top of page


Pursuant to Art. 13 European Regulation 679/2016 (hereinafter "Regulation") and the national legislation, Legislative Decree 196/2003 adapted by Legislative Decree 101/2018 (hereinafter referred to as the "Applicable Regulation").

Coop. Travel Way Italia with registered office in via Tempio della Fortuna, 82 00054 Fiumicino (RM) - VAT number and CF 11118841003, Telephone: +39 349 1060195, mail: , Data Controller pursuant to the Regulations , (hereinafter, for brevity, Owner)


users who connect to the website, registered and unregistered, that the personal data collected by the company, acquired from third parties or spontaneously provided by the interested parties through the various options on the site (work with us, newsletter, competitions and events, etc.), will be treated lawfully and fairly, in compliance with the principles sanctioned by the EU and Italian law.

Data subject to processing

Navigation data: IP address, operating system and browser used for navigation, date and time of connection and disconnection, time spent on the site, pages visited, activity carried out, location (if the relative service is active) and anything else rendered available from your computer, based on your security settings.

Personal data: name, surname, email address, telephone, fax, physical contact details, where available, any IDs that will be communicated and data present in the CV if sent by email.

Purpose and legal basis of the processing

The collection and any other data processing activities of the interested parties acquired through the website are carried out by the Data Controller at the company headquarters, in compliance with the security measures and requirements imposed by the Applicable Regulations, or by subjects delegated by it (specifically selected and equipped with the necessary professionalism), with manual and computerized procedures, to allow the user a simple and rewarding browsing experience, to collect useful elements to improve the offer of products and services via the web, to execute specific requests of the 'interested party (e.g. a contact request, or a spontaneous application), for pre-contractual and contractual obligations, for ordinary administrative, financial and accounting activities, to ensure the correct management of customers during the marketing and sale of products, for after-sales assistance, for the fulfillment of legal obligations. The treatment is also aimed at the elaboration of statistics in anonymized or pseudonymized form.

The processing, at the request of the interested party or after obtaining specific consent, can also be carried out through CRM and customer care, for the detection of the degree of satisfaction, tastes, preferences and habits of the interested party, for sending commercial information or advertising material, for direct marketing campaigns, for participation in games, competitions or prize operations, for involvement in events and exhibitions, for the provision of services, for market research and other operations directly or indirectly attributable to marketing activities.

Legal bases of the processing are the legitimate interest of the owner to manage the browsing data of users to improve the offer of products and services through the website, the consent expressed by the interested parties and the obligations relating to the pre-contractual and contractual phases of the relationship. . However, it is always possible to ask the Data Controller to clarify the legal basis of each treatment and in particular to specify whether the treatment is based on the law, provided for by a contract or necessary to conclude a contract.

Sources and nature of the data

Data collection can take place through the company's website, through navigation analysis or spontaneous entry by the interested party, using the specially created forms.

With regard to the registered user, the Data Controller processes the personal data, telephone and electronic contact details and any bank data communicated for payments, as well as other data essential to satisfy the requests of the interested parties or fulfill the commitments undertaken.

The conferment is therefore mandatory, as it is not possible, in case of failure to grant consent or revocation of the same, to give rise to the processing.

It is necessary to point out that any incorrect or insufficient communication of the requested data may result in the total or partial impossibility of executing the requests of the interested party or the obligations connected to the commitments undertaken, with consequent possible mismatch of the results of the processing with the agreements. taken or the obligations imposed by rules and regulations.

The other data, on the other hand, are collected for the sole purpose of adapting promotional campaigns, offers and, in general, company activity, to the interests of customers and other subjects involved in any case. Their conferment, therefore, is not mandatory and any refusal to process or revoke the consent does not affect the establishment or continuation of the main relationship.

Data of Minors

Children under the age of 16 cannot provide data without the consent of the parent or any guardian.

The owner will not be in any way responsible for any false declarations that may be provided by minors and, should he ascertain the falsity of the declaration, he will immediately delete any personal data and any information acquired. In any case, the consent to the processing of data by minors over sixteen is authorized for infradiciottenni only for access to information society services. However, minors under the age of 18 cannot approve and sign terms and conditions of service.

Navigation data

The IT system and the software used for the company website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication products. This information is not stored to identify the data subjects but, due to their nature, they can, through processing and association with other data managed by third parties, allow the identification of the user.

This category of data concerns the IP addresses and domain names of the computer used by the user to connect to the site, the URL (Uniform Resource Locator) addresses of the requested resource, the time of the request, the method used to send the request to the server, the size of the file received, the numerical code used to indicate the status of the response given by the server (executed or error, etc.) and other parameters relating to the user's operating system and computer. These data are used only to create anonymous statistics on the use of the site and to check its correct functioning. They are usually deleted immediately after processing. They can be used and provided to the police and the judiciary to ascertain responsibility in the event of damage to the site or offenses perpetrated through the network.

Data transferred by the user

The compilation of any forms present on the pages of the site involves the acquisition of the data in the system memory. The information is protected by an authentication system and can only be used by those in possession of the credentials. They are also up-to-date and adequately protected, based on best practices available.

Requests for information via e-mail involve the storage of the user's e-mail address, which is necessary to respond to requests from the sender. The data stored in the message is included. The Data Controller suggests to its customers, during their requests for services and information, not to transmit the data or personal information of third parties, unless it is absolutely necessary.


As with most websites, information regarding navigation on the site is stored for statistical purposes. The collection of information is possible thanks to the use of cookies. A cookie is a small file that is transferred to your computer's hard drive when you connect to a site.

These data are not of a personal nature, as they do not allow specific identification of the user. The data collected concern the geographic location of the service provider, the type of browser used, the IP address, the pages visited, etc. The information thus collected allows you to see the frequency of visits to a site and the activity carried out during navigation.

In this way, over time, it is possible to improve the contents of the site and facilitate its use.

Even companies that transmit content to the site or whose sites are accessible via links, can use cookies when the user selects the relative link.

In these cases, the use of cookies is not under the direct control of the Data Controller. Most browsers automatically accept cookies, but it is possible to reject them or select only some of them, according to the preferences set by the user. However, if the user inhibits the loading of cookies, some components of the site may stop working and some pages may be incomplete.

Essential technical cookies

These are cookies necessary to ensure a correct and fluid functioning of the site: they allow the navigation of the pages, the sharing of contents, the storage of access credentials to speed up access to the site and to keep preferences and credentials active during navigation and improve the browsing or shopping experience. Without these cookies it is not possible to provide, in whole or in part, the services for which users access the site.

Statistical cookies

These cookies allow us to understand how users use the site in order to then be able to evaluate and improve its functioning and create content that is increasingly appropriate for users' preferences. For example, these cookies allow you to know which pages are the most and least visited, how many visitors to the site are, how much time is spent on the site by the average user and how visitors arrive on the site. In this way it is possible to determine which are the optimal functioning and the most liked contents and how the contents and the functionality of the pages can be improved. All information collected by these cookies is anonymous and not linked to the user's personal data.

Third party profiling cookies

They are cookies used by third parties not directly controlled by the Owner. The company cannot provide guarantees regarding the use that will be made of the data, the processing of which is directly operated by an external party. Cookies from these third-party operators allow us to offer advanced features, as well as more information and personal functions. This includes the ability to share content through social networks and to have a personalized site experience based on the preferences expressed through the pages visited.

If you have an account or if you use the services of these other controllers, they may be able to know that you have visited the company's website. The use of data collected by these external operators through cookies is subject to their privacy policies. Third-party profiling cookies are identified with the names of the respective operators and can be disabled.

Cookie management

By selecting the ACCEPT button shown by the banner superimposed on the Homepage, you authorize the installation of cookies on the device used by the interested party. You can change the settings of the cookies downloaded through the browser functions. By doing so, it is also possible to prevent the installation of third-party cookies and remove previously installed cookies, including those containing preferences regarding cookies. To adjust or change your browser settings, you need to consult the software or application manufacturer's guide. Disabling cookies can cause the site to malfunction or part of it.

Third party sites

The site, even only periodically, may contain links with third-party sites and applications (Google Adwords Widgets, Analitycs, Youtube, Vimeo, etc.), to provide additional services and information to the user. When the user uses these links, he leaves the company website and accesses other resources that are not under the direct control of the Data Controller, who, therefore, will not be responsible for the procedures relating to navigation, security and data processing. personal data operated by other sites, even in the presence of co-branding or display of the company logo. A careful examination of the security and confidentiality procedures of the visited site is recommended, which could transmit additional cookies, read those already present on the user's hard drive and request / acquire further personal information.

Interaction with social networks and external platforms

The site, through widgets and buttons, can interact with external platforms and social networks. In this case, the information acquired depends on the settings of the profiles used by the user on each social network and not by the administrator of this site.

More information can be obtained from the websites of the companies offering the service. In this case, the data are not managed by the website of the data controller, which connects these buttons only to offer an additional service to the data subject but has no control over them.

Communication and dissemination

The data processed through the website are exclusively of a common nature and are not intended for dissemination. The Data Controller does not require and has no interest in detecting and processing data classified by the Regulation as "particular" (health, genetic, biometric, etc.) or "criminal", without prejudice to legal obligations.

The data must be transferred to third parties in the fulfillment of obligations deriving from laws or regulations (institutions, law enforcement agencies, judicial authorities, etc.) or for activities directly or indirectly connected to the established relationship. By way of non-exhaustive example, the following are mentioned:

  • Subjects who need to access the data of the interested party for purposes relating to the relationship with the Data Controller (credit institutions, financial intermediaries, electronic money institutions and payment management, credit recovery companies, customer verification companies, carriers, etc. .);

  • Consultants, collaborators, service companies, within the limits necessary to carry out the assignment conferred by the Data Controller;

  • Subsidiary and / or associated companies that can access the data, within the limits strictly necessary to carry out tasks entrusted by the Data Controller

The data may be communicated to subjects operating within the European Union, or in countries that guarantee the same level of protection as provided for by the Applicable Regulations. The updated list of data processors is available at the headquarters of the Data Controller.

The data of the interested party may be communicated to subjects operating in non-EU countries where expressly permitted by the interested party. In any case, the data processing carried out in the various countries will be adapted to the most restrictive rules, in order to ensure the highest level of protection.

They may be transferred to third parties, even for consideration, if the interested party has given express consent, for purposes directly or indirectly connected to the activity of the Data Controller.

Data retention times

The data processed by the Data Controller, without prejudice to legal obligations, are kept until an express request for cancellation by the interested party and in any case periodically verified, also with automatic procedures, in order to guarantee their updating and effective compliance with the purposes of the treatment. If the purpose for which they were acquired is no longer valid, the data will be deleted, unless they must be processed to protect rights in court, for regulatory obligations or at the express request of the interested party. At the end of the processing and following the cancellation, the rights of the interested party can no longer be exercised.

Rights of the interested party

The interested parties are entitled to the rights referred to in Articles. from 15 to 22 of the GDPR 679/2016 and of the Applicable Regulations in general. In particular, the interested party has the right to withdraw consent to the processing of data at any time, request its correction, updating, transformation into anonymous form, even partially limit its use, request its portability and eventual cancellation. The rights can be exercised to the extent that the processing is not required by law or regulation.

The requests relating to the exercise of the rights of the interested party can be addressed to the Data Controller. If the interested party is not satisfied with the response provided to his requests by the Data Controller or the Data Protection Officer, he can lodge a complaint with the Personal Data Protection Authority.

bottom of page