Privacy Policy

According to Regulation (EU) 2016/679 (hereinafter 'Regulation'), this page describes how personal data of users consulting the website www.isytravel.com are processed. 

This information does not concern other sites, pages, or online services accessible via hypertext links, which may be published on the site but refer to resources external to the domain of the Data Controller.

Please note that the privacy policy may be modified from time to time based on the activation of new services or legal updates; therefore, it is advisable to periodically check for any updates by consulting this policy.

Click here to read the complete Privacy Policy.

The Data Controller of personal data is Bikelife di Claudio Di Dionisio, with legal headquarters in Francavilla al Mare (CH), C. da Castelvecchio 4.
Email address: info@isytravel.com

DATA PROTECTION OFFICER:
The Data Protection Officer is Claudio Di Dionisio.
Email address: direzione@isytravel.com

Consent of the data subject, fulfillment of a contract to which the data subject is a party, execution of pre-contractual measures initiated at the request of the data subject, as well as the pursuit of a legitimate interest are the legal bases that, depending on the data processing carried out on the site, will be applicable.

The processing related to the web services of this site takes place in Italy and is managed by the Data Controller and other external processors during update and maintenance operations. No data from the web service is disclosed. The personal data voluntarily provided by users who submit contact requests are used solely for the purpose of executing the requested service or performance, possibly through external service providers, always within the territory of Italy.

Navigation Data
The computer systems and software procedures responsible for the functioning of this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes:

• IP addresses or domain names of the computers and terminals used by users,
• URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources,
• the time of the request,
• the method used to submit the request to the server,
• the size of the file received in response,
• the numerical code indicating the status of the response given by the server,
• and other parameters related to the user's operating system and computer environment.
• Such data, necessary for the use of web services, are also processed for the purpose of:
• obtaining statistical information on the use of services (most visited pages, number of visitors by time slot or daily, geographical areas of origin, etc.),
• ascertaining responsibility in the event of hypothetical cyber crimes against the site, for statistical purposes,
• improving navigation and content of the site.

Data Voluntarily Provided by the User
The optional, explicit, and voluntary sending of messages to the contact addresses of the Data Controller, as well as the completion and submission of forms present on the site, involves the acquisition of contact data, as well as all personal data included in the communications/completions necessary to:

• respond to any requests,
• manage and execute the requested service,
• carry out direct marketing where permitted.

Cookies and Other Tracking Systems
The data possibly acquired through cookies and the methods for managing them are fully described in the "cookie policy" document, which we recommend reviewing.

In accordance with the principles of lawfulness, purpose limitation, and data minimization, as per Article 5 of the GDPR, the retention period for personal data is set for a duration not exceeding what is necessary to achieve the purposes for which they were collected and processed, while respecting the timeframes for the proper provision of necessary services.

Apart from what is specified for navigation data, the user is free to provide the personal data requested in the forms. If the data are acquired through consent, the user has the right to withdraw that consent at any time without affecting the lawfulness of the processing based on the consent given before the withdrawal.

Personal data are processed using automated tools for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent data loss, unlawful or improper use, and unauthorized access.

The recipients of the data collected by the site are:

• third-party technical entities, whose knowledge of the data is necessary for the performance of their duties related to the development and maintenance of the web platform, appointed by the Data Controller as data processors pursuant to Article 28 of the Regulation;
• specifically authorized personnel of the Data Controller;
• any external service providers acting as independent data controllers or duly appointed data processors under Article 28 of the GDPR, in order to carry out the service or performance requested by the user.

Some personal data may be transferred to recipients located outside the European Economic Area. In such cases, the Data Controller ensures that the electronic and paper processing of Personal Data by the recipients is carried out in compliance with applicable regulations. Transfers are based alternatively on an adequacy decision, on the Standard Model Clauses approved by the European Commission, or according to the guarantees offered by the Privacy Shield.

Data subjects, pursuant to Articles 15-22 of the GDPR, have the right to:

• request confirmation of the existence of their personal data;
• obtain information about the purposes of processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be disclosed, and, when possible, the retention period;
• obtain rectification and erasure of the data;
• obtain restriction of processing;
• obtain data portability, meaning receiving their data from a data controller in a structured, commonly used, and machine-readable format, and transmit it to another data controller without hindrance;
• object to processing at any time, including processing for direct marketing purposes;
• object to automated decision-making processes related to individuals, including profiling.

The data subject also has the right to lodge a complaint with a supervisory authority pursuant to Article 77 of the GDPR.

To exercise their rights, data subjects can send a request to the contact details of the Data Controller provided in this policy. Requests are made free of charge and will be fulfilled by the Data Controller as soon as possible, in any case within 30 days.