Privacy Policy and Cookies

Last revised on 16 July 2021

1 – INTRODUCTION

We are very happy about your interest in our company and are committed to protecting your privacy.

At Letsgotosardinia, we collect, process and use the information you provide to us by using the website www.letsgotosardinia.eu, and the online booking platform www.regiondo.com through the subdomain of our ticket shop www.letsgotosardinia.regiondo.com and www.letsgotosardinia.regiondo.it.

We will use your personal data only for the purposes and in the manner set forth below, which describes the steps we take to ensure our processing of your personal data in compliance with the EU General Data Protection Regulation (GDPR) 2016/679 and any implementing Data Protection Legislation.

2 – DEFINITIONS
This data protection declaration is based on the terms used by the European legislation for the adoption of the General Data Protection Regulation (“GDPR”).
This data protection declaration should be legible and understandable for the general public, as well as customers and business partners. To ensure this, please see the following explanation of the terminology used.

a) Personal data
Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject
Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.

c) Processing
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

e) Controller or controller responsible for the processing
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

f) Processor
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

g) Recipient
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

h) Third party
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

i) Consent
Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

3 – WHAT DATA DO WE COLLECT?
When you visit or use our website www.letsgotosardinia.eu and the subdomain of our ticket shop www.letsgotosardinia.regiondo.com and www.letsgotosardinia.regiondo.it, we may collect and process information you give us:

-Identity Data, including first name, last name, username or similar identifier, and title.
-Contact Data, including your address, email address and telephone numbers.
-Financial Data, including bank account and payment card details collected and used solely for purposes of completing your purchase offline.
-Other Data, including enquiries and bookings made by you, your preferences, important information required for the delivery of bookings, such as dietary requirements, tax code for issuing fiscal documents and other information as required dependent on the booking, your feedback and review responses, and password and username as applicable.

We do not store, use or disclose to any third party your bank account details or credit card information by any means.

We do not have access to your bank account details or payment card information on purchases made through the subdomain of our ticket shop www.letsgotosardinia.regiondo.com and www.letsgotosardinia.regiondo.it.

In addition to the information you provide to us, we collect certain information when you visit our website with anonymization function. The following additional information may be collected: type of devices used to access the website; information about your visit, including the clickstream to, through and from our website (including date and time); products you viewed or searched for; page response times, length of visits to certain pages, and page interaction information (such as scrolling, clicks, and mouse-overs).

4 – HOW DO WE USE THE DATA?
We will only use your personal data for the purposes and legal bases set out below.

Essential (contractual) uses
The following is essential in order for us to carry out the service you request from us:
– to process and manage your enquiries and bookings;
– to provide you with information and updates related to bookings you have requested;
– to provide customer service and support;

Commercial uses
By filling our contact form or proceeding with the booking you agree to receive ideas and special offers about trips that we think may interest you from time to time.
You can unsubscribe from our mailing list at any time.

Legitimate uses
Data protection regulation allows for personal data to be processed in certain circumstances that are defined as ‘legitimate interests’.
We believe the following uses are necessary to support our legitimate interest in providing a world class service to you, provided such interests are not overridden by your interests and rights.
However, you can unsubscribe from our mailing list at any time.

-to manage, operate and continually improve our website and service to you;
-to ensure that content is presented in the most effective and safe manner for you and for your computer;
-to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
-to measure or understand the effectiveness of our marketing activity;
-to record and support your participation in the features and services you select;
-to assist in providing the highest level of customer care;
-to notify you about important changes to our business and service, which are likely to affect you directly (this may include, for example, updates to our Privacy Policy, or notification of a discontinuation or fundamental change to our products and services);

5 – DO WE SHARE PERSONAL INFORMATION WITH THIRD PARTIES?
We may share essential data to the following third parties:

– partners we work with in order to fulfil and deliver the services included in the travel package. By proceeding with the booking you acknowledge that some essential information you share with us will be passed on to partners for the only purpose of fulfilling the service included in the travel package; your identity data (first name and last name), for example, will be passed on to hotels for allocating the rooms.
We cannot be responsible for the privacy policy or actions of our partners.

– public authority or court if it is requested and necessary to comply with legal and regulatory obligations for the prevention and detection of fraud, money laundering or other crimes;

– accounting service providers (e.g.: Aruba), for issuing fiscal documents; the only and mandatory information needed for this purpose are identity data (first and last name), place of residence and tax code;

– email marketing platform such as Mailchimp.com, to inform existing or potential clients about our offers. The only data we may share are identity data and email address;

– providers of analytics and technology services to help us better understand our users’ needs and to optimize this service and experience, including Google Analytics*;

We may also provide non-personal data to third parties, where such information is combined with similar information of other users of the Website. The aggregate information that we share may include anonymous information that is captured through the use of cookies and other similar tracking technology. The third parties to whom we may provide this information may include our Website design, data analysts, development and hosting contractors.

We may also share your personal data to the following recipients:

-a corporate reorganisation, insolvency proceeding, or other similar event, if permitted by and done in accordance with applicable law;

-if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or court order, or in order to enforce, establish, exercise or defend legal rights, rights, the property, or safety of you, us, our group, or employees;

-to detect, prevent, or otherwise address fraud, security, or technical issues;

-to protect against harm to the rights, property or safety of Us, our employees, our users, customers, or the public as required or permitted by law;

By any means, we will never sell your personal data.

*Google Analytics (with anonymization function)

This website has integrated the components of Google Analytics. Google Analytics is a web analytics service by Google Inc. (“Google”) 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA. Google is certified under the Privacy Shield Treaty and thus offers a guarantee that it complies with the European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Web analytics is the collection, gathering, and analysis of data about the behavior of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimization of a website and in order to carry out a cost-benefit analysis of Internet advertising.
Therefore, Google Analytics places a cookie on the information technology system of the data subject. With the setting of the cookie, Google is enabled to analyze the use of the website. With each call-up to one of the individual pages of this Internet site, which is operated by the controller and into which a Google Analytics component was integrated, the Internet browser on the information technology system of the data subject will automatically submit data through the Google Analytics component for the purpose of online advertising and the settlement of commissions to Google. During the course of this technical procedure, the enterprise Google gains knowledge of personal information, such as the IP address of the data subject, which serves Google, inter alia, to understand the origin of visitors and clicks.

This web page uses the extension code “anonymizeIp” to ensure an anonymous collection of IP addresses (so-called IP-masking). By activating IP anonymization on our web page, your IP address will be priorly abridged by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area (EEA). Only in exceptional cases the complete IP address will be transmitted to a Google server in the USA and then abridged there. Google will use this information on our behalf to evaluate your use of the website, to compile reports on web page activity and to provide the website operator with other services relating to web page and Internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.

The data subject may, as stated above, prevent the setting of cookies through the website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Google Analytics from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Google Analytics may be deleted at any time via a web browser or other software programs.

In addition, the data subject has the possibility of objecting to a collection of data that are generated by Google Analytics, which is related to the use of this website, as well as the processing of this data by Google and the chance to preclude any such. For this purpose, the data subject must download a browser add-on under the link https://tools.google.com/dlpage/gaoptout and install it. This browser add-on tells Google Analytics through a JavaScript, that any data and information about the visits of Internet pages may not be transmitted to Google Analytics. The installation of the browser add-ons is considered an objection by Google. If the information technology system of the data subject is later deleted, formatted, or newly installed, then the data subject must reinstall the browser add-ons to disable Google Analytics. If the browser add-on was uninstalled by the data subject or any other person who is attributable to their sphere of competence, or is disabled, it is possible to execute the reinstallation or reactivation of the browser add-ons.

Further information and the applicable data protection provisions of Google may be retrieved under
https://www.google.com/intl/en/policies/privacy/
and under
https://www.google.com/analytics/terms/us.html.

Google Analytics is further explained under the following Link https://www.google.com/analytics/.

This processing of personal data is carried out pursuant to Art. 6 para. 1 sentence 1 lit. f of the GDPR.

6 – WHERE IS YOUR DATA STORED?
The data that we collect from you will be transferred and stored both in physical electronic devices and in the cloud.

By submitting your personal data, you agree to this transfer, storing or processing, including such transfer storing or processing in any cloud service. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Privacy Policy and the Data Protection Legislation.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

7 – HOW LONG DO WE STORE YOUR DATA?
We store your personal data during the time that you are a customer, for purposes of providing you the services, and for up to 24 months after you cease to be a customer. If you have never been a customer, but have consented to receive information or marketing updates from us, we may store your data for up to 24 months after the last time you used the platform.

We reserve the right to store or delete your personal data earlier or later than set forth herein if required to do so by an applicable law or regulation, including the GDPR and for the exercise or defence of legal claims.

8 – LINKS TO OTHER WEBSITES
Our Website contains links to third party websites, such as Facebook and Instagram, as well as the online booking platform www.regiondo.com through the subdomain of our ticket shop www.letsgotosardinia.regiondo.com and www.letsgotosardinia.regiondo.it.

If you follow a link to any of those third party websites, please note that those websites have their own privacy policies and we do not accept any responsibility or liability for those practices. Please check those policies before you submit any personal data to those websites.

However, when you are making a booking through the subdomain of our ticket shop www.letsgotosardinia.regiondo.com and www.letsgotosardinia.regiondo.it, owned by Regiondo.com, in first place, you will only give consent to use your essential data.

9 – YOUR RIGHTS
Letsgotosardinia is committed to ensuring that you have control and visibility of your personal data. Below is a summary of your rights and additional commitments. You may exercise your rights by contacting us via email at the email address carlo@letsgotosardinia.eu.

Right of Access and Rectification
It is your responsibility to ensure that any information you have provided to us is accurate and up-to-date.
If you wish, you can request a copy of all the personal data we hold about you, and you have the right to request that we correct any inaccuracies in the personal data we hold about you and complete any personal data where this is incomplete.

Right to Erasure ‘Right to be Forgotten’ (Art. 17 GDPR)
You have the right to have your personal data erased.
In doing so, your details will be removed from our backup systems as well as live systems.
Please note that we must legally hold fiscal documents containing your personal data for minimum 5 years.
If you wish to delete your account and you have booked onto a trip with us that has yet to depart, then you’ll need to claim your right upon your return. You have the right to request that your personal data be deleted in certain circumstances including:
– the personal data are no longer needed for the purpose for which they were collected;
– you withdraw a consent (where the processing was based on consent);
– you object to the processing and there are no overriding legitimate grounds justifying us processing the personal data (see Right to Object below);
– the personal data have been unlawfully processed;
– to comply with a legal obligation;

However, this right does not apply where, for example, the processing is necessary:
– to comply with a legal obligation;
or
– for the establishment, exercise or defence of legal claims.

Right to Restriction of Processing (Art. 18 GDPR)
You can ask that we restrict your personal data (i.e., keep but not use) where:
– the accuracy of the personal data is contested;
– the processing is unlawful but you do not want it erased;
– we no longer need the personal data but you require it for the establishment, exercise or defence of legal claims;
or
– you have objected to the processing and verification as to our overriding legitimate grounds is pending.

We can continue to use your personal data:
– where we have your consent to do so;
– for the establishment, exercise or defence of legal claims;
– to protect the rights of another;
or
– for reasons of important public interest.

Right to Data Portability (Art. 20 GDPR)
Where you have provided personal data to us, you have a right to receive such personal data back in a structured, commonly-used and machine-readable format, and to have those data transmitted to a third-party data controller without hindrance but in each case only where:
– the processing is carried out by automated means;
and
– the processing is based on your consent or on the performance of a contract with you.

Right to Object (Art. 21 GDPR)
You have a right to object to the processing of your personal data in those cases where we are processing your personal data in reliance on our legitimate interests. In such a case we will stop processing your personal data unless we can demonstrate compelling legitimate interests which override your interests and you have a right to request information on the balancing test we have carried out. You also have the right to object where we are processing your personal data for direct marketing purposes.

Automated Decision-Making (Art. 22 GDPR)
You have a right not to be subjected to decisions based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affects you other than where the decision is:
– necessary for entering into a contract, or for performing a contract with you;
– based on your explicit consent – which you may withdraw at any time;
or
– is authorized by European Union or Member State law;
Where we base a decision solely on automated decision-making, you will always be entitled to have a person review the decision so that you can contest it and put your point of view and circumstances forward.

Right to Complain (Art. 77 GDPR)
You have the right to lodge a complaint with the Data Protection Authority, in particular in your place of residence, place of work or place of an alleged infringement, if you are unhappy with how we are processing your personal data.
We will respond to your request in writing, or orally if requested, as soon as practicable and in any event not more than one month after receipt of your request. That period may be extended by two further months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt of your request. We may request proof of identification to verify your request.

10 – COOKIES
This website uses cookies, which are small text files that, within the scope of your visit to this website, are transmitted from our website to your browser and are stored by your browser on your computer for later retrieval. You yourself can determine, through settings in your browser, the extent to which cookies can be placed and retrieved. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of the website may be entirely usable.

Cookies are used to make the website more user-friendly (so-called “Necessary Cookie”). Without the use of these cookies, the number of unique users on the website cannot be determined, or provide you with certain functions. In addition, cookies are also used for the website presence, which, for example, allows surfing behavior to be analyzed. If cookies are used beyond this, they are expressly mentioned.
Legal basis for the use of cookies is Art. 6 para. 1 sentence 1 lit. f) GDPR unless specified otherwise.

Type of cookies used by the website www.letsgotosardinia.eu:

11 – FACEBOOK CONVERSION PIXELS
We use the “Custom Audience pixel” of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) on our website. With its help, we can keep track of what users do after they see or click on a Facebook advertisement. This enables us to monitor the effectiveness of Facebook ads for purposes of statistics and market research. Data collected in this way is anonymous to us, which means we cannot see the personal data of individual users. However, this data is saved and processed by Facebook. Facebook can connect this data with your Facebook account and use it for its own advertising purposes, in accordance with Facebook’s Data Policy which can be found at https://www.facebook.com/about/privacy/. You can allow Facebook and its partners to place ads on and outside of Facebook. A cookie can also be saved on your device for these purposes.

Please click here if you would like to withdraw your consent https://www.facebook.com/settings/?tab=ads#_=_

12 – CHANGES TO OUR PRIVACY AND COOKIES POLICIES
We reserve the right to change our Privacy and Cookies Policies from time to time at our sole discretion. If we make any changes, we will post those changes here and update the “Last revised” date at the top.
Where you have previously consented to our use of your personal data, your continued use of the website after we make changes is deemed to be acceptance of those changes, so please check the Privacy and Cookies Policies periodically for updates.
If we consider the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of privacy and cookies policy changes). We will also keep prior versions of the Privacy and Cookies Policies in an archive for your review.

13 – CONTACT DETAILS OF THE CONTROLLER AND PROCESSOR
If you have any questions, comments, requests and complaints regarding our Privacy and Cookies Policies and the information we hold, please refer to:

Carlo Melis
Founder and General Manager of Letsgotosardinia by Carlo Melis and owner of the domain www.letsgotosardinia.eu
E-mail: carlo@letsgotosardinia.eu
T.: +39 389 0190 723