PRIVACY POLICY – RAV Srl
IN ACCORDANCE WITH ARTICLES 13 AND 14 OF THE EUROPEAN REGULATION 679/2016
Data Controllers
The data controller under current legislation, EU Regulation 679/2016 (hereinafter “GDPR”), and Legislative Decree 196/2003, is RAV Srl (hereinafter the “Company”), administrator of this website, contactable via the “Data Controller” section available at the bottom of this page.
Legal Basis for Processing
This website processes data mainly based on the consent of users. Consent is provided through the banner at the bottom of the page or by using or browsing the website, which is considered an implied action.
By using or browsing the site, visitors and users accept this privacy policy and consent to the processing of their personal data in relation to the methods and purposes described below, including any disclosure to third parties if necessary for service provision.
The purpose of this privacy policy is to provide maximum transparency regarding the information collected by the website and how it is used.
Providing data and, therefore, consenting to data collection and processing is optional: the user may deny consent and may withdraw consent at any time (via the banner at the bottom of the page, browser settings for cookies, or the Contact link). However, refusal of consent may make it impossible to provide certain services and may impair the browsing experience.
Data collected for site security and prevention of abuse and SPAM, as well as data used for aggregated traffic analysis (statistics), are processed based on the legitimate interest of the Data Controller in protecting the site and its users. In such cases, the user always has the right to object to the data processing (see section “User Rights”).
Purpose of Data Processing
Statistics:
Collection of data and information exclusively in aggregated and anonymous form to verify the correct functioning of the website, its productivity, and the Company’s performance. None of this information is linked to a physical person and cannot in any way identify the user; therefore, consent is not required.
Security:
Collection of data and information to protect the security of the website (anti-spam filters, firewalls, virus detection) and users, and to prevent or detect fraud or abuse to the detriment of the website and the Company. Data is recorded automatically and may include personal data (IP address), which may be used, in accordance with applicable laws, to block attempts to damage the website or harm other users, or in general to prevent harmful or criminal activities. This data is never used for identifying or profiling the user and is periodically deleted; therefore, consent is not required.
Additional Activities:
Communication of data to third parties, appointed as Data Processors pursuant to Art. 28 of the GDPR, who perform tasks necessary or instrumental to the operation of the service (e.g., comment boxes), and to allow third parties to carry out technical, logistical or other activities on our behalf.
These providers only have access to personal data necessary to perform their tasks, are committed not to use the data for other purposes, and are required to process personal data in accordance with applicable regulations and the instructions given by the Company as the Data Controller.
Data Collected
This website collects user data in two ways:
- Automatically collected data:
During user browsing, the following information may be collected and stored in the server log files (hosting) of the website, referring to the device and not to the identified individuals:
IP address
Browser type
Device parameters used to connect to the site
Name of the Internet Service Provider (ISP)
Date and time of visit
Referring and exit web pages
Data may also originate from third parties appointed as Data Processors (Google, Service Provider, Boosterbox).
- Voluntarily provided data:
When the user requests a service and provides implicit consent through conclusive actions, the site may collect:
First name
Last name
Mobile number
Email
Flight (past) related to the requested service
Data Processing Location
Data is processed, for service provision purposes, at the headquarters of the Data Controller located in Rome, Via Ombrone 12/c, and at the datacenter of the web hosting provider (Altemica srl). The web hosting provider (Altemica srl) is the data processor, processing data on behalf of the Company. Altemica srl is located within the EEA and complies with European regulations.
Data Retention Period
Data collected during website operation is stored only for the time strictly necessary to carry out the stated activities.
If a legal procedure is initiated for service provision purposes, data will be retained, in compliance with legal obligations and in coordination with the Company’s legal advisors (appointed Data Processors), for a period of 10 years from the conclusion of the case.
After this period, the data will be deleted or anonymized.
Data Transfer to Third Parties
Data collected by the website is generally not provided to third parties, except in specific cases: legitimate requests from judicial authorities, legal obligations, where necessary for a specific service requested by the user, or for security or site optimization checks.
Data Transfer Outside the EU
This website may share some of the collected data with services located outside the European Union, particularly Google, Facebook, and Microsoft (LinkedIn), via social plugins and Google Analytics.
This transfer is authorized based on specific decisions by the European Union and the Data Protection Authority, in particular Decision 1250/2016 (Privacy Shield – here the Italian DPA’s page https://www.garanteprivacy.it/web/garante-privacy-en/home_en), and therefore no further consent is required.
The mentioned companies comply with the Privacy Shield framework.
Security Measures
We process user data lawfully and fairly, adopting appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of data.
We are committed to protecting your personal data by using the “https” protocol, which encrypts data during transmission.
Data is processed using IT and/or telematic tools, with organizational and logical methods strictly related to the stated purposes.
In addition to the Data Controller, categories of internal staff and external parties (such as third-party technical service providers, hosting providers) may access the data, all properly appointed as Data Processors or persons in charge of the processing.
Social Network Plugins
This website also includes plugins and/or buttons to allow easy content sharing on your favorite social networks.
When visiting a page containing a plugin, your browser connects directly to the social network’s servers, which may track your visit to our website and associate it with your account, especially if you are logged in or have recently browsed social network sites.
If you do not want the social network to record data about your visit to our website, log out of your account and delete any cookies installed by the social network in your browser.
Data collection and use by such third parties are governed by their respective privacy policies:
Facebook https://www.facebook.com/policies/cookies/
Instagram https://help.instagram.com/1896641480634370
Google Play https://support.google.com/googleplay/answer/32050
Apple Store https://support.apple.com/en-us/105082
User Rights
Under the GDPR, users may exercise the following rights, as provided by current regulations:
– Object, in whole or in part, on legitimate grounds, to the processing of personal data for advertising, direct sales, market research, or commercial communication purposes
– Request confirmation of the existence of their personal data (right of access)
– Know the origin of the data
– Receive intelligible communication of such data
– Receive information on the logic, methods, and purposes of processing
– Request data updating, correction, integration, deletion, anonymization, or blocking of data processed in violation of the law, including data not necessary for the purposes for which it was collected
– In cases where processing is based on consent, receive their provided data from the controller, in a structured, machine-readable format, commonly used by an electronic device, at the sole cost of the support
– File a complaint with the supervisory authority (Garante Privacy – https://www.garanteprivacy.it/web/garante-privacy-en/home_en)
– Exercise all other rights granted by current legislation
Requests must be submitted to the Data Controller using the contact information below.
Data Controller Contact Details
The Data Controller is RAV Srl, represented by its pro tempore administrator, located at Via Ombrone 12/c, Rome, 00198.
Phone: +39 06 69481223
Email: privacy@rimborsoalvolo.it
