MapoTapo
EUR

Privacy Policy

ItalianEnglish

PRIVACY POLICY

concerning the website www.mapotapo.com

Privacy Policy in accordance with Articles 13 and 14 of EU Regulation 679/2016.

1. Who is the Data Controller of the data processed by www.mapotapo.com?

The Data Controller is MAPO TAPO Srl in the person of its legal representative pro tempore, VAT and Tax Code: 11336700965 - with registered office in Milan (MI), Viale Piceno, 6, website www.mapotapo.com - For contacts: privacy@mapotapo.com.

For the purposes of this policy, a Data Subject is any user who accesses, navigates and interacts within the www.mapotapo.com website and benefits from the products and services offered by us.

2. What data is processed by www.mapotapo.com?

In order to offer products and services and to enable navigation and use of the www.mapotapo.com website, Mapo Tapo processes personal data provided by the data subject.

'Personal data' shall mean any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, by reference in particular to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.

Specifically:

  • while browsing the website:
  • url, browser used, metadata and cookies (the latter in accordance with our cookie policy);
  • by the data subject filling in the contact form contained in the 'work with us' section of the website:
  • Name, surname, phone number and e-mail address;
  • with regard to applications, Article 111-bis of Legislative Decree 193/2006 applies: "The information referred to in Article 13 of the Regulation, in cases of receipt of curricula voluntarily transmitted by the interested parties for the purpose of establishing an employment relationship, shall be provided at the time of the first useful contact, following the sending of the curriculum. Within the limits of the purposes set out in Article 6(1)(b) of the Regulation, consent to the processing of personal data contained in curricula is not required'.
  • during any registration, user account creation, filling in the form in the 'enquire now' section and purchase check-out of the data subject through the form contained in the 'shopping cart' section of the website:
  • e-mail address;
  • billing data (name, surname, telephone number, residence data/tax domicile);
  • payment data (credit card number and bank account details).

By means of its website, Mapo Tapo does not need to process special data pursuant to and for the purposes of Article 9 of EU Reg. 679 of 2016: therefore, the User does not need to transmit such data. If, however, the User, by sending a specific request, discloses data related to such categories or additional to those listed in this paragraph, he/she agrees to grant at the same time Mapo Tapo's consent to process such data in accordance with this privacy policy and with the relevant legislation in force.

3. For what purposes are data processed?

The data provided by the Data Subject will be processed by Mapo Tapo for the following purposes:

a) Pre-contractual and contractual purposes: 1) to allow the Data Subject to browse the website www.mapotapo.com and make purchases of the products and services offered by Mapo Tapo; 2) to fulfill pre-contractual, contractual and fiscal obligations arising from any relations established with the Data Subject; 3) to fulfill obligations required by law, regulation, national and international legislation or an order of the Authority (such as anti-money laundering); 4) to exercise rights as data controller, such as, for example, the right of defense in court.

The disclosure of the data subject's personal data is a necessary requirement for the fulfillment of pre-contractual/contractual measures and related legal obligations, and therefore the data subject is obliged to provide the personal data, since he/she is a party to the said contract or since pre-contractual measures are also carried out at the express wish and interest of the data subject.

b) Purposes of Legitimate Interest: 1) for the performance of activities in connection with any securitisation, assignment of receivables and issue of securities, sale of companies and business units, acquisitions, mergers, demergers or other transformations of Mapo Tapo and for the performance of such transactions; 2) for carrying out checks to prevent fraud.

c) Marketing/Profiling Purposes: 1) for the promotion of products and services offered by Mapo Tapo, including through the sending of advertising material, commercial communications, the performance of market research and direct sales activities, both through any traditional communication tools and through remote communication tools, such as email, chat, telephone, SMS, Whatsapp, video call, banners, social networks, search engines, notification systems, subject to prior express consent to the processing; 2) performance, subject to express consent to the processing, of individual or aggregate profiling and market research activities aimed, for example, at analyzing consumption habits and choices, processing statistics on the same or assessing the degree of satisfaction with the products and services proposed.

4. On what legal basis are data processed?

The legal basis for the processing of data is the execution of pre-contractual or contractual measures, the fulfillment of legal obligations or due to the legitimate interest of the data controller, fulfillments ex lege.

For Marketing / Profiling purposes, the legal basis of the processing is to be found in the free and informed consent provided by the Data Subject pursuant to and in accordance with Art. 6, §1, letter a) of Regulation EU/679/2016.

The consent given by the data subject may be revoked at any time by submitting a written request to the dedicated e-mail address (privacy@mapotapo.com): if the data subject revokes his/her consent to the service, he/she may no longer receive commercial communications or may no longer be subject to profiling.

Nature of data provision

The disclosure of your personal data is a necessary requirement for the fulfilment of pre-contractual measures or the conclusion/execution of the contract and related legal obligations, and you are therefore obliged to provide your personal data, since you are a party to the said contract or since the execution of pre-contractual measures is also carried out at your express wish and interest.

For the purposes of Marketing / Profiling, on the other hand, the provision of data is optional, and any refusal to provide such data and to simultaneously give consent to the processing, the collection of which the Data Controller is obliged to carry out, entails the impossibility for the Data Controller to carry out the direct marketing and profiling activities indicated therein.

Treatment modes

Processing shall mean any operation or set of operations or sets of personal data whether or not automated means, such as collection, recording, storage, consultation, disclosure by transmission.

The data may be processed by manual or computerised means, suitable to guarantee their security, confidentiality and to prevent unauthorized access.

Scope of data dissemination

The data processing will be carried out by personnel directly employed by the Data Controller and/or by natural or legal persons specifically identified by the latter, where appropriate, as Data Processors or Persons in charge of the processing. The Data Subject may request a list of any appointed Data Processors. The Data provided shall in no case be disclosed or communicated to third parties, with the exception of subjects whose right to access the data is recognized by provisions of law or orders of the authorities, as well as subjects, including external and/or foreign subjects, which the Data Controller uses to carry out activities that are instrumental and/or accessory to the provision of services, suppliers of software solutions, web applications and storage services also provided through Cloud Computing systems (for more information on the security standards, compliance and conformity with the requirements of the GDPR adopted by the chosen external providers, please consult the web pages https://rezdy.com/privacy-policy/ and https://stripe.com/it/privacy)

Data may be freely transferred outside the national territory to countries within the European Union. In the case of non-EU transfers, standard contractual clauses contained in Decision 2021/914/EU and the provisions of the Data Protection Authority, as well as in accordance with Articles 45 and 46 of EU Regulation 679/2016, will be signed.

Data Retention

The processed data will be kept until the purposes for which they were collected are fulfilled, as well as, having regard to the legitimate interest of the Data Controller, for fulfillment of legal obligations and for up to 24 months following the consent given by the Data Subject to receive promotional communications (Marketing), unless the consent is revoked, as well as for 12 months in the case of consent to profiling activities, unless the consent is revoked.

You may contact the Data Controller to exercise your rights as provided for in EU Regulation 679/2016 and therefore: request access to your personal data, rectification or erasure of your personal data, restriction of processing, objection to processing. You may also exercise the right to data portability or again the right not to be subject to a decision based solely on automated processing.

Requests for the exercise of the above rights and any other request concerning this policy may be forwarded to the Data Controller at the following address: privacy@mapotapo.com

The right to complain, on the other hand, may be freely exercised by the data subject by preparing a document to be sent to the Authority by certified e-mail to the address 'protocollo@pec.gpdp.it'.

The information referred to herein and any communications and actions taken pursuant to Articles 15,16,17,18,20,21 and 22 of EU Regulation 679/2016 are free of charge. If the Data Subject's requests are manifestly unfounded or excessive, in particular due to their repetitive nature, the Data Controller may:

(a) charge a reasonable fee taking into account the administrative costs incurred in providing the information or communication or taking the requested action; or

(b) refuse to comply with the request. The burden of proving that the request is manifestly unfounded or excessive lies with the data controller.

For anything not mentioned therein, express reference is made to the relevant provisions in force, with particular reference to EU Regulation 679/2016

Last update of this document last update 25.07.2024

Mapo Tapo

© Mapo Tapo - Mapo Tapo S.r.l - Viale Piceno, 6 - 20129 Milano (MI)
Tour Operator - Vat no 11336700965 - Reg. Impr. Milano 07-08-2020 no 11336700965
Liability Insurance: Policy no. 505384275 - ALLIANZ
Travel Guarantee: FONDO CONSORTILE DI GARANZIA - Vacanze garantite - cert. no 2023091573AT

Subscribe to our newsletter and be the first to know about our new trips!

Information obligations for public grants: state aid and de minimis aid received by our company are contained in the National Register of State Aid pursuant to art. 52 of Law 234/2012

Invitalia - Smart&Start

Explore

HomeTripsCalendar departuresHow it worksBlogAbout us

Resources

My accountJoin communityContact Us

Policies

Privacy policyPrivacy policy newsletterCookie policyTerms & conditionsData sheetIndemnification provisionStandard information formTravel insurances
You can pay with
MastercardVisa
en
EUR

Search

Blog

Mapo Tapo

Home

Support

Account