© 2025 Susy Travel all rights reserved
This page describes the methods of managing this site with reference to the processing of personal data of users who consult it. This is an information notice provided in accordance with current legislation on personal data for users who interact with the services of this site within the framework of EU Regulation 2016/679. The information is provided only for this site and not for other websites that may be consulted by the user through our links.
The "data controller"
Following consultation of the site, data relating to identified or identifiable persons may be processed. The "controller" of their processing is the Data Protection Officer.
Place of data processing
The processing related to web services is handled only by technical staff of the Office in charge of processing, or by any persons in charge of occasional maintenance operations. No data deriving from the web service is communicated or disseminated.
Purpose of processing and legal basis of processing
The personal data provided by users who submit requests or intend to use services or products offered through the site, as well as to receive further specific content, are used solely for the purpose of responding to requests or performing the requested service or provision, and are communicated to third parties only if this is necessary for that purpose. The legal basis for these processing activities is the necessity to respond to the requests of the data subjects or to carry out activities provided for by the agreements defined with the data subjects.
With the user's explicit consent, the data may be used for commercial communication activities related to offers of additional products or services of the data controller. The legal basis for this processing is the freely given consent of the data subject.
Outside of these cases, users' browsing data are retained for the time strictly necessary to manage processing activities within the limits established by law.
Types of data processed
Browsing data
The computer systems and software procedures responsible for the operation of the site acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified individuals, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters relating to the user's operating system and IT environment. These data are used solely to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.
Data voluntarily provided by the user
The optional, explicit, and voluntary sending of emails to the addresses indicated on the site entails the subsequent acquisition of the sender's address, which is necessary to respond to requests, as well as any other personal data included in the message. Specific summary information will be progressively provided or displayed on the pages of the site prepared for particular services upon request.
Cookies
Cookies refer to a textual element that is inserted into a computer's hard drive only after authorization. Cookies serve to streamline web traffic analysis or to indicate when a specific site is visited and allow web applications to send information to individual users. No personal data of users is acquired by the site in this regard. Cookies are not used for the transmission of personal information, nor are so-called persistent cookies of any kind used, that is, systems for tracking users. The use of so-called session cookies is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe and efficient browsing of the site. The so-called session cookies used on the site avoid the use of other IT techniques that could potentially compromise the confidentiality of users' browsing and do not allow the acquisition of personal identifying data of the user.
Optional nature of providing data
Apart from what is specified for navigation data, the user is free to provide personal data to request the services offered by the Data Controller. Failure to provide such data may make it impossible to obtain the requested services.
Methods of processing and data retention periods
Personal data is processed using automated tools for the time strictly necessary to achieve the purposes for which it was collected. Specific security measures are observed to prevent data loss, unlawful or improper use, and unauthorized access.
The data is retained for the time strictly necessary to pursue the purposes indicated in this notice and will be deleted at the end of this period, unless the data must be kept for legal obligations or to assert a right in court.
Rights of the data subjects
Within the limits and under the conditions provided by law, the data controller is obliged to respond to the data subject's requests regarding their personal data. In particular, according to current regulations:
1. The data subject has the right to obtain from the data controller confirmation as to whether or not personal data concerning him or her are being processed and, if so, to obtain access to the personal data and the following information:
the purposes of the processing;
the categories of personal data in question;
the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients in third countries or international organizations;
when possible, the intended retention period for personal data or, if not possible, the criteria used to determine that period;
the existence of the data subject's right to request from the data controller the rectification or erasure of personal data or the restriction of processing of personal data concerning him or her or to object to their processing;
the right to lodge a complaint with a supervisory authority;
if the data are not collected from the data subject, all available information about their origin;
the existence of an automated decision-making process, including profiling
2. The data subject has the right to obtain from the data controller the rectification of inaccurate personal data concerning him or her without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the completion of incomplete personal data, including by providing a supplementary statement.
3. The data subject has the right to obtain from the data controller the erasure of personal data concerning him or her without undue delay, and the data controller is obliged to erase such personal data without undue delay within the limits and in the cases provided for by current legislation. The data controller shall inform each recipient to whom the personal data have been disclosed of any rectification or erasure or restriction of processing within the limits and in the manner provided for by current legislation.
4. The data subject has the right to obtain from the data controller the restriction of processing.
5. The data subject has the right to receive the personal data concerning him or her, which he or she has provided to a data controller, in a structured, commonly used and machine-readable format, and has the right to transmit those data to another data controller without hindrance from the controller to which the data have been provided.
To exercise the above-listed rights, the data subject must submit a request using the following email address, through which the Data Protection Officer can also be contacted: info@susytravel.it
Requests should be addressed to the Data Controller at the following email address: info@susytravel.it
where the data protection officer, if appointed by the Controller, can be contacted.
This version of the personal data processing notice was updated on January 29, 2020.
© 2025 Susy Travel all rights reserved