This site uses proprietary and third party cookies to offer a better user experience. By continuing to browse the site, you are agreeing to our use of cookies. For further information or opt out options READ MORE.
Ok
You are in: Home > Privacy Policy

Privacy Policy

Privacy Notice on the processing of personal data pursuant to Article 13 of Regulation (EU) 2016/679

This Privacy Notice describes how personal data are processed through the website www.booking.sacaonline.it (the "Website") with regard to users who access and use it.

SACA Soc. Coop a.r.l. is committed to ensuring that the processing of the personal data of each visitor to the Website, whether carried out by automated or manual means, is conducted in full compliance with the safeguards and rights established by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the "GDPR"), as well as with any other applicable data protection legislation, including in relation to Internet access from outside Italy, in accordance with the provisions of this Privacy Notice.

Unless otherwise provided for by a specific privacy notice issued pursuant to Article 13 of the GDPR, this Privacy Notice shall also be deemed to provide the information required under Articles 13 and 14 of the GDPR to individuals who browse the Website and interact with the Data Controller through the services made available on the Website.

Please note that this Privacy Notice applies exclusively to the Website www.booking.sacaonline.it and does not apply to any other websites that users may access while browsing by clicking on links and/or banners available on the Website.

1. Data Controller

The Data Controller is SACA Soc. Coop. a.r.l., with its registered office at Via del Sostegno 2, 40131 Bologna (BO), Italy, Tax Code and VAT No. 00632770376. The Data Controller may be contacted by email at .

2. Categories of personal data processed, purposes of processing and legal bases for processing in relation to the use of the website

While browsing the Website, users' personal data may be collected and processed as described below.

·        Browsing Data

The IT systems and software procedures used to operate the Website automatically collect certain information, the transmission of which is inherent in the use of Internet communication protocols.

This category of data includes: IP address; browser type and version; operating system; pages visited and time spent on the Website; date and time of access; the referring URL, where applicable; and technical information relating to the user's device.

Legal basis: the legitimate interest of the Data Controller, pursuant to Article 6(1)(f) of the GDPR, in the management and administration of the Website, as well as in the improvement and development of the online services provided.

·        Data voluntarily provided by the visitor

Personal data that users provide directly to the Data Controller, for example when requesting information, quotations or bookings, will be retained for the time strictly necessary to manage the request and provide the requested response. If no contract or booking is concluded, the data will be deleted or anonymised within 12 months from the date of the last contact. Where the request results in the establishment of a contractual relationship, the data will be retained for the duration of such relationship and subsequently for the period required by applicable legal obligations.

Legal basis: performance of pre-contractual or contractual measures, pursuant to Article 6(1)(b) of the GDPR.

·        Newsletter and promotional communications

Subject to the specific consent of the data subject, the Data Controller may process the email address provided for the purpose of sending newsletters, informational communications, promotional communications and updates relating to its services and activities.

Legal basis: the consent of the data subject pursuant to Article 6(1)(a) of the GDPR.

·        Registration and account creation

The personal data provided by users during the registration process are processed for the purpose of creating and managing their personal account, enabling access to the Website’s restricted areas and providing the requested services.

Legal basis: performance of pre-contractual or contractual measures, pursuant to Article 6(1)(b) of the GDPR.

·        Cookie

In certain additional cases, personal data collected through cookies may be processed for analytical purposes. The processing of such personal data will be carried out in accordance with the provisions set out in the Cookie Policy.

Legal basis: the relevant legal basis for non-technical cookies is the freely given consent of the data subject, pursuant to Article 6(1)(a) of the GDPR.

For further details, please refer to the Cookie Policy section.

3. Processing methods, potential recipients and transfer of data

Personal data are processed using IT tools suitable to ensure the security and confidentiality of such data and in compliance with the security measures deemed appropriate by the Data Controller pursuant to Article 32 of the GDPR.

Data may also be processed through automated means, with or without the use of electronic tools (including email, telephone and any other remote communication technology), in accordance with the principles of fairness, lawfulness and transparency.

Furthermore, personal data may be processed by authorised personnel and/or system administrators who need to access such data in connection with their activities, or by external parties providing services on behalf of the Data Controller (for example, IT system management services, etc.), who have been duly appointed as Data Processors or who act as independent Data Controllers.

Personal data may be transferred to third countries outside the European Economic Area only where an adequacy decision has been adopted by the European Commission or where appropriate safeguards are in place in accordance with applicable data protection legislation.

4. Redirects to external websites

The Website may contain links or connections to third-party websites. The Data Controller does not control the methods used by such external websites to collect, manage and protect personal data.

Therefore, with regard to any processing of personal data carried out while visiting websites other than www.booking.sacaonline.it, users are invited to refer to the relevant privacy notices provided by the respective data controllers.

5. Data retention period

Personal data are retained for the period strictly necessary to achieve the purposes described above. Specifically:

  • Browsing data: will be retained for a maximum period of 7 days, except where retention is required for the investigation of computer crimes by the competent Judicial Authority.
  • Data voluntarily provided (e.g. through the quotation and booking sections): personal data provided voluntarily through quotation request or booking forms will be retained for the time necessary to manage the user's request and, subsequently, for a maximum period of 12 months from the last contact, unless a contractual relationship is established or legal obligations require a longer retention period.
  • Newsletter and promotional communications: data will be retained until the withdrawal of consent by the data subject and, in any event, for a period not exceeding 24 months from the last significant interaction with the communications sent, unless consent is renewed or a different legal obligation applies. The data subject may withdraw consent at any time by using the relevant link included in each email communication or by contacting the Data Controller at the contact details indicated in this Privacy Notice. Withdrawal of consent shall not affect the lawfulness of processing carried out before such withdrawal.
  • Registration and account creation: data will be retained for the entire duration of the account. In the event of prolonged inactivity or a request for deletion by the user, the data will be deleted or anonymised within 24 months, unless retention is necessary to comply with legal obligations, to establish, exercise or defend a right in legal proceedings, or for other legitimate purposes provided for by applicable legislation.
  • Cookies: retention periods vary depending on the type of cookie (session or persistent cookies). Please refer to the relevant section of the Cookie Policy.

Further details regarding the specific retention periods applicable to individual processing activities will be provided in the privacy notices issued pursuant to Articles 13 and 14 of the GDPR.

6. Rights of data subjects

Pursuant to Articles 15–21 of Regulation (EU) 2016/679 (GDPR), the data subject has the right to exercise the following rights at any time:

  • Right of access (Article 15 GDPR): obtain confirmation as to whether or not personal data concerning them are being processed and, where this is the case, receive a copy of the personal data processed, the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients, the envisaged retention period or the criteria used to determine such period, as well as information regarding the origin of the data and any transfer to third countries.
  • Right to rectification (Article 16 GDPR): obtain the correction of inaccurate personal data or the completion of incomplete personal data.
  • Right to erasure (Article 17 GDPR): obtain the erasure of personal data where certain conditions apply, such as where the purposes of the processing no longer exist, consent has been withdrawn, the data subject has objected to the processing, or the processing is unlawful, without prejudice to cases where the law permits or requires the retention of such data.
  • Right to restriction of processing (Article 18 GDPR): obtain the restriction of processing in the cases provided for by applicable legislation, for example where the accuracy of the data is contested or where the processing is unlawful and the data subject objects to the erasure of the data.
  • Right to data portability (Article 20 GDPR): receive personal data in a structured, commonly used and machine-readable format, or request the transfer of such data to another Data Controller, where technically feasible.
  • Right to object (Article 21 GDPR): object, on grounds relating to their particular situation, to the processing of personal data, including processing for direct marketing purposes or related profiling activities.
  • Right to lodge a complaint with the supervisory authority (Article 77 GDPR): lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) or another competent supervisory authority if the data subject considers that the processing infringes applicable data protection legislation.

To exercise any of the rights listed above, the data subject may contact the Data Controller by sending an email to .

7. Amendments to this Privacy Notice

This Privacy Notice applies to the Website from the date of its publication and supplements and completes the privacy notices provided at each individual stage of data collection.

The possible entry into force of new sector-specific legislation, as well as the ongoing review and update of the Website’s terms and conditions of use, may require changes to the methods of processing described herein.

Therefore, this Privacy Notice may be subject to amendments over time, and users are invited to periodically consult this page.

 


Book your tickets
Adults
Minors
under 18 years
Saca - Online Booking
Partners