FA TRAVEL S.R.L. (hereinafter also referred to as the “Company” or “FA TRAVEL”) is highly attentive to privacy and the protection of personal data. We therefore wish to inform you about the methods by which we will process your personal data collected through the use of the following websites:
www.fatravel.it | www.transfersinsardinia.com | greensardinia.com
(hereinafter collectively, the “Platforms”).
We may collect information about you:
In particular, we need to process the data provided by you at the time of registration or when requesting a service. With your consent, we may also use additional information that you voluntarily provide during registration or relating to the ways you interact with us (hereinafter collectively, the “Data”).
This Privacy Policy (together with any applicable Terms and Conditions related to the relevant services, our Cookie Policy, and any additional notices that may be provided in relation to specific services) sets forth the basis on which your Data will be processed.
DATA CONTROLLER
The Data Controller of your personal data collected during browsing or activities carried out on the Platforms is:
F.A. TRAVEL S.R.L.
Via San Tommaso D’Aquino 18A
09134 – Cagliari (CA)
P.IVA 03018430920
email privacy@fatravel.it
website https://www.fatravel.it
DATA PROTECTION OFFICER (DPO)
The “Data Controller,” in compliance with the provisions of Art. 37 GDPR, has appointed a Data Protection Officer (DPO).
Contact details of the DPO:
The “Data Controller,” in compliance with the provisions of Art. 37 GDPR, has appointed a Data Protection Officer (DPO).
Contact details of the DPO: privacy@fatravel.it
1. Which Data will we use?
We may collect and process the following Data:
1.1. Data collected through the request or registration form
When requesting a quote or using other services that require prior registration, specifically booking stays at affiliated facilities, we may ask you to provide certain personal information, including your personal details (first name and surname), contact information (e.g., postal code, phone number, email address), and details related to your chosen payment method for the hotel booking.
Providing the requested data through the dedicated online form is optional; however, if the data marked with an asterisk (*) is not provided, we will not be able to complete the registration process and/or provide the requested services.
With your consent, we may also process additional information that you voluntarily provide through the designated form.
1.2. Data collected through the use of the Platforms
During your use of our Platforms, we will process the Data necessary to ensure your access to these Platforms and their associated services. Examples include login information, visited pages, your quotation requests, and preferences for certain tourist locations, hotels, hotel categories, or accommodations in general, allowing us to provide a service better tailored to your actual needs.
Unless you explicitly consent to processing for additional purposes, this information is used exclusively to enable access to the Platforms and to provide you with the information and services requested.
1.3. Browsing Data
Even without logging in, the IT systems employed to ensure proper functioning of our websites and applications automatically acquire, during normal operations, certain personal data whose transmission is implicit in the use of electronic communication systems.
This information is not collected to be associated with identified users; however, due to its very nature, it could potentially lead to your identification through processing and associations with data held by third parties. This category includes, for example, IP addresses or domain names of computers used to access our websites and applications, browser type and version, browser plug-in types and versions, mobile device identifiers (IDFA or AndroidID), and other parameters related to your operating system and computing environment, Uniform Resource Identifiers (URI) of requested resources, request timestamps, the size of files received in response, and numerical codes indicating server response status.
Without your explicit consent for additional purposes, these data are exclusively used to obtain anonymous statistical information regarding website and application usage, optimize their usability, and ensure their proper functioning. Such data are deleted immediately after processing.
1.4. Additional Data
With your consent, we may also process other information that you voluntarily provide when filling out request and/or registration forms, during your interactions on the Platforms, and additional information related to the ways you interact with us, our operators, and sales consultants.
2. For which purposes will we use your Data, and on what legal grounds?
We will use your Data, including through electronic means:
a) To enable your use of our Platforms. Your Data will be used to provide you with the relevant services requested and, more generally, to fulfill all related contractual and administrative obligations;
b) To provide requested quotations and/or consultations;
c) To comply with legal obligations or judicial orders;
d) For statistical purposes, strictly in anonymous and aggregated form.
With your consent, we may also use your Data for the following purposes:
e) To send commercial and/or promotional communications, advertising materials, direct marketing communications, or conduct market research regarding products, services, and other activities of the Company or third parties. For example, we may send you emails or instant messages (e.g., SMS, WhatsApp) or contact you by phone via an operator to inform you of commercial offers, initiatives, and promotions related to our or third-party products and services, even different from those you have requested;
f) To analyze your preferences and how you interact with us. Specifically, in order to better understand your interests and engagement with our services and communications, we may analyze—also through automated systems—the information provided during your registration on the Platforms and other Platform services, your interest in the communications and newsletters sent to you, your usage of the Platforms, and your engagement with our social media channels (e.g., Facebook). We may also enrich your profile with statistical information obtained lawfully from other sources, such as demographic data, geolocation data related to your area of residence, or information related to the electronic devices you use when interacting with us.
In any case, you will not be subject to automated decision-making processes resulting in the effects described in Article 22 of the GDPR.
g) To share your Data with our Commercial Partners (companies operating in tourism-hospitality or logistics sectors, insurance, banks, telecommunications) for their independent marketing purposes, subject to your explicit consent.
The use of the Platforms and the enjoyment of the related services, including processing requests for quotes regarding stays at affiliated hotels or other service-related communications, are in no way conditional on your provision of the aforementioned consents, as these fall within FA TRAVEL’s legitimate interests.
3. How long will we store your Data?
Your personal Data will be retained, starting from the moment of their receipt/update, for a period appropriate to the processing purposes described above.
Below are the retention periods for the various types of processing:
Category | Retention Period | Main Regulatory References |
Candidates | Maximum of 12 months | Art. 11 (e) of Legislative Decree 196/2003 and Art. 5 (e) of EU Regulation 2016/679 (GDPR). |
Employees | 10 years | Art. 43 of DPR 600/73; Art. 2946 Italian Civil Code on standard prescription; Title I, Chapter III of Legislative Decree 81/08 (and subsequent amendments). |
Users and Suppliers | 5 – 10 years | Art. 2948 Italian Civil Code providing a 5-year prescription period for periodic payments; Art. 2220 Italian Civil Code requiring 10-year retention of accounting records; Art. 22 of DPR no. 600, dated 29 September 1973. |
Users or other subjects, for commercial and promotional purposes | In compliance with the legal terms applicable to the type of activity, and in any case until consent is withdrawn or the right to object is exercised | Art. 23 of Legislative Decree 196/03; General Provision dated 15/05/2013; Art. 21 EU Regulation 2016/679 (GDPR). |
4. To whom will we disclose your Data?
Your Data may be shared, for administrative purposes, with companies that are parent, subsidiary, or affiliated entities of the Company, as well as, for Platform management and provision of the requested services, with our service providers instrumental to the Company’s operations (e.g., IT services providers), who will act as data processors.
In the event of processing a quotation request or reservation at affiliated hotel facilities through the Company’s Platforms, your Data may also be shared by the Company with its commercial partners whose cooperation is necessary to provide the requested services (hereinafter, the “Commercial Partners”), including, in particular, hotel companies and companies operating in the logistics and tourism sectors.
Our Commercial Partners will operate either as data processors pursuant to Art. 28 GDPR or as independent data controllers.
A complete list of recipients is available upon written request submitted to the contact details of the Data Controller indicated above. If you have directly provided your Data to our Commercial Partners, please use the contact details provided by them in their respective privacy policies.
5. Will your Data be transferred to countries outside the EU?
Personal data are mainly processed within the European Union. For certain services, we use tools provided by Google LLC, Dropbox Inc., HubSpot Inc., ConstantContact (The Endurance International Group Inc.), Salesforce, and SurveyMonkey Inc., which may involve transferring data outside the EU. These providers have declared compliance with the GDPR and adhere to the principles established by the Privacy Shield framework agreed upon by the United States and the European Commission.
In particular:
Email services: The email service associated with the Platform addresses is provided by Gmail, managed by Google LLC, based in Mountain View, California. For further details, please refer to Google’s privacy policy available here: https://privacy.google.com/businesses/affiliates/.
If you prefer not to use Gmail for communicating your data, please contact us to arrange an alternative method of sharing.
For sending service communications or periodic bulk emails (including commercial and promotional content), we use ConstantContact services. Please refer to their privacy policy: https://www.endurance.com/privacy/privacy/. ConstantContact’s Privacy Shield status can be verified at: https://www.privacyshield.gov/participant?id=a2zt0000000TNdGAAW&status=Active.
For data storage and management, the Company uses services provided by Google Drive (refer to Gmail’s privacy policy above) and occasionally Dropbox Inc. (https://www.dropbox.com/privacy). Dropbox’s Privacy Shield status can be verified at: https://www.privacyshield.gov/participant?id=a2zt0000000GnCLAA0&status=Active.
We also use software services provided by HubSpot Inc. for managing online request forms. Data processing complies with HubSpot’s privacy policy available at: https://legal.hubspot.com/privacy-policy. HubSpot’s Privacy Shield status can be verified at: https://www.privacyshield.gov/participant?id=a2zt0000000TN8pAAG&status=Active.
For customer feedback surveys, we use SurveyMonkey Inc. services. You can review their privacy policy here: https://it.surveymonkey.com/mp/legal/privacy-policy/. SurveyMonkey’s Privacy Shield status can be verified at: https://www.privacyshield.gov/participant?id=a2zt0000000Gn7zAAC&status=Active.
Additionally, the Company uses services provided by Salesforce for managing customer relationships and communications. Salesforce complies with GDPR and adheres to Privacy Shield principles.
For more detailed information or to request the complete list of our service providers, you can send a written request to the Data Controller using the contact details provided above.
6. What rights can you exercise?
You have the right to request access to your Data, their rectification or erasure, restriction of processing, and to object to their use by us, as well as the right to request the portability of certain Data.
Rights of the Data Subject:
Right of Access
The data subject has the right to obtain confirmation from the Data Controller as to whether personal data concerning them is being processed, and, if so, access to the personal data and the following information:
a) The purposes of processing; b) Categories of personal data concerned; c) Recipients or categories of recipients to whom personal data have been or will be disclosed, particularly recipients in third countries or international organizations, including the existence of adequate safeguards; d) When possible, the intended retention period of personal data, or if not possible, the criteria used to determine that period; e) The existence of the right to request rectification, erasure, or restriction of processing of personal data or to object to such processing; f) The right to lodge a complaint with a supervisory authority; g) Where personal data are not collected directly from the data subject, all available information on their origin; h) The existence of automated decision-making processes, including profiling, and at least in such cases, meaningful information about the logic involved, as well as the significance and expected consequences of such processing for the data subject.
Right to Rectification
The data subject has the right to obtain from the Data Controller, without undue delay, the rectification of inaccurate personal data concerning them.
Right to Erasure
The data subject has the right to obtain from the Data Controller the erasure of personal data concerning them without undue delay, and the Data Controller shall be obligated to erase personal data without undue delay where one of the following grounds applies:
a) Personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) The data subject withdraws the consent on which processing is based, and no other legal grounds exist for the processing; c) The data subject objects to processing, and there are no overriding legitimate grounds for the processing; d) Personal data have been unlawfully processed; e) Personal data must be erased to comply with a legal obligation under EU or Member State law to which the Data Controller is subject.
Right to Restriction of Processing
The data subject has the right to obtain restriction of processing from the Data Controller in the following circumstances:
a) The data subject contests the accuracy of personal data, for the period necessary for the Data Controller to verify the accuracy of the data; b) Processing is unlawful, and the data subject opposes erasure of the personal data, requesting restriction instead; c) The Data Controller no longer needs the personal data for processing purposes, but the data are required by the data subject for establishing, exercising, or defending legal claims; d) The data subject has objected to processing, pending verification whether the legitimate grounds of the Data Controller override those of the data subject.
Right to Object
The data subject has the right to object, at any time, to the processing of personal data concerning them based on the legitimate interests of the Data Controller, including profiling. The data subject also has the right to object at any time to processing of personal data for direct marketing purposes, including profiling to the extent that it is related to such direct marketing.
Right to Data Portability
The data subject has the right to receive personal data concerning them provided to the Data Controller in a structured, commonly used, and machine-readable format and has the right to transmit those data to another Data Controller without hindrance from the Data Controller to whom the data were provided, provided that:
a) Processing is based on consent or a contract; b) Processing is carried out by automated means.
In exercising their right to data portability, the data subject also has the right, where technically feasible, to have personal data transmitted directly from one Data Controller to another.
7. How can you modify your preferences or withdraw consent?
At any time, you may check, modify, or withdraw your consent concerning the purposes described in point 2, letters (e), (f), and (g), including stating that you no longer wish to receive commercial communications via email and/or instant messaging.
Simply contact the Company to do so.
8. How can you contact FA TRAVEL to exercise your rights?
You may exercise your rights by contacting the Data Controller at the following addresses:
F.A. TRAVEL S.R.L.
Via San Tommaso D’Aquino 18A
09134 – Cagliari (CA)
P.IVA 03018430920
email privacy@fatravel.it
website www.fatravel.it/en
9. How can you contact the competent supervisory authority to lodge complaints?
Any complaints may be lodged with the competent supervisory authorities:
Garante per la Protezione dei Dati Personali
Piazza di Monte Citorio n. 121
00186 Roma
Italy
Fax: (+39) 06.69677.3785
Tel: (+39) 06.696771
E-mail: garante@gpdp.it
PEC: protocollo@pec.gpdp.it
10. How will you be informed of any changes to this Privacy Policy?
This Privacy Policy may be subject to changes and updates if modifications are made to how we process your Data or other information provided herein. Any such changes will always guarantee full protection of your rights. Should modifications potentially limit the protections safeguarding your Data or your rights compared to the current version, you will be promptly informed through the contact details you provided. Before your Data is processed according to the new procedures, you will be given the opportunity to delete your account or, in any case, modify your consent and preferences.
COOKIE POLICY
This Cookie Policy aims to inform users/visitors (hereinafter, the “User”) of the Platforms about the management and use of cookies.
This policy is provided in accordance with the provisions of the Italian Data Protection Authority’s decision dated May 8, 2014, regarding the “Simplified arrangements for providing information and obtaining consent for the use of cookies” (hereinafter, the “Decision”), the provisions of Regulation (EU) 2016/679 applicable from May 25, 2018 (hereinafter, the “GDPR”), and the requirements of Italian legislation on personal data protection, to the extent that they remain valid and effective after the entry into force of the GDPR.
The Data Controller is F.A. TRAVEL, with registered offices at Via San Tommaso D’Aquino 18A, (09134), Cagliari (CA), VAT No. 03018430920.
The User is encouraged to carefully read this Cookie Policy before continuing to browse the Website.
What is a cookie?
Cookies are small text files placed on the user’s device when the user visits a website. With each subsequent visit, cookies are sent back to the website that originated them (first-party cookies) or to another website that recognizes them (third-party cookies). They serve various purposes, such as enabling efficient navigation between pages, remembering favorite websites, and generally enhancing the browsing experience. Cookies also help provide targeted advertising content based on user interests. Depending on their function and the entity that creates them, cookies can be categorized as technical cookies, analytical cookies, profiling cookies, first-party cookies, and third-party cookies.
Technical cookies
Technical cookies are those whose storage does not require prior user consent pursuant to Art. 122, paragraph 1, of the Privacy Code (Legislative Decree no. 196/2003).
This category includes the so-called essential or strictly necessary cookies, which enable functions without which full use of the Website would not be possible.
Essential technical cookies are used exclusively by the Company and are therefore first-party cookies. They are stored on the User’s computer (or other device) only during individual browser sessions. Essential technical cookies are used, for example, to enable User registration and authentication for accessing their account, adding vehicles to comparison lists or garages, configuring vehicle equipment, and providing additional information such as recently viewed vehicles.
Additionally, a technical cookie of this type is used to remember the User’s consent regarding cookie usage on the Website.
Essential technical cookies cannot be disabled through the Website’s functions.
Profiling Cookies
The Website also uses profiling cookies, aimed at analyzing User behavior to enhance browsing experience and for marketing purposes. The use of profiling cookies requires obtaining prior informed and voluntary consent from the User.
To this end, the Website acquires the User’s consent as specified by the relevant Decision through a banner displayed on the User’s first visit. Consent may be revoked at any time by disabling the corresponding cookie. Refusal to provide consent for profiling cookies will not affect the User’s ability to access the Website, except that certain features or content requiring such cookies may not be accessible.
Users can modify their cookie settings and consent regarding profiling cookies at any time.
Third-Party Cookies
While browsing the Website, Users may also receive cookies from sites or web servers managed by third parties (so-called “third-party cookies”). This occurs because the Website may contain elements such as images, maps, sounds, or specific links to web pages on other domains hosted on servers different from the one where the requested page resides. In other words, these cookies are set directly by website operators or servers other than this Website.
Such third parties might theoretically set cookies during the User’s visit, thus obtaining information that the User has visited this Website. More details about the use of these cookies can be found by accessing the provided link. Should the User choose not to consent to the storage of third-party cookies, the User may only utilize features of the Website that do not require the storage of these cookies.
Cookies We Use
Below is the list of cookies we use:
Google Analytics – Analytical Cookies (_utma, _utmt, _utmb, _utmc, _utmz, _utmv)
https://support.google.com/analytics/answer/6004245?hl=en
Google Analytics is a Google analysis tool that helps website and app owners understand how visitors interact with their website content (visited pages, browsing time, etc.), providing valuable statistics aimed at optimizing and improving website navigation without personally identifying the user.
Google AdWords – Profiling Cookies
https://support.google.com/adwords/answer/2407785?hl=en
Facilitates searching on Google for the services offered by Events in Sardinia without collecting or monitoring information that can personally identify a user.
HubSpot – Profiling Cookies (__hstc, __hssrc, __hssc, hsfirstvisit, hubspotutk)
https://legal.hubspot.com/privacy-policy
These cookies are used to send marketing messages that align closely with the User’s interests. They may also be used to limit how many times a User sees a promotional message and to measure the effectiveness of marketing campaigns.
HubSpot is marketing automation software. HubSpot sets cookies that track User interactions with our site. Additionally, HubSpot tracks browser-provided information such as geographic region, IP address, and repeat visits. Users remain anonymous unless they provide personal information by filling out forms or accessing our website through links in emails sent via HubSpot.
Salesforce – Profiling and Analytical Cookies
https://www.salesforce.com/company/privacy/
Salesforce cookies help manage customer relationships and track User interactions with our communications and website. These cookies are used to analyze browsing behavior, enabling us to improve the User experience, deliver relevant marketing content, and measure campaign effectiveness. Users remain anonymous unless they provide personal information by interacting directly with our content or forms.
How to Disable Cookies
Most browsers are initially set up to automatically accept cookies. Users can modify this setting to block cookies or to prevent certain cookies from being stored on their devices. There are several ways to manage cookies. Users can refer to their browser’s technical guide and/or help screen to manage or change browser settings. If using different devices (for example, computers, smartphones, tablets, etc.), Users should ensure that each browser on each device is configured according to their cookie preferences.
FA TRAVEL provides below a list of links for the main browsers with instructions on how to manage privacy and tracking preferences based on the browser used:
Mozilla Firefox: Blocking cookies
Google Chrome: Manage cookies and site data
Safari 6/7 (Mavericks): Manage cookies and website data
Safari 8 (Yosemite): Manage cookies and website data
Internet Explorer: Block or allow cookies
Opera: Cookie management
Safari iOS (mobile): Safari web settings on iPhone, iPad, or iPod touch
Managing Cookies from Third-Party Services
Google Ads: Google Ad Settings
Google Analytics: Browser add-on for Google Analytics opt-out
Facebook: Cookies, Pixels & Similar Technologies
You can set your browser to notify you when you receive new cookies, delete individual cookies, or delete all cookies. You can enable and disable your cookies through the navigation bar that appears whenever you access the website. Please visit www.allaboutcookies.org for simple instructions on how to manage cookies on different browsers. For useful information on managing Flash cookies, visit www.adobe.com/eeurope/special/products/flashplayer/articles/lso/.
Most advertising networks offer a way to opt-out of advertising cookies. For helpful information on this process, please visit www.aboutads.info/choices/ and www.youronlinechoices.com.
Please note that choosing to delete cookies from the Platforms may adversely affect or limit your access to certain features and areas of our website.
User Rights
In relation to the personal data collected, Users may exercise, at any time and also through a delegate, the rights provided for under Articles 7 and 15 to 22 of the GDPR. Specifically, Users have the right to request access to their data, rectification or deletion of their data, restriction of data processing, and the right to object to their use by us, as well as the right to request data portability.
Rights of the Data Subject:
Right of Access
The data subject has the right to obtain confirmation from the data controller as to whether or not personal data concerning them are being processed, and, if so, access to the personal data and the following information:
a) The purposes of the processing;
b) Categories of personal data involved;
c) Recipients or categories of recipients to whom the personal data have been or will be disclosed, particularly recipients in third countries or international organizations, and, in such cases, the existence of appropriate safeguards;
d) Where possible, the intended retention period of personal data or, if not possible, the criteria used to determine that period;
e) The existence of the right to request from the data controller rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing;
f) The right to lodge a complaint with a supervisory authority;
g) Where personal data are not collected from the data subject, any available information regarding their source;
h) The existence of automated decision-making, including profiling, producing legal effects concerning the data subject or significantly affecting them, and, at least in such cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.
Right to Rectification
The data subject has the right to obtain from the data controller, without undue delay, the rectification of inaccurate personal data concerning them.
Right to Erasure
The data subject has the right to obtain from the data controller the erasure of personal data concerning them without undue delay, and the data controller is obligated to erase personal data without undue delay where one of the following grounds applies:
a) Personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
b) The data subject withdraws consent on which the processing is based and there is no other legal ground for the processing;
c) The data subject objects to the processing, and there are no overriding legitimate grounds for the processing;
d) Personal data have been unlawfully processed;
e) Personal data must be erased to comply with a legal obligation under EU law or the law of the Member State to which the data controller is subject.
Right to Restriction of Processing
The data subject has the right to obtain from the data controller restriction of processing in the following circumstances:
a) The accuracy of personal data is contested by the data subject, for a period enabling the data controller to verify the accuracy of the data;
b) The processing is unlawful, and the data subject opposes the erasure of the personal data, requesting instead the restriction of their use;
c) The data controller no longer needs the personal data for processing purposes, but the data are required by the data subject for the establishment, exercise, or defense of legal claims;
d) The data subject has objected to processing, pending verification whether the legitimate grounds of the data controller override those of the data subject.
Right to Object
The data subject has the right to object at any time to the processing of personal data concerning them for direct marketing purposes, including profiling to the extent that it is related to such direct marketing.
Right to Data Portability
The data subject has the right to receive personal data concerning them, which they have provided to a data controller, in a structured, commonly used, and machine-readable format, and has the right to transmit those data to another data controller without hindrance from the data controller to whom the personal data were provided, provided that:
a) Processing is based on consent or a contract; and b) Processing is carried out by automated means.
In exercising their right to data portability, the data subject has the right to have their personal data transmitted directly from one data controller to another, where technically feasible.
You may exercise these rights by contacting the Data Controller at the contact details provided below.
Contacts
F.A. TRAVEL S.R.L.
Via San Tommaso D’Aquino 18A
09134 – Cagliari (CA)
P.IVA 03018430920
email privacy@fatravel.it
website www.fatravel.it/en
