GDPR INFORMATION
EXTENDED INFORMATION PURSUANT TO ARTS. 12, 13 AND, WHERE APPLICABLE, 14 OF THE GDPR – REGULATION (EU) 2016/679 ON THE PROTECTION OF NATURAL PERSONS WITH REGARD TO THE PROCESSING OF PERSONAL DATA (HEREINAFTER GDPR)
The data controller provides the information pursuant to Arts. 12, 13, and, where applicable, 14 of the GDPR regarding the processing of personal data provided by the Customer/data subject through the completion and signing of the Contract to purchase products/services offered by the data controller, voluntarily uploading personal data on this website (especially via forms) or simply browsing it.
1. Data Controller and Contact Information
The data controller is Lemontour, headquartered in Catania, Via Garibaldi 149, SMNFNC77T21G597A, Tax ID / VAT 04974700876, tel. +393402617996 - +390950905751, e-mail lemontour@hotmail.com, website www.lemontour.it (hereinafter the Site).
2. Principles Applicable to Data Processing
In accordance with the GDPR, personal data are processed lawfully, fairly, transparently; collected for specified, explicit, and legitimate purposes; adequate, relevant, accurate, and kept up to date; kept only as long as necessary; processed securely; and, if based on consent, only if freely given, clear, and accessible.
The data controller adopts adequate technical and organizational measures to ensure data protection by design and to process only data necessary for each specific purpose by default.
3. Methods of Personal Data Processing
Data are processed manually and electronically, strictly for the purposes indicated and ensuring security and confidentiality.
4. Purposes of Data Processing
(4a) Necessary Purposes
Data are mainly processed for Contract execution and credit management. Providing data is mandatory; failure prevents Contract execution.
Data may also be processed to fulfill legal obligations, protect vital interests, perform public tasks, or pursue legitimate interests without overriding fundamental rights.
(4b) Purposes with Consent
With explicit consent (e.g., ticking a box), data may also be used for market research and promotional communications. Consent is optional.
5. Categories of Personal Data
Identification/contact data, financial if applicable, navigation data, cookies. Sensitive data only if necessary for contractual obligations.
6. Source of Personal Data
Collected via Site, apps, sales personnel, or public sources.
7. Legitimate Interests
Fraud prevention, direct marketing, network and traffic security.
8. Data Sharing
(8a) Recipients
Employees, collaborators, and third parties (commercial/technical partners, financial institutions, marketing agencies, group companies) process data as independent controllers or processors.
(8b) Transfers to Third Countries
Data may be transferred outside the EU under GDPR adequacy decisions, standard contractual clauses, or other legal exceptions.
9. Retention Period
10 years for mandatory purposes; until consent is revoked or 1 year after relationship ends for optional purposes.
10. Rights of the Customer/Data Subject
Access, rectification, deletion, restriction, portability, objection, withdrawal of consent, right to complain to Data Protection Authority.
11. Security of Systems and Data
Technical and organizational measures to ensure confidentiality, integrity, availability, and resilience. No system guarantees absolute protection.
12. Automated Decision-Making and Profiling
Automated processing, including profiling, to optimize website and marketing, without legal effects unless necessary for contract or based on explicit consent.