Methods of data processing:
In order to prevent unauthorized access, disclosure, modification, or destruction of the Data, the Owner implements appropriate security measures. Processing of the data is performed using computers and/or IT-enabled tools, in accordance with organizational procedures and modes strictly related to the purposes indicated. Furthermore, some of the Data may be accessible to certain types of individuals involved in the operation of Reservationpoints.com (administration, sales, marketing, legal, system administration) as well as external parties appointed as Data Processors by the owner (for example, third-party technical service providers, mail carriers, hosting providers, IT companies, and communications agencies).
Place of processing:
Data is processed at the Owner’s operating offices as well as at any other locations where parties involved in the processing are located. Users’ data may be transferred to a foreign country, depending on their location.
In addition to this, users have the right to learn about the legal basis for Data transfers to countries outside the European Union or to international organizations governed by public international law or established by more than one country, such as the United Nations, and what security measures have been taken by the Owner to ensure that their Data is protected. This section contains information about such transfers and Users can find out more by referring to the relevant sections or by contacting the Owner.
Retention of data:
The processing and storage of personal data shall be limited to the period of time necessary to meet the purpose for which the data was collected. A user’s personal information collected in the course of performing a contract between the Owner and the User will be retained until the contract has been fully fulfilled. As long as necessary to fulfil the legitimate interests of the Owner, Personal Data collected for such purposes will be retained. Users may find specific information regarding the legitimate interests pursued by the Owner by contacting the Owner directly.
As long as the User has not withdrawn the consent to such processing, the Owner may be permitted to retain Personal Data for a longer period. Further, the Owner may be required to retain Personal Data for a longer period if required to do so in order to fulfil a legal obligation or as ordered by an authority. The Personal Data will be deleted once the retention period has expired. After the retention period has expired, the right to access, the right to erasure, the right to rectification, and the right to data portability cannot be enforced.