CAMPING ITALY S.r.l. – headquartered in Via Porciglia, 15 - 35121 Padua (Italy), VAT registration number 03268700287 (hereinafter the “Data Controller”), owner of the websites https://www.campingitaly.it, https://booking.campingitaly.it, https://prenotazioni.campingitaly.it, https://buchung.campingitaly.it (hereinafter the “Sites”), in its capacity as the personal data controller pertaining to users who browse and are registered on the sites (hereinafter the "Users") hereby provides its privacy policy pursuant to the provisions of Art. 13 of EU Regulation 2016/679 of 27 April 2016 (hereinafter referred to as the “Regulation” or the “GDPR” or the “Applicable Legislation”).

These Sites and any services offered through the Sites are reserved for people who are 18 years of age and over. The Data Controller does not collect personal data relating to persons under the age of 18, unless entered by users over the age of 18 who declare that they can exercise parental responsibility. At the request of Users, the Data Controller will promptly erase all personal data unintentionally collected and relating to persons under the age of 18.

 The Data Controller takes the utmost account of the right to privacy and protection of the personal data of its Users. For any information in relation to this privacy policy, Users may contact the Data Controller at any time, in one of the following ways:

• By sending a registered letter with return receipt to the Data Controller’s registered office
• By sending an e-mail to: privacy@campingitaly.it.

1. Purposes of processing

The personal data of Users will be lawfully processed by the Data Controller pursuant to the provisions of Art. 6 of the Regulation for the following processing purposes: 

1. site navigation, in relation to the possibility of collecting User data that is technically necessary, such as IP address, when browsing the sites.
2. contractual obligations and provision of the service in the case of on-line bookings, to implement the General Terms and Conditions of Sale, which the User accepts when registering on the booking site and to fulfil specific User requests. The user data collected by the Data Controller for the purpose of possible registration on the booking site include:
   1. Compulsory: E-mail address, Name, Surname, Address, Country, date of birth (for age verification) and mobile phone number
   2. Optional: any personal information about the User that may be voluntarily included in the contact forms of the booking site.
   3. Unless the User gives the Data Controller a specific and optional consent to the processing of their data for the further purposes set out in the following paragraphs, the User’s personal data will be used by the Data Controller solely for the purpose of ascertaining the User’s identity (including by validating their e-mail address), thus avoiding possible fraud or abuse, and contacting the User for service purposes only (e.g. notifying the user about the services offered on the booking site). Without prejudice to the provisions elsewhere in this privacy policy, under no circumstances shall the Data Controller make the Users' personal data accessible to other Users and/or third parties. 
3. administrative and accounting purposes, i.e. to carry out organisational, administrative, financial and accounting activities, such as internal organisational activities and activities functional to the fulfilment of contractual and pre-contractual obligations;
4. legal obligations, or to fulfil obligations envisaged by law, by an authority, a regulation or European legislation;
5. receiving CVs used for recruitment, using the appropriate contact form. A specific policy will be provided on the relevant page.

The provision of personal data for the aforementioned processing purposes is optional but necessary, as failure to provide such data will make it impossible for the User to browse the Sites, register on the Sites and use the services offered by the Data Controller on the Sites.

2. Additional processing purposes: marketing and newsletters (sending advertising material, special offers)

With the User’s free and optional consent, certain personal data of the User (i.e. name, surname, e-mail address, address) may be processed by the Data Controller also for marketing and newsletter purposes (sending advertising material, direct sales, commercial communication, sending newsletters containing information in relation to important industry news related to the activities of the Sites), i.e. to enable the Data Controller to contact the User by mail, e-mail, to propose to the User the purchase of products and/or services offered by the same Data Controller, to submit offers, promotions and business opportunities.   In the absence of consent, the User’s ability to register on the Sites will not be affected. In the event of consent, the User may at any time revoke their consent by making a request to the Data Controller in the manner set out in paragraph 6 below.

The User may also easily object to receiving further promotional communications and newsletters via e-mail by clicking on the appropriate opt-out link, which is present in every promotional e-mail and newsletter.

 The Data Controller hereby states that, following the exercise of the right to object to receiving promotional communications and newsletters by e-mail, it may be the case that, for technical and operational reasons (e.g. compiling of the contact list completed shortly before the Data Controller received the User’s opt-out request), the User may continue to receive some additional promotional and newsletter messages. Should the User continue to receive promotional and newsletter messages after 24 hours of exercising their right to opt out, please report this issue to the Data Controller using the contact details provided in paragraph 6 below.

Please note that the Data Controller's Newsletter is operated on the Active Campaign platform, which belongs to ActiveCampaign LLC, with its registered office at 1 North Dearborn Street, 5^th floor, Chicago, IL 60602 (USA), which ensures compliance with personal data protection regulations, is registered with the Data Privacy Framework - please refer to their privacy policy (https://www.activecampaign.com/legal/privacy-policy).

3. Data processing methods and storage times

The Data Controller will process User personal data using the manual and computerised tools, on the basis of procedures strictly correlated with the above purposes and in any event in such a manner as to ensure the security and confidentiality of the data.

The personal data of Users of the Sites will be kept for the time strictly necessary to carry out the primary purposes described in paragraph 1 above, or in any case as necessary for the protection in civil proceedings of the interests of both Users and Data Controller, except as stated in the specific recruitment policy.

In the cases referred to in paragraph 2 above, Users' personal data will be retained until their consent is revoked or they request to opt out and, in any event, within the limits set out in the Applicable Legislation.

4. Legal basis of processing

With reference to the purposes referred to in points (1.1, 1.2, 1.3, 1.5), the legal basis of the processing is indeed the provision of the services provided through the Sites and requested by you (pursuant to Article 6, paragraph 1, letter b of the Privacy Regulation 2016/679); with reference to the optional purposes referred to in paragraph (2), the legal basis of the processing is Your possible freely expressed consent (pursuant to Article 6, paragraph 1, letter a of the Privacy Regulation 2016/679); with reference to the purposes set out in point (1.4) of the previous paragraph, the legal basis of the processing is to fulfil a legal obligation to which the data controller is subject (pursuant to Article 6, paragraph 1, letter c of the Privacy Regulation 2016/679).

5. Data disclosure

Employees and/or collaborators of the Data Controller in charge of managing the Sites may become aware of the personal data of Users. These subjects, who are formally appointed by the Data Controller as “data processors”, will process the User’s data solely for the purposes indicated in this policy and in compliance with the provisions of the Applicable Legislation.

 Third parties who may process personal data on behalf of the Data Controller as “External Data Processors” may also become aware of the Users’ personal data; these include for example providers of IT and logistics services required for the operation of the Sites, outsourced or cloud computing service providers, professionals and consultants.

Users have the right to obtain a list of any data processors appointed by the Data Controller by sending a request to the Data Controller in the manner indicated in paragraph 6 below.

6. Rights of Data Subjects

Users may exercise their rights pursuant to the provisions of Art. 15 et seq. of the GDPR, in the manner envisaged by the provisions of Art. 12, by contacting the Data Controller as follows:

• By sending a registered letter with return receipt to the Data Controller’s registered office
• By sending an e-mail to: privacy@campingitaly.it

Should our company fail to respond within the time frames set out in the regulations or should you deem the response to the exercising of your rights to be unsuitable, you may lodge a complaint with the Personal Data Protection Authority. Below are their details: Garante per la protezione dei dati personali (Personal Data Protection Authority)( www.gpdp.it– protocollo@gpdp.it).