Taoticket Srl, as a Data Controller in compliance with Italian law (Art. 13 of Legislative Decree (D. lgs.) of 30.06.2003, No. 196) and EU law, is committed to protecting the privacy of users in a clear and transparent manner and declares itself responsible for the security of customer data.
This Information Notice establishes the following:
What personal data of the user is collected and processed in connection with the relationship with us as a customer and through the use of our websites, Smartphone Apps and web services.
What personal information we collect
Personal data means all information relating to users that allows us to identify them, such as name, contact details, booking reference number, payment details and information on their access to our website.
Specifically, we could collect the following categories of information:
- Name and surname, home address, e-mail address, telephone number, passport number or identity card details, credit/debit card or other payment details;
- Advance Passenger Information (API), including name, nationality, date of birth, gender, passport or identity card number, expiration date and country of issue;
- Medical conditions for passengers who have special medical needs and/or dietary requirements;
- Travel history, including information on cruises and booked services;
- Information provided on the user's travel preferences;
- Information on purchases of products and services from our trusted partners;
- Information on the use of our website and/or app;
- Communications exchanged with us or addressed to us via letters, e-mail, chat service, telephone calls and social media;
- Location, including real-time geographical location of the computer or device via GPS, Bluetooth, and IP address, along with Wi-Fi crowd-sourced hotspots and repeater positions, if users use location-based features and activate geolocation services on their devices and computers.
Personal details about the user's physical or mental health, alleged commission of offences or criminal convictions are considered "sensitive" personal data under applicable data protection laws. We will process this data only if the user has given his explicit consent, or is necessary (for example, if the user requests special assistance), or has deliberately made it public.
What we use personal data for, why and for how long
User data may be used for the following purposes:
- To provide the requested products and services: we use the information provided by the user to perform the services requested in relation to the cruises and/or additional flights, including requests for changes to the cruise and/or flight;
- To contact the user in case of flight time change or flight cancellation: we send you communications about the services you have requested and about any changes to these services. These communications do not have marketing purposes and cannot be deactivated;
- Verification/screening of credit cards or other payment cards: we use payment information for accounting, billing and audit purposes and to identify and/or prevent fraudulent activity;
- Administrative or legal purposes: we use user data for statistical and marketing analysis, system testing, customer surveys, maintenance and development, or to respond to a dispute or complaint. We may perform data profiling based on the information we collect from you for use in statistical and marketing analysis. Any profiling activity will be performed only with the prior consent of the user and making every effort to ensure that all data on which it is based is accurate. By providing any personal data, the user explicitly accepts that we may use it to perform profiling activities in accordance with this Privacy Information Notice;
- Immigration/customs controls: we may be obliged to provide user information to the agencies responsible for border control;
- Security, health, administrative purposes, prevention/detection of crimes: we can also communicate user data to government authorities or bodies in compliance with legal requirements;
- Communications with customer service: we use user data to manage our relationship with you as our customer and to improve our services and improve the user experience with us;
- To provide tailor-made services: we use the user's data to provide information that we believe is of interest, before, during and after the trip with us, and to customise the services we offer to the user, such as special offers for preferred destinations or Family Plus offers;
- Marketing: from time to time we will contact you with information regarding promotions on cruises and ancillary products through electronic communications. However, you will have the chance to accept or not to receive such communications by indicating your preference at the booking stage. The possibility of indicating that you no longer wish to receive our direct marketing material is also given in every electronic communication we send.
We will only process your personal data if we have a legal basis to do so. The legal basis will depend on the reasons for which we have collected and for which we must use your personal data.
In most cases, we will need to process the personal data of the user in order to process the booking, stipulate the travel contract with the user and fulfil this contract. We may also process your personal data for one or more of the following reasons:
- To respect a legal obligation (for example, immigration or customs requirements);
- The user has consented to the use of their personal data (for example, for marketing purposes);
- To protect the health of the user or another person (for example, in the event of a medical emergency);
Only persons aged 16 or over can provide their consent. For children under this age, consent from parents or legal guardians is required.
We will not retain data for longer than is necessary to fulfil the purpose for which it was processed. To determine the appropriate retention period, we take into consideration the quantity, nature and sensitivity of the personal data, the purposes for which we are processing it and whether we can achieve these goals by other means.
We must also take into account the periods for which we may need to retain personal data in order to comply with our legal obligations or to examine claims, requests and defend our legal rights in the event of a claim for compensation.
When we no longer need your personal information, we will delete it or destroy it in a secure manner.
Security of personal data
We follow strict security procedures in relation to the storage and disclosure of personal data and to protect it against accidental loss, destruction or damage. The data that the users provide to us is protected with SSL (Secure Socket Layer) technology. SSL is the standard method of encrypting personal data and credit card numbers, allowing them to be securely transferred over the Internet.
All payment data is transmitted via SSL and stored in compliance with Payment Card Industry Data Security Standards (PCI DSS) managed with the HTTPS certified secure connection on all our sites and apps.
We may disclose your information to trusted third parties for the purposes set out in this Privacy Information Notice. We require all third parties to take appropriate technical and operational security measures to protect personal data that is in line with EU data protection legislation.
Cookies and site tracking
For more information about cookies and how to prevent the browser from accepting them, please visit the following website: http://www.allaboutcookies.org.
Data Protection Officer
Taoticket Srl, the Data Controller, has appointed an internal Data Protection Officer. The user has the right to file a complaint at any time at the e-mail address email@example.com or to Taoticket Srl, Via Brigata Liguria 3/21 - 16121 Genova IT
Rights of the Data Subject
At any time, pursuant to Articles 15 to 22 of the GDPR, you have the right, also in relation to profiling activity, of:
- requesting the correction of your personal data;
- withdrawing your consent at any time to the use and disclosure of your personal data;
- requesting that your personal data is erased;
- receiving your personal data in a structured, commonly used, machine-readable format, and transmitting your personal data to another data controller;
- objecting to the processing of personal data concerning you, including for marketing or profiling purposes;
- obtaining limitations on the processing of your personal data;
- lodging a complaint with a supervisory authority;
- receiving a communication if there is a breach of personal data;
- requesting information on:
- the purpose of the data processing
- the categories of personal data
- the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if the data is transmitted to recipients in third countries or international organisations and the existence of appropriate safeguards;
- the retention period for the personal data
- where the personal data is not collected from the data subject, any available information as to their source;
You may, at any time, stop the sending of communications related to marketing and profiling activity by clicking on "unsubscribe" at the bottom of the e-mail you have received or by forwarding a specific request to the addresses indicated below. firstname.lastname@example.org