Information on the processing of personal data

1. Introduction
Isnart S.c.p.a. ("The Data Controller") is an in house chamber system company that carries out studies and publications on tourism, research, surveys and feasibility projects, data processing, creation and supply of databases and Observatories, carrying out editorial activities and promotion and dissemination through all means of its services, organization of conferences, seminars and debates in the tourism field. The present notice is intended to inform the User ("the Subject") about the modalities of the processing of personal data. With this Notice, the Data Controller intends to guarantee the privacy and security of the personal data of each Subject, as provided for by Legislative Decree no. 196/2003 (hereinafter the "Privacy Code") and by the EU Regulation no. 2016/679 (hereinafter "GDPR").

2. Data Controller
The Data Controller is ISNART S.c.p.A., with registered office in Piazza Sallustio 21, 00187Rome, telephone +, email -, cui l’Utente potrà rivolgersi per esercitare i diritti di cui al Regolamento Europeo 2016/679.

3. Types of data processed
The Data Controller acquires and processes the personal data of the Subject through the following methods:

– Browsing data: during online browsing, through the computer systems and software procedures used to operate the website, some data are acquired, the transmission of which is implicit in the use of
Internet communication protocols, such as: IP addresses, the domain names of the computers used by the Subject, the addresses in URI (Uniform Resource Identifier), the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.), the country of origin, the characteristics of the browser and the operating system used by the visitor, the various temporal connotations of the visit (for example the time spent on each page) and details of the itinerary followed within the Application, with particular reference to the sequence of pages consulted, to the parameters relating to the operating system and the IT environment of the Data Subject;

– Data provided voluntarily by the User: The personal data provided by Users who submit requests for services, provision of services or information are used only to perform the service or provision requested or to provide the requested information, according to the authorization to the data processing granted during the registration phase. The optional, explicit and voluntary sending of emails to the
addresses indicated on this website entails the subsequent acquisition of the sender's address, necessary to respond to requests for services and/or information, as well as any other personal data included in the message.

4. Purposes of data processing and legal basis
Personal data are also processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected and in compliance with legal provisions. Personal data are processed according to principles of correctness, lawfulness and transparency.


Providing products and/or service requested by the User, managing the contracts signed by the User, completing the related administrative, accounting, tax and legal requirements, as well as fulfilling the requests submitted by the User.

The data processing put in place for these purposes is necessary for the fulfillment of contractual obligations and does not require specific consent from the interested party.


Detecting User's experience of use of our platforms, of products and services that we offer and ensure the proper functioning of web pages and their contents.

The data processing put in place for these purposes are based on a legitimate interest of the Data Controller.

Sending commercial communications relating to promotions and/or offers for which you may be eligible.


The data processing put in place for these purposes are carried out with the specific consent provided by the User, except for commercial communications relating to products and/or services similar to those already purchased and/or subscribed by the User for whom the processing is based on a legitimate interest of the Data Controller.


5. Scope of data dissemination
After free and optional consent, the data of the Subject may be communicated to third party companies with which the Data Controller has concluded or may conclude partnership agreements such as social
networking and interactive platforms, distribution, editorials, humanitarian and charity organizations or having further and different commercial and/or industrial purposes.

Your personal data may be known by third parties, such as, for example, service providers (administrative services, IT, third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies, etc.), consultants of the Data Controller (accountants, auditing firms, lawyers, etc.), Authorities and public bodies. Furthermore, the employees and/or collaborators of
the Data Controller who are in charge of managing the contractual relationships may be made aware of your data. These persons are formally instructed by the Data Controller to process personal data
exclusively for the purposes indicated in this notice and in compliance with the regulatory provisions.

6. Data transfer outside the EU.
The Data Controller does not intend to transfer the personal data of the Subject to third parties established in non-EU countries. Should this occur, the Data Controller ensures the adoption of adequate
guarantees with the foreign companies receiving the data in accordance with the provisions of Chapter V of the GDPR.

7. Redirect to external websites
The website can use the so-called social plug-ins. Social plug-ins are tools that allow to incorporate the features of the social network directly within the website (eg the "Like" function of Facebook). All the
social plug-ins on the website are marked by the respective logo owned by the social network platform (eg Facebook, Google, Twitter, Linkedin). When the User visits a page of the website and interacts with
the plug-in (eg by clicking the "Like" button) or decides to leave a comment, the corresponding information is transmitted directly from the browser to the social network platform where they are
memorized. For information on the purposes, type and methods of collection, processing, use and storage of personal data by the social network platform, as well as for the ways in which to exercise
your rights, please consult the privacy policy adopted by the social network interested. The Data Controller declines any responsibility regarding any request and/or release of personal data to third party
websites and/or regarding the management of authentication credentials provided by third parties.

8. Data storage
Personal data of the Subject will be stored for a period equal to the duration of the contractual relationship existing with the Data Controller. Furthermore, the storage will be arranged for the period
of time strictly necessary to allow the Data Controller to comply with legal, administrative, fiscal, and tax obligations, as well as for the time strictly necessary to allow the Data Controller to exercise the
right of defense in judgment.

9. Rights of the Subjects
Gli Interessati possono esercitare i seguenti diritti riconosciuti dal Codice Privacy e dal GDPR in merito alle attività di trattamento dei dati personali svolte dal Titolare:

Subjects may exercise the following rights recognized by the Privacy Code and by the GDPR regarding
the processing of personal data carried out by the Data Controller:
- access: the Data Subject may request information regarding the existence of data processing to the Data Controller, as well as further clarifications regarding this Information Notice within reasonable and
enforceable limits, as well as to receive the data;
- rectification: the Data Subject may request to rectify or integrate the provided data or in any case in the possession of the Data Controller, if they are inaccurate;
- erasure (oblivion): the Data Subject may request the erasure of data acquired and processed by the Data Controller, where these are no longer necessary for the purposes described in paragraph 4
("Purposes of data processing"), provided that there are no complaints or disputes with the Data Controller, or in cases of revocation of consent, of opposition to the processing, of unlawful processing,
or where there is an obligation to erasure;
- limitation: the Data Subject may request the limitation of the processing of the personal data in case of the conditions provided by art. 18 of the GDPR and with the exception of what is stated in the paragraph 2 of the same article.
- objection: the Data Subject may object to the processing of the data at any time, unless there are legitimate reasons that allow the Data Controller to proceed equally with the processing, such as, for
example, the need for extrajudicial or judicial defense. If, for technical reasons, following the exercise of the right to object, the Data Subject continues to receive further promotional messages after 24 hours
of the request to exercise the right of objection, the Subject can report the problem to the Data Controller using the contacts indicated at the end of this notice.
- portability: the Data Subject may request to receive personal data concerning him/her, or request transmission to another data Controller in a structured, commonly used, machine-readable and interoperable format.
- withdrawal of consent: the Data Subject shall have the right to withdraw his or her consent at any time, under art. 7, paragraph 3, GDPR, without prejudice to the lawfulness of processing activities already
carried out on the basis of previously agreed consent.
- right to lodge a complaint: the Data Subject may act before the Supervisory Authority where s/he usually resides, where s/he works, or before the competent authority in relation to the place where the
alleged violation has occurred. For the territory of the Italian State, the competent authority is the Garante per la Protezione dei Dati Personali, located in Piazza di Monte Citorio n. 121, 00186 – Rome

To exercise your rights, report problems or request clarification on the processing of personal data, the Data Subject can forward requests via registered mail to the Data Controller/Titolare del Trattamento –
Isnart S.c.p.a., with office in Piazza Sallustio 21, 00187 – Rome or via email to -
The appropriate request can also be submitted by contacting the Data Protection Officer at ISNART (ISNART S.c.p.A. - Responsabile della Protezione dei dati personali, email:

The exercise of the aforementioned rights by the Data Subject is free, except that, under art. 12, paragraphs 3 and 5, GDPR, considering the complexity of the activities to be carried out in response to the request, the Data Controller may request a contribution to be paid by the Data Subject, taking into account the costs incurred and/or to be incurred. The Data Controller will have 30 days to repond to the
request of the Data Subject.

10. Changes to the information notice
The eventual and subsequent entry into force of new sector regulations as well as the constant examination and updating of the services could determine the need to change the methods and terms described in this Information Notice. It is therefore possible that this document will change over time. The Data Controller will publish any changes to this Notice on this page and, if the changes are significant, will report them through a more visible notification. The previous versions of this Notice will in any case be stored and archived.

11. Cookie policy
Cookies are packets of information sent by a web server (eg the website to the user's Internet browser, which is automatically stored on the computer and automatically sent back to the server each time the website is accessed. By default, almost all web browsers are set to automatically accept cookies. Cookies are installed:

– directly from the owner and/or manager of the website (so-called first-party cookies);
– by managers unrelated to the website visited by the user (so-called third-party cookies). Unless otherwise specified, please note that these cookies fall under the direct and exclusive responsibility of the same owner. Further information on privacy and their use can be found directly on the websites of the respective owners.

The website may use, also in combination with each other, the following types of cookies classified according to the indications of the Privacy Guarantor and the Recommendations issued at the European level by the Working Group under art. 29 of the GDPR:

Session cookies: are cookies that are not stored permanently on the user's computer and are deleted by closing the browser, are strictly limited to the transmission of session identifiers necessary to allow safe and efficient exploration of the website avoiding the appeal to other computer techniques that could potentially compromise the privacy of users' browsing.
Technical cookies: are the cookies used to authenticate, to take advantage of multimedia content such as flash player or to allow the choice of the language of navigation. In general, it is therefore not necessary to obtain the prior and informed consent of the Data Subject. This also includes cookies used to statistically analyze accesses/visits to the website only if used exclusively for statistical purposes and through the collection of information in aggregate form.
Non-technical cookies: their use on the computers of Data Subjects is prohibited if they have not been adequately informed before and have not given a valid consent in this regard according to the opt-in
technique. These types of cookies are, in turn, grouped according to the functions they perform in:

– Analitycs: cookies used to collect and analyze statistical information on accesses/visits to the website. In some cases, associated with other information such as credentials entered for access to restricted
areas (email address and password of the Data Subject), can be used to profile the user (personal habits, visited websites, content downloaded, types of interactions, etc.).
– Widgets, fall under this category all those graphic components of a user interface of a program, which aim to facilitate the user in the interaction with the program itself. For example, the cookies of facebook, google +, twitter are widgets.
– Advertsing, fall under this category the cookies used to advertise on a website: Google, Tradedoubler fall into this category.
– Web beacons, rientrano in questa categoria i frammenti di codice che consentono a un sito web di trasferire o raccogliere informazioni attraverso la richiesta di un’immagine grafica. I siti web possono utilizzarli per diversi fini, quali l’analisi dell’uso dei siti web, attività di controllo e reportistica sulle pubblicità e la personalizzazione di pubblicità e contenuti.

The cookies present on the website of Isnart S.c.p.a. and installed directly by the Data Controller are"technical" and "session" cookies, for which the consent of the Data Subject is not required. The Data
Controller will however allow third parties to install "non-technical" cookies in the user's browser, in order to allow them to acquire statistical information in an anonymous and aggregate form relating to the user's browsing on the web pages, to deliver or make deliver to the user contents and advertising, after the consent expressed by the user through the simplified mode described in the information presented in the appropriate banner at the time of access to the website. These cookies installed by third parties fall under the direct and exclusive responsibility of the owner, against which the person may
choose to modify or revoke all or part of the consent given in simplified form by accessing the following links.

Google Adsense –
Triboo Media –
Smartclip –
Teads –
Oyster –
Upstory –
Taboola –

Alternatively, the Data Subject may disable the use of third-party cookies by visiting the website
Isnart does not install non-technical profiling cookies on its website, ie cookies aimed at creating user profiles in order to send advertising messages in line with the preferences shown in the context of
browsing the website. Cookies are not used when browsing the website for the transmission of personal information.