Privacy and Cookies

P.a.c.c.o. Ltd.
82 Tavern Road
06050 Collazzone
P. Vat 03276440546
328/3989484

info.bookingcaribe@gmail.com

, as the data controller,

It informs you in accordance with Art. 13 Legislative Decree. 30.6.2003 n. 196 (hereinafter, “Privacy Code”) and Art. 13 EU Regulation no. 2016/679 (hereinafter, “GDPR”) that your data will be processed in the following manner and for the following purposes:

1. Object of Treatment

The Controller processes the personal, identifying data (e.g., first name, last name, company name, address, telephone, e-mail, bank and payment references)-hereafter, “personal data” or also “data”) that you provide when concluding contracts for the Controller’s services.

2. Purpose of processing.

Your personal data are processed:

A) without your express consent (Art. 24 lett. a), b), (c) Privacy Code and Art. 6 lett. (b), (e) GDPR), for the following Service Purposes:

Conclude contracts for the Holder’s services;

Fulfill pre-contractual, contractual and tax obligations arising from existing relationships with you;

Fulfilling obligations required by law, regulation, EU legislation or an order of the Authority (such as in the area of anti-money laundering);

To provide personalized services, roadside assistance, claims file management, quotes and others you request;

Exercise the rights of the Owner, such as the right of defense in court;

B) Only with your specific and separate consent (Articles 23 and 130 Privacy Code and Article 7 GDPR), for the following Marketing Purposes:

To send you by e-mail or mail, commercial communications and/or advertising material on products or services offered by the Owner and satisfaction survey on the quality of services;

We would like to point out that if you are already our customer, we may send you commercial communications relating to services and products of the Owner similar to those you have already used, unless you disagree (art. 130 c. 4 Privacy Code).

3. Method of treatment.

The processing of your personal data is carried out by means of the operations specified in Art. 4 Privacy Code and Art. 4 n. 2) GDPR and namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of data. Your personal data are subject to both paper and electronic and/or automated processing.

The Data Controller will process personal data for as long as necessary to fulfill the above purposes and in any case for no longer than 10 years after the termination of the relationship for the Service Purposes and for no longer than 2 years after data collection for the Marketing Purposes.

4. Data Access.

Your data may be made accessible for the purposes of Art. 2.A) and 2.B):

to employees and collaborators of the Data Controller or external companies in Italy and abroad, in their capacity as persons in charge and/or internal data processors and/or system administrators;

to third-party companies or other entities (by way of example, credit institutions, professional firms, consultants, ) that perform outsourced activities on behalf of the Controller, in their capacity as external data processors.

5. Disclosure of data

Without the need for express consent (ex art. 24 lett. a), (b), (d) Privacy Code and Art. 6 lett. (b) and (c) GDPR), the Controller may disclose your data for the purposes set forth in Art. 2.A) to Supervisory Bodies (such as IVASS), Judicial Authorities, as well as to those subjects to whom communication is obligatory by law for the fulfillment of the said purposes. These parties will process the data in their capacity as autonomous data controllers.

Your data will not be disseminated.

6. Data transfer

Personal data are stored on servers located in ITALY ), within the European Union. It is in any case understood that the Holder, should it become necessary, will be entitled to move the servers outside the EU as well. In such a case, the Data Controller hereby ensures that the transfer of data outside the EU will take place in accordance with the applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission.

7. Nature of data provision and consequences of refusal to respond

The provision of data for the purposes of Art. 2.A) is mandatory. In their absence, we will not be able to guarantee you the Services of Art. 2.A).

The provision of data for the purposes of Art. 2.B) on the other hand is optional. You can then decide not to give any data or to deny later the possibility of processing data already provided: in this case, you will not be able to receive newsletters, commercial communications and advertising material related to the Services offered by the Owner. He will, however, continue to be entitled to the Services set forth in Art. 2.A).

8. Rights of the data subject

As a data subject, you have the rights under Art. 7 Privacy Code and Art. 15 GDPR and specifically the rights to:

i. Obtain confirmation of the existence or non-existence of personal data concerning you, even if not yet registered, and their communication in intelligible form;

ii. Getting the indication: (a) of the origin of personal data; (b) of the purposes and methods of processing; (c) of the logic applied in the case of processing carried out with the aid of electronic instruments; (d) of the identification details of the owner, managers and designated representative under Art. 5, paragraph 2 Privacy Code and Art. 3, paragraph 1, GDPR; e) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as designated representative in the territory of the State, managers or appointees;

iii. obtain: (a) updating, rectification or, when interested, supplementation of data; (b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including data whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed;

(c) certification that the transactions referred to in subparagraphs. (a) and (b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except where this proves impossible or involves the use of means manifestly disproportionate to the right protected;

iv. Oppose in whole or in part: a) for legitimate reasons to process personal data concerning you, even if relevant to the purpose of collection; b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated calling systems without the intervention of an operator by e-mail and/or through traditional marketing methods by telephone and/or paper mail. It should be noted that the data subject’s right to object, set forth in the preceding paragraph (b), for the purpose of direct marketing by automated means is extended to traditional methods and that, in any case, the possibility for the data subject to exercise the right to object even in part remains unaffected. Therefore, the data subject may choose to receive only communications by traditional means or only automated communications or neither type of communication.

Where applicable, it also has the rights under Articles 16-21 GDPR (Right to rectification, right to be forgotten, right to restrict processing, right to data portability, right to object), as well as the right to complain to the Data Protection Authority.

9. Ways of exercising rights

You may at any time exercise your rights by sending:
a registered letter with return receipt to

P.a.c.c.o. Ltd.
82 Tavern Road
06050 Collazzone
P. Vat 03276440546
328/3989484

info.bookingcaribe@gmail.com

10. Owner, manager and appointees

The data controller is.

P.a.c.c.o. Ltd.
82 Tavern Road
06050 Collazzone
P. Vat 03276440546
328/3989484

info.bookingcaribe@gmail.com

The updated list of data processors and processors is kept at the registered office of the Data Controller.