Dear Visitor of the Website, complying with Privacy Law is particularly dear to us.
In particular, "General Regulation on Data Protection" (EU Regulation 2016/679, known under the English acronym "GDPR") requires us to provide you with the following information on the processing of your Personal Data, pursuant to Article 13 of the aforementioned Regulation.
"Processing of Personal Data", in plain words, means any operation concerning any "information relating to an identified or identifiable natural person". For example, first and last name, or an email address with a "user name" that identifies you (e.g. mariorossi@....), is considered "Personal Data", and the actions of collection, registration with us and use of your Personal Data to send you a communication, are considered "Processing" operations; same applies (again, for example) to communication of Data to other organizations and storage.
Depending on whether you are a simple Visitor, sending us a Request through the Contact Form, or at the addresses you can find at the Contact Page, we collect and/or we require you to provide us with Data, necessary to permit you to browse our Website and/or receive our answers to your requests.
Our organisation is defined as the "Data Controller", meaning that we are the entity that establishes how and for what purposes information relating to natural persons are processed.
You, as the "individual to whom the Personal Data refer", are referred to as the "Data Subject", and are entitled to receive the following information about who we are, what personal data we process, why, how and for how long we process it, and what obligations and rights you have in this regard.
If you are a natural person or a sole proprietorship, you are the Data Subject; if you are a private or public organization (e.g. a corporation, association, public body), the Data Subjects are the natural persons who administer the organization itself or who operate under its authority (e.g. its employees); information strictly related to the organization (e.g. tax code number or VAT number) is not considered Personal Data.
The website of the Italian Data Protection Authority contains further information useful to better understand the topic (see e.g.: http://www.garanteprivacy.it/home/diritti).
Who are we ("Data Controller")?
Flight Solutions S.r.l., Fiscal Code and VAT number 10598200011, registered in the Commercial Register of Turin, register of companies n. TO-1146819, fully paid-up share capital € 10.000,00, based in General Aviation Terminal Aeroporto Città di Torino, Strada San Maurizio, 12,10072 Caselle T.se (TO) Italy.
What categories of Personal Data do we process?
“Common" personal data requested in the “Contact Form” (name and surname, e-mail address, telephone number, enterprise, whether you are a “broker”), and all the others included in the email you address us.
We require you not to put in the text of the communications you send us any “particular information” referred to you or others (e.g. health data).
In order to allow you to browse the Website, we process Browsing Data, that often does not consist of Personal Data because they are not suitable to identify you. to the minimum extent necessary to achieve each of the Purposes indicated below. For more information on what Navigation Data means and under what conditions it consists of Personal Data, please refer to the respective Glossary entry at the end of this Policy.
Why do we process Personal Data (Purpose) and what is the basis for the Processing (Legal Basis) of each category of Data?
To whom do we communicate the Data (Categories of Recipients)?
To the minimum extent necessary to achieve each of the Purposes, on the basis of the Applicable Rules and/or a contractual agreement with the Data Controller, a:
persons/entities necessary for the execution of the activities connected and consequent to the management of the Website and the supply of Services, who act as Data Processors (e.g. IT service providers, etc.);
consultants and/or professionals appointed by us, autonomous Data Controllers;
subjects necessary for the execution of activities related and consequent to the execution of pre-contractual measures required, acting as Data Processors or as autonomous Data Controllers (e.g. suppliers of computer services, banking, insurance, shipping and transport, commercial agency, accounting, tax, legal, etc.);
other persons authorised by us (e.g. our employees), committed to confidentiality or subject to a legal obligation to confidentiality;
public organisations and Authorities, if and to the extent required by the Applicable Law or their orders, or for the exercise, assessment and/or defence of a right in court.
Do we transfer Personal Data outside the European Economic Area?
No, we do not transfer Personal Data outside the European Economic Area (EEA).
In the marginal hypotheses in which this may occur, any transfer of Data to companies and/or third parties located in countries outside the EEA is carried out within the limits and under the conditions set out in Articles 44 et seq. of the GDPR. In particular, the transfer will be made to entities (third countries and/or international organizations) for which there is an adequacy decision of the European Commission pursuant to Article 45 GDPR, or on the basis of one of the other guarantees or derogations provided for in Chapter V of EU Regulation 2016/679 (GDPR).
Do we carry out automated decision-making processes and/or profiling activities?
No, we do not carry out any automated decision-making processes or profiling activities.
How long do we keep the Data?
We keep the personal data of those who write to us for information (through the Contact Form or in other ways) to get more information or request a quote for a maximum of two years after the request. As regards Browsing Data, see the following point.
We process Personal Data for Marketing purposes until the withdrawal of the consentany consent given is revoked, and in any case no later than five years after the consent was given.
Does the Website make use of Cookie?
Are you obliged to provide us with Personal Data?
Due to the operation of the Internet network, you may not refuse to communicate your Browsing Data.
Of Course you are not obliged to send us a request through the Contact Form or contact us at the numbers on the Website, at the page “Contacts”, but if you intend to do it, then you will have to provide us your Personal Data we need.
In case you refuse to communicate your Personal Data, we will not be able to provide you the quote you ask for.
Also it is not mandatory to express consent for Processing Personal Data for the purpose of Marketing.
What happens if you refuse to communicate your Data?
If you do not agree to provide us with your Data, we will not be able to respond to the requests you send us at the contact details available on the "Contact Us" page.
If you refuse (initially or subsequently) the processing for Marketing purposes, you will not be subject to any particular consequences, but you will not (or can no longer) be informed about news related to our activities, nor benefit from any promotions, discounts or bonuses.
What rights do you have as a "Data Subject"?
You, as the person to whom the data refer ("Data Subject") have the right to:
to access the data held by the Controller, and to ask for a copy, unless the exercise of the right violates the rights and freedoms of other natural persons;
request the rectification of incomplete or inaccurate data;
request the erasure of the data, subject to the exclusions or limitations established by the Applicable Law (e.g. Art. 17 § 3 GDPR);
request the restriction of processing, if the conditions are met and subject to the exclusions established by Art. 18 § 2 GDPR;
request data portability (i.e. commonly used and machine-readable format, so that they can be transmitted to another Data Controller without hindrance), to the extent that the processing is based on consent or on the need to perform a contract, where technically possible and except where the exercise of the right infringes the rights and freedoms of other natural persons;
lodge a complaint with a Supervisory Authority (in Italy, www.garanteprivacy.it), or with the Data Protection Authority of the EU State where he or she habitually resides or works, or of the place where the alleged violation occurred.
Right to object
You may object to the processing of data based on consent (the purpose of Direct Marketing), by not giving it initially or by withdrawing it subsequently (with the warning that any subsequent revocation of consent does not affect the lawfulness of the data processing carried out in the period prior to such revocation).
The exercise of the above rights may also be delayed, limited or excluded in the cases provided for by art. 2-undecies d. lgs. 196/2003.
Who can you contact for questions or to exercise your rights?
You may contact the Data Controller for questions concerning the processing of your Personal Data and in order to exercise your rights by sending an email to firstname.lastname@example.org, or by post to General Aviation Terminal Aeroporto Città di Torino, Strada San Maurizio n. 12,10072 Caselle T.se (TO) Italy
The information presented herein relates exclusively to the processing of personal data collected through this Website. In the event that you enter into a relationship with us that goes beyond simply browsing the Website or requesting information, you will receive further information regarding the processing of your personal data.
We do not intentionally collect personal information from individuals under the age of sixteen. In the event that information about children is recorded, we will delete it in a timely manner, at the request of the person concerned or of those exercising authority over them.
"Applicable Law": any provision, of whatever rank, belonging to Italian or European Union law, in any way applicable to the Website.
"Authority": public or private body or organisation with administrative, judicial, police, disciplinary and supervisory powers.
"Authorised": the natural person, placed under the direct authority of the Data Controller, who receives instructions from the latter on the Processing of Personal Data, pursuant to and for the purposes of Article 29 of the GDPR.
"Committee" or "EDPB": the European Data Protection Committee, established by Art. 68 of the GDPR and governed by Articles 68 to 76 of the GDPR, which replaces WP29 from 25/5/2018.
"Communication": "giving knowledge of personal data to one or more specific subjects other than the data subject, the representative of the data controller in the territory of the European Union, the data controller or its representative in the territory of the European Union, persons authorised, pursuant to article 2-quaterdecies, to process personal data under the direct authority of the data controller or the data processor, in any form whatsoever, including by making the data available, consulting or interconnecting them" (as defined in article 2-ter, paragraph 4, letter a of the Privacy Code).
“Contact Form”: the Form available on the Website, composed by one or more pages, through which the Visitor can send information requests and quotes.
"Cookies": short fragments of text (letters and/or numbers) that allow the web server to store information on the browser to be reused during the same visit to the Website (session cookies) or afterwards, even after days (persistent cookies). Cookies are stored, according to the user's preferences, by the individual browser on the specific device used (computer, tablet, smartphone). The following categories are considered:
Technical cookies: these cookies are essential for the correct functioning of the Website and are used for the sole purpose of "transmitting a communication over an electronic communication network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or User to provide such service" (see art. 122, par. 1, of the Privacy Code).
Analytical cookies: these cookies are used to anonymously collect and analyze the Website’s traffic and usage. These cookies, while not identifying the user, allow, for example, to detect if the same user logs in again at different times. They also make it possible to monitor the system and improve its performance and usability. The deactivation of such cookies can be performed without any loss of functionality.
Profiling cookies: these cookies are persistent ones used to (anonymously or otherwise) identify your preferences and improve your browsing experience.
Third party cookies (analytical and/or profiling): these cookies are generated by organisations not part of the Website, but integrated into parts of the Website page. For example, Google widgets (e.g. Google Maps) or social plugins (Facebook, Twitter, LinkedIn, Google+, etc.).
"Browsing Data": are the data that the computer systems and software procedures used to operate the Website acquire, during their normal operation, and whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified Data Subjects, but given their very nature, this information could, through processing and association with data by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users who connect to the Website, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc..) and other parameters relating to the operating system and computer environment of the user. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the Website and to check its correct functioning and is deleted immediately after processing.
"Personal Data": shall mean "any information relating to an identified or identifiable natural person ("Data Subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person" as defined in Article 4(1)(1) of the GDPR).
"Recipient": means “a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not", as defined in Article 4, sub-paragraph 1, no. 9, of the GDPR.
"GDPR": Regulation (EU) 2016/679 "on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)".
"Data Controller": "the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data", as defined in Article 4, sub-paragraph 1, no. 7, of the GDPR.
"Data Subject": "identified or identifiable natural person", as defined in Article 4, sub-paragraph 1, no. 1, of EU Regulation 2016/679 (so-called "GDPR").
"Data Processor": "a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller", as defined in Article 4, sub-paragraph 1, no. 8, of the GDPR.
"Profiling": means "any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements", as defined in Article 4, subparagraph 1, no. 4, of the GDPR.
"Privacy Code": Legislative Decree no. 196/2003 and subsequent amendments and/or additions (in particular by Legislative Decree no. 101/2018).
"Privacy Law": EU Regulation 2016/679 ("GDPR"), Legislative Decree 196/2003 and subsequent amendments and/or additions ("Privacy Code"), as well as the measures adopted by the Supervisory Authority in execution of the tasks established by the GDPR and the Privacy Code, and further applicable legislation, of whatever rank, including the opinions and guidelines drawn up by the Committee.
"Processing": "any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction", as defined in Article 4, subparagraph 1, no. 2, of the GDPR.
"Publication": the action by which the Data Controller communicates information on the Website, without implementing procedures that require the Visitor to view it.
"Restriction of processing": "the marking of personal data stored with the aim of limiting their processing in the future", as defined in Article 4, sub-paragraph 1, no. 3, of the GDPR.
"Regulations" or "Regulations": one or more of the sets of regulations referred to in this Act as Privacy Law and Applicable Law.
"Third party" means "a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data", as defined in Article 4(1)(10) of the GDPR.
"Visitor": the natural or legal person who uses a device and navigates, through the Internet, on the public pages of the Website.
"Website": the web pages displayed through https://flightsolutions.it, subdomains included.
"WP29": the Working Party on the Protection of Individuals with regard to the Processing of Personal Data, established pursuant to Article 29 of Directive 95/46/EC, whose tasks are set out in Article 30 of Directive 95/46/EC and Article 15 of Directive 2002/58/EC.