About this PolicyAccording to European GDPR law for privacy regulamentation, we hereby explain how we collect and handle your information collected across this website and related email account.
For example, this includes information that may of itself identify you such as your name, contact details, delivery information, internet protocol ("IP") address, cookie strings, as well as information that may not on its own identify you, but which we store alongside such identifiers, such as how you are using our services or the country you are in when you do so.
Why and how do we use your personal data?We only use your information where you've given us your consent, where its necessary to deliver and where you will return the device you require, where it’s necessary to exercise or comply with legal rights or obligations, or for normal business purposes of the kind set out in this policy:
When we need to do so to deliver our services or facilitate the performance of a contract you've entered – or are entering – into, such as making a booking with us.
To improve or optimise our services and to otherwise protect or further our legitimate interests. This includes fraud prevention and security and product enhancement.
Where it’s necessary to exercise or comply with our own legal rights or obligations.
What personal data do we collect?We don't collect more information than we need.
When you use our services, we have to collect, keep and share some personal data and ask that you agree to that in line with this policy.
We collect information in three ways:
1 - You give it to us voluntarily
Information you choose to give us might include personal data needed for you to book our services for yourself and others. This ranges from the dates and destination you choose in a search, to the basic stuff for collecting and returning the device you rent to third parties, such as names and contact details.
2 - We generate or collect it automatically
We generate or collect some information from your computer or device automatically as you use our services. This includes stuff like your IP address, information about the device and browser you are using to access our services, the website URL you visited us from. It also includes details of the bookings you have made. We may also know your location from your mobile or your IP address.
3 - We receive it from third parties
Sometimes we're given information about you from third parties, depending on how you choose to interact with us. For example, when you come to our website via a promotional partner, or when you rent a witourist device from a Partner and you require to return it to an hotel using our logistic. And, if you've redirected to a Partner Supplier's website or app to complete your booking, we might collect information from them.
Our services are not intended for children under 18 years of age, and no one under the age of 18 should provide any information to, on or via our services. We don't knowingly collect personal data from children under 18, and will delete any that we learn we have collected or received that was not provided by, or with express consent on behalf of, the child’s parent or legal guardian.
Depending on how you interact with our services, we may collect or process the following categories of personal data via the three different ways explained above.
such as your name, address, email address, telephone number and other similar information.
such as a copy of your passport or other identity confirming documentation which may contain information like your name, address, gender, nationality and date of birth.
such as your credit or debit card number, expiry date and verification code when you book travel via our services.
Travel and Booking information:
such as your booking reference, booking history, identification or passport information and travel itinerary.
your age, gender, location and preferred language when you use our services.
Device and Location Information:
generic details from your device such as your IP address, type, make, model and operating system of your device;
Usage and Profiling Information:
your search history and travel preferences;
how you've interacted with our services, including time you spend on our site and/or app and the pages, features or functionality you have accessed;
links you have clicked on to be redirected to or from our services, including the identity of the Partner you are redirecting to and the type of travel service you have selected; and
where you've redirected to a Partner website or app for the purposes of completing a booking, we may collect information from that Partner about whether and what you went on to book with them.
includes communications we receive from you such as feedback, help requests and queries via email and other electronic communication methods such as online chat, instant messaging or social media; and metadata associated with those communications, such as time and date.
User Generated or Provided Content:
content you upload to our services including comments, photos, videos, recommendations, preferences and reviews and metadata such as the time and date associated with that content; and any information you submit to us during the course of any correspondence you may have with us, such as signatures, photographs, opinions.
Social Media Information
email address is automatically collected by us from the third party social media platform you log in to witourist.com from; and information from your publicly accessible LinkedIn (or other social network) profile such as name, email address, where you have given this to a third party and they have made it available to us in accordance with their own terms and privacy policies.
How long do we store your personal data?We only keep your data for as long as we need it, or are required to for legal reasons. We’ll then either delete it or anonymise it so it doesn’t identify you. We treat data differently depending on what it’s used for, but you can ask us to delete your personal data at any time.
We keep your personal data only for as long as we need to. This depends on why it was collected, or if we have a continuing legal basis to do so (such as to fulfil a contract between us, perform a service you requested or for our legitimate interests). Rest assured, if we no longer have a reason or legal requirement to process your personal data, we will delete it or store it in a way so that it no longer identifies you.
We have different retention policies for different types of personal data, taking into account:
- The purpose for collecting the personal data;
- How long it will take to fulfil that purpose;
- Any specific reason or overriding legal obligation to retain the personal data for a specific amount of time.
We will keep personal data such as your email address, name and other details so you can log in and access our services for as long as you have an account. We may keep other information indefinitely - such as site activity linked to an IP address - which we use to help us understand our customers, improve our products and services and protect our business interests.
No matter how long the retention period, you can ask us to delete your personal data in certain circumstances. If you rent a device using a SIM or account allowing access to the Internet, under current Italian law we are required to keep your identification data, associated to the specific device and the account used during the rental, for a period of 10 years and to provide any necessary details if requested by any Judicial Authority.
When is your information shared with or collected by third parties?We share your information only where you ask us to, where it’s a necessary part of doing business with you and providing you with the services, or where we need to for legal reasons. If you rent a device directly from a WiTourist Partner (Store or Tourism Company) they will collect your data in line with their own policies. Finally, companies that help us deliver our services will also collect and use your data on our behalf.
Sharing personal data with third parties who process it only under our instruction
We share information relating to our users with selected third parties who provide us with a variety of different services that support the delivery of our services (let's call them "Third Party Processors"). These Third Party Processors range from providers of technical infrastructure to customer service and authentication tools. We require any Third Party Processor which handles information on our behalf to do so pursuant to contractual terms which require that the information is kept secure, is processed in accordance with applicable data protection laws, and used only as we have instructed and not for that Third Party Processor’s own purposes (unless you have explicitly consented to them doing so).
Third Party Processors may be located in, or process your information, outside of the country in which you are based. Where our use of a Third Party Processor involves the transfer of personal data from within Europe to a location outside of the European Economic Area, we will put in place appropriate measures to ensure that the personal data is adequately protected in that location, most often by applying European Commission-approved standard contractual clauses alongside robust security checks.
The types of Third Party Processors we may share elements of your personal data with include:
- payment processors engaged by us to securely store or handle payments information, such as credit or debit card details, required for facilitating bookings with Travel Suppliers - for example, when you provide us with your credit or debit card details we store these in a PCI-compliant data vault provided by an industry-leading third party payment processor;
- providers of email management and distribution tools - for example, if you sign up to receive our newsletters or other marketing messages we will manage the delivery of these to you using a third party email distribution tool;
- providers of security and fraud prevention services - for example, we use these providers to identify automated software agents that might disrupt our services or to prevent misuse of our APIs;
- providers of data aggregation and analytics software services that enable us to effectively monitor and optimise the delivery of our services;
- providers of tracking tools that we use to monitor instances where you click on a link to a Partner’s website and redirect from witourist.com site to that Partner Supplier's;
- providers of software platforms that assist us in communicating or providing customer support services to you - for example, we manage and respond to any messages you send to us via our help centre using a third party communications management tool;
- providers of online cloud storage services and other essential IT support services; and other companies, for the purpose of supporting the delivery of our services to you.
Sharing your information with third parties, or allowing them to collect it, for processing outside of our control
Disclosing information for legal and other reasons
We may disclose your information where necessary to enforce our Terms of Service or other agreements, or to a prospective or ultimate buyer if Evolia Srl itself (or part of our business) is sold. We may also disclose your information if necessary to prevent, detect or prosecute illegal or suspected illegal activities, including fraud, or to prevent other damage or where necessary in response to legally binding requests, legal action against us, or to enforce our rights and claims.
How do we keep your personal data secure?Keeping your personal data secure is our highest priority. We limit access to only those Evolia Srl employees who have to come into contact with your information to do their jobs and deliver our services.
Unfortunately, no website or app can guarantee complete security but we have created an organisation-wide security programme designed to keep your personal data as safe as possible. It uses a range of technical, organisational and administrative security measures and best-practice techniques, depending on the type of data being processed. For example, the computer systems we use to store your data have access limitations and in-cloud based servers that use industry-standard disc encryption. We use TLS and HTTPS encryption to protect your personal data when we transfer it across the internet.
We develop our services with the goal of using the minimum amount of personal data possible, including through use of data minimisation techniques like anonymisation and pseudonymisation. Also, whenever we develop or update our services in ways that involve the collection or use of new forms of personal data, we conduct a privacy impact assessment to understand, and reduce, the likelihood of any unintended impact on you.
Where do we store your information?Your data is securely stored in data centres around the world. Your data will only be processed by suppliers who provide appropriate contractual safeguards for the information they process. Sometimes your data may be stored in countries with different levels of security to your own but we always make sure their standards meet ours.
We store the information we collect from you on secure servers in various locations, depending on where you are in the world when you access our site. Currently, we use servers that are located in USA (website form content) and Ireland (Google cloud content). These servers are provided and/or supported by third parties acting under our instruction.
Sometimes the countries that your data is transferred to, or stored in, may have different, or less stringent, data protection and security standards than your own. However, subject to the local laws in these countries, we’ll provide the safeguards needed to protect your data regardless of location. We do this through a combination of appropriate technical, organisational and administrative security measures, and by putting in place the necessary legal contracts to backup these requirements. For example, we will only store European users’ personal data outside the European Economic Area where a European Commission-approved method of validating the transfer has been put in place.
What is a cookie?
Cookies on our website may be set by us, third parties we’re working with, or independent third parties (such as advertisers).
What are web beacons and pixels?
Web beacons or pixels are small, transparent image files inside a web page or email. We use them to understand how you interact with our services, or if you've redirected to another website. We also use pixels to gather information such as whether you’ve opened an email, so that we can improve our communications to you.
What are tracking codes?
Tracking codes are snippets of code placed in the page to measure things like visits and interactions. We use tracking codes to find out more about how you interact with our services, the adverts you see and more generally, how you use us.
What are your choices and rights?You don’t require you create an account, but your data information are stored in our website server and email account since you require a quotation or write an email to us. You can require us to delete your personal information only if you have not rented from us a Pocket wifi device allowing access to the Internet. In this case, according to Italian anti terrorism law, we are required to keep your identification data for a period of 10 years and to provide any necessary details if requested by any Judicial Authority.
If you don’t rent (and use) a pocket wifi device, you have the right to ask us for a copy of your personal data to correct, delete or restrict processing of your personal data; and to obtain the personal data you have provided to us in a structured, machine readable format. In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement). Where we have asked for your consent, you may withdraw consent at any time. If you ask to withdraw your consent to Evolia Srl processing your data, this will not affect any processing which has already taken place at that time.
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law or have compelling legitimate interests to keep. If you have unresolved concerns, you have the right to complain to a data protection authority.
Who are we and how can you contact us?WiTourist service is provided by Evolia Srl, a company registered in Italy.
Our VAT code is: 12186391004
Our registered office address is: Via Tuscolana 942, Roma - 00174 Italy.