Privacy Policy & GDPR Compliance

Italy Unlocked is committed to protecting and respecting your privacy. This Privacy Policy explains how and why your personal information is processed. Please read the following carefully to understand our approach and practices with regard to our treatment of your personal data. We hope this will help you make an informed decision about sharing personal information with us. In all your dealings with us please ensure that others you represent are aware of the content of our Privacy Policy and consent to your acting on their behalf.  

Definitions

  • Personal Data (Article 4 of the GDPR): any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Processing (Article 4 of the GDPR): any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, erasure or destruction.
  • Data Controller (Article 4 of the GDPR): the person or company that determines the purposes and the means of processing personal data.

Who we are

We are an elite Italian destination management company and tour operator specialised in tailor-made incoming travel services, owner of the italyunlocked.com domain.

In order to perform our business functions and activities, including making and managing travel bookings on behalf of our customers we need to collect, use and disclose personal information.

Here are our full details:

Italy Unlocked

VAT number: 11136600969

Insurance number: 4330835 subscribed with the insurance company Europ Assistance

Address: Via A. Fioravanti 30/A, 40129 Bologna (BO) Italy

Phone number: + 39 351 8350307

Email address: [email protected]

Data protection principles

This Privacy Policy provides mandatory information as required under Articles 13 and 14 of the Regulation (EU) 2016/679 (the General Data Protection Regulation or GDPR), which came into force on May 25, 2018.

We are a “Data Controller” for the purposes of the GDPR for any personal information you provide in connection with our relationship.

Italy Unlocked has adopted the following principles to govern its collection and processing of Personal Data:

  • Personal Data shall be processed lawfully, fairly and in a transparent manner.
  • Personal Data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are collected and/or processed.
  • Personal Data shall be accurate and, where necessary, kept up to date.
  • Personal Data shall be safeguarded, according to strict standards of security and confidentiality.
  • Personal Data shall be accessed only by authorized personnel, who are trained in the proper handling of customer information.

Collection of personal data

Italy Unlocked may collect and process your personal data including information:

  • That you provide by filling in forms on our website;
  • Received in correspondence sent to us via email or letter;
  • Received during phone calls to and from us;
  • That you provide by connecting with us via social media;
  • That you provide when you purchase products and services;
  • That you provide when you use our professional services as a client;
  • That you provide when you subscribe to receive marketing from us (e.g. newsletters);
  • That you provide when you complete surveys or provide us with feedback;
  • That you provide by reporting a problem with our website;
  • Concerning your visits to our website and the resources that you access.

Italy Unlocked may also receive information about you from a third party, for example:

  • From people (e.g. relatives/friends/travel agents/employers) making travel bookings on your behalf; 
  • From market research and data companies contracted by us to obtain information so that we may improve and market our products and services;
  • From partners performing services on our behalf.

Depending on the circumstances, in the course of providing a service to you, Italy Unlocked may collect, use, store and transfer different kinds of personal data such as:

  • Identity Data: includes your name, surname, marital status, title, date of birth, gender and passport details.
  • Contact Data: includes postal address, email address and telephone number.
  • Financial Data: includes bank account and payment card details.
  • Technical Data: includes internet protocol (IP) address, browser type, time zone setting and location.
  • Profile Data: includes requests made by you, your interests and preferences, details of the products and services you have purchased from us or which you have enquired about.
  • Marketing and Communications Data: includes your preferences in receiving marketing from us and your communication preferences.
  • Sensitive Data: includes details about your ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, dietary requirements and health information. We will only collect sensitive information with your explicit consent and where it is reasonably necessary for, or directly related to, one or more of our functions or activities (e.g. to make travel arrangements), unless we are otherwise required or authorised to do so by law. We will not use sensitive information for purposes other than those for which it was collected, unless we subsequently receive your consent to use it for another purpose.

Use of personal data

We collect personal information about you so that we can perform our business activities and functions and to provide the best possible quality of customer service. The way we process your personal data depends on our relationship with you. In each case the purposes for which we request the information will be clear from the context in which it is acquired. Most commonly, we will collect, hold, use and disclose your personal data in the following circumstances:

  • To fulfil your enquiries and the purposes for which you specifically provided the information;
  • To provide you with travel advice, deliver services you may have requested, assist you with travel bookings, perform the contract we are about to enter into or have entered into with you;
  • To manage our relationships with you and communicate with you by telephone, email, fax or post;
  • To contact you in the event of an emergency;
  • To comply with a legal or regulatory obligation including administration, billing and record-keeping purposes;
  • To identify a fraud or error;
  • To provide relevant information, which may include sensitive personal information, to medical staff in circumstances where we/they need to act on your behalf or in the interest of passengers or in an emergency;
  • To provide and improve customer service and support;
  • To inform you about new or existing products, services and special offers;
  • To enhance existing features or develop new features, products and services;
  • To contact you to seek your interest in taking part in research projects, such as surveys and interviews, in order to assist us in providing better services;
  • To make improvements to our website and make it easier to find the information you are looking for;
  • To allow us to personalise the content and advertising that you receive based on personal characteristics or preferences.

Purposes and legal bases for processing your personal data

Our use of your personal data as outlined above is subject to different legal bases for processing, including where necessary for:

A) Contractual purposes: Your personal data will be processed to fulfil the obligations of any contract we enter into with you or to fulfil your requests prior to entering into a contract with you. We will use your personal data to respond to your enquiries, send quotes, make travel bookings, purchase tickets and services, perform the contract and communicate with you.

B) Legal purposes: Your personal data will be processed to fulfil our legitimate interests, in compliance with our legal and regulatory responsibilities. We will use your personal data to comply with national and international laws and regulations regarding tax and accounting, travel safety and passenger transport and to exercise and defend our rights in the event of a litigation.

C) Business and statistical purposes: Your personal data will be processed to create statics and carry out market research.

D) Marketing, promotional and profiling purposes: Your personal data will be processed to identify new or existing products and services that we believe may be of interest to you. We may communicate these updates and promotional messages via email, sms, phone or your postal address. We will also use your personal data for profiling purposes, so as to analyse your travel preferences, improve our services and personalise content and commercial information that you receive. This profiling activity may be carried out by sending you satisfaction surveys or using profiling cookies to analyse anonymously a user’s activity on our website. 

At least one of the following circumstances must apply whenever personal data is processed:

  1. Consent: the individual has given clear consent for the processing of their personal data for one or more specific purposes mentioned above (A) Contractual purposes; B) Legal purposes; C) Business and statistical purposes; D) Marketing, promotional and profiling purposes);
  2. Contract: the processing is necessary for compliance with a contract;
  3. Legal obligation: the processing is necessary to comply with the law;
  4. Vital interests: the processing is necessary to protect someone’s life;
  5. Public task: the processing is necessary to perform a task in the public interest and the task or function has a clear basis in law;
  6. Legitimate interests: the processing is necessary for the legitimate interests of the Data Controller unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

Refusal or withdrawal of consent

You may decline to provide personal information to us and/or refuse cookies in your browser, although some of our features or services may not function properly as a result. For example:

  • If you do not provide us with the personal information necessary to fulfil A) Contractual purposes and B) Legal purposes, we may not be able to provide the requested products or services to you, either to the same standard or at all.
  • If you do not provide us with the personal information necessary to fulfil C) Business and statistical purposes and D) Marketing, promotional and profiling purposes, we may not be able to provide you with information about products and services that you may wish to receive, including information about discounts, sales or special promotions. We may also be unable to tailor the content of our website to your preferences and your experience of our website may not be as enjoyable or useful.

You may withdraw your consent at any time. If you would like to withdraw your consent or object to receiving any direct marketing to which you previously opted-in, you can do so by writing to us or calling us using the contact details at the end of this policy. This shall not affect the lawfulness of any processing that was based on your consent before you withdrew it.

Call recording

To maintain customer service standards and to assist staff training, we may record and monitor incoming calls.

IP Addresses

When you access our website our servers may record data regarding your device and the network you are using to connect with us, including your IP address. An IP address is a series of numbers which identify your computer, and which are generally assigned when you access the internet. We may use IP addresses for system administration, investigation of security issues and compiling anonymised data regarding usage of our website, including the number and frequency of visitors and customers to each web page and the length of their visits. This is statistical data about our users’ browsing actions and patterns and is not linked to personally identifiable information.

Disclosure of your personal data

We do not and will not sell, rent out or trade your personal information. We will only disclose your personal information to third parties in the ways set out in this policy and, in particular, as set out below, and in accordance with data protection laws. Note that, in this policy, where we say “disclose”, this includes to transfer, share (including verbally and in writing), send, or otherwise make available or accessible your personal information to another person or entity.

We may disclose your personal data for the following purposes:

  • To share the information with third parties in order to provide a product or service you have requested;
  • To send the information to persons or organisations who engage our services on their behalf, including where you are that third party’s customer;
  • To send the information to persons or organisations that work on our behalf to provide a product or service to you;
  • To comply with the law or the requirements of a regulatory authority;
  • To process your information for immigration, border control, security and anti-terrorism purposes.

We may disclose your personal information to the following persons or organisations:

  • Our employees, contractors, suppliers or third party service providers located in Italy or abroad for the purposes of the operation of our website and our business, in order to fulfil requests by you, manage your bookings, respond to your enquiries and to otherwise provide products and services to you, including, without limitation, airlines, hotels, car hire companies, tour guides, courier services, marketing and research agencies, payment processors, data entry service providers, electronic network administrators, debt collectors and professional advisors such as accountants, solicitors, business advisors and consultants.
  • A person making a travel booking on your behalf, where you are travelling on a booking made by another person (e.g. a family member, friend or work colleague).
  • Your employer, where you are an employee of one of our corporate, business or government clients and you are participating in an event or travelling for work purposes.
  • Airport, port, customs and immigration authorities, to comply with our legal obligations and any applicable requirements relating to your travel.
  • Government agencies and public authorities to comply with a valid and authorised request, including a court order or other valid legal process.
  • Regulatory bodies and law enforcement officials and agencies, including to protect against fraud and for related security purposes.
  • Enforcement agencies where we suspect that unlawful activity has been or may be engaged in and the personal information is a necessary part of our investigation or reporting of the matter.
  • External parties for research purposes and to identify other services in which you may be interested.
  • Travel industry partners to analyse trends and further improve our services to you.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We will not disclose your personal information otherwise than as described in this Privacy Policy without your consent unless we reasonably believe that disclosure is necessary to lessen or prevent a threat to life, health or safety or for certain action to be undertaken by an enforcement body (e.g. prevention, detection, investigation, prosecution or punishment of criminal offences), where disclosure is authorised or required by law or disclosure is otherwise permitted by applicable privacy laws.

Transfer of your personal data outside the EU

The personal information that we collect from you may be transferred to, and stored at, a destination outside the European Union (EU). It may also be processed by staff operating outside the EU who work for us or one of our suppliers or in circumstances where you have requested us to provide a product or service with international considerations and/or parties related to your request are located abroad. Before we transfer your personal data outside the EU we will take all reasonable steps necessary to ensure that any such transfer is made securely and that there is adequate protection in place to safeguard your personal data, as required by the Act and Chapter V of the GDPR.

It is possible that information will be transferred to a non-EU recipient located in a jurisdiction where you will not be able to seek redress under the GDPR and that does not have an equivalent level of data protection as in the EU. To the extent permitted by the GDPR, we will not be liable for how these non-EU recipients handle, store and process your personal information.

Personal Data shall not be transferred to a country or territory outside the EU unless the transfer is made with the consent of the Data Subject or is made to satisfy the legitimate interest of Italy Unlocked in regard to its contractual arrangements with its clients.

Storage of your personal data

We will retain and use your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. The length of time we retain it will depend on the nature of any contracts we have in place with you, any legal obligations we have (such as tax recording purposes), the existence of your consent or our legitimate interests as a business.

The length of time will vary in accordance with the following circumstances:

  • Purchases: when you purchase from us we retain that information for a minimum period of ten (10) years following the end of the financial year during which you purchased from us. It is our legal obligation to keep these records for tax and accounting purposes.
  • Enquiries: unless you provide consent for future contact during your enquiry, we will keep your information for as long is required to complete your enquiry and for a further twelve (12) months before deleting your information.
  • Marketing and profiling activities: if you give us your consent to use your data for C) Business and statistical purposes and D) Marketing, promotional and profiling purposes, we will retain your data for a maximum of ten (10) years.
  • Disputes and controversies: in order to protect and exercise our rights in case of legal disputes we will retain your personal information for as long as is reasonably necessary for the purpose.

After the above-mentioned periods of time your personal information will be cancelled automatically or rendered permanently anonymous.

Data Subject rights

Your personal information is protected under data protection law and, as a Data Subject, you have a number of rights which you can seek to exercise. Please contact us in writing, by email or telephone using the details shown at the end of this email if you wish to do so, or if you have any queries in relation to your rights. Please note the following rights do not apply in all circumstances.

  • Right to be informed. This means anyone processing your personal data must make clear what they are processing, why and how your data will be used.
  • Right of access. You have the right to access your personal data that we hold.
  • Right to rectification. If you discover that the information we hold about you is inaccurate or incomplete, you have the right to have this information updated, modified and corrected.
  • Right to erasure or Right to be forgotten. Under certain circumstances you may ask for your personal data to be deleted. This would apply if the personal data is no longer required for the purposes for which it was collected, or your consent for the processing of that data has been withdrawn, or the personal data has been unlawfully processed. This right is not absolute and it may not be possible for us to delete the information we hold about you, for example, if we have an ongoing contractual relationship or are required to retain information to comply with our administrative, legal, or security In short, we cannot erase data that is vital while you are still currently our customer (e.g. basic account information like an email address).
  • Right to restriction of processing. In some cases you may have the right to ask for a temporary halt to processing of personal data. For example, where you contest the accuracy of your personal information, its use may be restricted until the accuracy is verified.
  • Right to object to processing. You may object to the processing of your personal information which is inconsistent with the primary purpose for which it was collected, including profiling, automation, direct marketing and statistical analysis. 
  • Right to data portability. Where any personal information has been processed on the basis of your consent or as necessary to perform a contract to which you are a party, you have the right to request a copy of such personal information in a structured, commonly used and machine-readable format.
  • Right to withdraw consent. You have the right to withdraw your consent where we are relying on consent to process your personal data. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
  • Rights in relation to automated decision making and profiling. You have the right not to be subject to a decision based solely on automated processing.

Security

Italy Unlocked is committed to safeguarding personal information and will implement and maintain appropriate technical and organisational measures to ensure a level of security appropriate to protect any personal information provided to us from accidental or unlawful destruction, loss, misuse, unauthorised access, modification and disclosure.

Personally identifiable information we collect about you is stored in limited access servers. Only authorised personnel and contractors have access to personally identifiable information. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. 

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information we cannot guarantee the security of your personal information transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Policy modifications

We may amend this Privacy Policy from time to time. We will post changes here, so please be sure to check back periodically and take note of any modifications we have made. However, you may rest assured that if the Privacy Policy changes in the future, we will not use the personal information you have submitted to us under this Privacy Policy in a manner that is materially inconsistent with this Privacy Policy, without your prior consent.

Contact us

If you have any questions about how we treat your personal data and protect your privacy, or if you have any comments or wish to seek to exercise any of your rights as outlined above, to opt-out of receiving marketing communications from us or to complain about our use of your personal data, please contact us by:

error: Alert: Content selection is disabled!!