ISEA VIAGGI srl, pursuant to Articles 4, No. 7) and 24 of the EU Regulation 2016/679 of April 27, 2016, concerning the protection of natural persons with regard to the processing of personal data (hereinafter, the “Regulation”), hereby informs, pursuant to Article 13 of the Regulation and Article 13 of Legislative Decree No. 101 of August 10, 2018 (which amends Part III, Title I of Legislative Decree No. 196 of June 30, 2003), that it will process personal data related to companies and individuals who are their legal representatives for the purposes and using the methods described below.

The Data Controller and the Data Processor, pursuant to Article 7 of GDPR EU 679/2016 (hereinafter, the "Controller"), is required under the Privacy Code to provide this notice and to obtain certain mandatory consents where personal or legal entity data are processed for specific purposes such as marketing or profiling (Italian Data Protection Authority Provision, September 23, 2012). In any case, and for greater transparency, even when not mandatory, the Controller intends to provide full information regarding the purposes and methods of processing personal data to all individuals with whom it has commercial relationships, including suppliers and employees.

Definition of Data Processing

“Processing of personal data” means any operation or set of operations performed with or without automated means and applied to personal data or sets of personal data, including collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, dissemination, alignment, restriction, erasure, or destruction.

Processing will be carried out manually (e.g., collection of paper forms) and electronically or with the aid of computer or automated tools. According to the Regulation, processing carried out by the Controller will comply with principles of fairness, lawfulness, transparency, and the protection of privacy.

In accordance with Article 13 of the Regulation and Legislative Decree No. 101/2018, we provide the following information:

a) Source of personal data processed
Personal data are processed for contractual purposes and may be collected during the provision of services by ISEA VIAGGI srl, during hiring procedures, or during the onboarding of external consultants or companies. This includes educational background, publications, audiovisual material, and personal identification data (such as company name, legal representative's full name, address, phone, email, tax data, etc.), as well as data related to economic activity, family, and personal circumstances.

b) Primary purposes of processing
Personal data are processed by the Controller for business and consulting activities in accordance with contractual obligations. Specifically:
inclusion in financial systems for managing payments/receipts;
compliance with civil and tax laws;
website management;
interaction with public institutions or other companies.
The legal basis for processing is the contractual relationship as per Article 13(1)(c) of the Regulation.
Where agreed by contract, the Controller may access company email accounts and services, strictly within the scope of contractual duties.
Also, this includes managing any requests for technical, commercial, or contractual assistance.

c) Communication and dissemination of personal data
In the above cases, personal data will not be disclosed to third parties.

d) Consent: optional or mandatory
For the above cases (sections B and C), the Controller is not required to obtain specific consent, including for legal entities. For individuals, processing does not require consent when necessary to fulfill legal or contractual obligations, as provided by Article 6(1)(b)(c)(e)(f) of the Regulation and Article 24 of the Privacy Code.

If the customer/supplier/individual refuses to provide the necessary data, contractual proceedings cannot proceed.

e) Secondary purposes: marketing, advertising, promotional
The personal data collected during the contractual procedure will not be used for marketing purposes.

f) Consent for secondary purposes
Regarding the email provided during the contract, the Controller may send information or advertising materials related only to similar products/services, without specific consent (pursuant to Article 130(4) of the Privacy Code). The customer can object at any time by emailing info@iseaviaggi.it. Each email will include an easy and free way to opt-out, and opting out will have no effect on the contractual relationship.

g) Profiling
No personal data is processed for commercial profiling purposes.

h) Transfer of data to non-EU countries
No personal data is transferred to countries outside the European Union.

i) Data retention
Data will be stored for the time required by law: 10 years for documents and data of a civil, accounting, and tax nature.

j) Data Controller and Processor
Data Controller: ISEA VIAGGI srl, Via Strada Pilata 4, Misterbianco (Catania) 95045
Data Processor: Paride Ferranti, Tax Code: FRR PRD 65 M 04 C351 V – Email: info@iseaviaggi.it

k) Rights of the data subject
Pursuant to Article 7 of the Privacy Code and Articles 13(2)(b)(d), 15, 18, 19, and 21 of the Regulation, individuals are informed that they have the right to:
access, rectify, delete, or restrict processing of their personal data, or object to such processing where applicable;
file a complaint with the Data Protection Authority via www.garanteprivacy.it;
request that any rectification, deletion, or restriction of processing be communicated to any recipients to whom the data were disclosed, unless this proves impossible or requires a disproportionate effort.

Exercising these rights is free of charge and does not require any specific format. Requests should be sent to: info@iseaviaggisrl.it