brand

Privacy Policy

PRIVACY NOTICE FOR PERSONAL DATA PROCESSING PURSUANT TO ART. 13 GDPR (EU

REGULATION 679/2016)

MDestinations, headquartered at Via Isidoro La Lumia, 11 – 90139 Palermo, as the data

controller (“Controller”), informs you pursuant to art. 13 GDPR that your data will be

processed as described below:

1. Purpose of Processing: The Controller processes personal identification data, such

as name, tax code, email, phone number, postal address (“Data”) provided during the

purchase or subscription of services or in the contractual relationship with the

Controller.

2. Purpose of Processing Without Consent: Your personal data are processed, without

prior consent (art. 6 b), c) GDPR), solely for the management and execution of precontractual and contractual relationships; administrative and accounting compliance;

legal obligations; protection of the Controller’s rights in court and management of

disputes; prevention and suppression of illegal acts.

2.1 Further Purposes With Consent: With your free and explicit prior consent (art. 6 a GDPR),

collected data may also be used for:

• Sending commercial communications via automated (email, SMS) or traditional

means (mail, non-prerecorded calls);

• Sending newsletters.

Refusing consent will not prevent access to the Website and available functions.

1. Processing and Storage: Processing is carried out via IT systems (cloud, Internet,

intranet, computers, mobile devices) or paper archives. Data are retained only as long

as necessary for the purposes collected, in compliance with law, except where longer

retention is required. Upon account closure, personal data are retained for

administrative purposes for 10 years, unless further retention is required by law.

2. Mandatory Provision of Data: Providing personal identification data is mandatory for

contractual execution and compliance; refusal may prevent full or partial service

provision.

3. Access to Data: Data may be processed by employees, collaborators, internal

contacts, system administrators, or third parties acting on behalf of the Controller as

external processors.

4. Data Communication: Without consent (art. 6 b), c) GDPR), the Controller may

communicate data to public authorities or third parties to fulfill legal obligations.

5. Data Subject Rights: You may exercise rights under Articles 15-22 GDPR, including

access, correction, deletion, restriction, opposition, data portability, and objection to

automated decision-making. Complaints may be sent to the Controller or the Data

Protection Authority.

6. Data Controller: MDestinations, Via Isidoro La Lumia, 11 – 90139

Palermo, https://www.mdestinations.com