Privacy Policy pursuant to Regulation (EU) 2016/679 (GDPR)
Pursuant to Article 13 of Regulation (EU) 2016/679 (GDPR), Nebrodi Enduro Tour wishes to inform website users about the processing of personal data.
1. Data Controller
The Data Controller is:
Nebrodi Enduro Tour
Phone: +39 331 200 4251
Email: info@nebrodiendurotour.com
2. Purpose of Processing
Personal data voluntarily provided through the website (e.g. contact forms, information requests, tour bookings)
will be processed lawfully and fairly for the following purposes:
- Responding to information or quote requests;
- Managing tour participation requests;
- Organizing activities, communications, and participant support;
- Complying with administrative and legal obligations;
- Improving the website browsing experience.
The collected data is relevant, complete, and not excessive in relation to the purposes stated above.
3. Processing Methods
Data processing is carried out using IT and telematic tools,
in compliance with the principles of lawfulness, fairness, transparency, and confidentiality protection.
Appropriate technical and organizational measures are adopted to prevent unauthorized access,
loss, disclosure, or modification of data.
4. Legal Basis for Processing
The legal basis for processing is:
- The data subject’s consent (Art. 6(1)(a) GDPR);
- The performance of pre-contractual or contractual measures requested by the user (Art. 6(1)(b) GDPR);
- Compliance with legal obligations (Art. 6(1)(c) GDPR).
Providing data is optional but necessary to respond to requests.
Failure to provide data will make it impossible to deliver the requested service.
5. Disclosure of Data to Third Parties
Data may be processed by external parties providing technical services necessary
for the operation of the website and business (e.g. hosting providers, email services, consultants),
appointed as Data Processors where required.
Personal data will not be publicly disclosed.
6. Data Retention
Personal data will be retained only for the time strictly necessary
to achieve the purposes for which it was collected and in compliance
with applicable legal obligations.
7. Data Transfer
Data will not be transferred to non-EU countries,
except where GDPR-compliant tools with adequate safeguards are used.
8. Data Subject Rights
Pursuant to Articles 15–22 of the GDPR, the data subject has the right to:
- Obtain confirmation of the existence of their personal data;
- Access the data and receive a copy;
- Request updates or corrections;
- Request deletion of the data;
- Restrict or object to processing;
- Request data portability;
- Withdraw consent at any time;
- Lodge a complaint with the Data Protection Authority.
Requests can be sent to:
info@nebrodiendurotour.com
9. Changes to this Policy
The Data Controller reserves the right to update this policy.
Any changes will be published on this page.