Dear User,
We inform you that this privacy policy is intended to describe how the website is managed: www.vaticanticketstours.com (hereinafter also the “Portal”) owned by the company Savelli Arte e Tradizione s.r.l. – Via Paolo VI 27-29, 00193, Rome – P.I. 01064671009 – tel. +39 06 68307017– info@vaticanticketstours.com, in
reference to the processing of personal data of Users who consult it.
This privacy policy constitutes information provided pursuant to art. 1 of Legislative Decree 196/2003, as amended by Legislative Decree 101/2018, containing the “personal data protection”; (hereinafter also the “code”) and 13 of the (EU) regulation 2016 / 679 of the European Parliament and of the Council of 27 April 2016, containing the “General Data Protection Regulation”; (hereinafter also the “Regulation”), to the Users who connect to the Portal.
The information applies only to information collected online by Savelli Arte e Tradizione s.r.l through the Portal, and through our telephone support.
The privacy information does not apply to other websites that may be consulted by the User through specific links, which are not in the control of the Owner.
The information also takes into account the contents of recommendation no. 2/2001 of the “WP 29”; group, adopted on May 17, 2001 to identify some minimum requirements for the collection of personal data online, and, in
particular, the methods, times and nature of the information that the data controllers they must provide Users when they connect to web pages, regardless of the purpose of the connection.
Users are required to carefully read this privacy policy before forwarding any type of personal information and / or filling in any electronic form on the Portal.
For the use of specific services by Users, specific information will be provided from time to time and, where necessary, specific consent to the processing of their personal data will be requested. Savelli Arte e Tradizione s.r.l.
You can change the content of these privacy rules at any time by publishing the new version on the Portal. All new privacy terms and conditions will be effective on the date of publication.
– Data controller
The company Savelli Arte e Tradizione srl, Via Paolo VI 27-29, 00193 Rome, customer service +39 06 68307017, info@vaticanticketstours.com, section contact us www.vaticanticketstours.com, is the owner of the processing of
personal data of Users, who access the Portal. The Data Controller manages the Portal and processes the data of Users who browse within it and / or access the following sections:
• Shopping Cart
• Customer service email – contact us
• Newsletter
• Checkout
• Reserved area
In fact, we inform you that in order to provide the products or services requested by Users, some personal data may be requested:
• When creating an account on www.vaticanticketstours.com
• When making purchases;
• When you subscribe to the newsletter and request to receive communications;
• When contacting the staff or sending messages for the purposes indicated in the forms on the site itself.
This personal data includes:
• Login and account information, including screen name, password and unique user ID;
• Contact details including name, e-mail, telephone and shipping number, billing address;
• Information relating to orders and payment methods;
• Pictures, photos and videos;
The Data Controller collects, manages, processes, conserves and deletes the personal data of the Portal Users, making use of the collaboration of internal and external managers for the processing of data and data processors, appointed for this purpose, in compliance with the provisions of law and regulations.
The complete list of persons in charge and data processors can be known by contacting Savelli Arte e Tradizione s.r.l. – Via Paolo VI 27-29, 00193 Rome, customer service +39 06 68307017, info@vaticanticketstours.com, contact section of the Portal.
– Data protection officer
The Data Controller has appointed Alessandra Savelli as "Data Protection Officer" (hereinafter also “DPO”) who can be contacted by writing to Savelli Arte e Tradizione s.r.l. – Via Paolo VI 27-29, 00193 Rome, customer service +39 06 68307017, info@vaticanticketstours.com.
– External data processor
The Data Controller reserves the right to appoint external Data Processors, pursuant to art. 28 of the Regulation, for the execution of the following services: the monitoring and analysis of the activities on the site and the effectiveness
of our advertising communications, the offer of support services, the supply of site content (including the search function on the site), organizing data, conducting surveys, support with our social media pages.
These third parties may have access to the User’s personal data to provide services to the Data Controller and to process personal data for the Data Controller, but they cannot process the aforementioned information for different purposes.
We also inform you that the Data Controller uses PayPal in the case of online purchases on the Portal. Payments are processed by the PayPal circuit and the information provided at checkout will be collected directly by PayPal. The use
and sharing by PayPal of the personal information collected is indicated in the PayPal privacy policy.
– Place of treatment
The processing of Users' personal data, acquired through the navigation of the Portal, takes place through servers in use by the Data Controller in Italy, which are located in the countries of the European Union and the Economic Area
Europe (SEE), which can be accessed by the Data processors authorized for this purpose by the Data Controller concerned, and are only handled by personnel in charge of processing the Data Controller, and / or authorized third parties, such as external Data Processors, appointed for this purpose.
The data processing takes place on the basis of their conservation in computer archives also kept at the company. No data processed through the Portal is communicated or disseminated. PayPal may process the data necessary for making payments outside the EU and EEA. For any clarification, please check the PayPal privacy policy.
– Method of treatment
The Data Controller processes the personal data of Users by adopting the appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of personnel.
The treatment is carried out using IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated. In addition to the Data Controller, in some cases, categories of agents involved in the organization of the site (administrative, commercial, marketing, legal, system administrators) or external subjects (such as third party technical service providers, postal couriers) may have access to data.
Hosting provider, IT companies, communication agencies) also appointed, if necessary, responsible for the treatment by the Owner. The updated list of managers can always be requested from the Data Controller.
– Purpose
The Portal provides information about the company and the services it offers. In addition to browsing data, the Data Controller may process User data, provided voluntarily, in the “contact”;”newsletter”;”Shopping Cart”,
“Checkou”;”Reserved Area”; sections.
– Types of data collected
Navigation data During their normal operation, the IT systems and software procedures used to operate the Portal acquire some personal data (so-called Log files) whose transmission is implicit in the use of internet communication protocols.
This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes the IP addresses or domain names of the computers used by the Users who connect to the site, the addresses in uri notation (uniform resource identifier) of the requested resources, the time of the
request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the User’s IT environment.
For any access to the Portal, regardless of the presence or absence of a cookie, the site may register the following information:
type of browser (e.g. Internet Explorer, Google Chrome), operating system (e.g. Windows, Macintosh), the host and the url of origin of the visitor, in addition to the data on the requested page.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site or to third parties: except for this eventuality, the data on web contacts are currently not stored permanently, unless any User requests are made.
– Data provided voluntarily by the User
The User can browse the site without revealing his / her identity to the Data Controller. However, if the User chooses to provide their personal data, he agrees to the collection and use of the same as described in these privacy policies.
If the User, by connecting to this Portal, should send – in an optional, explicit and voluntary way – his personal data inthe “Contact”;”Newsletter”;”Shopping Cart”; “Checkout”; sections, this will entail the acquisition and the processing of the same by the Data Controller for the explicit purposes.
By personal data provided, we voluntarily mean:
• Personal data (name, surname)
• Identification data (company name. C.F., P.I.) Location data (city)
• Contact details (telephone, email).
In fact, it is possible that the User provides their personal data, as follows:
-contact us” form: when the User fills in the generic “contact”; form on the Portal (for example to comment or ask for information on the goods), data such as name and e-mail address may be processed, as well as any information provided in the message text.
– Registration to the marketing mailing list: registration to the marketing mailing list (“subscribe”; option) implies the communication of your e-mail address and consent to the processing of personal data in relation to the sending of e-mails for the purpose commercial.
Subscribing to the mailing list allows you to receive product information via email. You can choose to unsubscribe from the list if you no longer wish to receive
marketing emails. If the User wants to cancel, see the”right to object”; section of this privacy policy.
– Sending an article to a friend: when the User e-mails an article on the Portal to a friend, the recipient willdisplay the sender’s name and e-mail address, as well as any information provided in the message text. The recipient’s e-mail address will not be collected or used for promotional purposes neither by the Data
Controller nor by its affiliated companies, and the information will not be licensed, sold or exchanged with third parties. Any information contained within the message will not be read or processed by the owner.
Reports of an article should only be sent if you believe the friend in question is interested and would like to receive this information.
– Gift messages: when you buy on the Portal, you have the possibility to request the gift option and add a message. No information contained in gift messages will be examined.
– Creation of an account: Users are given the opportunity to create an account on the Portal. The creation of an account allows Users to enjoy a more personalized experience on the Portal, to create an address book, to save their shopping cart and to take advantage of the “quick checkout”; thanks to the automatic insertion of the billing address, and the predefined shipping data. The creation of an account involves the insertion of e- mail address, name and surname as well as the creation of a password, and allows the User to specify the postal address, telephone number, day and month of his date of birth and gender.
Once you have created an account, you will receive a welcome email at the email address entered in the “email”; field during the registration process. By doing so, the User consents to the processing of their personal data. To request the
cancellation of your account, send an e-mail to info@vaticanticketstours.com including the e-mail address relating to the account you wish to cancel.
– Purchases in the online shop: if the User purchases goods through the Portal, his personal data will be processed for this purpose (ie name, billing and shipping address, e-mail address, telephone number), as well as data on purchases made on our websites, which can be integrated with those relating to in-store purchases. Furthermore, if you have created an account, you will be able to view the details of your order after logging in to your account. Paypal will act as a data manager regarding the personal information collected from our payment page in order to determine whether PayPal will allow its use as a payment method. How PayPal uses and shares the personal information collected is indicated in PayPal’s privacy
policy.
The Data Controller of the Portal Users does not process the particular data referred to in art. 9 of the regulation. Users who have doubts about which data are mandatory are encouraged to contact the owner.
– Cookies
Cookies are not used for the transmission of personal information, nor are systems used for tracing, identifying and profiling Users. The use of so-called Cookies is strictly limited to the transmission of session identifiers (consisting of
random numbers generated by the server) necessary to allow the safe and efficient exploration of the site and used for statistical purposes for the detection of monthly unique visitors. The cookie can be deleted by the navigator using
the functions of your navigation program. For more information check the “cookie policy”.
– Social media
Personal information can be collected directly from the Portal through social media pages and can be collected from
social media that host the social media page of Art & Tradition Tours. The collection of personal data directly by
Savelli Arte e Tradizione on social media pages will include the types of data; “personal data”; indicated in this privacy policy. The data collected on our social media pages will be used and shared by the Data Controller in compliance of
this privacy policy.
This privacy policy does not include the practices adopted regarding privacy and security from social media sites. If you have any questions about the practices adopted by social media sites regarding privacy and security, please consult the privacy policy and terms of service of the sites.
– Information collected via telephone support
The Data Controller may collect personal information about a User if he contacts us by phone. These data include information that the User provides us by telephone, concerning himself or the problem for which he is contacting us.
We will use this information for the sole purpose of providing appropriate customer support service.
– Faculty of providing data
Apart from that specified for navigation data, the User is free to provide the personal data requested in the”contactus”;, “newsletter”;,”Shopping Cart”;, “Checkout”;”Reserved Area”; sections. The personal data voluntarily provided in
the "Contact us", "Newsletter" sections are necessary and mandatory in order to obtain a response from the DataController.
Failure to provide the same inhibits, in fact, the possibility of forwarding the relevant request in the appropriate section. Failure to provide the necessary data in the “Reserved Area”;”Shopping Cart”;”Checkout”; inhibits the Data Controller from providing the relevant customer service, as well as fulfilling contractual provisions.
It should be remembered that in some cases established strictly (not subject to the ordinary management of the Portal) the authority can request news and information, for the purpose of monitoring the processing of personal data. In these cases, the reply is mandatory under penalty of an administrative penalty.
– Legal basis of the treatment
The data of Users who access the Portal are processed on the following legal bases:
• The interested party has expressed consent for one or more purposes;
• Processing is necessary for the execution of a contract;
• Processing is necessary to fulfill a legal obligation;
• The treatment is necessary for the pursuit of a legitimate interest of the owner.
– Duration of processing and deletion of data
The data are processed for the time necessary to perform the service requested by the User. The period of time
for which we will keep personal data depends on the purpose for which it was collected. The collected data will
be kept for the time necessary to fulfill the purpose for which it was collected.
These personal data will subsequently be deleted, unless it is mandatory by law to keep them or it is not necessary to keep them in order to comply with our legal obligations (for example for tax or accounting purposes).
Personal data collected forpurposes related to the legitimate interest of the Data Controller will be retained until this interest is satisfied.
The User can obtain further information regarding the legitimate interest pursued by the Data Controller in the relevant sections of this document or by contacting the Data Controller. The User can always request the interruption of treatment or the deletion of data, in compliance with the applicable regulation.
– Scope of data communication
No personal data deriving from browsing the Portal, by accessing the “Contact Us”;”Newsletter”; or “Reserved Area”; “Shopping Cart”, “Checkout”; sections, is communicated or disseminated.
Personal data are processed:
• To understand the needs and preferences of customers, provide content on the website, customize the browsing experience on our website and promotional materials, to develop, promote, sell and offer products and services, as well as carry out any surveys, searches and ratings.
• To analyze customer interactions with our company, including the activities carried out on our websites, the effectiveness of our advertising and customer purchases.
• To answer any questions relating to our websites, or to an order, which are sent via “contact us”; function, or by any method used to contact us, including email, telephone or mail.
• To complete the purchase operations of our items or to process returns or exchange of goods.
• To detect and protect us and other third parties against misuse of our websites (such as spamming), negligence, fraud, theft and other illegal activities and to ensure compliance with our and their internal policies and to cancel or suspend access or use of our websites to undertake the activities mentioned above.
• To update the address book and other information saved in your online account, as well as to update the password and other data.
• To meet administrative, tax, investigative or other verification requirements or any other disclosure legislation or law.
To the extent required by applicable laws, rules and regulations regarding our offer of goods and services to the customer. To the extent permitted by applicable laws, rules and regulations and to satisfy any legal or regulatory requirement.
The information provided by the User will not be used for promotional purposes and such information will not be sold or provided to third parties.
The data provided by the User on the social media pages of Art &Tradition Tours are used to send communications regarding our products, services and promotions, to respond to requests for information, to conduct surveys, lotteries or competitions, to analyze the activity on our social media pages and to develop our products and services.
The information provided by the User during the creation of an account can be shared with third parties to allow the User to be sent e-mails and messages associated with his account and any eventual program or promotion.
The Owner does not sell or grant third parties the right to process Users& e-mail addresses for their own marketing purposes.
Please note that if a User requests to be removed from the advertising mailing list, he will still continue to receive the e-mails confirming the orders placed on our websites.
If you wish to cancel, see “the right to object”; section of this
privacy policy. The Data Controller does not sell or grant third parties the right to process User’s postal addresses for their own marketing purposes. The Usere’s personal data are known, processed and managed by employees and possibly parasubordinated subjects of the Data Controller, appointed and instructed for the purpose of the treatment, in compliance with the applicable legal and regulatory requirements, as well as by the data processors , appointed, specifically appointed, and their employees and collaborators in charge.
The User acknowledges and accepts that the Data Controller has the right to disclose personal data at the request of the judicial authority, within the limits prescribed by law, as well as in cases of violation of the privacy rules, civil and
criminal proceedings, also for violation of the rights of third parties, in order to protect the rights, property or safety of each User.
Please also note that, if the Data Controller is obliged, or believes in good faith that he is obliged by law, or deems it reasonably necessary to protect the Users of the Portal, he may disclose certain information on Users.
In the event that the Owner is acquired by a new owner, the User’s information may be transferred to the new owner. If such an event occurs, the Data Controller will take all reasonable measures to ensure that the new owner processes the User's personal data in accordance with the terms of this privacy policy.
The privacy policy refers exclusively to the use and disclosure of data provided directly by the User. If personal data are communicated to others on other websites, the use and disclosure of the communicated data could be subject to
other rules. The Data Controller is not shared and does not control third party privacy policies or rules; and regarding other browsing, we inform you that the User is subject to the privacy rules of these third parties, if applicable.
We invite the User to take information on this before communicating his personal data to others.
– Marketing
The Data Controller does not sell, or give for compensation, the User's personal data collected during navigation on the Portal to third parties for marketing purposes, without the explicit consent of the interested User.
The Data Controller can associate User data with information that will be collected by other companies in order to improve and personalize the services offered and the contents of the Portal.
Occasionally, the User’s personal data may be processed to send commercial e-mails on the products, for which prior consent is still required. The User can choose not to receive e-mails for commercial purposes at any time, free of charge, by following the instructions in any marketing communication. You can also unsubscribe from the list if you no longer wish to receive marketing emails.
– Privacy of minors
The Portal for children under 16. In addition, personal information is not knowingly collected from minors under the age of 16. The baby products on sale on our website are intended for adult purchase only. No person under the age of 16 must provide personal information on our websites and / or in our stores.
– Rights of the interested parties
Transparent communications: pursuant to art. 7 of the code for the protection of personal data and of the articles 15
-23 and 34 of the regulation, Users of the Portal, by contacting the Data Controller, can obtain all the necessary communications relating to the treatment in a concise, transparent, intelligible and easily accessible form, with simple and clear language, in particular in the case of information intended specifically for minors. The information is provided in writing or by other means, including, where appropriate, by electronic means.
If requested by the interested party, the information can be provided orally, provided that the identity of the interested party is proven by other means. The Data Controller cannot refuse to satisfy the data subject’s request in order to exercise his rights, unless the Data Controller proves that he is unable to identify the data subject.
The Data Controller provides the interested party with information relating to the action taken regarding a request without undue delay and, in any case, at the latest within one month of receipt of the request. Except as prescribed in art. 12, paragraph 5 of the regulation, the information is made free of charge.
The right of the Data Controller to request documents certifying the identity of the person requesting the information referred to in art. 7 of the privacy code and articles 15-22 and 34 of the regulation, should he have reasonable doubts about the identity of the natural person who makes the request pursuant to the applicable regulatory requirements, mentioned above.
Right of access: the User expressly acknowledges that he has the right to obtain the indication:
• the origin and category of personal data;
• The purposes and methods of treatment;
• Of the logic applied in case of treatment carried out with the aid of electronic instruments;
• The identity of the owner, managers and designated representative;
• The subjects or categories of subjects to whom the personal data have been or will be communicated, in particular if they are recipients of third countries or international organizations, or who can learn about them as appointed representative in the territory of the state, managers or agents ;
• The expected retention period of personal data, or if not possible the criteria used to determine this period;
• Updating, rectification or, when interested, integration of data;
• The cancellation of personal data, or the limitation of the processing of personal data concerning him or to oppose the treatment.
The transformation into anonymous form or the blocking of data processed in violation of the law, including those whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
• To know all the information available on the origin of the data
• The existence of an automated decision-making process, including profiling, significant information on the logic, as well as the importance and expected consequences of this treatment for the interested party. The Data Controller provides a copy of the personal data being processed. In the event of further copies requested by the interested party, the Data Controller can charge a reasonable fee contribution based on administrative costs. If the interested party submits the request by electronic means, and unless otherwise indicated by the interested party, the information is provided in a commonly used electronic format.
The User always has the right to lodge a complaint with the guarantor for the protection of personal data. If personal data are transferred to a third country or to an international organization, the interested party has the right to be informed of the existence of adequate guarantees pursuant to EU regulation 2016/679.
• Right of rectification: the User has the right to obtain from the Data Controller the correction of inaccurate personal data without justified delay, as well as the integration of incomplete personal data.
• Right to erasure: the User has the right to obtain from the Data Controller the cancellation of personal data concerning him without undue delay and the Data Controller has the obligation to erase personal data without undue delay, where the conditions exist provided by the regulation, by the privacy code and by the
provisions of the privacy guarantor.
• Right to limitation of treatment: the User has the right to obtain the limitation of treatment from the Data Controller when one of the following hypotheses occurs:
a) the interested party disputes the accuracy of personal data, for the period necessary for the Data Controller to verify the accuracy of such personal data;
b) the treatment is illegal and the interested party opposes the cancellation of personal data and instead requests that their use be limited;
c) although the Data Controller no longer needs it for processing purposes, personal data are necessary for the interested party to ascertain, exercise or defend a right in court;
d) the interested party opposed the processing pursuant to Article 21, paragraph 1 of the regulation, pending verification of the possible prevalence of the legitimate reasons of the Data Controller with respect to those of the interested party.
• Right to data portability: the User has the right to receive the personal data concerning him / her provided to a Data Controller in a structured, commonly used and machine-readable form and has the right to transmit such data to a other Data Controller without hindrance by the Data Controller to which you have
provided them.
• Right to object: the User has the right to object at any time, for reasons related to his particular situation, to the processing of personal data concerning him, including profiling. The Data Controller refrains from further processing personal data unless he demonstrates the existence of binding legitimate reasons to proceed with the processing that prevail over the interests, rights and freedoms of the interested party or for the assessment, exercise or the defense of a right in court. If personal data are processed for direct marketing purposes, the interested party has the right to object at any time to the processing of personal data concerning him / her carried out for these purposes, including profiling to the extent that it is connected to such direct marketing, to be understood as any processing of data for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication.
– Prohibition of spamming
The Data Controller of the Portal and its Users do not tolerate “spamming”, that is, the unwanted and unsolicited sending of material and commercial and advertising information. The Data Controller periodically carries out an automatic verification of messages and can use manual filters to check for spamming, viruses, attempts to acquire personal data, to carry out other illegal activities or to transmit illegal or prohibited content, but not permanently archives messages sent through these tools. The emails sent to the Data Controller will not be archived permanently, the e-mail address will not be used for marketing purposes nor will it be sold or sold.
– Reserved area
The login and password are the only “key”; that allows the User to access the “Reserved Area”; section of the Portal.
The User is advised to use complex numbers, letters and special characters and not to disclose said information to third parties.
If the User decides to provide the login and password or personal information to third parties, he will be responsible for all the acts performed with the use of his account. If you lose control of your password, you may no longer be able to control the use of your personal data and be subject to legally binding actions taken on your behalf. Therefore, if for any reason the password is compromised, it is necessary to report it to the Data Controller in order to immediately change it.
When the registered User visits the Portal, cookies are used to assign him a unique identification code, randomly generated. We record your activity on the Portal, we associate it with the identification code in the owner’s databases, once they are in the databases, this information is then added to the User profile.
We use this information to provide access to the Portal in a convenient and optimal way, to provide more relevant content and advertisements, and to improve the user experience.
It is possible that the Data Controller shares the User’s personal information with the data processors appointed for this purpose, pursuant to art. 28 of the GDPR, as service providers and other third parties appointed as sub-data processors only to provide services to Users. The Owner does not share the personal information of registered Users for promotional and advertising reasons with third parties, unless an express consent of the User has been provided.
– Security
The Data Controller guarantees the security of Users' personal data in compliance with the applicable regulatory framework.
– Principles of relevance and non-excess of treatment
The User's personal data will be processed in compliance with the principle of relevance and not excess in relation to the purposes pursued. Personal data will be kept for the time strictly necessary for the purposes pursued with the processing of the same.
– Right to complain
The User expressly acknowledges that the data processing by the Data Controller is subject to the control of the
Guarantor for the protection of personal data, to whom any and all complaints regarding the collection, management and processing of data may be addressed in compliance with the privacy code.
– Prohibition of profiling
The data of the Portal Users are neither profiled nor processed by means of an automated decision-making process.
– Defense in court
The User’;s personal data may be used by the Data Controller in court or in the preparatory stages for its possible establishment for the defense against abuse in the use of this Portal or related services by the User.
The User declares to be aware that the Data Controller may be required to reveal data upon request from public authorities.