The new Regulation (EU) 2016/679 has introduced rules to increase the protection of personal data.

Therefore, our company has started a process to comply with these new rules and we hereby provide you with our privacy policy, in accordance with art.13 of Regulation (EU) 2016/679, which we kindly ask you to read. Should you require further information, please don’t hesitate to contact us.

Privacy Policy applicable to the Website www.fiveelements.it

This Website collects some Personal Data from its Users.

Data Controller:

Danilo Turletto – danilo@hmi.travel

HMI Srl
Via Vincenzo Vela – 10128 Torino (To) – Italy
Indirizzo email del Titolare: danilo@hmi.travel

Types of Data Collected

The Personal Data collected by this Website, autonomously or via third parties, include name, surname, address, and email address. Full details on the types of data collected are available in the specific sections of this privacy policy or will be shown on screen before said data are collected.

Personal data can be provided freely by Users or, in the case of Usage Data, automatically collected during the use of the Website.

Unless stated otherwise, all the Data requested by this Website are mandatory. If Users refuse to provide their data, this Website may not be able to provide the Service. However, Users are free not to provide any data marked as optional on this Website. This will have no impact on the availability and functionality of the Service. Users in doubt about which Data are mandatory are encouraged to contact the Data Controller.

If not stated otherwise, the use of any Cookies – or other tracking tools – by this Website or by the providers of third-party services used by this Website, has the purpose of providing the Service requested by the User and any other purposes described in this document and in the Cookie Policy, if available. Users take responsibility for third-party Personal Data obtained, published, or shared via this Website and assure that they have the right to communicate or disclose them, freeing the Data Controller from any responsibility towards third parties.

Methods and Location of Data Processing

Processing Methods

The Data Controller takes all necessary security measures to prevent unauthorized access, disclosure, modification, or destruction of Personal Data. Data processing is carried out using electronic and/or telematic means and conducted following logic strictly relevant to the purposes described above. In addition to the Data Controller, in some cases Data may be accessed by other subjects involved in the organization of this Website (administration, sales, marketing, legal and system administration staff), or external subjects (such as suppliers of services, carriers, hosting providers, IT companies, communication agencies), appointed by the Data Controller and, if necessary, nominated Data Processors. Users may ask the Data Controller for an updated list of Data Processors at any time.

Lawfulness of Processing

The Data Controller processes Users’ Personal Data when any of the following conditions apply:

• the User has consented to one or more of the data processing purposes specified; Note: in some countries the Data Controller may be authorized to process Personal Data even without the User’s consent or any of the legal basis mentioned below, until the User opts out of the processing. However, this is not applicable if the Data processing is regulated by European laws on Personal Data protection.
• the processing is necessary for the performance of a contract with the User and/or to take steps prior to entering a contract.
• the processing is necessary to comply with a legal obligation to which the Data Controller is subject.
• the processing is necessary for the performance of a task carried out in the public interest or in exercise of official authority vested in the controller.
• the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.

In any case, it is always possible to ask the Data Controller to clarify the actual lawful base of each processing and, in particular, to specify if the processing is based on the law, a contract, or necessary to enter into a contract.

Location

Data are processed at the Data Controller’s operational facilities and at any other location where the parties involved in the processing are based. For further information, please contact the Data Controller. Users’ Personal Data may be transferred outside the country in which the Users reside. To obtain further information on the location in which the data processing takes place, Users may refer to the section dedicated to the details on Data Processing. Users have the right to obtain information on the legal basis of the transfer of Personal Data outside the European Union or to an international organization governed by international law or comprising two or more countries, for example the UN, and on the security measures adopted by the Data Controller to protect Data. Should one of the above-mentioned transfers occur, Users may refer to the relevant sections of this document or ask the Data Controller for information, using the contact details provided at the beginning of this document.

Retention Period

Data are treated for the time necessary to achieve the purposes for which they were collected.
Therefore:

• Personal Data collected for purposes related to the performance of a contract between the Data Controller and the User will be stored for the duration of the contract.
• Personal Data collected for purposes related to the Data Controller’s legitimate interests will be stored until said interests have been satisfied. Users may obtain further information regarding the legitimate interests pursued by the Data Controller in the relevant sections of this document, or by contacting the Data Controller.

When processing is based on the consent obtained from the Users, the Data Controller may store Personal Data for a longer period, until the consent is revoked. Additionally, the Data Controller may have to store Personal Data for a longer period to comply with legal obligations or orders from an authority.
At the end of the retention period, Personal Data will be deleted. Therefore, once the retention period is over, Users will no longer have the right to access, delete, rectify, or transfer their Personal Data.

Purpose of Data Processing

Users Personal Data are collected to allow the Data Controller to provide its Services, and for the following purposes: to contact Users.

For detailed information on the processing purposes and the Personal Data relevant to each purpose, Users may refer to the specific sections of this document.

Details on Data Processing

Personal Data are collected for the following purposes and using the following services:

• To contact Users

Contact Form (this Website)

By filling in the contact form, Users consent to the use of the Data provided to reply to the requests for information, quotes, or any other request sent using the form.

Personal Data collected: name, surname, address and email address.

Mailing List or Newsletter (this Website)

By subscribing to the mailing list or newsletter, Users’ email addresses will be automatically included in the list of contacts who will be sent emails with information, including commercial and promotional messages, relating to this Website. Users’ email addresses may also be added to this list after registering on this Website or after making a purchase.Personal Data collected: email address.

User Rights

Users may exercise certain rights in relation to the Personal Data processed by the Data Controller.

Users have the right to:

• revoke their consent at any time. Users may revoke the consent they had previously provided for the processing of their Personal Data.
• object to the processing of their Personal Data. Users may object to the processing of their Personal Data when it is not based on consent. Further details on the right to object can be found in the section below.
• access their Personal Data. Users have the right to obtain information on the Personal Data processed by the Data Controller on certain aspects of the processing and to receive a copy of the Data processed.
• check and request rectifications. Users may check their Personal Data and request updates or corrections.
• limit the processing. When certain conditions apply, Users may request to limit the processing of their Personal Data. In these cases, the Data Controller will process the Data only for conservation purposes.
• obtain the deletion or removal of their Personal Data. When certain conditions apply, Users may ask the Data Controller to delete their Personal Data.
• receive their Data or transfer them to another Controller. Users have the right to receive their Data in a structured and commonly used electronic format and, if technically feasible, obtain the transfer to another Data Controller without unjustified delay. This provision applies when Data are processed with automated means and processing is based on the User’s consent, on a contract of which the User is a part, or on contractual provisions connected to it.
• make a complaint. Users may complaint with the competent data protection supervisory authority or bring violations to the attention of judicial authorities.

Details on the Right to Object

When Personal Data are processed in the public interest, in the exercise of official authority vested in the Data Controller, or to pursue a legitimate interest of the Data Controller, Users have the right to object to the processing for reasons related to their personal situation.

Users are informed that when Data are processed for marketing purposes, they may object to the processing without providing a reason. To find out if the Data Controller processes data for marketing purposes, Users may refer to the relevant sections of this document.

How to Exercise Data Subject Rights

To exercise their rights, Users may address their requests to the Data Controller using the contact details provided in this document. Requests are processed for free by the Data Controller as soon as possible, and in any case within a month.

Additional Information About Data Processing

Defence Before the Courts

The Data Controller may use Users Personal Data for its defense in court, or in any preparatory stages, in cases concerning abuse of data usage, or any connected services, by the User. Users declare to be aware that the Data Controller may have to reveal their Personal Data to comply with orders from an authority.

Specific Policies

On request, in addition to the information included in this privacy policy, this Website may provide Users with additional, contextual information regarding specific Services, or the collection and processing of Personal Data.

System and Maintenance Logs

For operational and maintenance purposes, this Website and any third-party services it uses, may collect system logs, i.e. files that record interactions, which could contain Personal Data, such as Users’ IP address.

Information Not Included in This Policy

Further information regarding Personal Data may be requested at any time by contacting the Data Controller, using the contact information provided.

Response to “Do Not Track” requests

This Website does not support “Do Not Track” requests.
To find out it any third-party services support them; Users should refer to the relevant privacy policies.

Amendments to This Privacy Policy

The Data Controller reserves the right to modify this Privacy Policy at any time, notifying Users by publishing the information on this page and, if feasible, on this Website as well as notifying Users, if technically and legally feasible, using any of the contact details held by the Data Controller. Therefore, Users are kindly requested to check this page regularly and refer to the last modified date indicated at the bottom. Should the changes involve data processing that requires consent, the Data Controller will make sure to acquire Users’ consent again, if necessary.

Definitions and Legal References

Personal Data (or Data)

Any information relating to an identified or identifiable natural person, i.e. a person who can be identified, directly or indirectly, including by reference to any other information, such as a personal identification number.

Usage Data

The information collected automatically through the Website (or by third-party applications used by the Website), including: IP addresses or domain names of the computers used by the User to connect to the Website, Uniform Resource Identifiers (URI), the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numeric code that indicates the status of the server’s reply (successful, error, etc.), the Country of origin, the characteristics of the browser and operative system used by the visitor, the time-related details of the visit (for example, the time spent on each page) and the details of the navigation paths followed within the Application, with particular reference to the pages browsed, the operative system’s parameters and the Users’ IT environment.

User

Individual who uses the Website; unless otherwise provided, also referred to as Data Subject.

Data Subject

The natural person to whom the Personal Data refers.

Data Processor (or Processor)

The natural or legal person, public entity or any other body that processes the personal data on behalf of the Data Controller, according to the provisions in this Privacy Policy.

Data Controller (or Controller)

The natural or legal person, public authority, service or other body that, individually or together with others, determines the purposes, methods and tools to be used to process personal data, including the security measures for the functioning and use of this Website. Unless stated otherwise, the Data Controller is the owner of this Website.

This Website (or this Application)

The hardware or software tool through which Users Personal Data are collected.

Service

The service provided by this Website as defined by the terms (where applicable) of this site/application.

European Union (or EU)

Unless stated otherwise, any reference herein to the European Union refers to all the current members of the European Union and the European Economic Area.

Legal References

This privacy policy is based on multiple legislations, including articles 13 and 14 of Regulation (EU) 2016/679. Unless stated otherwise, this privacy policy only applies to this Website.