INFORMATION REGARDING THE PROCESSING OF PERSONAL DATA FOR APP USERS AND CUSTOMERS OF FLIO APP (pursuant to Articles 13 and 14 of EU regulation no. 2016/679 and Legislative Decree 196/2013 updated with Legislative Decree 101/2018). FLIO IS PROVIDED BY sostravel.com
S.p.A.
1- WHAT INFORMATION DO WE COLLECT ABOUT YOU? FOR WHAT PURPOSE?
As part of the services we offer, sostravel.com S.p.A. may acquire the following information about you.
•App user’s personal data
• username and password;
• contact details (address, telephone, e-mail);
• travel itineraries;
• access and navigation data related to the use of the App;
• access to accounts on third party services and use of email and usage data
access to the user's address book, subject to consent and solely for the purpose of activating the "Share Your Itinerary" service
• Personal data of baggage owners
• name and surname;
• contact details (address, telephone, e-mail);
• travel itineraries;
• location for baggage delivery;
• access and navigation data related to use of the APP and the website at www.flio.com.
• Personal data of beneficiaries for reimbursement on baggage covered by our warranty (luggage loss or damage)
• First name and surname
• Contact details (address of residence,telephone, email)
• Bank details
• Identity document
• Type of claim and related data (receipt or repair, images of the damage,brand and year
of purchase, theft of the contents)
• PIR code (reporting code generated by the airport service (Lost & Found)
Pursuant to article 6 sections 1.b and f, the processed data shall only be used to:
-Activate the services you have requested via the APP and meet the legal obligations associated with aspects related to administration and tax matters;
-Manage claims and reimbursement procedures;
-Protect the company in case of disputes with the customer.
Subject to your explicit consent pursuant to article 6 section 1.a of EU Regulation 2016/679, your data may be used to:
a. Activate the additional services required through the use of the APP, e.g. the "Share your itinerary" service.
b. Notify our trading partners of your request to activate specific services (e.g. Fast Track, VIP Lounge);
c. Enable promotional communications to be sent for products and services offered by the company using the contact details provided.
d. Enable the access to the app and the automatic profiling of the browsing experience on our web channels, and for our app to send communications that target the user’s needs and interests (view the cookie policy);
2-HOW DO WE HANDLE YOUR DATA AND FOR HOW LONG?
The processing of your personal data is carried out by means of the operations indicated in art. 4 of EU Regulation no. 2016/679, namely: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Personal data are processed both on paper and electronically. The Data Controller will process personal data for the time necessary for the purposes for which they were collected or subsequently processed, according to art 5, e) of EU Regulation no. 2016/679, in particular:
In the event that you terminate the established relationship, sostravel.com will retain only the data expressly requested or required by law and only for the time specified by law.
3-WHO COULD HAVE ACCESS TO YOUR DATA?
Your data may be made accessible for the purposes referred to in point 1 of this information:
• to employees and collaborators of the Data Controller in their capacity as data processors including consultancy companies, companies in charge of maintenance or management of the IT system and the website, professional firms providing accounting and tax services; law firms and quality certification bodies; Contact Center;
• to companies and third parties acting as independent Data Controllers such as banks, credit institutions, insurance companies; inspection bodies in case of checks or controls
Subject to your explicit consent, your personal data may be provided to our Business Partners providing services such as Fast Track, VIP Lounge services; medical insurance coverage, luggage wrapping services and related warranty. The trading partners shall process the data in their capacity as Joint Controllers, pursuant to article 26 of the GDPR
The data will not be disclosed to third parties in any way.
4-COULD YOUR DATA BE TRANSFERRED TO COUNTRIES OUTSIDE THE EU?
YES. We hereby inform you that some of our suppliers who are Data Processors (the Contact Center) have registered office in countries outside the EU (Moldavia).
The transferral of data to these countries is subject to the presence of the adequate guarantees established pursuant to article 46 of EU Regulation 2016/679. The interested party can view the standard contractual clauses that regulate the guarantees established with suppliers and partners using the contact details indicated at point 7 of the Notice.
5-IS IT NECESSARY TO PROVIDE YOUR DATA? WHAT HAPPENS IF YOU DO NOT GIVE CONSENT?
Providing personal data is strictly necessary to ensure the activation of warranty coverage and the management of related services.
Your explicit consent is required to authorise us to transfer your personal data to the trading partners for the activation of the services they offer.
If consent is not granted, we will not be able to proceed in activating the services offered by our trading partners.
Your consent for the profiling of your preferences is strictly necessary for accessing the functions of the APP and to enable communications that target the user’s needs and interests to be sent.
If consent is not granted, the functions of the APP may be subject to restrictions. In no case will this restrict the access to the app and the possibility of consulting the activated services. Granting consent for the processing of your data for promotional purposes is optional and in no way limits your access to the services provided to the APP.
6- WHAT RIGHTS ARE GUARANTEED BY LAW?
According to EU Regulation 2016/679-Cap.III:
1. The data subject has the right to obtain confirmation of whether or not personal data concerning him/ her exist, even if not yet recorded and to receive communica-tions in intelligible form.
2. The data subject has the right to obtain information about the origin of the personal data; the purposes and methods of processing; the logic applied in case of processing with electronic instruments; the identification details of the data controller, the data processors and any appointed representative as stated in article 5, paragraph 2; of subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as designated representatives in the territory of the State, of managers or other individuals in charge.
3. The data subject has the right to obtain:
a. updates, corrections or, if interested, the integration of data.
b. the erasure, transformation into anonymous form or blocking of unlawfully processed data, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
c. confirmation that the operations referred to in a) and b) above and their content have been brought to the attention of those to whom the data had been communicated or disseminated, except in cases where fulfilling this condition proves impossible or requires the use of means manifestly disproportionate to the protected right;
d. a copy of the information we hold in a common and interoperable format;
e. limitation of processing of personal data about him/her, or to oppose the processing of personal data about him/her, in whole or in part, for legitimate rea- sons, even if the data are relevant to the purpose for which they are being collected;
Furthermore, the data subject has the right to:
f. revoke consent at any time, without prejudice to the lawfulness of data processing that was based on consent before revocation;
Data subjects who believe that the processing of per- sonal data relating to them carried out through the website or app are in violation of the Regulation have the right to lodge a complaint to the Guarantor, asprovided for by art. Article 77 of the Regulation, or to bring proceedings to the appropriate courts (art. 79 of the Regulation).
A formal declaration may be requested from the data controller certifying that the data subject’s requests have been effectively resolved and brought to the attention of those to whom data had previously been disseminated and disclosed.
As a data subject, you may also designate a third person with a copy of a power of attorney, or of a proxysigned in the presence of an official, or a proxy signed and presented with an unauthenticated photocopy of the data subject’s identification document.
The data controller is obliged to reply to the request within 15 days from the date of submission or 30 daysif the answer is problematic. In any case, within 15 days you will be notified in writing of any reason for delay.
7-HOW CAN I EXERCISE THESE RIGHTS?
You may exercise your rights at any time by sending a request to the following contacts:
Data Controller: sostravel.com S.p.a.
-via Marsala 34/A - 21013 Gallarate (VA)
- e-mail sostravel@pec.net
- Phone +3903311587117
- Fax+39033111582452.
Director of Personal Data Protection. Virginia G.Basiricò, via Marsala 34/A - 21013 Gallarate (VA)
- e-mail privacy@sostravel.com - Tel+3903311587117
- Fax +39033111582452.
8-PRIVACY POLICY UPDATES
This information was last updated on 18th of December 2020 and may be subject to periodic review, for instance in relation to relevant legislation and jurisprudence.
In case of significant changes, appropriate communication will be given for a reasonable time in the homepage of the website or through e-mail. However, data subjects are invited to periodically consult this Policy.