With this document DFCVB provides you, pursuant to articles 13 and 14 of Regulation EU 2016/679 the protection of natural persons with regard to the processing of personal data (hereinafter "GDPR"), some information relating to the use of the website https://booking.destinationflorence.com/ (hereinafter only "Site") and any processing of personal data connected to it.
2. DATA PROCESSED AND PROVISION
2.1 Data collected while using the website
Personal data may be used to identify or contact you, as well as to provide better services to all our users.
Data collected automatically
The computer systems and software procedures used to operate the website and all DFCVB applications acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. These information are not collected to be associated with identified data subjects but for its nature, could, through processing and association with data held by third parties, allow the users to be identified.
This type of data include: the IP address or domain name of the device that is used, the operating system, the model and brand of the device, the phone operator, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the reply given by the server (successful, error, etc.) and other parameters related to the operating system and IT environment of your device.
Data provided voluntarily by the user
If you choose to interact with any forms on the site or to contact us by email, you may have to send and/or provide some personal information, necessary to identify you and/or to respond to your requests. The information that may be requested are, by way of example: name and surname, e-mail address, type of request and payment data.
You are responsible for the accuracy of the personal information you submit/provide to DFCVB.
2.2 Provision of the data
Apart from that specified for navigation data, the user is free to provide their personal data. Failure to provide such data may, however, make it impossible to obtain what has been requested.
3. PURPOSE OF THE PROCESSING AND LEGAL BASIS
3.1Your data will be processed:
a) to allow you to use the functions available and, in particular, to book hotels and accommodations on our Site;
b) to comply with legal obligations and in particular administrative and accounting obligations;
c) to reply to your requests;
d) for the technical management of the services of the site;
e) to exercise the rights of the Data Controller;
f) to send you – via newsletter – advertising material for tourism promotion of Florence as well as a selection of services, events and experiences on our website and/or selected for you by DFCVB.
Other purposes may be indicated in the information related to the use of specific services.
3.2 The legal bases of the processing
For the purposes 3.1.a and 3.1.c, the legal basis of the processing is the execution of a contract of which the data subject is a party and/or the execution of pre-contractual measures adopted at the request of the same.
For the purpose 3.1.b the legal basis is the fulfillment of legal obligations.
For the purposes 3.1.d and 3.1.e, the legal basis of the processing is the legitimate interest of the Data Controller in a correct administration of the systems, as well as to exercise and defend its rights.
For the purposes 3.1.f the legal basis of the processing is your consent.
4. DATA RETENTION PERIOD
Your data will be processed for the time necessary to manage your requests, as well as - where necessary - for the period required by law.
For the processing related to the sending of advertising material, via newsletter, the data will be stored until your possible withdrawal of consent.
Once the storage terms indicated above have elapsed, your personal data will be destroyed, deleted or made anonymous, compatibly with the technical cancellation and backup procedures.
5. METHOD OF PROCESSING AND THEIR USE
The data will be processed, in compliance with the necessary security and confidentiality, collected and recorded for specific, explicit and legitimate purposes. Each data processing is based on principles of correctness, lawfulness and transparency and can be carried out either manually or through automated methods and will take place through appropriate technical and organizational measures, avoiding the risk of loss, destruction, unauthorized access or disclosure or, in any case, illicit use, as well as through reasonable measures to promptly delete or rectify any inaccurate data.
6. RECIPIENTS OF PERSONAL DATA
Designated personnel, duly trained and operating under the authority and responsibility of the Data Controller, will process the data. Information can be communicated to recipients that carry out activities related to the purposes above, such as communication services, e-mail and mail provider and website’s hosting and technical assistance and other service providers related to the aforementioned purposes. Only the data strictly necessary for the performance of the activities will be communicated to the subjects indicated above. The updated list of all recipients is available at the headquarters of the Data Controller and will be provided at your request by writing to the following e-mail address: firstname.lastname@example.org
7. YOUR RIGHTS
You can exercise rights under Chapter III of GDPR at any time. In particular, you have the right to ask the Data Controller for access to your data, their correction or cancellation, the integration of incomplete data, the limitation of processing, to withdraw the consent or object, to receive them in a structured, commonly used and machine-readable format, as well as to exercise the other rights recognized by the applicable regulations. These rights can be exercised using the portal’s features or by writing to the following e-mail address: email@example.com. Pursuant to art. 77 of the GDPR, moreover, you have the right to lodge a complaint with the Supervisory Authority if you consider that the processing violates the GDPR.
At the following link you can find all the information on cookies installed through this site, as well as the necessary indications on how to manage your preferences in this regard.
10. CONTACT DETAILS OF THE DATA CONTROLLER AND DATA PROTECTION OFFICER (DPO)
The Data Controller is Destination Florence Convention and Visitors Bureau Scrl which you can contact for any information or request using the following contacts: Via del Tiratoio,1 – Firenze (Fi) Telefono: 055/29881 E-mail: firstname.lastname@example.org.
Contact details of the Data Protection Officer: email@example.com
Last updated: January 2023