WE CARE ABOUT YOUR PRIVACY...

Please, read carefully this Privacy Policy, issued within the meaning of art. 13 of the General Data Protection Regulations No. 2016/679 (hereinafter, "RGPD"), providing you with full details about the processing of your data collected through the website www.superoffertamirabilandia.it (hereinafter also referred to as the "site”) and managed through the processes concerning our Customer Relationship Management (CRM ).

1.WHO PROCESSES YOUR DATA?

Data Controller

Parco della Standiana S.r.l. having its registered office in Savio 48125 (RA) - I - Strada Statale 16 Adriatica Km 162

Parques Reunidos Servicios Centrales S.A., having its registered office in Madrid –E-, Paseo de la Castellana, 216,

Travelmix S.r.l. having its registered office in Savio 48125 (RA) - I - Strada Statale 16 Adriatica Km 162;

 as Joint Data Controllers

In addition, the Data Controllers have suppliers who are allowed to process your personal data, also with the aim of providing the services necessary to carry out the purposes we have informed /we are informing you about (including, by way of example and without limitation, companies operating in the following fields: technology, legal advice, marketing, multidisciplinary professional services, IT services, etc.) These suppliers will access your personal data only to carry out their services on behalf of the Data Controllers, following their security and data protection procedures and without using them for their own purposes and/or for unauthorized purposes.

Among the above-mentioned suppliers, the Data Controllers have appointed Salesforce Group (Salesforce), who provides services related to our Customer Relationship Management (CRM) platform and is the owner of companies all over the world. For these purposes, Salesforce will process your personal data within the European Economic Area (EEA) and in accordance with applicable European data protection regulations. However, if necessary, Salesforce may also provide its services through companies located outside the European Economic Area, which may involve the execution of international transfers of personal data. However, taking this case into account, the Data Controllers have also signed legally binding agreements and security measures agreements necessary to ensure that your personal data will be processed according to an adequate level of protection, comparable to the level required in the European Economic Area (standard contractual clauses approved by the European Commission on data protection in accordance with the European Data Protection Regulation (GDPR), complementary security measures in accordance with the judgment C-311/18 of the Court of Justice of the European Union and subject to certification mechanisms). For further information, please do not hesitate to contact the data protection officer of the data controller, using one of the contact addresses indicated in this Privacy Policy.

In summary, your data can be shared with:

  1. people authorised by the Joint Data Controllers to process personal data who have committed themselves to confidentiality or are under a statutory obligation of confidentiality;
  2. other companies of Parques Reunidos Group, subjects that are delegated and/or appointed by the Joint Data Controllers to carry out activities that are strictly related to the achievement of the above-mentioned purposes (including technical maintenance activities on the systems), duly appointed as data processors;
  3. individuals, companies or professional firms that provide support and consultancy to the Data Controller, duly appointed as data processors;
  4. subjects, bodies or authorities to whom your personal data must be communicated owing to legal provisions or orders issued by the competent authorities.

 

2.WHAT TYPES OF DATA DO WE COLLECT?

We process two types of data:

  • data provided by the user ;
  • data provided by Automated data collection.

Data provided by the user

 Here is an example of the data we request:

  • Name and surname
  • Email address
  • Telephone
  • Country
  • Nation
  • Province
  • Postcode
  • Date of Birth
  • City
  • Address
  • VAT Number

 

Data of minors under 16

In this respect, we remind you that if you are under 16 you cannot provide any personal data to us, and in any case, we shall not accept any responsibility for false information provided by you. If we became aware of the existence of false statements, we would immediately delete all personal data acquired.

Automated data collection

We collect the following data through the services you are using:

  • technical data: this data category includes the IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file received in response, the numerical code stating the status of the server's response (successful outcome, error, etc.), and other parameters about the operating system and the user's IT environment. These data are used for statistical information only (therefore, they are anonymous) and to control the correct operation of the site and they are deleted immediately after processing. The data may be used for the purposes of ascertaining responsibility in the event of hypothetical IT crimes jeopardizing the site security: with the exception of this case, data on website contacts are not maintained for more than 7 days;
  • data collected through cookies and similar technologies: for any further information, we invite you to visit the "Cookie" section.

3.FOR WHICH PURPOSES DO WE PROCESS YOUR DATA? 

For purposes related to the provision of services that have been requested:

We use your data to make sure that you can access our services and their provision, such as:

  • Assistance by phone and/or email for the purchase of services offered through the sites;
  • Booking and purchase of Mirabilandia Vacanze Package (Park+Hotel);
  • Communications related to the provision of the service;
  • Administrative, financial or accounting activities;
  • Fulfilment of legal obligations, regulations and EU laws.

Data processing for the purposes above is necessary for the performance of any contract or pre-contract measures adopted upon your request. The provision of your personal data for this purpose is optional but please note that your refusal will not allow us to provide you with the service.

To keep you updated about our latest novelties

If you have expressly given us your consent, we will use your data to carry out direct marketing activities.

In particular, we will use them to:

  • communicate promotional, commercial and advertising activities on events, initiatives or partnerships of Mirabilandia Vacanze, Mirabilandia, Mirabeach and of other parks owned by Parques Reunidos Group by means of paper-based mail, telephone contacts through an operator ("traditional methods"), email, texting, push notifications ("automated methods").
  • carry out analysis and reporting activities related to promotional communication systems, such as detecting the number of opened emails, of clicks made on the links included in the communication, the type of device used to read the communication and the related operating system or the list of users who decided to unsubscribe from receiving the newsletter.

The provision of your personal data for this purpose is absolutely optional.

 

To customize the services we offer you

If you have expressly given us your consent, we will process your data to analyze your consumption habits or choices in order to offer you a service both more personalized and in line with your interests, to improve our commercial offer.

4.HOW LONG DO WE STORE YOUR DATA?

Personal data will be stored in paper and/or electronic format and for the time strictly necessary to achieve the purposes stated in Point 3.

In case you complete the purchase of services offered through the site, the invoices, accounting documents and data related to transactions will be stored for 11 years as provided by the law (including tax requirements).

In case you do not complete the purchase of services offered through the site, your personal data will be stored for a maximum period of 12 months.

For direct marketing purposes, in accordance with applicable laws, we store your data for a maximum period of 24 months.

Finally, we inform you that, in compliance with counter-terrorism requirements introduced by Art. 24 of Law 167/2017, transposing the EU Directive 2017/541, we will store data related to electronic traffic, excluding in any case the contents of communications, for a maximum period of 72 months since the communication date.

5.HOW CAN YOU WITHDRAW CONSENT OR EXERT YOUR RIGHTS?

Withdrawal of consent

In order to withdraw the consent given for direct marketing purposes you only have to press the Unsubscribe button at the bottom of all our communications or, if you find it more convenient, write to privacy@mirabilandia.it

Exercise of your rights

In line with what is provided under GDPR, you have the right to request to the Joint Data Controllers, at any time, access to your personal data, their rectification or erasure or to object data processing. Moreover, the law allows you to exert the right to request the restriction of processing in the cases envisaged by Art. 18 of GDPR, as well as to obtain your data in a structured, commonly used and machine-readable format, in the cases envisaged by Art. 20 of GDPR.

Requests can be sent to this email address: privacy@mirabilandia.it.

Finally, we inform you that you always have the right to lodge a complaint to the relevant supervisory authority (Privacy Guarantor), within the meaning of Art. 77 of GDPR, if you believe that processing of your data infringes the rules in force.

6.HOW DO WE GUARANTEE PERSONAL DATA PROTECTION?

Your personal data are processed by the subjects mentioned in point 1, in accordance with the regulations in force. In particular, in order to guarantee the security of your data while taking into account the current state of the art and the costs of implementation, the nature, scope, context and purpose of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of our users, we have adopted appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

7.WHEN WAS THIS PRIVACY POLICY UPDATED?

This privacy policy was published in May, 2018 and may be subjected to changes over time, also in connection with the coming into force of new regulations for this sector, the updating or provision of new services or technological innovation. In this case, the Joint Data Controllers will notify you of such updates.