Information on personal data processing

Pursuant to Articles 13 and 14 of Regulation 2016/679/EU (hereinafter “GDPR”), TRAVEL TO DIALOGUE EVOLUTION SRL SOCIETA BENEFIT UNIPERSONALE (hereinafter “Controller” or “TTDE”) with registered office in Florence, Via della Condotta n. 12, 50122, in its capacity as “Data Controller”, informs you that your personal data collected for the purpose of concluding the contract with the Customer and/or in the context of the execution and/or stipulation of the same will be processed in compliance with the aforementioned regulations, in order to guarantee the rights, fundamental freedoms, as well as the dignity of natural persons, with particular reference to confidentiality and personal identity. We inform you that if the activities provided to you involve the processing of personal data of third parties under your ownership, it will be your responsibility to ensure that you have complied with the provisions of the regulations regarding the Data Subjects in order to make their processing by us lawful.

Origin, purposes, legal basis and nature of the data processed

The processing of your personal data, directly provided by you, is carried out by TRAVEL TO DIALOGUE EVOLUTION SRL SOCIETA BENEFIT UNIPERSONALE for the purpose of concluding the contract with the Customer and/or in the context of the execution and/or stipulation of the same.

Moreover, the processing of personal data of third parties communicated by the Customer to the Company may occur. With respect to this hypothesis, the Customer acts as an independent data controller and assumes the consequent legal obligations and responsibilities, indemnifying the Company from any dispute, claim and/or request for compensation for damages from processing that may come to the Company from interested third parties.

In compliance with current legislation on the protection of personal data and without the need for specific consent from the Data Subject, the Data will be archived, collected and processed by the Company for the following purposes:

a) fulfillment of contractual obligations, execution and/or stipulation of the contract with the Customer and/or management of any pre-contractual measures;

b) any contact information will be subject to the specific processing purposes outlined in the separate agreement with Foundation, or for general purposes described elsewhere in the document.

c) fulfillment of any regulatory obligations, tax and tax provisions deriving from the conduct of business activities and obligations related to administrative-accounting activities;

d) sending, directly or through third-party marketing and communication service providers, newsletters and communications with direct marketing purposes via email, SMS, MMS, push notifications, fax, postal mail, telephone with operator, in relation to products provided by the company pursuant to art. 130 c. 1 and 2 of Legislative Decree 196/03 (hereinafter “Code”);

e) communication of Data to third-party companies for sending newsletters and communications with marketing purposes via email, SMS, MMS, push notifications, fax, postal mail, telephone with operator pursuant to art. 130 c. 1 and 2 of the Code.

The legal bases of the processing for the purposes a), b) and c) indicated above are Articles 6.1.b) and 6.1.c) of the Regulation. The provision of Data for the aforementioned purposes is optional, but any failure to provide such Data and the refusal to provide them would make it impossible for the Company to execute and/or stipulate the contract and provide the services requested by it.

The legal basis of the processing of personal data for the purposes d) and e) is art. 6.1.a) of the GDPR as the processing is based on consent. In the case of using contacts that are part of the friends of the Romualdo Del Bianco Foundation, as contractually provided, their use for marketing and communication initiatives can only take place through informed consent and in compliance with the philosophy of the Foundation and its ethical and cultural principles recognized internationally. It is specified that the Controller may collect a single consent for the marketing purposes described here, in accordance with the General Provision of the Data Protection

Authority “Guidelines on promotional activities and spam prevention” of July 4, 2013. The provision of consent to the use of data for marketing purposes is optional and if the interested party wishes to object to the processing of Data for marketing purposes performed with the means indicated here, as well as revoke the consent given; they may do so at any time without any consequence (except for the fact that they will no longer receive marketing communications) following the instructions in the “Rights of the Data Subject” section of this Information.

Finally, it is recalled that for the processing carried out for the purpose of direct sending of its advertising material or its direct sales or for the performance of its market research or commercial communications in relation to products or services similar to those used by the Customer, the Company may use the email addresses or personal details pursuant to and within the limits allowed by art. 130, paragraph 4 of the Code and by the provision of the Data Protection Authority of June 19, 2008 even in the absence of explicit consent. The legal basis of the data processing for this purpose is art. 6, paragraph 1, lett. f) of the GDPR, without prejudice to the possibility to object to such processing at any time, following the instructions in the “Rights of the Data Subject” section of this Information.

Communication

The data may be communicated to third parties appointed as data processors pursuant to Article 28 of the GDPR and in particular to banking institutions, to companies active in the insurance field, to service providers strictly necessary for carrying out the business activity, or to company consultants, where this proves necessary for tax, administrative, contractual reasons or for requirements protected by current regulations.

Your personal data, or personal data of third parties in your ownership, may also be communicated to external companies, identified from time to time, to which TTDE entrusts the execution of obligations deriving from the assignment received to which only the data necessary for the requested activities will be transmitted. All employees, consultants, temporary workers and/or any other “natural person” who carry out their activity based on the instructions received from TTDE, pursuant to art. 29 of the GDPR, are appointed “Data processors” (hereinafter also “Processors”). To the Processors or to the Managers, if designated, TTDE gives adequate operational instructions, with particular reference to the adoption and compliance with security measures, in order to guarantee the confidentiality and security of data. Specifically with reference to the aspects of protection of personal data, the Customer is invited, pursuant to art. 33 of the GDPR to report to TTDE any circumstances or events from which a potential “personal data breach” may occur in order to allow an immediate assessment and the adoption of any actions aimed at countering such event by sending a communication to TTDE at the contacts indicated below.

The Data will not be disseminated.

TTDE’s obligation to communicate data to Public Authorities upon specific request remains.

Transfer of personal data abroad

Your personal data may be transferred abroad if necessary for the management of the assigned activities. In cases where data is shared with entities located outside the European Economic Area (EEA), the TTDE ensures that an adequate level of data protection is maintained, equivalent to that applied within the EEA.

Any such transfer will be limited to the data strictly necessary for achieving the intended purposes and will be carried out in compliance with Chapter V of the GDPR. Where required, the TTDE will implement appropriate safeguards, such as:

• adequacy decisions by the European Commission (Article 45 GDPR),
• standard contractual clauses (SCCs) adopted by the European Commission (Article 46 GDPR),
• binding corporate rules (BCRs) where applicable (Article 47 GDPR). For the processing of information and data communicated to these entities, the TTDE will require guarantees ensuring a level of protection equivalent to that applied within the EEA, in accordance with Chapter V of the GDPR.

Methods, logic of processing and retention times

 

Your personal data may be transferred abroad if necessary for the management of the assigned activities. In cases where data is shared with entities located outside the European Economic Area (EEA), the Foundation ensures that an adequate level of data protection is maintained, equivalent to that applied within the EEA.

Any such transfer will be limited to the data strictly necessary for achieving the intended purposes and will be carried out in compliance with Chapter V of the GDPR. Where required, the Foundation will implement appropriate safeguards, such as:

• adequacy decisions by the European Commission (Article 45 GDPR),
• standard contractual clauses (SCCs) adopted by the European Commission (Article 46 GDPR),
• binding corporate rules (BCRs) where applicable (Article 47 GDPR).

For the processing of information and data communicated to these entities, the Foundation will require guarantees ensuring a level of protection equivalent to that applied within the EEA, in accordance with Chapter V of the GDPR.

Processing Methods, Logic, and Storage Periods

Personal data is collected and processed lawfully, fairly, and transparently, in accordance with the principles outlined in Article 5(1) of the GDPR, including the principles of data minimization and storage limitation.

Processing is carried out using manual, digital, and telematic tools, applying security measures that ensure data confidentiality and integrity, and strictly adhering to the purposes for which the data is collected.

Personal data will be retained by FONDAZIONE ROMUALDO DEL BIANCO for the entire duration of the contractual relationship and, subsequently, for the period necessary to:

• assert or defend the Foundation’s rights;
• fulfill administrative obligations;
• comply with applicable legal and regulatory data retention

Rights of the Data Subject

In accordance with applicable data protection laws, and within the limits and conditions set forth by the GDPR, as a Data Subject, you have the right to:

• Obtain confirmation as to whether or not your personal data is being processed;
• Access your personal data and request a copy of it;
• Request rectification of inaccurate or incomplete data;
• Request erasure of your personal data where applicable under the GDPR (right to be forgotten);
• Be informed about any rectifications or erasures made to your data and about any recipients to whom the data was disclosed;
• Request restriction of processing in the cases provided for by Article 18 of the GDPR;
• Exercise the right to data portability, meaning you can receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and transmit it to another controller where technically feasible (Article 20 GDPR);
• Object to processing, including profiling, where processing is based on legitimate interest (Article 21 GDPR);
• Not be subject to automated decision-making, including profiling, that produces legal effects concerning you or significantly affects you, unless an exception under Article 22 of the GDPR applies.

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the competent Supervisory Authority, in accordance with Article 77 of the GDPR.

If you wish to request further information about the processing of your personal data or exercise your rights, you may contact us in writing at privacy@lifebeyondtourism.com

Titolare del Trattamento

The Data Controller, pursuant to Article 4 of the GDPR, is TRAVEL TO DIALOGUE EVOLUTION SRL SOCIETA BENEFIT UNIPERSONALE, sede in Firenze, Via della Condotta n. 12, 50122.

Kind regards

TRAVEL TO DIALOGUE EVOLUTION SRL SOCIETA BENEFIT UNIPERSONALE

Firenze, 10/03/2025