Privacy Policy - EN

Information pursuant to and for the purposes of art. 13 of EU Reg. 2016/679 on the protection of personal data.

Holiday System S.r.l. with registered office in via Giacomo Matteotti 1/E 38065 Mori (TN), C.F. e P. IVA 01554560225, in its capacity as Data Controller, informs you, pursuant to Article 13 of EU Reg. 2016/679 (Reg. relating to the protection of personal data, hereinafter referred to as the “GDPR”), regarding the essential elements of the processing carried out and illustrated below. We would like to point out that our company operates in full compliance with the applicable Italian legislation on the protection of personal data and the GDPR, recognizing their absolute importance. Before proceeding with the navigation We therefore invite you to carefully read this information (hereinafter referred to as the “Policy”), as it contains important information on the protection of personal data and the security measures adopted to ensure its confidentiality. This Policy also provides:

o    it is intended to be provided only for the site (“Site”) while it does not apply to other websites that may be consulted through external links;

o    is to be understood as Information provided pursuant to art. 13 of the GDPR to those who interact with the Site.

These are the essential elements of the treatments carried out.

Personal data subject to processing

Personal data means any information relating to an identified or identifiable natural person by particular reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of that natural person.

The personal data collected by the Site are the following:

a) Navigation data: the  Site’s computer systems collect some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to identify you, but that by its very nature could, through processing and association with data held by third parties, allow you to be identified. The data collected includes, for example, the IP addresses or domain names of the devices used to connect to the Site, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to your operating system and IT environment;

b) Data provided voluntarily: through the Site  you have the opportunity to voluntarily provide personal data, for example, name, contact details, billing address for the purchase of our products through the online registration service on our Site. We will use this data in accordance with applicable law, assuming that it relates to you. In the event that the data can be referred to third parties, for the latter, you act as an independent data controller, assuming all legal obligations and responsibilities. In this sense, you hereby grant the widest indemnity with respect to any dispute, claim, request for compensation for damage caused by processing, etc., that may come to us from third parties whose personal data have been processed through your use of the Site in violation of the applicable legislation currently in force;

c) Cookies and similar technologies: we collect personal data through cookies. More information on the use of cookies and similar technologies can be found here

Purposes and legal bases of the processing

Specifically, your personal data is processed for the following purposes and legal bases:

o    website display and navigation (these are activities related to the correct provision of the various functions you have requested, for security reasons and to ascertain responsibility in the event of hypothetical computer crimes against the Site, as well as to obtain anonymous statistical information on the use of the Site and to check its correct functioning); the legal basis of the aforementioned purpose is identified in the contract and pre-contractual measures (art. 6.1, letter b, GDPR);

o    activities related to the management of the contact (these are activities that involve the processing of personal data such as, for example, name, surname, subject; the legal basis of the aforementioned purpose is identified in the contract and pre-contractual measures (art. 6.1, letter b, GDPR);

o    activities related to the execution of the contract to which you are a party, including the pre-contractual phase (examples of activities are: the provision of a service through the online subscription section on the Website, registration for the newsletter service (etc.); the legal basis for the aforementioned purpose is identified in the contract and pre-contractual measures (Article 6.1, letter b, GDPR);

o    statistical research/analysis on aggregated or anonymous data  (this is an activity that does not involve the processing of personal data, since it does not involve the identification of the user and is used, for example, to measure the functioning of the Site, measure traffic and assess interest);

o    activities related to the ascertainment and/or exercise and/or defence of rights (examples of activities are: disputes relating to the correct fulfilment of the contractual relationship, warnings, debt collection); the legal basis for the aforementioned purpose is identified in the legitimate interest (art. 6.1, letter f, GDPR);

o    other activities in execution of legal obligations/Authority orders (such as communication to third parties); the legal basis is the legal obligation (art. 6.1, letter c, GDPR);

o    maintenance of computer systems and devices (the persons in charge of carrying out maintenance and repairs on the Site may accidentally have access to your personal data. These are completely occasional and unforeseeable events and in any case without identification purposes and of limited duration to the execution of the maintenance/repair intervention); the legal basis for the aforementioned purpose is identified as legitimate interest (art. 6.1, letter f, GDPR).

We do not carry out processing with automated decision-making processes. We do not carry out profiling activities, except for profiling through cookies. More information on the use of cookies and similar technologies can be found here. Specific information notices will be published on the pages of the Site set up for the provision of certain services (e.g. “subscribe online” service).

Data retention times

Your personal data will be kept for the time strictly necessary to carry out the purposes described above and to comply with the obligations provided for by law. In particular, for site  viewing and browsing, your data are  immediately deleted at the end of the browsing session, unless they are necessary for the exercise or defense of rights, for activities related to the management of the contact,  your personal data are deleted when the purpose of contact is definitively exhausted,   for activities related to the execution of the contract to which you are a party (including the pre-contractual phase), your personal data are stored for the entire duration of the contractual relationship and, once the relationship has ended, will be kept for the purposes of ascertaining/exercising/defending a right, for activities related to the ascertainment  and/or exercise and/or defense of rights, up to the time allowed by national legislation to protect its interests (Articles 2946 and 2947 of the Italian Civil Code), without prejudice to further retention in the event of interruption of the statute of limitations;  for activities in execution of legal obligations/orders of the Authorities and for IT systems and devices maintenance activities, referring to personal data that we have for the other purposes indicated in this Policy, the retention times coincide with those identified from time to time for the aforementioned purposes.

Consent and optional/obligatory nature of the provision.

The processing of your personal data, for the purposes illustrated above, may be carried out without your consent. The provision of your data that you undertake to provide us with contractually or by law, is mandatory and constitutes a necessary requirement for the conclusion of the contract and failure to provide it will make it impossible for us to carry out contracts and other related obligations. Any other provision of your personal data (e.g. for sending requests that have not yet been contracted or for browsing the site) is purely optional. The only consequence of failure to provide optional provision will be the impossibility of providing or performing the services requested.

Personal Data may also be disclosed to third parties, for technical and operational needs strictly related to the purposes set out above and in particular to the following categories of subjects:

a) subjects necessary for the provision of the services offered by the Site, including, by way of example, the sending of e-mails and the analysis of the functioning of the Site, who typically act as data processors of our company; b) bodies, professionals, companies or other structures appointed by us to process data related to the fulfilment of contractual, administrative, accounting, insurance and management obligations related to the ordinary performance of our economic activity, including for credit recovery purposes; c) to public authorities and administrations for purposes related to the fulfilment of legal obligations or to persons entitled to access them by virtue of laws, regulations and EU legislation; d) banks, financial institutions or other parties to whom the transfer of the aforementioned data is necessary for the performance of our company’s business in relation to the fulfilment, by us, of the contractual obligations assumed towards you; e) suppliers of installation, assistance and maintenance services of IT and telematic plants and systems and of all functionally connected services necessary for the performance of the services covered by the contract; f) persons authorised by us to process data who have committed themselves to confidentiality or have an appropriate legal obligation of confidentiality (e.g. employees and contractors).

Data Controller does not transfer personal data outside the European Economic Area. The Data Controller, however, reserves the right to use cloud services; in which case, the service providers will be selected from among those who provide adequate guarantees in compliance with the Applicable Regulations.

Processing methods

Your personal data will be processed both electronically and on paper. The processing will, however, be carried out mainly with IT tools and in any case with the observance of the minimum precautionary measures of data security and confidentiality. In particular, technical, IT, organisational, logistical and procedural security measures have been implemented in order to prevent the loss, illicit or irrelevant use of data and access to them without authorisation.

Rights of the data subject and complaint before the Guarantor
We inform you that you may exercise the following rights with regard to the processing of your personal data:

a) Right to obtain access to your personal data (art. 15 GDPR): you can contact us to find out if your personal data is being processed and the legal information on the processing; b) Right to rectification (art. 16 GDPR): obtain the correction of your inaccurate personal data or the completion of incomplete personal data; c) Right to erasure/oblivion (art. 17 GDPR): obtain the erasure of your personal data, in the cases provided for by law; d) Right to restriction of processing (art. 18 GDPR): obtain the submission of your personal data to storage only, with the exclusion of other activities, in the cases provided for by law; e) Right to portability (art. 20 GDPR): obtain your personal data in a structured, commonly used and machine-readable format and also obtain direct transmission to another data controller, in the cases provided for by law; f) Right to object (Art. 21 GDPR): the right to have further processing of personal data cease on grounds relating to your particular situation, unless our compelling legitimate grounds prevail, in the cases provided for by law; g) Right to withdraw consent (Art. 7.3 GDPR): the right to withdraw consent at any time in cases where the processing is based on consent.

To exercise the above rights, you may use the Data Controller’s contact details provided in this Policy.
The exercise of the rights is not subject to any formal constraint and is free of charge. We also inform you of your right to lodge  a complaint with the competent Data Protection Authority. We remind you that the complaint, pursuant to art. 77.1 GDPR, may be brought by the data subject with the Authority of the place where the data subject habitually resides, where he or she works or where the alleged violation occurred.

Data Controller

The Data Controller is: Holiday System S.r.l.

o    E-mail:

o    Phone: 0464 423854

o    Postal mail: via Matteotti 1/E, 38065 Mori (TN)


This policy is effective as of October 18, 2018. We reserve the right to modify or simply update the content, in part or in full, also due to changes in the applicable legislation. The updated Policy will be promptly published on this Site. We therefore invite you to visit this page regularly to view any updates.