Privacy policy

Information note pursuant to article 13 of EU Regulation 2016/679 - article 13 of Legislative Decree 196/2003 (Personal data protection code) and subsequent amendments.

Last updating May 2018.

In application of the European Regulation n. 679 of 2016 of Legislative Decree no. 196 of 2003 relating to the protection of personal data, we inform you that the data controller is Andrea Siciliano, manager of "MilanHolidays" (hereinafter referred to as "the owner").

Personal data are processed in full compliance with EU Regulation 679/2016 and Legislative Decree 196/2003 and subsequent amendments.

The data provided by you (hereinafter referred to as "the interested party") will be used for the sole purpose of following up on your requests and may be disclosed to third parties only if this is necessary for this purpose, or with your explicit consent.

The data will be processed by personnel appointed by the Data Controller with procedures, technical and IT tools suitable for protecting the confidentiality and security of the data of the interested party and consists in their collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, cancellation, destruction of the same including the combination of two or more of the aforementioned activities.

The data will be kept for the time strictly necessary to provide the interested party with the requested services and will in any case be deleted following the request of the interested party, without prejudice to further conservation obligations established by law.

The data of the interested party will not be disclosed.

As part of its activity and for the purposes indicated above, the Data Controller may make use of services rendered by third parties who operate on behalf of the Data Controller and according to his instructions, as data processors.

These are suppliers, commercial and production partners, intermediaries, technical consultants and other similar subjects who collaborate with our organization to fulfill the contractual commitments undertaken with you; subjects who provide a service strictly and necessarily connected to the activity of the Data Controller such as tax consultants, banks, shippers, insurance companies, public and private entities, also in relation to inspections or checks subjects who can access the data by virtue of legal provisions.

The data may also be communicated to all those subjects authorized by law to collect them (eg provincial companies for health services, financial administration, etc.).

The interested party may request a complete and updated list of the persons appointed as data processors by contacting the "contact form" indicated below.

Rights of the interested party

Right of access (Article 15 of the GDPR). Right of the interested party to obtain access to their data and to lodge a complaint with the supervisory authority.

Right of rectification (Article 16 of the GDPR). Right of the interested party to obtain from the Data Controller the correction of inaccurate personal data concerning him.

Right to cancellation (right to be forgotten) (Article 17 of the GDPR). The interested party has the right to obtain from the Data Controller the deletion of personal data concerning him without undue delay.

Right to limitation of processing (Article 18 of the GDPR). Right of the interested party to obtain a limitation of the data processing.

Notification obligation (Article 19 of the GDPR). The Data Controller communicates to each of the recipients to whom the personal data have been transmitted any corrections or cancellations or limitations of the processing carried out pursuant to art. 16; 17; 18.

Right to data portability (Article 20 of the GDPR). The interested party has the right to receive the personal data concerning him provided to the Data Controller and has the right to transmit such data to another data controller without impediments by the Data Controller.

Right to object (Article 21 of the GDPR). Right of the interested party to oppose the processing of his personal data.

Profiling (Article 22 of the GDPR). The interested party has the right not to be subjected to a decision based solely on automated processing, including profiling or which significantly affects his person.

The Data Controller is: Andrea Siciliano, manager of "MilanHolidays".

Art. 7 - Right to access personal data and other rights

  • The interested party has the right to obtain confirmation of the existence or not of personal data concerning him, even if not yet recorded, and their communication in an intelligible form.
  • The interested party has the right to obtain the indication: 

a) of the origin of the personal data;

b) of the purposes and methods of the processing;

c) of the logic applied in case of treatment carried out with the aid of electronic instruments,

d) of the identification details of the owner, of the managers and of the designated representative pursuant to article 5, paragraph 2;

e) of the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the territory of the State, managers or agents. 


  • The interested party has the right to obtain:

a) updating, rectification or, when interested, integration of data;

b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including data which need not be kept for the purposes for which the data were collected or subsequently processed;

c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment is proves impossible or involves the use of means that are manifestly disproportionate to the protected right.

  • The interested party has the right to object, in whole or in part:

a) for legitimate reasons, to the processing of personal data concerning him, even if pertinent to the purpose of the collection;

b) to the processing of personal data concerning him for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication. 

The person responsible for the protection of personal data is: Andrea Siciliano.

Owner and manager of the processing of personal data

Pursuant to art. 28 of Legislative Decree 196/2003:

The Data Controller of personal data: MilanHolidays.

The person in charge of the processing of personal data: Andrea Siciliano.

Registered office: Via Monte Cengio, 18 - 20138 - Milan (Mi)

Tax Code: SCLNDR86D13C351F

Email: info@milanholidays.eu

Domain: www.milanholidays.eu

Links to other sites

The sites to which we redirect, including (but not limited to) secondary sites and third party service providers, may have a different privacy policy than the one set out here.

We take no responsibility for the privacy policies of linked sites and therefore encourage you to learn about them.

Children

We do not intend to collect personal information from any individual under the age of 16. If you are under 16, you shouldn't make an online booking or any inquiries, but ask a parent to do it for you.

Questions or concerns

At any time you believe that the Owner has not followed the aforementioned policy, we invite you to let us know by sending an email to "info@milanholidays.eu" and we will try to do our best to identify and solve any problem.

Changes to this online privacy policy

We may vary this Privacy Statement from time to time to accommodate regulatory changes, business needs or to meet the requirements of our visitors, guests, market partners and service providers. Updated versions will be posted on our site, along with the update dates, to inform you of the latest privacy policy update.