We wish to inform you that, in compliance with Regulation (EU) no. 679 and Legislative Decree no. 196 of 2003 on the protection of personal data, the Data controller is Ama Terra Viaggi di Mauro Totola, con sede in Via G.F. Caroto 1/C - 37131 Verona (VR) - P. IVA e Cod. Fisc.: 03729150239 (hereinafter the “Controller”).
Personal data is processed in full compliance with Regulation (EU) 679/2016 and Legislative Decree 196/2003.
- Introduction Which data do we process and the legal basis for said processing (art. 13 e art. 15 GDPR)
usage data: We may process data about your use of our website and services. The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. This usage data may be processed for the purposes of analyzing the use of the website and services.
legal basis for this processing: our legitimate interests, monitoring and improving our website and services
personal data: We may process your personal data like name, address, telephone number, email address.
- The personal data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you.
legal basis for this processing: the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
- The personal data may be processed where necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
legal basis for this processing: our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
- The personal data may be processed where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice.
legal basis for this processing: our legitimate interests, namely the proper protection of our business against risks.
- In addition to the specific purposes for which we may process your personal data we may also process said data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
legal basis for this processing: compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
enquiry and transaction data: We may process information contained in any enquiry you submit to us regarding goods and/or services or information relating to transactions, including purchases of goods and services, that you enter into with us and/or through our website. The enquiry data may be processed for the purposes of offering, marketing and selling relevant goods and/or services to you.
legal basis for this processing: the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract
We do not process sensitive personal data.
- Where do we process your data
The Data is processed at the Data Controller’s operating offices and in any other places where the parties involved in the processing are located.
- Providing your personal data to others (art. 13, 1° comma GDPR)
As part of its activities and for the purposes indicated above, the Controller may use third party service providers, operating on behalf of and as per the instructions of the Controller, as data processors. These are suppliers, commercial and production partners, intermediaries, technical consultants and other similar entities who cooperate with our organization to fulfil the contractual commitments with you; entities who provide a service strictly and necessarily linked to the Controller’s business such as tax consultants, banks, shipping companies, insurance companies, public and private entities, also for inspections or audits; entities that can access the data in accordance with the provisions of law.
Data may be also disclosed to all entities authorized by law to collect them (e.g. tax authorities, etc.)
The Data subject may request a complete and up-to-date list of the entities appointed as data processors via the contact details provided below.
Data may be transferred within the European Union, where the Controller or its suppliers and collaborators have establishments or servers. Data will not be transferred outside the European Union.
- How do we process your data (art. 32 GDPR)
Data will be processed, by personnel appointed by the Controller, using procedures, technical means and IT tools that are capable of protecting the confidentiality and security of the data subject’s data. Processing includes the collection, recording, organization, storage, consultation, processing, alteration, selection, retrieval, alignment, use, interconnection, restriction, disclosure, dissemination, erasure, destruction of data; it may involve a combination of two or more of the above operations.
- How long do we keep your data (art. 13, 2° comma, lett. a GDPR)
Data will be kept for the time strictly necessary to provide the services requested by the Data subject and will in any case be erased if requested by the Data subject, subject to any data retention obligations envisaged by law. The data subject’s data will not be disseminated.
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. We will retain your personal data as follows:
(a) Usage data will be retained for a maximum period of 36 months.
(b) Personal data will be retained for a maximum period of 10 years from the conclusion of the contract between you and us
(c) Enquiry and transaction data will be retained for a maximum period of 10 years from the conclusion of the contract between you and us or it will be retained for a maximum period of 12 months in case no further request is posed by you and no subsequent contract is made after your initial enquiry.
Notwithstanding the other provisions of this section, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
- Withdrawal of Consent (Art. 13, 2° comma, lett. E) GDPR)
You can grant consent to all the purposes, one of the purposes or none of the purposes. Where you do not grant consent we will not be able to use your personal data for the purposes abovementioned, except in certain limited situations, such as where required to do so by law or to protect members of the public from serious harm.
If you do grant consent, please note you can withdraw your consent to all or any one of the above purposes at any time by contacting the Data controller. Please note that all processing of your personal data will cease once you have withdrawn consent but this will not affect any personal data that has already been processed prior to this point.
If you withdraw consent for a specific purpose, as in for marketing communications, the withdrawal will not affect the remaining processing.
- Rights of the data subject
- Right of access (art. 15 GDPR). Right of access by the data subject to access his or her data and to lodge a complaint with a supervisory authority;
- Right to rectification (art. 16 GDPR). Right of the data subject to obtain from the controller the rectification of inaccurate personal data concerning him or her;
- Right to erasure (‘right to be forgotten’) (art. 17 GDPR). The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay;
- Right to restriction of processing (art. 18 GDPR). Right of the data subject to obtain from the controller restriction of processing;
- Notification obligation (art. 19 GDPR). The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with articles 16, 17 and 18 to each recipient to whom the personal data have been disclosed;
- Right to data portability (art. 20 GDPR). The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, and the right to transmit those data to another controller without hindrance from the controller;
- Right to object (art. 21 GDPR). Right of the data subject to object to the processing of his or her personal data;
- Profiling (art. 22 of the GDPR). The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which significantly affects him or her.
Any requests to exercise User rights can be directed to the Data controller through the following contact
The contact details of the Data controller are Ama Terra Viaggi di Mauro Totola, con sede in Via G.F. Caroto 1/C - 37131 Verona (VR) - P. IVA e Cod. Fisc.: 03729150239 – firstname.lastname@example.org.
These requests can be exercised free of charge and will be addressed by the Owner as early as possible and always within one month.
We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes to this policy.
We will notify you of significant changes to this policy through a special notification system on our website.
Cookies are short pieces of text (letters and/or numbers) that enable the web server to store information on the client (the browser) to be reused during the visit to the website (session cookies) or subsequently, even after many days (persistent cookies). Cookies are stored, according to user preferences from a single browser on the specific device being used (computer, tablet, smart phone). Similar technologies can be used to gather information on user behaviour and on service use.
Subsequently, this document will refer to the cookies and all similar technologies by simply using the term “cookie”.
Type of cookies
We can identify several categories of cookies based on their features and use:
- Absolutely necessary cookies. These cookies are essential for the proper operation of our website and are used to manage the login and access to features unique to the website, in general to accelerate, improve and customize the level of service to users. The duration of the cookies is strictly limited to either the working session (they are deleted when the browser is closed), or of a longer duration, designed to recognize the visitor’s computer. Their deactivation may compromise the use of services accessible by logging in, while the public part of the website is normally used.
- Analysis and performance cookies. These cookies are used to collect and analyse traffic and to use the website anonymously. Even without identifying the user, these cookies can, by way of example, detect if the same user returns to the website at different times. Moreover, they are used to monitor the system and improve performance and usability. The cookies can be deactivated without any loss of functionality.
- Profiling cookies. These are persistent cookies used to identify (anonymously or otherwise) user preferences and improve the browsing experience or to send advertising messages in accordance with the preferences shown by the user during web browsing.
Cookies from the site visited (“owner”) or by websites maintained by other organisations (“third party”) may be received when visiting a website. An example of this is the presence of “social plugins” (i.e. Facebook, Twitter, Google+) that are aimed at sharing contents on the social networks. The presence of these plugins involves the transmission of cookies to and from all websites operated by third parties. The management of the information collected by “third parties” shall be governed by the relevant information to which we ask the user to refer.
To ensure greater transparency and convenience, for each of these websites, we give the user the web address of the information note, the methods to manage these cookies or to delete them as well as to deny consent to the installation of the cookies:
Management of cookies
By using the settings in the browser, the user can decide whether or not to accept the cookies.
Warning: Disabling all or part of the technical cookies may compromise the use of the features of the website reserved for registered users. On the contrary, the usability of public content is also possible by completely disabling the cookies.
Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
(a) https://support.google.com/chrome/answer/95647?hl=en (Chrome);
(d) https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
(e) https://support.apple.com/kb/PH21411 (Safari);
This site uses
Duration: 2 years
Description: Used by Google Analytics to distinguish users.
Duration: 24 hours
Description: Used by Google Analytics to distinguish users.
Description: This session cookie is set to let Hotjar know whether that visitor is included in the sample which is used to generate funnels.
Duration: 1 month
Description: cookie used to store the acceptance to the use
The user can allow or disallow cookies everytime, just clicking this link.