent for specific purposes, including common or special data categories (e.g., health, religion). Processing conducted before consent withdrawal remains lawful.
File a complaint with a supervisory authority (e.g., the Italian Data Protection Authority: www.garanteprivacy.it).

Transfer of Data Outside the EU

Personal data will not be transferred outside the European Union.

Filing a Complaint with the Privacy Authority

You may file a complaint with the Italian Data Protection Authority through their website: http://www.garanteprivacy.it.