This data protection declaration is based on the terms used by the European legislation for the adoption of the General Data Protection Regulation (“GDPR”). This data protection declaration should be legible and understandable for the general public, as well as customers and business partners. To ensure this, please see the following explanation of the terminology used.
In this data protection declaration, we use, among others, the following terms:
a) Personal data
Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
e) Controller or controller responsible for the processing
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
h) Third party
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Contact Details of the Controller and Processor
3. Legal Basis for Processing of Your Data
Insofar as the data subject provides consent for processing, Art. 6 para. 1 sentence 1 lit. a) GDPR is the legal basis;
In case of processing of personal data necessary for the fulfillment of a contract, the legal basis is Art. 6 para. 1 sentence 1 lit. b) GDPR;
Insofar as processing of personal data is necessary for the fulfillment of a legal obligation, the legal basis is Art. 6 para. 1 sentence 1 lit. c) GDPR;
In the event that vital interests of the data subject or of another natural person require a processing of personal data, the legal basis is Art. 6 para. 1 sentence 1 lit. d) GDPR;
If processing is necessary to safeguard legitimate interests of our company or of a third party and if the interests, basic rights, and basic freedoms of the data subject do not outweigh these legitimate interests, the legal basis for processing is Art. 6 para. 1 sentence 1 lit. f) GDPR.
4. Retention periods
5. Rights of the data subject
Pursuant to statutory provisions, you can assert the following rights vis-à-vis the data processing controller free of charge:
Right to access by the data subject (Art. 15 GDPR);
Right to rectification and erasure (Art. 16 and Art. 17 GDPR);
Right to restriction of processing (Art. 18 GDPR);
Right to data portability (Art. 20 GDPR);
Right to object (Art. 21 GDPR).
You also have the right to complain to a data protection supervisory authority concerning the controller’s processing of your personal data.
Cookies are used to make the website more user-friendly (so-called “Necessary Cookie”). Without the use of these cookies, the number of unique users on the website cannot be determined, or provide you with certain functions. In addition, cookies are also used for the website presence, which, for example, allows surfing behavior to be analyzed. If cookies are used beyond this, they are expressly mentioned below.
1. Google Analytics (with anonymization function)
This website has integrated the components of Google Analytics. Google Analytics is a web analytics service by Google Inc. (“Google”) 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA. Google is certified under the Privacy Shield Treaty and thus offers a guarantee that it complies with the European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Web analytics is the collection, gathering, and analysis of data about the behavior of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimization of a website and in order to carry out a cost-benefit analysis of Internet advertising.
Therefore, Google Analytics places a cookie on the information technology system of the data subject. With the setting of the cookie, Google is enabled to analyze the use of the website. With each call-up to one of the individual pages of this Internet site, which is operated by the controller and into which a Google Analytics component was integrated, the Internet browser on the information technology system of the data subject will automatically submit data through the Google Analytics component for the purpose of online advertising and the settlement of commissions to Google. During the course of this technical procedure, the enterprise Google gains knowledge of personal information, such as the IP address of the data subject, which serves Google, inter alia, to understand the origin of visitors and clicks.
This web page uses the extension code “anonymizeIp” to ensure an anonymous collection of IP addresses (so-called IP-masking). By activating IP anonymization on our web page, your IP address will be priorly abridged by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area (EEA). Only in exceptional cases the complete IP address will be transmitted to a Google server in the USA and then abridged there. Google will use this information on our behalf to evaluate your use of the website, to compile reports on web page activity and to provide the website operator with other services relating to web page and Internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.
This processing of personal data is carried out pursuant to Art. 6 para. 1 sentence 1 lit. f of the GDPR.
Letsgotosardinia use Google Analytics to analyze and regularly improve the use of the website. This allows Letsgotosardinia to improve the offer and make it more interesting for you as a user of the website.