Privacy policy registration
Privacy Informative for User Registration
Articles 13-14 of EU Regulation 2016/679 (GDPR)
Data Controller
The Data Controller is Blue Transfer srl, VAT/Tax Code 03763670928, contact email: info@elmastransfer.com
Collected Data
The Data Controller requests the following personal data: First Name, Last Name, Phone, Email, Address, and other contact details, Username, and Identification Code. The data necessary for payment processing is managed by Stripe.
Purpose of Data Processing
The processing of registration personal data is necessary to provide online services reserved for registered users. The data is used to purchase and manage services and for communications related to orders placed. Failure to provide the data will result in the inability for the Data Controller to follow up on bookings (art. 6 lett. b) of the GDPR). Personal data is retained for 10 years from the date of termination of the contractual relationship. Additionally, data may be used for marketing purposes, subject to obtaining explicit consent from the user.
Compliance with Legal Obligations
The processing of personal data is necessary to comply with legal obligations, regulations, and community legislation, as well as provisions issued by authorized authorities and supervisory bodies (e.g., invoicing, accounting, etc.). Nature of provision: Mandatory. Failure to provide the data will prevent the Data Controller from carrying out the requested activity and assumes the fulfillment of the legal obligation. Legal basis for processing: Fulfillment of a legal obligation under art. 6 lett. c) of the GDPR. Retention period for personal data: The provided data will be processed and retained for the period strictly necessary to achieve the purposes stated above.
Exercise of User Rights
In relation to the processing of personal data, the user has the right to request from the Data Controller:
- Access to the data concerning them and additional clarifications regarding the information in this Privacy Notice.
- Correction or integration of provided data if inaccurate.
- Deletion of all their data, if no longer necessary for the Data Controller and if there are no ongoing disputes, in the event of revocation of consent or objection to processing, in cases of unlawful processing, or if there is a legal obligation to delete it.
- Limitation of personal data when one of the conditions referred to in art. 18 of the GDPR applies.
- Opposition to the processing of their data based on legitimate interest.
The user can file a complaint with the Data Protection Authority at www.garanteprivacy.it.
Methods of Data Processing
The provided data is used solely in ways and procedures strictly necessary for the above-mentioned purposes and is not communicated to third parties, except when requested by judicial authorities. The processing of personal data is carried out by the Data Controller in compliance with the provisions of the GDPR and subsequent amendments, as well as national legislation, also using IT tools.
Duration of Processing and Data Retention
The provided data will be processed and retained for the time strictly necessary to achieve the stated purposes. Retention for a longer period is permitted in relation to requests from public authorities or concerning needs related to the exercise of the right to defense in case of disputes.