I. Data manager
Name: Andrea Toreki
Address: via Giovanni XXIII. 1. 89900 Vibo Valentia, Italy
Telephone:+39 349 054 0339
II. Contact of data manager
We do not have an activity which oblige us to hire a data manager.
III. The aim and basic of data management
The aim of this information sheet is to make clear for our partners and visitors which and how personal data are managed by us. We list in points so it could be clearer and more understandable. You can read them at the end of this information sheet.
- Contact sheet
On this website there is a contact sheet which gives the visitor the possibility to contact us online. We ask for name and e-mail address. We manage these data with authorization.
- Facebook page
We also receive some personal data on our Facebook Page with the authorization of the visitor. Our FB Page gives us the possibility to get in touch with people onlien, comment on feeds, giving a possibility to express opinion, marketing activities. We do not have the possibility to send private messages, we can ask to contact us on different chanel.
- Contact on phone
If you call us on the phonenumber written on our website, we will see your phone number. Probably you will introduce yourself, so we will know your name. We will manage these data with your authorization, aim to call you back, if we can not answer right away. If we do not have any business relation between us, we wont save your phone number and name.
- Contacts of business partners
We manage the data of our partners, workers and contact persons considering the interest.
Cookies are sent to browsers usually in order to save some settings, make the use of the website easier and they cooperate in collecting relevant statistic information about visitors. Cookies do not contain personal data, they can not identify persons. Some cookie disappears after closing the website, and some will be stored on the pc.
You can block all activities of cookies by deleting the data files, about that you can inform on different browsers:
Managing cookies and data web space in Chrome,
Information on cookies for Firefox,
Managing cookies in Internet Explorer and in Edge.
Some browser give you the possibility to delete automatically data after you have closed the website. You can read about it here
If you download some part of our website, our statistical softver could place on you pc files with your personal data. If this happens, you will receive information about that, when you visit the website for the first time and we ask for your authorization. The datafiles are necessary for the operation of some functions of the website. About this you can have more information here:
Google Analytics stores this IP number without a name, can not connecti with the user. Dates are stored for 26 months, which period restarts if new event happens with the user.
If you want to block Google Analytics for adding your visit to its analitic, you can use this.
Google uses some cookies which can connect the activities of the user on different equipments, if the user signed in in the Google account. If you do not want that Google advirtesement appear on the different advices, you can switch it off with this.
If you have received a cookie before from Facebook – because you have an account or you searched for Facebook, the browser sends data regarding this cookies, when you look for a site which has a Like botton.
On our website we use Facebook conversion measurer pixel for marketing reason. We also ask the authorization for that, when you first visit our website. These data will end up also by Facebbok.
IV. Withdrawal of authorization
Based on authorization are the following activities:
- Contact through our contact sheet
- Facebook page
- Making statistics on number of visitors
- Contact on phone
It is possible to withdraw the authorization on a simple way, as the visitor gave it.
Its possible to withdraw the authorization by unlike the Facebook page, in case of private message or comment, by deleting that.
In case of other data management authorization, please write a short message on firstname.lastname@example.org .
Datamanagement before the withdrawal is lawful.
V. Obligation of contract
We are obliged to make an invoice. If you do not give us the asked data, we can not fulfil the service.
After ordering our services, we will have a written or oral contract. We make contracts with legal person, but it could happen that in our contract we will have some personal data, like the name, phone number, e-mail address of the contact person. We have to know these data in order to have a valid contract, we have to know who is the other party and how to reach him. Without knowing those data, we are not able to make contract and fulfil our services.
VI. Legitimate cause
We handle the data of our partners and contact persons based on legitimate cause.
We have received those data from our partners through corrispondence, personal meetings, and they could understand already that we handle that trustfully. We still made the test to measure the interest, and our partners can have a look at it. We provide the veto to all of our partners.
VII. Period of storing the data
Contact sheet (name and e-mail) – until closing our business, but overexam every 6 months
Facebook page (name and comment) – until deleting the page, until withdrawel of Like, until deleting the activity
Name and address of invoicing – until the period of written in law, for private entrepeneurs until the present year + 5 years
Data of our business partners (name, e-mail address, phone number) – until we are still in contact as business partners, or until the request of deleting
Cookies coming from the website holidayincalabria.com – until the validity of the cookies, until user does not delete them on its browser
GA visitors statistic – 26 months
VIII. Security provisions
We take care of the securtiy of the personal data. We can enter to our computers after have given the password, which is protected with an antivirus program. To Gmail and Facebook our employees can enter with double identification. We do all our best to protect our website from hackers and we also use SSL.
We have taken in consideration the present situation of the science and technology, the circumstances, the aims and the risk of the freedom of persons by prepareing the suitable security provisions.
We use data elaborator for some of our activities
MediaArt Online Megoldások Kft.
9022 Győr, Szent István street 16/a. fsz. 2.
(Accessing the full content of the website, forwarding emails received in our own domain email address.)
Receiving and sending emails:
Legal Department, Copyright/IP agent, Yahoo! EMEA Limited, 5-7 Point Village, North Wall Quay, Dublin 1, Ireland
(Accessing correspondence and all its data.)
Menlo Park, California, USA
Information about Data Management: https://www.facebook.com/about/privacy/update
Google Inc., Mountain View, California, USA
X. Transfer to third countries
The only third country to which data transfer is being made is the United States of America. Declaration of conformity with the USA was issued on 12 July 2016 (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en), which is also observed by Google (https://policies.google.com/privacy/frameworks), by Facebook (https://www.facebook.com/about/privacyshield). The GDPR policy is covered by the clause in the Automattic agreement (https://automattic.com/privacy/).
XI. Rights of the data subjects
- Right of access
Visitors to our website, clients and partners may request information on whether their personal data are processed and, if so, are authorized to access the following information:
- the purpose of data processing;
- the categories of personal data concerned;
- the recipients who were or will be provided with the personal data, including recipients from third countries and international organizations;
- the planned data storage period and, if this is not possible, the aspects defining this period;
- the right of the data subject to request the Data Controller to rectify, erase or restrict the processing of their personal data, and the right to object to the processing of such data.
A copy of the personal data that is the subject of the data processing will be made available to you. We charge a reasonable price in the amount of administrative costs for additional copies. If the request was received in electronic form, we will provide the information in commonly-used electronic form (.doc, .pdf, .xls, .jpg, etc.), except if the data subject requests otherwise.
The right to obtain a copy shall not have an adverse effect on the rights and freedoms of others.
- Right to rectification
Website visitors, clients, partners are entitled to request the correction of their inaccurate personal data. Taking into account the purpose of data processing, it is possible to request the completion of incomplete personal data. We are required to inform every recipient to whom we have communicated the personal data about the rectification, unless it proves impossible or requires inappropriate effort. The data subject is informed of these recipients if they so request.
- Right to erasure
We are obligated to erase, without undue delay, on request or without request, the personal data of our clients, mandators, website visitors if:
- the personal data are no longer needed for the purpose for which we collected or otherwise processed them;
- the mandator/client/visitor withdraws their consent forming the legal basis for the processing, and the processing has no other legal basis;
- the mandator/client/visitor objects to the data processing and there is no priority legal basis for data processing;
- we processed the personal data unlawfully;
- the personal data must be erased to meet legal obligations under EU or Member State legislation;
- the personal data were collected in connection with a service offer of an information company.
Should we publish personal data that we are required to erase, taking into account the available technology and the cost of implementing the measures, we will take reasonable steps to inform data controllers processing the personal data that the data subject asks them to delete all references to these personal data, their copy or replicas.
We are not obliged to erase personal data if the processing is necessary for submitting, enforcing or defending a legal claim. If we receive a request to erase such data, we will consider it and provide our decision in writing.
We are required to inform every recipient to whom we have communicated the personal data about the erasure, unless it proves impossible or requires inappropriate effort. We can inform the clients/mandators/users of the recipients on request.
- Right to restriction of processing
The clients/mandators/website visitors are entitled to request a restriction of personal data processing if:
- they question the accuracy of personal data, until clarification;
- the data processing is unlawful and they require the restriction of processing instead of data erasure;
- the personal data are no longer required for processing, but the user/client/mandator requires these to prove, enforce or defend legal claims;
- the user/client/mandator objected to data processing based on a legal basis; in this case, the restriction shall apply until it is verified that the legitimate reasons of the data controller outweigh the legitimate reasons of the data subject.
Where the data processing is subject to a restriction, such personal data shall be processed, excluding their storage, only with the consent of the user/client/mandator or for the purposes of proving, enforcing or defending legal claims or for the purposes of protecting the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.
We will inform the user/client/mandator of the cancellation of the restriction in advance.
We are required to inform every recipient who has been provided with the personal data about the restriction, unless it proves impossible or requires inappropriate effort. The client/mandator/user is informed of these recipients if they so request.
- Right to data portability
In the case of automated data processing, where the legal basis for the processing is the consent or performance of a contractual obligation, the client/mandator/website visitor is entitled to request the receipt and transfer to another data processor of their personal data provided by them in a divided, commonly accessible and machine-readable form if technically feasible.
The right to data portability cannot adversely affect the rights and freedoms of others.
- Right to object
The client/mandator has the right to object to the processing of their personal data at any time for reasons related to their particular situation if the legal basis is a legitimate interest. In this case, we may not process personal data further unless we demonstrate the necessary legitimate reasons for processing that outweigh the interests, rights and freedoms of the client/mandator or the reasons for proving, enforcing or defending legal claims.
- Automated individual decision-making, including profiling
Since we do not perform automated decision-making and profiling, we cannot provide this legal basis.
XII. In the case of a complaint
We take care of your personal data with the utmost care. However, if you feel that we did not take all the measures expected from us to protect your personal data or simply have a question, please contact us via email.
If our business violates the data protection policy, the data subjects can claim the enforceability of their rights before a court of competent jurisdiction. The consideration of the dispute is within the court’s authority.
XIII. Automated decision-making process
There is not an automated decision-making process in our business.
XIV. When defining the legal bases for the processing of personal data, we have taken this legislation into account
Distributing a bulletin containing advertising is only possible on the basis of the consent required by Regulation (EU) of the European Parliament and of the Council No. 2016/679, Article 6(1)(a) and also under the Act on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities No. XLVIII, Article 6(1)–(3).
Contact via the website, Facebook operation, traffic statistics and conversion tracking, cookies, and data processing from business-to-business contracts take into account Regulation (EU) of the European Parliament and of the Council No. 2016/679, Article 6(1)(a).
The processing of invoicing-related personal data is based on Regulation (EU) of the European Parliament and of the Council No. 2016/679, Article 6(1)(c) and the Taxation Act of 2017 CL, Article 78(3) (document storage period) and the Act CXXVII of 2007 on Value Added Tax, Article 169(e) (compulsory particulars of accounting documents).
This Directive shall enter into force on 25 May 2018 and, once the new directives, opinions or partial rules are known, we shall re-evaluate the content thereof. If the scope of our business changes or we introduce new marketing tools, we will also adjust the content.