In compliance with the EUROPEAN UNION’S GENERAL DATA PROTECTION REGULATION
updated 25th may 2018
ItalyIndeed respects your privacy when you use our services and is committed to complying with privacy legislation. This privacy notice has been updated to comply with The European Union’s General Data Protection Regulation (GDPR) regulation which changes how companies use and process the personal data of users.
The information below is what is referred to as a ‘Privacy Notice’ which explains how we use and protect your personal data.
- Information ItalyIndeed holds
This is a list of personal information that we hold for some customers and suppliers. We do not hold all of this information for all of our customers and suppliers.
- Name and Surname
- Phone number (work, home or mobile)
- E-mail address
- Date of birth
- Passport details
- Health details
- Photographs / Videos
- Parents’ contact details (for minors)
- Suppliers’ contact details
- Suppliers’ bank details
We hold this information on a secure remote server. We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online and via e-mail.
We require the above information to understand your needs and provide you with a better service, and in particular for the following reasons:
- Internal record keeping.
- We may use the information to improve our products and services.
- We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
- From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone or mail. We may use the information to customize the website according to your interests.
1.1. Where customer data came from
Customer data has come from contact about our products. Customers have approached ItalyIndeed either by telephone or email and we have recorded their data as above. We continue to liaise with them exclusively in the context of our products. The customer is always able to cease contact and to decline further contact.
1.2. The Web
You can visit our site (www.italyindeed.it) without telling us who you are or providing us with any personal information. However, we collect related information such as page requests, browser type, operating system and average time spent on our website through an analytics program (Google Analytics) which we use to monitor and improve our website.
To make this website easier to use, we sometimes place small text files on your device (for example your iPad or laptop). These are known as ‘cookies’. Our cookies aren’t used to identify you personally. They’re just here to make the site work better for you.
A cookie asks permission to be placed on the hard drive of your device. Once you agree, the file is added and the cookie helps analyze web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyze data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. A cookie does not tell us what your name, address, phone number or any other personal data is. It only collects web browsing information which we use to provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
1.3. Where supplier data came from
Supplier data has come from previous contact before ItalyIndeed was incorporated and/or from further research into suppliers. Suppliers (also known as service providers) may have approached us through our website, by phone or email. They may also have been approached by us when researching service providers for our customers. We liaise with them in the context of providing services to our customers.
This constitutes implied consent or ‘soft opt-in’ but future communications will require new customers to opt in.
1.4. We do not share your data with third parties other than service providers you have agreed upon.
We protect access to our data through a log-in process to our remote server.
We do not sell databases or provide them as part of sponsorship deals. We use our data solely in the context of business operations. We contact customers directly for managing their tour or product, for example regarding payments, passport details, names for hotels and so on. We also liaise with customers on other future products they may be interested in.
We do share customers data with our suppliers when it is necessary to do so. For example, we share your name and surname with hotels when making a booking, or we may share them (along with the phone number you provided us) with a tour guide when you have asked us to book a tour for you.
We do not share your data with companies or people who are in no way involved in the designing or delivering of the product you chose to buy from us.
The companies and people we do share your data with are only made aware of necessary information (such as name, surname, date of birth and so on). In no way, we will share your email address, home address or any other information which is not absolutely necessary in the booking process.
Similarly, supplier data is used for conducting business. We need their bank records for payments and contact details for operations.
1.5. How We Record Our Processes
Customer contact comes initially from email, web form or telephone. We do not record information other than saving the contact in our email contact list.
Further information from customers about their tours (names, dates of birth, dietary information and so on) is gathered by email and stored on spread sheets, which in turn are kept on our remote server and protected by a password.
- Communicating privacy information
ItalyIndeed’s Privacy Notice
2.1. Information we collect and why we collect it
ItalyIndeed is a tour operator. All the information we collect is within the context of the products we sell. You, the customer, provide us with the data we need to operate products you have bought or to liaise about products you might be interested in. This data includes but is not limited to:
- Full name
- Phone number (work, home or mobile)
- Email address
- Date of birth
- Passport details
- Health details (such as dietary requirements)
- Parents’ contact details (for minors)
- Bank details
- ID proof
- Social Media handles
2.2. How We Use Your Information
You will provide some or all of this information when contacting the company and in the course of enquiring about and/or operating your tour or product (hospitality or ticket purchases for example). It is in this context that ItalyIndeed gathers your data.
2.3. How We Share Your Information
We do not sell data to third parties for marketing purposes. We may, with your consent, share photos or videos as part of our social media or marketing effort.
We use personal information solely for the purposes of the business. This includes providing service providers and suppliers.
2.4. Storage & Processing: How We Protect Your Information
All our data is securely held on a remote server and is password protected.
If you would like ItalyIndeed to remove any data from its server, simply email email@example.com or write to our registered office (ItalyIndeed, First Floor Audit House, 151 High Street, Billericay, CM12 9AB, United Kingdom ) explaining what information you would like deleted. This will take place within one month of ItalyIndeed receiving the request.
If you would like to stop receiving emails from us, simply let us know and we will delete your contact.
If you still believe your data is being mishandled, you are entitled to complain.
2.3. Individual’s rights
You, the customer or supplier, have the following rights:
- the right to be informed
- the right of access
- the right to rectification
- the right to erasure
- the right to restrict processing
- the right to data portability
- the right to object
- the right not to be subject to automated decision-making including profiling
Once a written request has been received, ItalyIndeed will act or respond within one month. If action is required, it will be taken by the company director, ensuring all requested data is removed from ItalyIndeed’s server and bank account.
ItalyIndeed can refuse or charge for requests that are manifestly unfounded or excessive. If we refuse a request, we will tell you why and explain that you have the right to complain to the supervisory authority for a judicial remedy. This will take place without undue delay and, at the latest, within one month.
ItalyIndeed does not offer online services to children. It only collects limited personal data for the purposes of a tour. This means, for example, ItalyIndeed will ask for dietary requirements (to protect children against allergenic foods), names as they appear on passports (for hotel rooming lists) and ages (to avail of excursion discounts and to potentially arrange host families). Parents provide consent and information to teachers for the above purposes. We ask teachers to ensure consent is verifiable.
2.5. Data breaches
ItalyIndeed is able to detect, report and investigate a personal data breach as it employs an IT and digital marketing company to oversee its technology. Alerts are in place.
ItalyIndeed is only required to notify the customer or supplier of a breach where it is likely to result in a risk to the rights and freedoms of individuals – if, for example, it could result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage.
Where a breach is likely to result in a high risk to the rights and freedoms of individuals, ItalyIndeed will notify those concerned directly.
2.6. Data Protection by Design Protection Impact Assessments
A DPIA is required in situations where data processing is likely to result in a high risk to individuals, for example:
- where a new technology is being deployed
- where a profiling operation is likely to significantly affect individuals
- where there is processing on a large scale of the special categories of data
Consequently, ItalyIndeed has no current requirement to undertake a DPIA
2.7. Data Protection Officers
ItalyIndeed does not require a Data Protection Officer (DPO) because it is not:
- a public authority
- an organization that carries out regular and systematic monitoring of individuals on a large scale
- an organization that carries out the large scale processing of special categories of data, such as health records or information about criminal convictions
2.8. Supervisory Authority
The supervisory authority for ItalyIndeed is the UK.
- Providing consent
Consent must be freely given, specific, informed and unambiguous and there must be a positive opt-in. Hence, you will be asked for explicit consent to sharing your data with us when enquiring through our website. This will allow us to read your message and to respond. You can opt-out at any time by sending us an email or by writing to ItalyIndeed, First Floor Audit House, 151 High Street, Billericay, CM12 9AB, United Kingdom
- Links to other websites
Our website contains links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites as such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.