PRIVACY POLICY – art. 13 Regulation (EU) 2016/679

Alice Salvagnin, as Data Controller, pursuant to Article 13 of Regulation (EU) 2016/679 ("General Data Protection Regulation," hereinafter "GDPR"), hereby informs Users who access and use the website capriprivatetours.com (hereinafter, "the Website") about the methods of processing their personal data.

This privacy policy is subject to change in accordance with legislative amendments and/or new purposes that may be pursued through the Website. Please consult the "Last updated" section at the bottom of this page to know when this policy was last updated.

1. Data Controller

The Data Controller is Alice Salvagnin VAT No. 07359950966, phone number +39 338 7090880, e-mail info@capriprivatetours.com (hereinafter, the "Controller").

2. Data Subject to Processing, Purposes, and Legal Basis

The Controller may process the following data:

Contact/information request section: data voluntarily provided by the User, such as email address, full name, phone number, and any personal data included in the request. The data will be processed to respond to the User's requests for information regarding the services offered. The legal basis for the processing is the performance of pre-contractual measures adopted at the request of the data subject (Article 6, paragraph 1, letter b) GDPR).

The voluntary sending of emails to the address indicated on the Website involves the processing of the email address and any data present in the communication.

In any case, the processing of the aforementioned data for the defensive needs of the Controller or to comply with legal obligations or requests from Authorities is reserved.

3. Processing Methods

The data will be collected electronically, protected against risks of destruction, alteration, deletion, and unauthorized access through adequate physical, logical, and organizational security measures. It will be further processed, including on paper, to the extent and for the time strictly necessary to fulfill the purposes indicated above.

The data may be processed by individuals working within the Controller's internal organizational structure, as well as by any external parties necessary for the provision of the requested services, appointed as Data Processors pursuant to Article 28 of the GDPR. There are no automated profiling processes.

4. Communication to Recipients and Dissemination

The data acquired through the Website may be communicated to the Controller's collaborators, who are specifically authorized for processing, and to service providers offered through the Website or related to its operation, acting as Data Processors. The data will not be disclosed to third parties, except in the case of requests by a public authority or as required by law. The data shall not be transferred to non-EU countries o to international organizations nor shall be disseminated.

5. Data Retention Period

The Controller will retain the data for the time necessary to achieve the purposes for which it was collected, after which it will be deleted or anonymized, except for any retention obligations required by law.

6. Mandatory and Optional Nature of Personal Data Provision

The provision of data requested in the contact form is mandatory where marked as such (*). Refusal to provide the aforementioned data will make it impossible to manage requests.

7. Rights of the Data Subject pursuant to Articles 15-21 GDPR

Pursuant to Articles 15-21 GDPR, Data Subjects have the right to:

obtain confirmation as to whether or not personal data concerning them is being processed, and where that is the case, access to the personal data and the information (right of access - Article 15 GDPR);
obtain without undue delay the rectification of inaccurate personal data or to have incomplete personal data completed (right to rectification - Article 16 GDPR);
obtain the erasure of personal data without undue delay (right to erasure - Article 17 GDPR);
obtain restriction of processing (right to restriction of processing - Article 18 GDPR);
object at any time to processing on grounds relating to their particular situation (right to object - Article 21 GDPR).

These rights can be exercised by contacting the Controller at info@capriprivatetours.com.

Data Subjects may also lodge a complaint with the Italian Data Protection Authority ("Garante per la Protezione dei dati personali") pursuant to Article 77 GDPR.