INFORMATION NOTICE REGARDING THE PROCESSING OF CLIENTS’ PERSONAL DATA
PURSUANT TO ARTICLES 13 AND 14 OF REGULATION (EU) 2016/679 (“GDPR”)
DATA CONTROLLER
yex NETWORK S.r.l.
Address: Piazza di Sant’Andrea della Valle 3 – 00186 Rome
Phone number: 0645509180
E-mail address: amministrazione@yextravel.com
CATEGORIES OF PERSONAL DATA PROCESSED
First name, last name, place and date of birth, tax code, residence, identity document number, gender, phone contacts (hereinafter “Personal Data” or simply “Data”)
SOURCE OF PERSONAL DATA
The data is provided directly by the data subjects at the time of a booking request through the appropriate channels used by yex.
PURPOSE OF PROCESSING – LEGAL BASIS FOR PROCESSING – DATA RETENTION PERIOD
Purposes related to the establishment and subsequent execution of the contractual relationship (e.g. acquisition of preliminary information for the conclusion of the contract, execution of operations based on obligations arising from the contract, sending of informative/updates/etc. communications related to the provided service).
– Legal basis: Execution of the contract or of pre-contractual measures, art. 6.1, letter b) of the GDPR.
– Retention period: For the entire duration of the contractual relationship and, after termination, for up to 10 years.
In case of contractual relationship: purposes related to the fulfilment of administrative obligations and other legal obligations under sectoral laws, regulations and EU legislation.
– Legal basis: Legal obligation to which the Data Controller is subject.
– Retention period: For the entire duration of the contractual relationship and, after termination, for up to 10 years.
If necessary, to ascertain, exercise or defend the rights of the Controller in or out of court.
– Legal basis: Legitimate interest of the Controller (art. 6.1, letter f) of the GDPR). – Retention period: For the duration of the claim and/or the extrajudicial and/or judicial proceedings, until the expiry of the terms for legal protection and/or appeals.
Once the retention periods have expired, the data will be destroyed, deleted or anonymized, in accordance with the technical deletion and backup procedures.
DATA PROVISION
The provision of data is mandatory for the establishment and execution of the contractual relationship with the Client. Failure to provide such data will make it impossible to conclude the contract and provide the services. Furthermore, data provision is also mandatory for administrative obligations and other legal duties. Refusal to provide the requested information may result in the impossibility of carrying out the requested operation.
CATEGORIES OF DATA RECIPIENTS
Personal Data may be communicated, including in execution of legal obligations, to entities acting as independent data controllers and/or processed by subjects acting on behalf of the Controller and specifically appointed as Data Processors pursuant to art. 28 of the GDPR, such as IT service providers.
AUTHORIZED SUBJECTS FOR DATA PROCESSING
The data may be processed by employees of the company departments in charge of pursuing the above purposes, who have been expressly authorized to process the data and have received appropriate operational instructions.
DATA SUBJECT’S RIGHTS – COMPLAINT TO THE SUPERVISORY AUTHORITY The GDPR grants the data subject specific rights, including the right to obtain from yex NETWORK confirmation as to whether or not personal data concerning them is being processed and, if so, access to such data and the information referred to in Article 15; correction of inaccurate data; completion of incomplete data; deletion of data in the cases provided for in Article 17 (note: the right to erasure does not apply if processing is necessary for compliance with a legal obligation or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller); restriction of processing in the cases provided for in Article 18; and objection, for reasons related to their particular situation, to processing based on legitimate interest of the controller (e.g., to oppose the sending of commercial communications relating to services similar to those purchased).
By contacting yex NETWORK’s office located in Piazza di Sant’Andrea della Valle 3 or via email at amministrazione@yextravel.com, data subjects may:
– request access to their data, erasure, correction of inaccurate data, completion of incomplete data, and restriction of processing;
– object to processing in cases of legitimate interest of the controller for reasons related to their specific situation;
– receive their data in a structured, commonly used, and machine-readable format and, if technically feasible, transmit it to another controller without hindrance (“right to data portability”);
– lodge a complaint with the competent Supervisory Authority.
