Privacy Policy
This Privacy Policy illustrates the methods of processing personal data, including the choices made by the user (or 'data subject'), regarding the collection, use and disclosure of certain information, including personal data, in relation to the Services provided by Holidoit, including navigation on this site, pursuant to Articles 13 and 14 of EU Regulation 2016/679 ('GDPR').
Data Controller
When the User browses this site (hereinafter also "Site"), the Data Controller, i.e. the subject that determines the purposes and means of processing personal data, is Holidoit S.r.l., with registered office in Via Udine 4, Giussano, MB (VAT No. 11482970966) (hereinafter also "Holidoit"). If you have questions about your account or how to reach customer service, you can contact our support center at the email address info@holidoit.com. For specific questions regarding this privacy policy, or our use of your personal data, cookies or similar technologies, you can contact us via email at privacy@holidoit.com. Please note that, when you contact us, for security reasons, we may need to verify your identity before fulfilling the request. For completeness of information, the Partner Facilities (hereinafter also "Facilities" or "Partners") will carry out further processing of your personal data, outside the control of Holidoit. Our Partners may also ask you for additional personal data, for example to provide additional services. We therefore invite you to read the privacy policy of the Facility that provides the service you requested. To obtain an updated list of subjects who may become aware of personal data, you can send an email to the email address privacy@holidoit.com, taking care to specify the reason for the request.
Types of data collected
- Identification data: name and surname, email address and password, as well as the data necessary to provide you with services reserved for registered users (e.g. gift cards, wishlist, my orders, etc.)
- Navigation data: data implicit in the use of the Site (e.g. IP address)
- Photos/videos: the provision of such types of data is not mandatory, but the User may upload them as provided in the appropriate "Become a partner" section
- Any "special" personal data: information, such as health status, that the data subject may autonomously provide in the appropriate "Message" box present in the "Contact us" section or in the support chat present on the site.
Purposes and legal bases
We process personal data for the purposes and on the legal bases indicated below.
| Purpose | Legal basis | |
|---|---|---|
| 1 | To allow you to create an account, authenticate access to your account and process your orders and payments. | The execution of a contract to which the data subject is a party or the execution of pre-contractual measures taken at the request of the same |
| 2 | To respond to your requests through the various forms and sections present on the Site ("We are hiring!"; "Become a partner"; "Contact us"; "Chat"). | The execution of a contract to which the data subject is a party or the execution of pre-contractual measures taken at the request of the same |
| 3 | To process and respond to customer support communications and information requests | Legitimate interest |
| 4 | To improve our products and services (for example, by conducting user surveys and research activities to provide new features and to assess user satisfaction). | Legitimate interest |
| 5 | To send you marketing information and communications about our products and services, such as recommendations, offers and newsletters via email (so-called soft-spam). | For the pursuit of our legitimate interests, provided that the interests or fundamental rights and freedoms of the data subject do not prevail pursuant to Article 130, paragraph 4, of the Privacy Code (Legislative Decree No. 196/2003, as amended by Legislative Decree No. 101/1018). |
| 6 | Protect our systems, prevent fraud and help us protect security (for example by confirming your identity). | Legitimate interest |
| 7 | To comply with our legal obligations, including requests from public authorities. | Fulfill a legal obligation to which we are subject. |
| 8 | To establish, exercise or defend our rights and those of our employees, and to carry out business transactions or operations (for example, in case of bankruptcy, merger, acquisition, reorganization, sale of assets or assignments, and due diligence related to such transactions) | For the pursuit of our legitimate interests, provided that the interests or rights and freedoms do not prevail. |
| 9 | Promotional and marketing activities | Consent of the data subject |
For any questions about the use of personal data (including legal bases and transfer methods), cookies or similar technologies, you can contact us via email at privacy@holidoit.com
Your data, moreover, will never be disseminated.
Data storage and protection
Personal data will be processed by automated and non-automated means and will be stored at our headquarters and on the servers of our service providers located in the EU/EEA.
Such data may also be transferred to third countries located outside the European Economic Area. In these cases, Holidoit guarantees that such transfer will take place only in the presence of an adequacy decision by the European Commission or other adequate safeguards provided for by the Laws on personal data protection (such as, for example, the stipulation of standard contractual clauses).
We adopt technical and organizational measures aimed at preventing the loss, improper use and alteration of your personal data. In some cases, data encryption and pseudonymization measures may also be adopted. However, Internet transmissions are never 100% secure, and the user should not provide any personal data if they want to avoid any risk.
Your data will be kept for a period of time strictly necessary for the purposes mentioned above, without prejudice to the prescribed legal obligations.
Communication and access to personal data
Only duly instructed authorized subjects (e.g. employees) will be able to access your personal data. Furthermore, we may communicate your personal data to the following categories of recipients, who may act as data processors, pursuant to art. 28 of the GDPR, or as autonomous controllers:
- Suppliers (e.g. Stripe for payment processing) that carry out activities connected or instrumental to our business activities. Regarding our suppliers, the list is always available upon request, by writing to privacy@holidoit.com.
- Partners/Facilities that offer experiences selected by you;
- If we carry out a business transaction or operation (for example, in case of bankruptcy, merger, acquisition, reorganization, sale of assets or assignments, and due diligence related to such transactions), your personal data may be communicated to our consultants and to the consultants of any potential buyer, and may be considered one of the assets transferred to another owner.
- Public, judicial or police authorities, within the limits established by applicable laws.
Personal data will not be disclosed for reasons other than those indicated above, unless such disclosure is deemed necessary for the fulfillment of a legal obligation or in case your consent is requested.
Your data, moreover, will never be disseminated.
Rights of the data subject
You have the right to request access to your data, or to correct or update obsolete or inaccurate personal information we have about you. You can also request the deletion of your personal information in our possession.
You can object to the processing of your personal data, ask us to limit it or request the portability of your data; in case the data has been collected and processed based on your consent, you have the right to withdraw consent at any time. We remind you, however, that the withdrawal of consent will not affect the legitimacy of any processing carried out previously, nor will it affect the processing of your personal data conducted on the basis of legitimate processing reasons other than consent; you have the right to lodge a complaint with a data protection supervisory authority about our methods of collecting and using your personal data.
The data subject also has the right to lodge a complaint with the Data Protection Authority (www.garanteprivacy.it) or with the Supervisory Authority of the EU State where the data subject habitually resides or works, or of the place where the alleged violation occurred, in relation to processing that is considered non-compliant.
How to exercise your rights
For specific requests, or questions regarding our privacy policies, you can: send a registered letter with return receipt to the address of the Data Controller; send an email to privacy@holidoit.com;
The exercise of the rights indicated in this section is not subject to any formal constraint and is free of charge, except for manifestly unfounded or excessive requests, pursuant to Art. 12(5) of the GDPR.