GDPR: Legal changes in data protection 25/05/2018
What is the GDPR?
What is the purpose of the GDPR?
The new General Data Protection Regulation is intended to ensure that citizens have more control over their personal data and that this information is protected throughout Europe. With entry into force of the GDPR, individuals have more rights regarding the handling of their own data and the storage and use of these should be more transparent.
For example, as of May 25, 2018, individuals have the right to get access to their own data and may learn how they are used by the respective companies, their right to be deleted as soon as their consent to use is revoked, and their right to rectification of own data, if they are outdated, incomplete or wrong.
The Basic Data Protection Regulation thus benefits every citizen, but means more effort for companies in terms of data processing.
Which data are covered by the GDPR?
The Basic Data Protection Regulation covers the processing of personal data. This includes all information that relates to an identified or identifiable natural person. So it is about individual information about personal or factual circumstances of customers and employees, such as name, address, phone number, date of birth, denominations, citizenship, etc.
Processing includes all personal data handling, including but not limited to collection, storage, modification, submission, blocking, deletion and use.
What happens if the GDPR is not complied with?
Where can I find information about the GDPR?
You can get an initial overview of the legal requirements, for example, on the EU GDPR.ORG. If you have any further questions or would like to have your situation examined in detail, you should seek advice from your lawyer.
Does the GDPR also affect Isula Travel srl?
The GDPR also affects us as a company and of course we comply with all legal requirements.
1 Controller and general information
Your data will be processed by Isula Travel srl, Via Aldo Moro, 29 97015 Modica (RG), Phone: +39 (0) 932 904444, E-mail: firstname.lastname@example.org, controller within the meaning of the General Data Protection Regulation (GDPR), which we also mean when we use phrases such as "we" or "us." We use the term " Isula Travel srl " in this document to refer to our website including all available sub-pages, content and functions (eg Internet forums, prize competitions). Some parts of Isula Travel srl are also referred to below as "online services." We mean those also, as far as a website is mentioned below or when we speak of App.
Our services are intended for the general public and not for children. We do not knowingly collect personally identifiable information from users who are considered to be children under their respective national laws.
2 Collection and processing of personal data
Typically, you can use online services that do not require payment or registration without providing personal information. In certain cases, however, we process the personal data listed in section 3. This basically only happens if this is necessary to provide a functional website or app as well as our content and services. Furthermore, we process personal data in connection with the use of Isula Travel, if you specify these on your own, such as for example in the context of a registration, a competition, a request to us, an application or because of a different legal basis (see section 4). Unfortunately, if you do not wish this, you will not be able to take full advantage of our services.
3 Categories of processed data
As soon as you use Isula Travel, our system automatically records information from the computer system of the calling computer. The following data may be collected:
Information about the browser type and version used
Operating system of the user
IP address of the requesting computer
Mobile Device ID
Date and time of access
Web analysis data / pseudonymous usage profiles (Cookie ID, Ad ID etc.)
Websites from which the user accesses our website
Websites that the user accesses through our website
In addition, we process the following personal data if there is a contractual relationship between you and us or if you have transmitted the data to us in other ways:
Personal data (name, address, date of birth)
Communication data (phone number, email address)
Contract master data (contractual relationship, product or contract interest, order history)
Login data with password
Billing and payment data
Comments, contributions, etc.
Employee data (name, address and communication data, contract master and payroll data, date of birth, marital status, nationality, denomination, field of activity, social benefits, payroll tax data, social data, bank details, personnel administration and control data, access and access control data)
Applicant data (name, address and communication data, application-relevant data)
4 Legal basis and purpose of the processing
The subject of Isula Travel is the marketing and relaying of holiday homes and holiday properties. We therefore publish advertisements on our portal for web portal users who want to rent a holiday property ("home owners") and make it available to web portal users ("holidaymakers") who wish to rent a holiday home for viewing, contacting or booking.
We process your data solely on the basis of one or more of the possible legal foundations.
According to the GDPR, personal data may be processed in particular on the basis of a contract or for the performance of pre-contractual measures, in the presence of consent, on the basis of a legitimate interest or law and for the protection of vital or public interests.
For the provision of certain content or services on our websites, for example in the context of arranging a request for a holiday accommodation as a guest to a holiday home owner, a registration is required. Each user can register free of charge with the name, surname, e-mail address and a password at Isula Travel, whereby your registration data will be transmitted to us. The collection and processing of this data is carried out to fulfill the contract of use or agency agreement between us and the user, Art. 6 para. 1 lit. b GDPR.
When purchasing a paid service, for example, if you want to use our portal as an owner of a vacation property, we use your contract master data including contact details for contract execution and fulfillment, as is the case for processing operations, for example, for a performance of other services or performances, as well as the enforcement of legal claims or claims is necessary (Article 6 (1) (b) GDPR). The same applies to processing operations that are necessary for the execution of pre-contractual measures, for example in the case of inquiries about our products / services. In the case of paid services, such as holiday home rental companies, we process certain data because we are subject to a legal obligation that requires the processing of personal data, such as the fulfillment of tax obligations (Article 6 para. 1 letter c GDPR).
We will also use your e-mail address collected in the course of registration or during the contract to inform you by e-mail about our own services or goods or in general about Isula Travel. The processing of the e-mail address in this case is based on our legitimate interest in the application of our goods and services (Article 6 (1) (f) GDPR).
In addition, we use your e-mail address to send you our newsletter if you have given us your prior express consent to receive a newsletter or advertising. In this case, we will process your e-mail address in order to be able to deliver the newsletter as you wish (Art. 6 (1) (b) GDPR). Mandatory information for sending the newsletter is your e-mail address alone. The indication of further possible data is voluntary and will be used to address you personally. We use the so-called double opt-in method. This means that we will only send you an e-mail newsletter if you have explicitly confirmed to us that you agree to the sending of the newsletter. We will then send you a confirmation e-mail asking you to confirm by clicking on a link that you wish to receive newsletters in the future. When registering for the newsletter, we will save your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace a possible misuse of your e-mail address at a later date. You may object to the use of your e-mail address for such purposes at any time in writing to email@example.com with effect for the future, without costs other than the transmission costs pursuant to the basic tariffs being incurred in this regard.
On the Internet, each device requires a unique address for transmitting data, the so-called IP address. The at least temporary storage of the IP address is technically necessary to allow delivery of the website to the computer of the user. We shorten the IP addresses before any processing and process them only anonymously. There is no storage or further processing of the unabridged IP addresses. It also allows us to display regional content on all our websites that are located in a particular region. This so-called geo-localization, ie the assignment of a website call to the place of the call, takes place exclusively on the basis of the anonymized IP address and only up to the geographical level of the federal states / regions. From the geographic information obtained in this way, in no case can a conclusion be drawn on the specific location of a user. Our servers also store your IP address for 14 days for your own security.
We offer a commentary function on our website and occasionally in blogs, with additional personal data being stored by you. If you have given your consent to this, you can in certain cases comment and subscribe to our website. The same applies to surveys in which you participate. If you want to post a comment, you must complete the fields provided. You can also use a pseudonym here. If you do not fill out the fields, you will not be able to post a comment. We collect and process the data provided by you in order to be able to publish your comment as requested (Article 6 (1) (b) GDPR). In particular, we also need your e-mail address to contact you in case of complaints of your comment and to give you the opportunity to comment (Article 6 (1) c GDPR).
Processing operations that are not covered by one or more of the abovementioned legal bases are processed if they are necessary to safeguard a legitimate interest and do not outweigh your interests, fundamental rights and fundamental freedoms (Art. 6 para. 1 lit. f GDPR). A legitimate interest is to be assumed if the data subject is a customer of the person responsible. Based on the processing of personal data, our legitimate interest is, in particular, to conduct our business for the benefit of all of our employees and our shareholders.
Our legitimate interest in being able to offer you customized and personalized products, to inform you about our products, innovations and quality features as well as to constantly improve and expand our services and products (also in terms of functionality) and thereby also increase our sales, is the legal basis for the processing for the purpose of direct marketing (own advertising and advertising of third parties), usage-based online advertising, web / app analysis and advertising scoring (combining different selection criteria for appropriate advertising). For web analysis services, see point 9.
Our legitimate interest in fraud prevention, detection, prevention or otherwise combating fraud, security or technical issues, network and information security, and the reliability of our service or products, also serve as a legal basis for the processing of certain Dates.
Another legitimate interest is the functionality of the business processes that result in processing for internal administrative purposes (eg address management / accounting).
Another legitimate interest is the protection of the rights, property or security of vacation rentals, our users or the public from harm, to the extent permitted or required by law.
Should you choose the method of purchase on account when concluding a fee-based contract, we will conduct a credit check to verify your creditworthiness based on our consent or our legitimate interest in avoiding the risk of unpaid receivables.
We also rely on our legitimate interest to exercise the freedom of expression and information when processing personal data of the data subjects involved in our reporting.
You may object to the processing on the basis of a legitimate interest at any time (see paragraph 14).
In the event that the data is processed for a purpose other than that specified in the data collection, a compatibility check will be carried out in accordance with Art. 6 (4) GDPR. Further processing is only permitted if the original purpose is compatible with the new purpose or permitted on the basis of a separate legal basis. Recognized compatible purposes are u. a. the assertion, exercise or defense of civil law claims unless there is overriding interest of the data subject. In this case, we will inform you about the change of purpose. If the new purpose is not compatible with the purpose stated on the survey, a new survey will be carried out on the basis of a new legal basis. Again, we will inform you about the change of purpose.
5 Place of processing
We ourselves do not transfer your personal data to countries outside the European Economic Area, except in cases where it is permitted under the GDPR. Whether third parties with whom you have your own contractual relationship (such as with Facebook, if you have a Facebook account) transfer data to countries outside the European Economic Area is beyond our knowledge and influence.
6 Origin of the data
In certain cases, we also receive data because you have consented to the transfer to us. As you know, apps are regularly made available for download from third-party sites (such as iTunes, Google, etc.).
If, according to the applicable terms and conditions of such a provider, the Isula Travel srl becomes your contractual partner for the acquisition of the App, we will process the data provided to us by the third party to the extent necessary for the fulfillment of the contract to enable you to use the App on your mobile device can download.
7 Disclosure of your data to third parties
We only pass on your personal data to third parties if the transmission is necessary to fulfill our contractual obligations towards you and this is apparent at or jointly with another provider (eg in case of cooperation), we will forward it to otherwise legally entitled or obligated, or you have given us a corresponding consent.
If you, as a user / holidaymaker, would like to contact a home owner about a vacation rental in order to book a certain holiday accommodation, we will provide the home owner with the data you have entered and the text of your request. In order to ensure the security of the communication, communication takes place via the servers of Isula Travel. The messages sent via our mail server system are stored and processed on our servers. All information provided by home owners or holidaymakers via the mail server system is visible to the other party. However, this does not apply to the e-mail address specified or used by the parties. This is not visible to the other party for security reasons, but is automatically replaced by us with a placeholder. We can see the communication between the home owner and the holidaymaker, but only if this is necessary to ensure the safety of the contracting parties or proper brokerage. This is e.g. the case if parties to the contract are to be protected against crimes that are carried out by phishing or sending false e-mails.
To provide our services, selected personal data within our company may be shared with certain departments. This includes employees in the Accounting, Product Management, Marketing and IT departments.
In certain cases, we also use external service providers or affiliates who have been instructed by us to process data for us. Such service providers are contractually obligated by us to the strict requirements of the GDPR as contract processors and may not re-use your data for any other purpose. In particular, we use the following services: payment service (s), print shops, hosting, collection / receivables management, lettershop and newsletter delivery.
The transfer of data to processors takes place on the basis of Art. 28 (1) GDPR, alternatively based on our legitimate interest in the economic and technical advantages associated with the use of specialized contract processors, Art. 6 (1) lit. f GDPR.
If we are legally obliged to do so or if this is permitted under data protection law, we transmit personal data to authorities, for example the police or the public prosecutor (Article 6 (1) c GDPR). Disclosure of this information is based on our legitimate interest in combating abuse, prosecuting crimes, and securing, enforcing, and enforcing claims, and that your rights and interests do not outweigh the protection of your personal information, Art. 6 Para. 1 lit. f GDPR.
8 Cookies and similar technologies
We use two types of cookies. On the one hand technically necessary cookies, without which the functionality of our website would be limited as well as optional cookies, in order to make our website more user-friendly. The user data collected through technically necessary cookies will not be used to create user profiles. The use of the analysis cookies is for the purpose of improving the quality of our website and its contents. Through the analysis cookies, we learn how the website is used and so we can constantly optimize our offer. Further information on the individual analysis services can be found in Section 9 of this Privacy Notice.
Ads are mostly provided by third parties. They may use information about your visits, possibly through your device settings, to display ads about products and services that may interest you. Concrete contact information such as your name, address, e-mail address or telephone number will not be transferred under any circumstances.
You can prevent the setting of cookies by us at any time by means of an appropriate setting of the Internet browser used and thus permanently contradict the setting of cookies. Furthermore, already set cookies can be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If you deactivate the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.
When using apps, a technology similar in function is used instead of the cookie.
9 Web / App Analysis Services
In order to constantly improve our content and adapt it to the interests of our users as well as to display usage-based online advertising, we use some services that collect and evaluate data on our website or in the app. Insofar as these service providers are not themselves responsible in terms of data protection law, they always process the pseudo-nymised user data in accordance with instructions based on a job processing agreement. You can deactivate the individual analysis services at any time for the future. Below you can find details about the analysis services we use:
We have integrated Google AdWords on this site. Google AdWords is an Internet advertising service that allows advertisers to run ads on Google's search engine as well as on the Google Network. Google AdWords allows an advertiser to pre-set keywords that display an ad on Google's search engine results only when the search engine retrieves a keyword-related search result. On the Google Network, the ads are distributed to topic-related sites using an automated algorithm and according to pre-defined keywords. The operating company for the services of Google AdWords is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA. The purpose of Google Ad-Words is to promote our website by displaying interest-based advertising on third-party websites and in the search engine results of Google's search engine and by displaying third-party ads on our website. If an affected person reaches our website via a Google ad, a so-called conversion cookie is filed on Google's information technology system by Google. What cookies are, has already been explained above. A conversion cookie loses its validity after thirty days and is not used to identify the person affected. If the cookie has not yet expired, the conversion cookie is used to see whether certain sub-pages, for example the shopping cart from an online shop system, have been called up on our website. The conversion cookie tells both us and Google whether an affected person who came to our site through an AdWords ad generated revenue, ie, completed a purchase or canceled. The data and information collected through the use of the conversion cookie is used by Google to provide visitor statistics for our website. These search statistics are then used by us to determine the total number of users who have been sent to us through AdWords ads, in other words, to determine the success or failure of each AdWords ad and our AdWords ads for the future to optimize. Neither our company nor any other Google AdWords advertiser receives any information from Google that could identify the data subject
The conversion cookie stores personally identifiable information, such as the websites visited by the affected person. Each time you visit our websites, personal information, including the IP address of the Internet connection used by the data subject, is transferred to Google in the United States of America. This personal information is stored by Google in the United States of America. Google may transfer such personal data collected through the technical process to third parties. The affected person can prevent the setting of cookies by our website, as already described above, at any time by means of a corresponding setting of the Internet browser used and thus permanently contradict the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a conversion cookie on the information technology system of the data subject.
In addition, a cookie already set by Google AdWords can be deleted at any time via the Internet browser or other software programs. Furthermore, the data subject has the opportunity to object to Google's interest-based advertising. To do this, the data subject must access the https://www.google.com/settings/ads link from each of the internet browsers they use and make the desired settings there.
We have integrated Google Analytics (with anonymization feature). Google Analytics is a web analytics service. Web analytics is the collection, storage and analysis of data about the behaviour of visitors to websites. Among other things, a web analytics service collects information about which web site an affected person came to a web site (so-called referrers), which subpages of the web site were accessed, or how often and for what length of time a subpage was viewed. Web analytics is used primarily to optimize a website and cost-benefit analysis of Internet advertising. The operator of the Google Analytics component is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
We use the addition "_gat._anonymizeIp" for web analysis via Google Analytics. This addendum will truncate and anonymize Google's IP address if Google accesses our websites from a Member State of the European Union or another state party to the Agreement on the European Economic Area. The purpose of the Google Analytics component is to analyze visitor flows on our website. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile for us online reports showing the activities on our websites, and to provide other services related to the use of our website to provide.
Google Analytics sets a cookie on the information technology system of the data subject. What cookies are, has already been explained above. By using the cookie, Google will be able to analyze the use of our website. Each time you visit any of the pages on this site operated by us and which incorporates a Google Analytics component, the Internet browser on the subject's information technology system is automatically prompted by the respective Google Analytics component for the purpose of online analysis to Google. In the course of this technical process, Google receives information about personal data, such as the IP address of the data subject, which is used, among other things, to track the origin of visitors and clicks and subsequently make commission settlements possible.
The cookie stores personally identifiable information, such as access time, the location from which access was made and the frequency of site visits by the data subject. Each time you visit our websites, your personal information, including the IP address of the Internet connection used by the data subject, is transferred to Google in the United States of America. This personal information is stored by Google in the United States by Ameri-ka. Google may transfer such personal data collected through the technical process to third parties.
The affected person can prevent the setting of cookies by our website, as already described above, at any time by means of a corresponding setting of the Internet browser used and thus permanently contradict the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the information technology system of the data subject. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.
As an alternative to the browser add-on or for browsers on mobile devices, you can click this link in order to opt-out from being tracked by Google Analytics on this website in the future (the opt-out applies only for the browser in which you set it and for webpages under this domain). An opt-out cookie will be stored on your device, which means that you’ll have to click this link again, if you delete your cookies.
We've integrated DoubleClick by Google components into this site. Double-Click is a brand of Google, under which mainly special online marketing solutions are marketed to advertising agencies and publishers.
DoubleClick by Google's operating company is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
DoubleClick by Google transmits data to the DoubleClick server with every impression, click, or other activity. Each of these transfers triggers a cookie request to the affected person's browser. If the browser accepts this request, DoubleClick sets a cookie on the information technology system of the person affected. What cookies are, has already been explained above. The purpose of the cookie is to optimize and display advertising. The cookie is used, among other things, to serve and display user-relevant advertisements, as well as to generate reports on advertising campaigns or to improve them. Furthermore, the cookie is used to avoid multiple impressions of the same advertising.
DoubleClick uses a cookie ID, which is required to complete the technical process. For example, the cookie ID is needed to display an ad in a browser. DoubleClick can also use the cookie ID to see which ads have already appeared in a browser to avoid duplication. DoubleClick also allows the cookie ID to track conversions. Conversions are captured, for example, when a user has previously shown a DoubleClick ad and then, with the same internet browser, makes a purchase on the advertiser's site.
A DoubleClick cookie does not contain any personally identifiable information. However, a DoubleClick cookie may contain additional campaign identifiers. A campaign identifier identifies the campaigns the user was already in contact with. Each time you visit any of the pages on this site operated by us and incorporating a DoubleClick component, the Internet browser on the affected person's information technology system will be automatically prompted by the applicable DoubleClick component for on-line data Advertising and offsetting commissions to Google. As part of this technical process, Google will be aware of data that Google uses to create commission billing. Google can understand, among other things, that the person has clicked on certain links on our website.
Our website also uses Google Optimize. Google Optimize analyzes the use of different variations of our website and helps us to improve the user-friendliness according to the behavior of our users on the website. Google Optimize is a tool integrated with Google Analytics.
We use Smartlook, a web analytics tool from Smartsupp.com, s.r.o., Company reg. no.: 03668681, VAT ID: CZ03668681, Lidicka 20, Brno, 602 00, Czech Republic. With this tool, interactions of randomly selected, individual visitors with the website are recorded anonymously. This creates a log of e.g. Mouse movements and clicks with the aim to show improvement possibilities of the respective internet site.
Also, information about the operating system, browsers, incoming and outgoing links, geographical origin, as well as the resolution and type of device are evaluated for statistical purposes. This information is not personal and will not be disclosed by Smartlook to third parties.
For additional information on Smartlook features and data usage, visit: https://www.smartlook.com/help/privacy-statement/
Smartlook uses so-called "cookies", text files that are stored on your computer and that allow an analysis of the use of the website by you.
If you do not want a web site analysis or recording using Smartlook, you can opt out by setting a DoNotTrack header in your browser on all websites using Smartlook. Information on this can be found on the following page: https://www.smartlook.com/opt-out
10 Social Networks
You can also find us in social networks of third party companies, such as Facebook, Twitter or Instagram. In addition, we have integrated individual functions of these networks into our online services. However, you can only use both if you are registered and logged in to the respective social network. Please note that the usage and privacy conditions of this company apply to the use of the respective social network, over which we have no influence. However, we are happy to explain how such networks process your personal information in this context.
We have integrated components of the company Facebook on this website. Facebook is a social network.
A social network is an Internet-based social meeting place, an online community that typically allows users to communicate with each other and interact in virtual space. A social network can serve as a platform to exchange views and experiences, or allows the Internet community to provide personal or business information. Facebook allows social network users to create private profiles, upload photos and socialize via friend requests.
The operating company of Facebook is Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. Persons responsible for the processing of personal data, if an affected person lives outside the US or Canada, are Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland.
Each visit to one of the individual pages of this website, which is operated by us and on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on the information technology system of the data subject automatically by the respective Facebook component causes to download a presentation of the Facebook component. An overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=en_US. As part of this technical process, Facebook will be aware of which specific subpage of our website is visited by the data subject. If the data subject is logged in to Facebook at the same time, Facebook recognizes with each visit to our website by the data subject and during the entire duration of the respective stay on our website, which specific underside of our website the data subject visits. This information is collected through the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the data subject activates one of the Facebook buttons integrated in our website, for example the "Like" button, or if the data subject makes a comment, Facebook assigns this information to the personal Facebook user account of the data subject and saves it personal data.
Through the Facebook component, Facebook always receives information that the data subject concerned has visited our website if the data subject is simultaneously logged in to Facebook at the time of accessing our website; this happens regardless of whether the person clicks on the Facebook component or not. If such a transfer of this information to Facebook is not wanted by the data subject, it can prevent the transfer by logging out of their Facebook account before calling our website.
The data policy published by Facebook, which is available at https://de-de.facebook.com/about/privacy/, provides information on the collection, processing and use of personal data by Facebook. It also explains which options Facebook offers to protect the privacy of the data subject. In addition, different applications are available, which make it possible to suppress data transmission to Facebook. Such applications can be used by the data subject to suppress data transmission to Facebook.
We integrated the Google+ button on this site as a component. Google+ is a so-called social network. A social network is an Internet-based social meeting place, an online community that typically allows users to communicate and interact unfit-each other in virtual space. A social network can serve as a platform to exchange views and experiences, or allows the Internet community to provide personal or business information. Google+ allows social network users to create private profiles, upload photos, and socialize through friend requests, among others.
Google+'s operating company is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA
Each time you visit any of the pages on this site operated by us and a Google+ button has been integrated, the internet browser on the subject's information technology system will be automatically triggered by the respective Google+ button, displaying the corresponding Google+ button of Google download. As part of this technical process, Google will be aware of which particular subpage of our site is being visited by the data subject. More detailed information about Google+ is available at https://developers.google.com/+/.
If the person is logged in to Google+ at the same time, Google recognizes with each visit to our website by the data subject and throughout the duration of the respective stay on our website, which specific bottom of our website visited the data subject. This information is collected through the Google+ button and assigned by Google to the relevant Google + account for the data subject.
If the data subject presses one of the Google + buttons integrated on our website and thereby makes a Google + 1 recommendation, Google assigns this information to the personal Google + user account of the data subject and stores this personal data. Google will store the Google + 1 recommendation of the data subject and make it publicly available in accordance with the conditions accepted by the data subject. A Google +1 referral made by the data subject on this site will subsequently be accompanied by other personal information, such as the name of the Google + 1 account used by the data subject and the photo in other Google services stored therein, For example, the search engine results of the Google search engine, the Google account of the data subject or in other places, such as websites or in connection with advertisements stored and processed. Furthermore, Google is able to link the visit to this website with other personal data stored on Google. Google also records this personal information for the purpose of improving or optimizing Google's different services.
Google always receives information via the Google + button that the data subject has visited our website if the data subject is simultaneously logged in to Google+ at the time of accessing our website; this happens regardless of whether the person clicks the Google + button or not. If the data subject does not wish to transfer personal data to Google, the latter can prevent such transmission by logging out of their Google + account before calling our website.
We use components of the Instagram service. Instagram is a service that qualifies as an audiovisual platform, allowing users to share photos and videos, and to redistribute such data to other social networks. The Instagram contributor is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA. Each time you visit any of the pages on this site that incorporates an Instagram component (Insta Button), Instagram will know what specific subpage of our site the data subject is visiting. If you are logged in to Instagram at the same time, Instagram recognizes with each visit to our website and during the entire duration of the respective stay on our website which concrete subpage has been visited. This information is collected through the Instagram component and assigned through Instagram to your Instagram account. If you use one of the Instagram buttons integrated on our website, the data and information transferred are assigned to the personal Instagram user account and saved and processed by Instagram. Instagram always receives information via the Instagram component that you have visited our website if you are simultaneously logged into Instagram at the time of accessing our website; this happens regardless of whether you click on the Instagram component or not. If you do not wish to have this information transmitted to Instagram, it may prevent you from logging out of your Instagram account before you visit our website. For more information and the current privacy policies of Instagram, please visit https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.
11 Payment service providers
In the event that you use a paid service or purchase something through our website / app, we offer different payment methods. If you decide to use one of these payment service providers, you are leaving our site. All data is then collected and processed by this payment service provider. We do not receive any personal data, in particular no bank or credit card data, but only the information that the payment was successfully made. The following payment service providers are available:
We have integrated the payment option PayPal on this website. PayPal is an online payment service provider of PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg. Payments are made through so-called PayPal accounts, which are virtual private or business accounts. In addition, PayPal has the ability to process virtual payments via credit cards if a user does not maintain a PayPal account. A PayPal account is managed via an email address, which is why there is no classic account number. PayPal makes it possible to initiate online payments to third parties or to receive payments. PayPal also takes on trustee functions and offers buyer protection services. If the data subject selects "PayPal" as a payment option during the order process in our online shop, data of the data subject will be automatically transmitted to PayPal. By selecting this payment option, the data subject consents to the transfer of personal data required for payment processing. The personal data transmitted to PayPal is usually a first name, last name, address, e-mail address, IP address, telephone number, mobile phone number or other data required for payment processing. For the execution of the purchase contract, such personal data are necessary, which are in connection with the respective order. The purpose of the transmission of the data is payment processing and fraud prevention. In particular, we will transfer personal data to PayPal if there is a legitimate interest in the transfer. The personal information exchanged between PayPal and the personal data exchanged by us may be transmitted by PayPal to credit reporting agencies. This transmission requires the identity and credit check. PayPal may transfer personal information to affiliates and service providers or subcontractors, to the extent necessary to fulfill its contractual obligations, or to process the data on behalf of it. The data subject has the option to revoke the consent to the handling of personal data against PayPal at any time. A revocation does not affect personal data, which must be processed, used or transmitted for (contractual) payment processing.
12 Other services
Other services we use are:
13 Storage duration
We store personal data only as long as we are entitled to do so and the processing purpose is not eliminated. For the duration of storage of personal data, the respective statutory retention period applies. After the deadline, the corresponding data will be routinely deleted, as long as they are no longer required to fulfill the contract or to initiate a contract.
14 Contact details and your rights as a data subject
If you have any questions or suggestions regarding data protection or the enforcement of your rights as an affected person, please contact our data protection officer at any time:
Isula Travel srl – Soc. Unipersonale
Via Aldo Moro, 29
97015 Modica (RG)
Information and correction
You can receive information from us at any time free of charge if personal data about you are processed by us and also concretely which data about you are stored as well as a copy of the stored data. You can also correct and complete incorrect data.
Deletion, restriction and the right to be forgotten
You can request the deletion and restriction of your personal data. Please note that there are statutory storage obligations for example for paid contracts and therefore we may not delete your data in any case completely. In this case, your data will be marked with the aim of limiting its future processing.
If applicable, you also have the right to have your personal data transferred to you or another person in a structured, common and machine-readable format, provided the processing is based on your consent or contract and is done by automated means, However, this does not apply if the processing is not necessary for the performance of a task in the public interest or in the exercise of public authority delegated to the responsible party. Furthermore, you have the right to obtain that the personal data are transmitted directly from one person to another, insofar as this is technically feasible and provided that this does not affect the rights and freedoms of other persons.
Revocation / Objection
Your given consent can be withdrawn at any time with effect for the future under the above mentioned contact address. In particular, you can object to the use of your e-mail address for the purpose of sending out a newsletter at any time in writing or in writing to firstname.lastname@example.org with effect for the future, without costs other than the transmission costs pursuant to the basic tariffs being incurred in this regard. You also have the right to object to the processing of personal data relating to you on grounds of your legitimate or public interest for reasons arising out of your particular situation at any time. This also applies to profiling based on these provisions. In the event of an objection, we will no longer process personal data unless we can establish compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the data subject, or the processing is for the purpose of asserting, exercising or defending legal claims, If we process personal data to operate direct mail, you have the right at any time to object to the processing of personal data for the purpose of such advertising under the contact address mentioned above. This also applies to the profiling, as far as it is associated with such direct mail. You also have the right, for reasons of your own particular situation, to object to the processing of personal data concerning you for scientific or historical research purposes or for statistical purposes, unless such processing is involved necessary to fulfill a public interest task.
Right of appeal
You also have the right of appeal to the relevant supervisory authority as well as the possibility of seeking legal remedies. The supervisory authority to which the appeal has been submitted shall inform the complainant of the status and results of the appeal, including the possibility of a judicial remedy.
Existence of automated decision-making
In the event that we pay in advance without receiving immediate compensation from you, we will perform a setting of score values, that is a creditworthiness evaluation, by Schufa Holding AG, for example, in order to be able to assess the risk associated with the advance payment for us. Details on how scoring works are available here: https://www.schufa.de/de/datenschutz-dsgvo/.
We only evaluate the creditworthiness if it is necessary for the conclusion or fulfillment of the contract or if you have expressly consented to this during the conclusion of the contract. We always take reasonable steps to safeguard the rights and freedoms, as well as the legitimate interests of the data subject, including at least the right to obtain the intervention of a person by the controller, to defend his or her own position and to challenge the decision. You have the right to ask for information about the logic involved and the expected consequences of processing.
Isula Travel retains the right to amend this data privacy statement. The current version of the data privacy statement can always be found on https://www.isulasicilia.com/gdpr-privacy-policy
Last updated: May 25, 2018