Privacy Policy

PRIVACY POLICY IN ACCORDANCE WITH ART 13 LEGISLATIVE DECREE 196/03 AND EU REGULATION 679/2016

This page describes how we handle personal data acquired through this site and additional services related to it. For more information on data processing regarding cookies please read our cookie policy.

COOPERATIVA GOLFO DELL’ASINARA, with registered office in Via dei Mille 12, 07040 Stintino (SS), operating offices in Viale La Pelosa 35, 07040 – Stintino (SS) and SP 34, Km 28, Loc. Le Saline 07040 – Stintino (SS) and VAT number 01185350905, as the data controller, (hereinafter indentified as “Holder” or VespAway), informs you:

Pursuant to Article 13 of Legislative Decree No. 196 of 30.6.2003 (hereinafter, “Privacy Code”), pursuant to Directive 2009/136/EC and subsequent supplements and Articles 13 and 14 of EU Regulation No. 2016/679 – General Data Protection Regulation (hereinafter, “GDPR”) that your data will be processed in the following manner and for the following purposes:

1. OBJECT OF TREATMENT

The Controller processes personal, identifying data (e.g., first name, last name, company name, address, telephone, e-mail, bank and payment references, hereafter identified as “personal data” or also “data”) you provide or that we collect will be processed in the following ways:

• while visiting the website www.vespaway.it, property of COOPERATIVE GULF OF ASINARA;
• To the registration of a personal account on the website www.vespaway.it;
• to the purchase of a product or service offered by VespAway;
• Through telephone activity;
• by filling out forms available on the VespAway websites;
• Through the purchase of commercial databases or public documents/information.

Specific information about the data

• Navigation data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment.

Purpose and legal basis for processing (GDPR – art.13, para. 1, letter c)

This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning. The data could also be used to ascertain responsibility in case of hypothetical computer crimes against the site (legitimate interests of the owner).

Scope of communication (GDPR – art.13, para. 1, letters e, f)

Data are processed exclusively by internal staff, duly authorized and trained to process them (GDPR – art.29) and will not be disclosed to external parties, disseminated or transferred to non-EU countries. Only in case of investigation they may be made available to the competent authorities.

Period of data retention (GDPR – art.13, paragraph 2, lett. a)

Data are usually kept for short periods of time, except for any extensions related to investigative activities.

Conferment (GDPR – art.13, paragraph 2, letter f)

The data are not conferred by the data subject but automatically acquired by the technological systems of the site.

• Registration

Registration allows the creation of the user to be used to make purchases on the website www.vespaway.it.

Purpose and legal basis for processing (GDPR – art.13, para. 1, letter c)

Data necessary for profile creation and administrative/operational management of the acquisitions made are requested. The processing is carried out for the fulfillment of contractual and pre-contractual obligations (purchase of products) with the customer and related legal obligations (GDPR-Art.6, comma1, lett. b, c). Specific, free and informed consent is also required (GDPR-Art.6, para1, lett. a), documented by means of a special check-box (GDPR-Art.7, para1).

Scope of communication (GDPR – art.13, para. 1, letters e, f)

The data are processed only by personnel duly authorized and trained in the processing (GDPR-Art.29). The data may be accessed, only for purposes of site maintenance, by the company providing the technological platform and its appointees. Data will not be disseminated or transferred to non-EU countries.

Period of data retention (GDPR – art.13, paragraph 2, lett. a)

Data are retained for times compatible with the purpose of collection and in any case until the user requests deletion.

Conferment (GDPR – art.13, paragraph 2, letter f)

Failure to provide data will result in the inability to finalize the registration and make purchases.

• Newsletter subscription

The newsletter allows for constant and extensive insights with respect to useful industry information, events and initiatives, products/services offered, and any promotional offers.

Purpose and legal basis for processing (GDPR – art.13, para. 1, letter c)

Only the e-mail address is requested, for the sole purpose of sending the newsletter. Subscription is subject to acceptance of specific, free and informed consent (GDPR-Art.6, para.1, lett. a), documented by special check-box (GDPR-Art.7, para.1).

Scope of communication (GDPR – art.13, para. 1, letters e, f)

The data are processed only by personnel duly authorized and trained in the processing (GDPR – art.29). The data may be accessed, only for purposes of site maintenance, by the company providing the technological platform and its appointees. The personal data and newsletter management platform, on behalf of VespAway, is Mailchimp. Any information on how this service acquires, manages and processes data can be found in Mailchimp’s legal area. The data will be transferred to the US.

Period of data retention (GDPR – art.13, paragraph 2, lett. a)

Data are kept until they are removed, which can be freely done at any time through the link contained at the bottom of each message sent.

Conferment (GDPR – art.13, paragraph 2, letter f)

Failure to provide the e-mail address and consent will result in the inability to obtain the newsletter service.

• Information request

The page allows the interested party to request information. Identification and contact information is requested.

Purpose and legal basis for processing (GDPR – art.13, para. 1, letter c)

Identification and contact data necessary to be able to respond to contact requests from interested parties are requested. The sending of the request is subject to the specific, free and informed consent (GDPR – art.6, paragraph 1, letter a), documented by means of the appropriate check-box (GDPR – art.7, paragraph 1)

Scope of communication (GDPR – art.13, para. 1, letters e, f)

The data are processed only by personnel duly authorized and trained in the processing (GDPR – art.29). The data may be accessed, only for site maintenance purposes, by the company providing the technological platform and its appointees. Data will not be disseminated or transferred to non-EU countries.

Period of data retention (GDPR – art.13, paragraph 2, lett. a)

Data are kept for times compatible with the purpose of collection

Conferment (GDPR – art.13, paragraph 2, letter f)

The provision of data referring to the mandatory fields is necessary to be able to obtain a response, while the optional fields are aimed at providing the staff with additional useful elements to facilitate contact.

• Cookies

To learn more about how we handle cookies and their use, please read our Cookie Use Policy carefully.

• METHODS AND PURPOSES OF PROCESSING

The processing of your personal data is carried out by means of the operations indicated in Art. 4 Privacy Code and Art. 4 No. 2 of the GDPR, namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of data.

Your personal data are subject to both paper and electronic and/or automated processing.

The Data Controller will process personal data for as long as necessary to fulfill the above purposes and in any case for no longer than 20 years after the termination of the relationship for the Service Purposes or until the request for deletion of the data for the Marketing Purposes.

Your personal data are processed:

A. without your express consent (art. 24 lett. a, b, c of the Privacy Code and art. 6 lett. b, e of the GDPR), for the following Service Purposes:

• Fulfill pre-contractual, contractual and tax obligations arising from existing relationships with you;
• Fulfilling obligations required by law, regulation, EU legislation or an order of the Authority (such as in the area of anti-money laundering);
• Exercise the rights of the Holder, such as the right of defense in court.

B. Only with your specific and separate consent (Articles 23 and 130 of the Privacy Code and Article 7 of the GDPR), for the following Marketing Purposes:

• Send you commercial communications via e-mail, mail and/or text message and/or telephone contact, newsletter;
• Send you advertising material about products or services offered by the Holder;
• Send her invitations to events or other specific marketing initiatives;
• Send you news or communication of updates on VespAway-owned websites.

All data are processed lawfully, fairly and transparently towards the data subject, in accordance with the general principles set forth in Article 5 of the GDPR.

Specific security measures are observed to prevent data loss, illegal, or incorrect use, and unauthorized access.

• DATA ACCESS

Your data may be made accessible for the purposes mentioned in Article 2.A) and 2.B):

• to employees and collaborators of the Data Controller or Group companies in Italy and abroad, in their capacity as persons in charge and/or internal data processors and/or system administrators;
• to third-party companies or other entities (by way of example, business partners, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.) that perform outsourcing activities on behalf of the Controller, in their capacity as external data processors.
• COMMUNICATION OF DATA

Without the need for express consent (ex art. 24 lett. a, b, d of the Privacy Code and art. 6 lett. b and c of the GDPR), the Data Controller may disclose your data for the purposes referred to in art. 2.A) to supervisory bodies, judicial authorities as well as to those subjects to whom disclosure is mandatory by law for the fulfillment of the said purposes.

These parties will process the data in their capacity as autonomous data controllers.

Your data will never be released.

• DATA TRANSFER

Personal data processed by VespAway is stored on servers located within the European Union. In some cases of use of third-party services related to the activities on www.vespaway.it, not located in EU territories, the Data Controller ensures that the transfer of data outside the EU will take place in accordance with applicable legal provisions, subject to the stipulation of the standard contractual clauses provided by the European Commission.

• NATURE OF DATA PROVISION AND CONSEQUENCES OF REFUSAL TO RESPOND

The provision of data for the purposes of Article 2.A) is mandatory. In their absence, we will not be able to guarantee you the services of Art. 2.A).

On the other hand, the provision of data for the purposes referred to in Article 2.B) is optional. Therefore, you can decide not to provide any data or to deny later the possibility of processing data already provided: in this case, you will not be able to receive newsletters, commercial communications and advertising material related to the services offered by the Owner.

You will, however, continue to be entitled to the Services set forth in Article 2.A).

• RIGHTS OF THE DATA SUBJECT

In your capacity as a data subject, you have the rights under Art. 7 Privacy Code and Art. 15 GDPR, namely the rights to:

1. Obtain confirmation of the existence or non-existence of personal data concerning him/her, even if not yet registered, and their communication in intelligible form;
2. obtain the indication:
   a. of the origin of the personal data;
   b. of the purposes and methods of processing;
   c. of the logic applied in case of processing carried out with the aid of electronic instruments;
   d. of the identification details of the data controller, data processors and the designated representative in accordance with Article 5, paragraph 2 of the Privacy Code and Article 3, paragraph 1 of the GDPR;
3. Of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them in their capacity as designated representative in the territory of the State, as managers or appointees;
4. obtain:
   a. the updating, rectification or, when interested, the integration of data;
   b. the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept for the purposes for which the data were collected or subsequently processed;
   c. certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
5. oppose, in whole or in part:
   a. for legitimate reasons to the processing of personal data concerning you, even if pertinent to the purpose of collection;
   b. to the processing of personal data concerning you for the purpose of sending advertising materials or direct sales or for carrying out market research or commercial communication, through the use of automated calling systems without the intervention of an operator by e-mail and / or through traditional marketing methods by telephone and / or paper mail.
   It should be noted that the data subject’s right to object, set forth in point b) above, for direct marketing purposes through automated modes extends to traditional modes. Where applicable, he/she also has the rights set forth in Articles 16-21 GDPR (Right to rectification, right to be forgotten, right to restrict processing, right to data portability, right to object), as well as the right to complain to the Data Protection Authority.

• WAYS OF EXERCISING RIGHTS

You may at any time exercise your rights by sending:

• a registered letter with return receipt to COOPERATIVA GOLFO DELL’ASINARA, Via dei Mille 12, 07040 – Stintino (SS) and VAT number 01185350905;
• an e-mail to info@vespaway.it;
• an e-mail by certified mail to golfoasinara@pec.confcooperative.it.
• OWNER, MANAGER AND APPOINTEES

The Data Controller is COOPERATIVA GOLFO DELL’ASINARA, with registered office at Via dei Mille 12, 07040 Stintino (SS) and VAT number 01185350905.

The updated list of Ex D.Lgs 196/03 Data Processors and (authorized) data processors is kept at the registered office of the Data Controller.

Also read our Cookie Use Policy and Contract Terms and Conditions.

Last Updated: 08-05-2025