INFORMATION REGARDING THE PROCESSING OF PERSONAL DATA FOR APP USERS AND CUSTOMERS OF SOSTRAVEL.COM (pursuant to Articles 13 and 14 of EU regulation no. 2016/679 and Legislative Decree 196/2013 updated with Legislative Decree 101/2018)

  1. WHAT INFORMATION DO WE COLLECT ABOUT YOU? FOR WHAT PURPOSE?

As part of the services we offer, sostravel.com S.p.A. may acquire the following information about you.

Personal data are processed in order to ensure:

  1. HOW DO WE HANDLE YOUR DATA AND FOR HOW LONG?

The processing of your personal data is carried out by means of the operations indicated in art. 4 of EU regu- lation no. 2016/679, namely: collection, recording, or- ganisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Per- sonal data are processed both on paper and electroni- cally. The Data Controller will process personal data for the time necessary for the purposes for which they were collected or subsequently processed, according to art 5, e) of EU regulation no. 2016/679, in particular:

In the event that you terminate the established relation- ship, sostravel.com will retain only the data expressly requested or required by law and only for the time spec- ified by law.

  1. WHO COULD HAVE ACCESS TO YOUR DATA?

Your data may be made accessible for the purposes re- ferred to in point 1 of this information:

Subject to your explicit consent, your personal data may be provided to our Business Partners providing ser- vices such as Fast Track, VIP Lounge services; medical insurance coverage, luggage wrapping services and re- lated warranty.

The data will not be disclosed to third parties in any way.

  1. COULD YOUR DATA BE TRANS- FERRED TO COUNTRIES OUTSIDE THE EU?

YES. The Contact Center service is entrusted to a com- pany based in Moldova. The transfer of data to that com- pany is contractually regulated and provides for “ade- quate safeguards” pursuant to art. 46 of EU Regulation 2016/679.

  1. IS IT NECESSARY TO PROVIDE YOUR DATA? WHAT HAPPENS IF YOU DO NOT GIVE CONSENT?

Providing personal data is strictly necessary to ensure the activation of warranty coverage and the manage- ment of related services. Your explicit consent is required to authorize us to trans- fer your personal data to business partners for the acti- vation of services offered by them. In case of non-con- sent, we will not be able to proceed with the activation of services offered by business partners. The provision of express consent for promotional and profiling purposes is optional, but it is strictly necessary to access the APP's functionality.

  1. WHAT RIGHTS ARE GUARAN- TEED BY LAW?

According to EU Regulation 2016/679-Cap.III:

  1. The data subject has the right to obtain confirmation of whether or not personal data concerning him/her ex- ist, even if not yet recorded, and to receive communica- tions in intelligible form.
  2. The data subject has the right to obtain information about the origin of the personal data; the purposes and methods of processing; the logic applied in case of pro- cessing with electronic instruments; the identification details of the data controller, the data processors and any appointed representative as stated in article 5, par- agraph 2; of subjects or categories of subjects to whom the per- sonal data may be communicated or who may become aware of them in their capacity as designated repre- sentatives in the territory of the State, of managers or other individuals in charge.
  3. The data subject has the right to obtain:
    1. updates, corrections or, if interested, the integration of data;
    2. the erasure, transformation into anonymous form or blocking of unlawfully processed data, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently pro- cessed;
    3. confirmation that the operations referred to in a) and b) above and their content have been brought to the at- tention of those to whom the data had been communi- cated or disseminated, except in cases where fulfilling this condition proves impossible or requires the use of means manifestly disproportionate to the protected right;
    4. a copy of the information we hold in a common and interoperable format;
    5. limitation of processing of personal data about him/her, or to oppose the processing of personal data about him/her, in whole or in part, for legitimate rea- sons, even if the data are relevant to the purpose for which they are being collected; Furthermore, the data subject has the right to:
    6. revoke consent at any time, without prejudice to the lawfulness of data processing that was based on con- sent before revocation;

Data subjects who believe that the processing of per- sonal data relating to them carried out through the web- site or app are in violation of the Regulation have the right to lodge a complaint to the Guarantor, as provided for by art. Article 77 of the Regulation, or to bring pro- ceedings to the appropriate courts (art. 79 of the Regu- lation). A formal declaration may be requested from the data controller certifying that the data subject's requests have been effectively resolved and brought to the atten- tion of those to whom data had previously been dissem- inated and disclosed. As a data subject, you may also designate a third per- son with a copy of a power of attorney, or of a proxy signed in the presence of an official, or a proxy signed and presented with an unauthenticated photocopy of the data subject's identification document. The data controller is obliged to reply to the request within 15 days from the date of sub- mission or 30 days if the answer is problematic. In any case, within 15 days you will be notified in writing of any reason for delay.

  1. HOW CAN I EXERCISE THESE RIGHTS?

You may exercise your rights at any time by sending a request to the following contacts:

Data Controller: sostravel. com S.p.a.- via Olona, 183/G - 21013 Gallarate (VA) - e-mail sostravel@pec.net - Phone +3903311587117 - Fax +39033111582452.

Director of Personal Data Protection. Virginia G. Basi- ricò, via Olona, 183/G - 21013 Gallarate (VA) - e-mail privacy@sostravel.com - Tel+3903311587117 - Fax +39033111582452.

Privacy Policy Updates

This information was last updated on 24 June 2019 and may be subject to periodic review, for instance in relation to relevant legislation and jurisprudence. In case of significant changes, appropriate communication will be given for a reasonable time in the homepage of the website or through e-mail. However, data subjects are in- vited to periodically consult this Policy.