INFORMATION REGARDING THE PROCESSING OF PERSONAL DATA FOR APP USERS AND CUSTOMERS OF SOSTRAVEL.COM
(pursuant to Articles 13 and 14 of EU regulation no. 2016/679 and Legislative Decree 196/2013 updated with Legislative Decree 101/2018)
1- WHAT INFORMATION DO WE COLLECT ABOUT YOU? FOR WHAT PURPOSE?
As part of the services we offer, sostravel.com S.p.A. may acquire the following information about you.
• App user’s personal data
• username and password;
• contact details (address, telephone, e-mail);
• travel itineraries;
• access and navigation data related to the use of the App;
• access to accounts on third party services and use of email and usage data.
• Personal data of the app user for the Dr. Travel service
• Username and password for the activation of the service;
• User’s first name, surname, date of birth and country of residence.
• Contact details (telephone, email);
• Access and browsing data regarding the use of the app;
• Language spoken;
• First name, surname, and degree of kinship of the people added to the Family package;
• QR code or activation code indicated on the receipt.
• Indication of the country in which the user is located, in order to ensure a more targeted service to his needs.
Once the service has been activated, HPP Service, the company offering the telemedicine services, acting in the capacity of Data Controller pursuant to article 26 of EU Regulation 2016/679, may autonomously request, under its own responsibility, any documents that attest to previous illnesses, allergies, medicines currently being taken, or taken in the past, and questionnaires, to request the user’s symptoms: these documents can be uploaded to the partner’s platform or shared during a videocall, when the service is used.
Additionally, for the United States only, HPP Service may, with the interested party’s prior consent, request the automatic detection of the user’s location to direct the call to a doctor in the user’s same State.
Pursuant to article 6 sections 1.b and f, the processed data shall only be used to:
-Activate the services you have requested via the APP and meet the legal obligations associated with aspects relatedto administration and tax matters;
-Manage claims and reimbursement procedures;
-Protect the company in case of disputes with the customer.
Subject to your explicit consent pursuant to article 6 section 1.a of EU Regulation 2016/679, your data may be used to:
a. Activate the services requested via the APP;
b. Notify our trading partners of your request to activate specific services (e.g. Dr.Travel);
c. Enable promotional communications to be sent for products and services offered by the company using the contact details provided.
2-HOW DO WE HANDLE YOUR DATA AND FOR HOWLONG?
The processing of your personal data is carried out by means of the operations indicated in art. 4 of EU regulation no. 2016/679, namely: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Personal data are processed both on paper and electronically. The Data Controller will process personaldata for the time necessary for the purposes for which they were collected or subsequently processed,according to art 5, e) of EU regulation no. 2016/679, in particular:
• The data acquired during the reimbursement management procedure are stored for maximum 10 years from the date on which the request is fulfilled then automatically deleted thereafter;
• The PW is disabled after 6 months of inactivity on the APP, and the data acquired on it are deleted after 1 year. The browsing history is preserved as long as the user remains active;
• Audio recordings of calls to the contact center are kept for up to 6 months;
• Contact data used for promotional purposes will be kept for a maximum of two years after provision of ex-press consent or until the consent is revoked;
• Data acquired through profiling cookies are stored for up to 90 days and subsequently deleted automatically.
In the event that you terminate the established relation-ship, sostravel.com will retain only the data expressly requested or required by law and only for the time spec-ified by law.
3-WHO COULD HAVE ACCESS TO YOUR DATA?
Your data may be made accessible for the purposes re-ferred to in point 1 of this information:
• to employees and collaborators of the Data Controller in their capacity as data processors including:consultancy companies, companies in charge of maintenance or management of the IT system and the website, professional firms providing accounting and tax services; law firms and quality certification bodies; Contact Center;
• to companies and third parties acting as independent Data Controllers such as: banks, credit institutions, insurance companies; inspection bodies in case of checks or controls
• Data collected for the activation of the Dr Travel service are sent to the platform of the partner company that manages the service. Additionally, the user may share documents about their health directly with the doctor.
Subject to your explicit consent, your personal data may be provided to our Business Partners providing services such as Fast Track, VIP Lounge services; medical insurance coverage, luggage wrapping services and related warranty, Dr Travel. The trading partners shall process the data in their capacity as Joint Controllers, pursuant to article 26 of the GDPR
The data will not be disclosed to third parties in any way.
4-COULD YOUR DATA BE TRANSFERRED TO COUNTRIES OUTSIDE THE EU?
YES. We hereby inform you that some of our suppliers who are Data Processors (the Contact Center) and some trading partners who are Joint Controllers (in this case HPP Service for the Service of DR. Travel) have registered office in countries outside the EU (Moldavia and USA).
The transferral of data to these countries is subject to the presence of the adequate guarantees established pursuant to article 46 of EU Regulation 2016/679. The interested party can view the standard contractual clauses that regulate the guarantees established with suppliers and partners using the contact details indicated at point 7 of the Notice.
5-IS IT NECESSARY TO PROVIDE YOUR DATA? WHATHAPPENS IF YOU DO NOT GIVE CONSENT?
Providing personal data is strictly necessary to ensure the activation of warranty coverage and the manage- ment of related services.
Your explicit consent is required to authorise us to transfer your personal data to the trading partners for the activation of the services they offer.
If consent is not granted, we will not be able to proceed in activating the services offered by our trading partners.
Your consent for the profiling of your preferences is strictly necessary for accessing the functions of the APP and to enable communications that target the user’s needs and interests to be sent.
If consent is not granted, the functions of the APP may be subject to restrictions. In no case will this restrict the access to the app and the possibility of consulting the activated services. Granting consent for the processing of your data for promotional purposes is optional and in no way limits your access to the services provided to the APP.
6- WHAT RIGHTS ARE GUARANTEED BY LAW?
According to EU Regulation 2016/679-Cap.III:
1. The data subject has the right to obtain confirmation of whether or not personal data concerning him/ her ex-ist, even if not yet recorded, and to receive communica-tions in intelligible form.
2. The data subject has the right to obtain information about the origin of the personal data; the purposes and methods of processing; the logic applied in case of pro-cessing with electronic instruments; the identification details of the data controller, the data processors and any appointed representative as stated in article 5, par-agraph 2; of subjects or categories of subjects to whom the per-sonal data may becommunicated or who may become aware of them in their capacity as designated repre-sentatives in the territory of the State, of managers or other individuals in charge.
3. The data subject has the right to obtain:
a. updates, corrections or, if interested, the integration of data. Regarding changes to the data entered in the Dr. Travel app, the user must contract the sostravel Contact Center by sending an email to email@example.com. The Contact Center will communicate the changes to be made to the partner companies.
b. the erasure, transformation into anonymous form or blocking of unlawfully processed data, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; As part of the Dr. Travel service, the user has the right to request the deletion of the documents uploaded to the partner’s platform;
c. confirmation that the operations referred to in a) and b) above and their content have been brought tothe attention of those to whom the data had been communicated or disseminated, except in cases where fulfilling this condition proves impossible or requires the use of means manifestly disproportionate to the protected right;
d. a copy of the information we hold in a common and interoperable format;
e. limitation of processing of personal data about him/her, or to oppose the processing of personal data about him/her, in whole or in part, for legitimate rea- sons, even if the data are relevant to the purpose for which they are being collected;
Furthermore, the data subject has the right to:
f. revoke consent at any time, without prejudice to the lawfulness of data processing that was based on consent before revocation;
Data subjects who believe that the processing of per- sonal data relating to them carried out through the website or app are in violation of the Regulation have the right to lodge a complaint to the Guarantor, asprovided for by art. Article 77 of the Regulation, or to bring proceedings to the appropriate courts (art. 79 of the Regulation).
A formal declaration may be requested from the data controller certifying that the data subject’s requests have been effectively resolved and brought to the attention of those to whom data had previously been disseminated and disclosed.
As a data subject, you may also designate a third person with a copy of a power of attorney, or of a proxysigned in the presence of an official, or a proxy signed and presented with an unauthenticated photocopy of the data subject’s identification document.
The data controller is obliged to reply to the request within 15 days from the date of submission or 30 daysif the answer is problematic. In any case, within 15 days you will be notified in writing of any reason for delay.
7-HOW CAN I EXERCISE THESE RIGHTS?
You may exercise your rights at any time by sending a request to the following contacts: Data Controller: sostravel.com S.p.a.
-via Marsala 34/A - 21013 Gallarate (VA)
- e-mail firstname.lastname@example.org
- Phone +3903311587117
Director of Personal Data Protection. Virginia G.Basiricò, via Marsala 34/A - 21013 Gallarate (VA)
- e-mail email@example.com - Tel+3903311587117
- Fax +39033111582452.
This information was last updated on 11th of December 2020 and may be subject to periodic review, for instance in relation to relevant legislation and jurisprudence.
In case of significant changes, appropriate communication will be given for a reasonable time in the homepage of the website or through e-mail. However, data subjects are invited to periodically consult this Policy.
Please note that the following technical cookies are used for the website www.dr-travel.eu to ensure that the App function properly:
• Analytical cookies (Google Analytics): collection of the activities carried out by the users, in anonymous form. The information collected does not enable the
user to be traced.
• Functional > Session (for PHP): collection of the variables to enable the App to function properly.
10-PERSONAL DATA PROCESSING NOTICE FOR DR.TRAVEL USER REIMBURSEMENT PROCEDURE
Click here for more details.