Privacy and cookies policy

BTO.TRAVEL

bto.travel is the official portal of BTO – Be Travel Onlife (hereafter also “BTO”) , an “event-conference”, whose brand is own by Regione Toscana and Camera di Commercio di Firenze, an integral part of the actions supported by Region of Tuscany for digital communication development and promotion of the tourist offer purposes.

PRIVACY INFORMATION

In compliance with national legislation (Legislative Decree 30 June 2003 n.196, Code regarding the protection of personal data) and community law (European regulation for the protection of personal data n. 679/2016, GDPR) and subsequent amendments, this site respects and protects the privacy of visitors and users, making every possible and proportionate effort not to infringe upon the rights of users.

This privacy policy is valid only for visitors / users and for the online activities of this website and does not apply to information collected through different channels. The purpose of the privacy policy is to provide maximum transparency regarding the information that the site collects and how it uses it.

DATA CONTROLLER AND DATA PROCESSOR

The Data Controller pursuant to the laws in force is:

Regione Toscana – Giunta regionale
Piazza Duomo, 10
50122 Firenze

DATA PROTECTION OFFICER

The Data Protection Officer (DPO) of the Data Controller can be reached at the following e-mail address:

Data Protection Officer of the Regione Toscana – Giunta regionale (regional council): urp_dpo@regione.toscana.it

LEGAL BASIS FOR THE DATA PROCESSING

Legal basis of the data processing is the Regional Law 86/2016, art. 4, the data are processed for the performance of tasks carried out in the public interests or in the exercise of Region of Tuscany official authority. 

COLLECTED DATA AND PURPOSES

If the site requests the provision of data, for the purpose of registering and booking for events, the provision of data is optional; however, it should be noted that participation in the events won’t be possible without provision.

Bto.travel uses a dedicated platform for managing participation in events: https://shop.bto.travel.

Shop.bto.travel is an event managing platform provided by Uplink Web Agency S.r.l.

Personal data collected: common data (personal and contact details), data on the order and on the purchase process.
Possible categories of interested: journalists, operators in the tourism sector, operators of different sectors / associations / institutions, citizens.
Place of date processing: EU – Privacy Policy.

The data collected by Shop.bto.travel will be processed for the purposes specified in the Privacy Policy of the aforementioned event managing platform, as well as for purposes related to the organization of the event and for communications related to the BTO and other Region of Tuscany initiatives.

The data collected by Shop.bto.travel will be communicated to the event managers for the purposes related to the organization and management of the event itself. Managers of the event are made up of staff in charge of the Data Controller and Data Processors, or of associations or companies that collaborate with the Data Controller and Data Processors in the managing of event itself, appointed as Data (Sub-)Processors, to ensure compliance with the requirements of the Regulation.

The processing of personal data, carried out with the aid of electronic means, can be carried out by means of operations such as collection; data registration and organization; consultation, use, processing and interconnection of data; conservation and modification.

Bto.travel uses also log files which conserve data collected automatically during a visit to the website. The data collected could be the following:

  • Internet Protocol address (IP);
  • Browser type and parameters of the device used to access the website;
  • Name of the internet service provider (ISP);
  • Date and time of visit;
  • Webpage the visitor connected from (referral), as well as the subsequent page upon exiting;
  • The number of clicks

To ensure security (antispam filters, firewall, survey of viruses), the data registered automatically could be used, in accordance with the relevant current laws, to block attempts to damage the website or other users, as well as damaging or criminal activities. Such data are never used for identifying and profiling the user, but are only intended to safeguard the website and its users.

The data collected from the website during its operation are used exclusively for the aims indicated and are conserved for the time necessary for carrying out precise activities or, if applicable, until there is a cancellation request for accounts registered to the website. The data collected from the website will never be passed to third parties for any reason, unless there is a legitimate request from judicial authorities and only in cases allowed by law.

By accessing and navigating the website, users accept that the aforementioned data are processed for the previously-mentioned purposes of IT security and preventing illegal activities. The user can request that their data be cancelled and/or exercise their rights as protected by current laws.

PLACE OF DATA PROCESSING

The data can be processed at the Data Center ex TIX (Tuscany Internet Exchange), Via San Piero a Quaracchi n. 250 – Florence, now part of the Sistema Cloud della Toscana (SCT – Tuscany Cloud System) and at Hetzner Online GmbH, Industriestr. 25 – 91710, Gunzenhausen, Germany. In compliance with community law (European Regulation for the protection of personal data 2016/679, Art. 28, par. 3), organizations who process personal data on behalf of Data Controller or Data Processor have been appointed as Data (Sub-)Processors, to ensure compliance with the requirements of the Regulation.

CONTENT

bto.travel brings together texts and multimedia (texts, images, sounds, video clips, graphics, logos, audiovisuals, etc., henceforth known as “content”) for aforementioned purposes.

The content is produced by:

  • BTO – Be Travel Onlife owners, managers and promoters staff
  • Third parties (photographers, videomakers, bloggers, etc.), who grant BTO – Be Travel Onlife owners, managers and promoters permissions for the use of their own textual and multimedia content

All those who provide content through the participation in BTO – Be Travel Onlife expressly accept the following legal conditions:

  1. They declare and guarantee that they are the sole owners of the authors’ rights to the content (either because they themselves are the authors of the content or because they purchased the rights to use and reproduce it from its legitimate owners); they therefore guarantee BTO – Be Travel Onlife owners, organisers and promoters the content provided, as concerns the legitimacy, veracity, accuracy and legitimate provenance regarding the rights of industrial and/or intellectual property or the laws related to privacy.
  2. They declare and guarantee that the content does not contain images that are offensive, disrespectful or harmful to human dignity and a common sense of decency or that they bear prejudice towards someone or something (including in the form of suspicion or threat). The content must not be discriminatory or incite among the public illegal acts, violence or hate based on religion, skin colour or national or ethnic origin. BTO – Be Travel Onlife owners, organisers and promoters are held harmless of any adverse consequence connected to a violation of this ban.
  3. They declare and guarantee that the content does not include specific information regarding health, race, ethnicity, etc. and that they are submitted with the full responsibility of the providers, with BTO – Be Travel OnlifeBe Travel Onlife owners, organisers and promoters limited – for content not produced by its own staff – to simply checking the legitimacy in protection of personal dignity and freedom.

All the content is protected by current laws regarding authors’ rights and intellectual property, and, therefore, unauthorized reproductions, use of content and/or making the content available to the public (even through file-sharing) is not allowed. Anyone who violates this ban is subject to civil and criminal penalties in accordance with the law.

VIEWING CONTENT FROM EXTERNAL PLATFORMS

This type of service allows you to view and interact with content hosted on external platforms directly from the pages of this site.
Bto.travel may use these platforms. It is possible that, even if users do not use the service, it collects traffic data relating to the pages in which it is installed.

Google Fonts (Google, Inc.)
Google Fonts is a service for visualizing font styles manages by Google Inc, allowing this Application to incorporate such content into its pages.
Personal Data collected: Cookies and Data Usage.
Processing location: United States – Privacy Policy.

Widget Google Maps (Google Inc.)
Google Maps is a service for visualizing maps managed by Google Inc, allowing this Application to incorporate such content into its pages.
Personal Data collected: Cookies and Usage Data.
Processing location: United States – Privacy Policy.

LINK

bto.travel may contain links to other websites or social media that are not necessarily under the control of the Data Controller and/or of the Data Processors.

The user is encouraged to carefully read the conditions and terms of operation and use of these sites. The Data Controller and/or the Data Processors do not assume responsibility either for the unauthorized use of user’s data or for any further monitoring or profiling that may be carried out by the aforementioned sites.

COOKIES: MANAGING AND CONSENT TO THEIR USE

Bto.travel may use cookies, small strings of texts that allow for the website to conserve data regarding users’ preferences in order to improve the site’s operation, simplify navigation by automating processes (ex. login, language) and analyze site use.

Session cookies are essential for distinguishing connected users and are useful for ensuring that a requested function not be provided to the wrong user, as well as for security purposes so as to avoid damaging attacks on the website. Session cookies do not contain personal data and last only as long as the session does, that is, until the browser is closed. Consent is not needed for them.

Session cookies, and more generally functionality cookies used by the website are strictly necessary cookies for operating the site; they are those connected to a user’s request for a specific function (like login).

Statistics, marketing/tracking and social media cookies are described in detail in following sections. 

The first time an user / visitor accesses the website he can manage consent settings and decide which cookies to accept.

User / visitor can also change the settings in subsequent accesses.

DELETING AND DISABLING COOKIES

Deleting cookies does not preclude use of the site.

Users / visitors can set the computer browser to accept / reject all cookies or display a warning every time a cookie is proposed, in order to evaluate whether to accept it or not.

By default, almost all web browsers are set to automatically accept cookies.
Users / visitors can still change the default setting, or disable cookies (i.e. block them permanently), by setting the highest level of protection in the browser, however, disabling them can compromise the use of site functions.

In any case, it remains possible to delete or remove cookies from your device, using the appropriate functions present in the browser. Deleting the cookies does not preclude the use of the site, but involves the repetition of the authentication procedure, or the re-submission of the access credentials.

There are also components (plugins) for the most popular browsers that allow:
• the management (display, cancellation, block) of cookies
• disabling third party JavaScript pages
• visualization of the technologies used by the site
• the visualization and (selective) blocking of the different tracking mechanisms

Cookies can be disabled directly from the browser used, thus denying / revoking consent for the use of cookies. It should be noted that disabling cookies can impede upon the correct use of some functions on the website.

GOOGLE ANALYTICS / TAG MANAGER

Bto.travel uses the tools Google Analytics and Tag Manager for monitoring access to the website (number of accesses, new users, number of sessions, visualizations of a page, type of device and browser, etc.) and receiving information regarding user behaviour on the website (referral, duration of sessions, bounce rate, etc.) for statistical and market study purposes. Bto.travel does not collect users’ personal data because the information related to accessing the website and user behaviour are provided by Google Analytics and Tag Manager in an aggregated and non-personalized/anonymous form. However, Data Controller and Data Processors do not respond to the processing of data collected by Google Inc. through Analytics and Tag Manager. Google could use, unbeknownst to Data Controller and Data Processors, personal data for contextualizing and personalizing advertisements on their marketing network. Information about the two Google tools that may be used are as follows:

  • Google Analytics (Google, Inc.) – Google Analytics is a web analysis service provided by Google, Inc. (“Google”). Google uses the personal data collected for the purposes of tracing and examining site use, compiling reports and sharing them with other services developed by Google.
    Personal data collected: Cookies and usage data
    Processing location: USA – Privacy PolicyOpt Out
  • Google Tag Manager (Google, Inc.) – Google Tag Manager is a statistics service provided by Google, Inc.
    Personal data collected: Cookies and usage data
    Processing location: USA – Privacy Policy

COOKIES FROM SOCIAL NETWORKS

bto.travel can use cookies from social networks, to allow for sharing content on social networks. These plugins are programed so as to not register cookies when accessing the page, safeguarding the user’s privacy. The cookies are registered, if allowed by the social networks, only when the user effectively and voluntarily uses the plugin. It should be kept in mind that if the user navigates when logged into the social network, they already consented to the use of cookies transmitted through this website when registering with the social network.

The collection and use of data obtained via the plugin are regulated according to the related privacy policies of the social networks, which users are advised to refer to.

Like button and Facebook social media widgets (Facebook, Inc.)
The “Like” button and Facebook social media widgets are services for interacting with Facebook, provided by Facebook Inc.
Personal Data collected: Cookies and Usage Data.
Processing location: USA – Privacy Policy

Tweet button and Twitter social media widgets (Twitter Inc.)
The “Tweet” button and Twitter social media widgets are services for interacting with Twitter, provided by Twitter, Inc.
Personal Data collected: Cookies and Usage Data.
Processing location: United States – Privacy Policy.

Pinterest button and Pinterest social media widgets (Pinterest, Inc.)
The Pinterest button and Pinterest social media widgets are services for interacting with Pinterest, provided by Pinterest, Inc.
Personal Data collected: Cookies and Usage Data.
Processing location: United States – Privacy Policy

Instagram button and Instagram social media widgets (Instagram, Inc.)
The Instagram button and Instagram social media widgets are services for interacting with Instagram, provided by Instagram, Inc.
Personal Data collected: Cookies and Usage Data.
Processing location: United States – Privacy Policy

YouTube Videos (Google, Inc.)
YouTube is a service for visualizing videos owned by Google Inc, allowing this Application to incorporate such content into its pages.
Personal Data collected: Cookies and Usage Data.
Processing location: United States – Privacy Policy

LinkedIn SlideShare (LinkedIn Corporation)
LinkedIn SlideShare is an hosting service for professional content including presentations, owned by LinkedIn Corporation, allowing this Application to incorporate such content into its pages.
Personal Data collected: Cookies and Usage Data.
Processing location: United States – Privacy Policy

Flickr Images (SmugMug, Inc.)
Flickr is an image hosting service, allowing this Application to incorporate such content into its pages.
Flickr is owned and operated by Flickr, Inc.,  subsidiary of SmugMug Inc.,
Personal Data collected: Cookies and Usage Data.
Processing location: United States – Privacy Policy

SEMRUSH

Periodically, the Data Controller and/or Data Processors staff can use SEMrush, a digital marketing tool that allow for the processing of statistics regarding the performance of the website’s content on social media channels tied to the digital promotion of tourism in Tuscany.

Semrush is a service provided by Semrush Inc. and the subsidiary SEMrush CZ s.r.o.
Personal Data collected: Cookies and various types of data as specified in the privacy policy of the service.
Place of data processing: United States and EU – Privacy Policy.

E-MAIL COMMUNICATIONS

Website users filling out the dedicated forms, and authorizing Data Controller or Data Processor to process own personal data, accept to receive updates as specified in the form itself.
Personal data collected: common data and e-mail addresses
Communications are sent via e-mail to those who specifically fill out the dedicated form and authorize Data Controller and Data Processor to process users’ personal data. Providing this data is optional, but by refusing to provide personal data, the user will be unable to send content via form.

NEWSLETTER

Website users can choose to subscribe to the bto.travel newsletter in order to periodically receive updates about BTO – Be Travel Onlife. The tool used to send and manage the newsletter is Mailchimp, a service provided by The Rocket Science Group, LLC that manages email addresses and sending emails.
Personal data collected: common data and email addresses
Processing location: United States – Privacy Policy.
The newsletter is sent via email to those who specifically request to receive it by filling out the dedicated form and authorizing Data Controller and Data Processors to process users’ personal data. Providing this data is optional, but by refusing to provide data, the user will be unable to subscribe to the newsletter.

CONSENTING DATA PROCESSING

First access: when accessing the website for the first time, users will see a message that gives them the option of accepting or refusing the use of technical and profiling cookies of third parties on the part of bto.travel. By providing their consent, users authorize Data Controller and/or Data Processors to use all the tools listed in this policy for the purposes described and for the type of personal data indicated.

Contact form: by filling in their personal data on contact forms accessible on bto.travel, users authorize their use for the purposes of responding to requests for information or anything else indicated in the form’s header. In all cases, the user fully accepts the policy of bto.travel and all the websites/subdomains attributable to bto.travel.

SECURITY MEASURES

This site processes user data in compliance with legal requirements, taking appropriate security measures to prevent unauthorized access, disclosure, modification or unauthorized destruction of data. The data processing is carried out using IT and / or telematic tools, with organizational methods and logic strictly related to the purposes indicated. In addition to the Data Controller and Data Processors, in some cases, categories of employees (administrative, commercial, marketing, legal, system administrators) or external subjects (such as third party technical service providers, hosting providers, IT companies, communication agencies) may have access to the data) appropriately appointed in compliance with current regulations.

USER RIGHTS

In accordance with EU Regulation 679/2016 (GDPR) and national legislation, the User can, with the procedures and limits provided in current legislation, exercise the following rights:

  • Request the confirmation of the existence of personal data regarding him/herself (right to access);
  • Be informed of their origin;
  • Receive comprehensible communication about them;
  • Receive information about the reason, procedures and aims of their processing;
  • Request an update, modification, integration, cancellation, transformation into anonymity and blocking of data processes that are in violation of the law, including those no longer necessary for carrying out the aims for which they were collected;
  • In cases of consent-based processing, receive the data provided to the owner, in a structured and legible manner, from a data processor and in a format commonly used by an electronic device; the cost for doing so only regards possible support;
  • Complain to the Supervisory Authority (Warranty Policy);

In addition, all rights that are recognized by current law.

Requests, including the right to oppose processing, can be addressed to the Data Controller.

UPDATES

The present privacy policy was updated on October 13th, 2023.