Skip to primary navigation Skip to content Skip to footer

Privacy Policy

Privacy Policy pursuant to Article 13 of Regulation (EU) 2016/679 – WEB https://askostours.com/

Version No. 1 – 15/07/2025

This document (“Privacy Policy”) is provided by the Data Controller, as identified below, to inform you about the purposes and methods of processing your personal data, as well as the rights granted to you by Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”). This Privacy Policy may be supplemented by the Data Controller if additional services requested by you involve further processing activities.

Data Controller
Askos srl
Email: [email protected]
VAT/Tax Code: IT08407411217

Types of Data Processed

The processing activities involve the acquisition of the following categories of personal data:

  • Behavioral Data: Browsing logs
  • Common Data: Personal identification data

Categories of Data Subjects

The processing activities are directed at the following categories of data subjects: Website users

Purpose of Processing and Legal Basis

  1. Website – Browsing Data

Purpose of Processing: 1. Anonymous statistical analysis on website usage; 2. Verification of correct website functioning; 3. Identification of liability in the event of potential cybercrimes against the Controller

Legal Basis: Legitimate Interest – Art. 6, para.1, lett. f GDPR

Nature of Data Provision:
Mandatory – Failure to provide data will make it impossible for the company to offer the web service.

Data Retention Period:
30 days

Processing Methods:
Processing is carried out using IT tools.

  1. Website – Requests via Website

Purpose of Processing: Handling user inquiries submitted through the Data Controller’s website

Legal Basis: Contract Performance – Art. 6, para.1, lett. b GDPR

Nature of Data Provision:
Optional – Failure to provide the data will prevent the Controller from responding to the data subject’s requests.

Data Retention Period:
Until the request is fulfilled.

Processing Methods:
Processing is carried out using IT tools.

  1. IT Systems Management

Purpose of Processing: Management of IT systems, including infrastructure maintenance, business continuity, and IT security

Legal Basis: Legitimate Interest – Art. 6, para.1, lett. f GDPR

Nature of Data Provision:
Mandatory – Objection to processing may result in the inability of the Controller to fulfill the contract with the Data Subject/Client.

Data Retention Period:
Your personal data is retained for the duration of the contractual relationship and, after its termination, for the time necessary to ensure the exercise or defense of legal rights.

Processing Methods:
Processing is carried out using IT tools.

  1. Google reCAPTCHA

To ensure the highest level of website security and protection for both the user and the organization of the Controller, we use the Google reCAPTCHA service provided in the European area by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).

Purpose of Processing: Use of Google reCAPTCHA to verify that the website user is a human, thereby excluding automated software access such as bots.

Legal Basis: Consent – Art. 6, para.1, lett. a GDPR

Nature of Data Provision:
Optional, subject to user consent – Refusal to consent may result in the inability to register or access services provided by the website.

Data Retention Period:
Consent to the use of Google reCAPTCHA entails the transfer of your personal data to Google.

Processing Methods:
The reCAPTCHA service places an additional cookie in the user’s browser and takes a snapshot of the browser window.

Data Transfer Outside the EU

Personal data is processed exclusively within the European Union.

Recipients of the Data Processing

Data Processor: Cloud service providers

Rights of the Data Subject – Complaint to the Supervisory Authority

With regard to the processing described in this Privacy Policy, as a data subject, you may exercise the rights established by Articles 15 to 22 of the GDPR, under the conditions provided therein, including:

  • Right of access: to obtain confirmation as to whether or not personal data concerning you is being processed, and, if so, access to such data
  • Right to rectification: to obtain the correction of inaccurate or incomplete personal data without undue delay
  • Right to erasure (right to be forgotten): to obtain the erasure of personal data without undue delay, unless the processing is necessary for legal obligations or for the establishment, exercise, or defense of legal claims
  • Right to restriction of processing: under certain conditions, including when the accuracy of the data is contested, the processing is unlawful, or the data is needed for legal claims
  • Right to data portability: to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller
  • Right to object: to object to processing based on legitimate interests or for marketing purposes
  • Right to withdraw consent: if processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal
  • Right not to be subject to automated decision-making: including profiling, if it produces legal effects concerning you or similarly significantly affects you. In such cases, you have the right to express your opinion, contest the decision, and request human intervention.

You may lodge a complaint at any time with the Italian Data Protection Authority: http://www.garanteprivacy.it

You may exercise the above rights by contacting the Data Controller using the contact details provided.