PRIVACY POLICY
INFORMATION ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ARTICLES 13-14 OF REGULATION (EU) 2016/679

With this document (“Information Notice”) provided pursuant to Regulation (EU) 2016/679 (hereinafter “GDPR”) and current legislation on the protection of personal data, Frigerio Viaggi S.r.l., (“Frigerio Viaggi” or “Data Controller”) wishes to inform visitors (“Data Subjects” or “Data Subject”) to this website frigerioilgruppo.com (“Site”) regarding the purposes and methods of processing personal data (“Personal Data”) collected through the various features and services available on the Site.

 Data Controller

Frigerio Viaggi S.r.l., VAT number 00851420968, Tax Code 07215280152
Frigerio Viaggi has appointed a Data Protection Officer, who can be contacted at the following email address: dpo@frigerioviaggi.com

Purpose, legal basis for processing and retention period of personal data)
a) Website navigation and security: collection of connection and log data (e.g., IP address, user agent, pages visited) to ensure the secure operation of the Website, prevent abuse, and support diagnostic analysis.
Legal basis: legitimate interest of the Data Controller (Art. 6, para. 1, letter f) GDPR). Retention: until the time necessary to ensure security and diagnostic analysis.
For more information on retention times and the use of cookies, please refer to the Website’s Cookie Policy.

b) Management of unsolicited applications: Personal Data voluntarily provided by the Data Subject through the “Work with us” section of the Website is processed exclusively for the management of unsolicited applications or in response to open positions, for the evaluation of the professional profile, skills, and experience declared, as well as for the performance of selection activities and contact with the candidate. Personal Data is processed in accordance with the principles of relevance and minimization and is not used for purposes other than those related to personnel selection.
Legal basis: implementation of pre-contractual measures taken at the request of the Data Subject (Art. 6, para. 1, letter b) GDPR).
Retention: the data is retained for the period strictly necessary for the management of the application and, in any case, for a period not exceeding 12 months from receipt, unless otherwise required by law or requested by the Data Subject.

c) Newsletter and marketing communications: collection of contact details for sending informational and promotional communications about the services of Frigerio Viaggi and/or the Frigerio Viaggi Group.
Legal basis: consent of the data subject (Art. 6, para. 1, letter a) GDPR).
Retention: until consent is revoked.

d) Profiling activities: Subject to the explicit consent of the Data Subject, the Data Controller may process Personal Data, in particular browsing data, data collected through cookies and similar technologies, as well as information relating to tourist services requested or purchased, in order to analyze browsing and purchasing habits, preferences, and behaviors. This profiling activity is aimed at personalizing the content of the Website, improving the user experience, and sending targeted commercial and promotional communications consistent with the interests expressed by the Data Subject.
Legal basis: consent of the Data Subject (Art. 6, para. 1, letter a) GDPR).
Retention: data used for profiling purposes is retained for a period not exceeding that indicated in the Cookie Policy and, in any case, until the Data Subject withdraws their consent.

e) Analytics and statistics: The Data Controller processes Personal Data, in aggregate or pseudonymized form, in order to perform statistical analyses on the use of the Website, monitor its correct functioning, evaluate the performance of the pages, and improve the quality of the services offered, as well as the browsing experience of users. Such processing may be carried out using technical analysis cookies or analytics tools, including those provided by third parties. More information on the characteristics of the cookies used, their functionality, and how to manage or revoke your preferences is available in the Cookie Policy, which can be consulted on the Website.
Legal basis: legitimate interest of the Data Controller (Art. 6, para. 1, letter f) GDPR) or consent of the Data Subject when required for third-party cookies (Art. 6, para. 1, letter a) GDPR).
Storage: For more information, please refer to the Cookie Policy.

d) Protection of legal rights and compliance with legal obligations: processing of Personal Data to comply with legal obligations, defend ourselves in court, or respond to requests from public authorities.
Legal basis: compliance with a legal obligation (Article 6(1)(c) of the GDPR) and/or legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR).
Retention: until the applicable limitation period expires.

f) Management of requests: Personal Data voluntarily provided by the Data Subject via the contact form on the Website is processed exclusively to respond to requests for information, assistance, or contact sent, to manage communications with the Data Subject and provide feedback, as well as to carry out strictly related organizational and administrative activities. The provision of data is necessary to allow the request to be processed; failure to provide such data may make it impossible to respond.
Legal basis: implementation of pre-contractual measures taken at the request of the Data Subject (Article 6(1)(b) of the GDPR).
Retention: Personal Data is retained for the time strictly necessary to manage the request and, subsequently, for any period required by law or for the protection of the Data Controller’s rights.

Types of Personal Data Depending on the purpose, the Personal Data processed is as follows:
•   Browsing data: (e.g., IP address, data relating to the connection, devices used, and browsing methods on the Website, processed to ensure its proper functioning, security, and for statistical purposes)
•   Identification and contact data: (e.g., name, surname, date of birth, tax code, residence or domicile address, email address, and telephone number, necessary for managing the Data Subject’s requests, organizing and providing tourist services, as well as for performing pre-contractual and contractual activities)
•   Data collected through cookies and similar technologies: information relating to the user’s browsing and preferences, as specified in the Cookie Policy, which should be referred to for details of the categories of cookies used and their retention periods.
•   Data processed for informational and marketing purposes: contact details provided voluntarily by the Data Subject (such as email address and telephone number) for the sending of newsletters, promotional communications, or information relating to the services offered, subject to the provision of specific and free consent.

Categories of Data Subjects
The processing activities are aimed at the following categories of Data Subjects:
• Data Subjects who browse the Website, even without filling in any form/section;
• Data Subjects who use the Website’s services, filling in contact or request forms;
• Data Subjects who have given their consent to subscribe to newsletters or to receive promotional communications and/or profiling.

Methods of processing Personal Data
Personal Data is processed electronically, adopting technical and organizational security measures to ensure the protection of Personal Data and prevent unauthorized access.

Recipients of the processing
Personal Data may be shared with the following categories of subjects:
a) authorized and duly trained Frigerio Viaggi personnel, also with regard to security measures and confidentiality obligations;
b) external consultants used by Frigerio Viaggi for the performance of the services offered on the Site, such as IT, legal, tax consultants, etc.
c) service providers used by Frigerio Viaggi for various purposes and duly appointed as data processors;
d) any companies of the Frigerio Viaggi Group involved in the services;
e) competent authorities or other entities provided for by law.

Transfer of Personal Data outside the EU
Some service providers used by the Website may involve the transfer of data to third countries, including the United States. Such transfers are carried out in accordance with Articles 44 et seq. of the GDPR, through:
• Standard Contractual Clauses approved by the European Commission;
• EU-US Data Privacy Framework for participating providers (e.g., Google LLC), based on the European Commission’s Adequacy Decision of July 10, 2023;
• Other appropriate safeguards in accordance with applicable law. For further information on the safeguards adopted, you may contact the Data Controller by writing to: dpo@frigerioviaggi.com

Cookies and tracking technologies
The Website may use technical, analytical, and profiling cookies, including third-party cookies, including analytics tools and protection services.
Non-technical cookies are only installed with the explicit consent of the Data Subject, managed through banners and preferences indicated.
Cookies and similar technologies may also be used to personalize content and measure the effectiveness of the services offered by the Website, without ever compromising the security of Personal Data. For more information on the types of cookies, their purposes, and the management of preferences, please refer to the Cookie Policy available on the Website.

Rights of the data subject
In relation to the processing described in this Policy, the Data Subject may exercise the rights set forth in Articles 15 to 22 of the GDPR, and in particular the following rights:

•  Right of access (Article 15 of the GDPR): the right to obtain confirmation as to whether or not Personal Data concerning the Data Subject are being processed and, if so, to obtain access to the Personal Data.
•  Right to rectification (Article 16 GDPR): the right to obtain, without undue delay, the rectification of inaccurate Personal Data concerning the Data Subject and/or the integration of incomplete data.
•  Right to erasure (right to be forgotten) (Art. 17 GDPR): the right to obtain the erasure of Personal Data concerning the Data Subject, unless the processing is necessary to comply with a legal obligation.
•  Right to restriction of processing (Art. 18 GDPR): the right to obtain restriction of processing in the event of inaccurate data or for other legitimate reasons.
•  Right to data portability (Art. 20 GDPR): the right to receive Personal Data in a structured, machine-readable format.
•  Right to object (Art. 21 GDPR): the right to object, at any time, to the processing of Personal Data for legitimate reasons.
• Right to object (Art. 21 GDPR): the right to object, at any time, to the processing of Personal Data for legitimate reasons.
• Right not to be subject to automated decisions (Art. 22 GDPR), including profiling.
• Right to lodge a complaint with the Personal Data Protection Authority (www.garanteprivacy.it). To exercise these rights, you can contact the Data Controller at the following addresses: dpo@frigerioviaggi.com

Updates to this Policy
This Policy may be subject to updates. The published version indicates the date of the last update: February 6, 2026. Please consult the Policy periodically.