INFORMATION REGARDING THE PROCESSING OF PERSONAL DATA FOR APP USERS AND CUSTOMERS OF SOSTRAVEL.COM (pursuant to Articles 13 and 14 of EU regulation no. 2016/679 and Legislative Decree 196/2013 updated with Legislative Decree 101/2018)
- WHAT INFORMATION DO WE COLLECT ABOUT YOU? FOR WHAT PURPOSE?
As part of the services we offer, sostravel.com S.p.A. may acquire the following information about you.
App user's personal data
- username and password;
- contact details (address, telephone, e-mail);
- travel itineraries;
- access and navigation data related to the use of the App;
- access to accounts on third party services and use of email and usage data.
Personal data of baggage owners
- name and surname;
- contact details (address, telephone, e-mail); travel itineraries;
- travel itineraries;
- location for baggage delivery;
- access and navigation data related to use of the APP and the website at www.sostravel.com.
Personal data are processed in order to ensure:
- Lost Luggage Concierge Service for baggage cov- ered by the warranty and related legal obligations;
- Insurance coverage for baggage covered by the waranty and related legal obligations;
Ensure the company's legal protection in the event of disputes with the customer;
With prior explicit consent,
- Report to our business partners your request to ac- tivate airport services such as Fast Track, VIP Lounge access, medical insurance coverage, etc.
- Allow us to send promotional messages about prod- ucts and services offered by our company using the contact information provided.
- HOW DO WE HANDLE YOUR DATA AND FOR HOW LONG?
The processing of your personal data is carried out by means of the operations indicated in art. 4 of EU regu- lation no. 2016/679, namely: collection, recording, or- ganisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Per- sonal data are processed both on paper and electroni- cally. The Data Controller will process personal data for the time necessary for the purposes for which they were collected or subsequently processed, according to art 5, e) of EU regulation no. 2016/679, in particular:
- Data acquired as part of the reimbursement process are kept for a maximum of 10 years and then automati- cally deleted;
- The PW is disabled after 6 months of inactivity on the APP, and the data acquired on it are deleted after 1 year. The browsing history is preserved as long as the user remains active;
- Audio recordings of calls to the contact center are kept for up to 6 months;
- Contact data used for promotional purposes will be kept for a maximum of two years after provision of ex- press consent or until the consent is revoked;
- Data acquired through profiling cookies are stored for up to 90 days and subsequently deleted automatically.
In the event that you terminate the established relation- ship, sostravel.com will retain only the data expressly requested or required by law and only for the time spec- ified by law.
- WHO COULD HAVE ACCESS TO YOUR DATA?
Your data may be made accessible for the purposes re- ferred to in point 1 of this information:
- to employees and collaborators of the Data Controller in their capacity as data processors including: consul- tancy companies, companies in charge of maintenance or management of the IT system and the website, pro- fessional firms providing accounting and tax services; law firms and quality certification bodies; Contact Cen- ter;
- to companies and third parties acting as independent Data Controllers such as: banks, credit institutions, in- surance companies; inspection bodies in case of checks or controls
Subject to your explicit consent, your personal data may be provided to our Business Partners providing ser- vices such as Fast Track, VIP Lounge services; medical insurance coverage, luggage wrapping services and re- lated warranty.
The data will not be disclosed to third parties in any way.
- COULD YOUR DATA BE TRANS- FERRED TO COUNTRIES OUTSIDE THE EU?
YES. The Contact Center service is entrusted to a com- pany based in Moldova. The transfer of data to that com- pany is contractually regulated and provides for “ade- quate safeguards” pursuant to art. 46 of EU Regulation 2016/679.
- IS IT NECESSARY TO PROVIDE YOUR DATA? WHAT HAPPENS IF YOU DO NOT GIVE CONSENT?
Providing personal data is strictly necessary to ensure the activation of warranty coverage and the manage- ment of related services. Your explicit consent is required to authorize us to trans- fer your personal data to business partners for the acti- vation of services offered by them. In case of non-con- sent, we will not be able to proceed with the activation of services offered by business partners. The provision of express consent for promotional and profiling purposes is optional, but it is strictly necessary to access the APP's functionality.
- WHAT RIGHTS ARE GUARAN- TEED BY LAW?
According to EU Regulation 2016/679-Cap.III:
- The data subject has the right to obtain confirmation of whether or not personal data concerning him/her ex- ist, even if not yet recorded, and to receive communica- tions in intelligible form.
- The data subject has the right to obtain information about the origin of the personal data; the purposes and methods of processing; the logic applied in case of pro- cessing with electronic instruments; the identification details of the data controller, the data processors and any appointed representative as stated in article 5, par- agraph 2; of subjects or categories of subjects to whom the per- sonal data may be communicated or who may become aware of them in their capacity as designated repre- sentatives in the territory of the State, of managers or other individuals in charge.
The data subject has the right to obtain:
- updates, corrections or, if interested, the integration of data;
- the erasure, transformation into anonymous form or blocking of unlawfully processed data, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently pro- cessed;
- confirmation that the operations referred to in a) and b) above and their content have been brought to the at- tention of those to whom the data had been communi- cated or disseminated, except in cases where fulfilling this condition proves impossible or requires the use of means manifestly disproportionate to the protected right;
- a copy of the information we hold in a common and interoperable format;
- limitation of processing of personal data about him/her, or to oppose the processing of personal data about him/her, in whole or in part, for legitimate rea- sons, even if the data are relevant to the purpose for which they are being collected; Furthermore, the data subject has the right to:
- revoke consent at any time, without prejudice to the lawfulness of data processing that was based on con- sent before revocation;
Data subjects who believe that the processing of per- sonal data relating to them carried out through the web- site or app are in violation of the Regulation have the right to lodge a complaint to the Guarantor, as provided for by art. Article 77 of the Regulation, or to bring pro- ceedings to the appropriate courts (art. 79 of the Regu- lation). A formal declaration may be requested from the data controller certifying that the data subject's requests have been effectively resolved and brought to the atten- tion of those to whom data had previously been dissem- inated and disclosed. As a data subject, you may also designate a third per- son with a copy of a power of attorney, or of a proxy signed in the presence of an official, or a proxy signed and presented with an unauthenticated photocopy of the data subject's identification document. The data controller is obliged to reply to the request within 15 days from the date of sub- mission or 30 days if the answer is problematic. In any case, within 15 days you will be notified in writing of any reason for delay.
- HOW CAN I EXERCISE THESE RIGHTS?
You may exercise your rights at any time by sending a request to the following contacts:
Data Controller: sostravel. com S.p.a.- via Olona, 183/G - 21013 Gallarate (VA) - e-mail email@example.com - Phone +3903311587117 - Fax +39033111582452.
Director of Personal Data Protection. Virginia G. Basi- ricò, via Olona, 183/G - 21013 Gallarate (VA) - e-mail firstname.lastname@example.org - Tel+3903311587117 - Fax +39033111582452.