Helpy Travel Privacy Policy

Effective from: May 1, 2025

Last updated: May 1, 2025

This privacy notice (or “privacy policy”) is provided in compliance with current personal data protection legislation and, in particular, pursuant to EU Regulation 2016/679 (GDPR) and Legislative Decree 196/2003 (Personal Data Protection Code, so-called “Privacy Code”) with reference to the processing of personal data of visitors to the HelpyTravel site. The site is owned and managed by Teasa Innovation SRL. This privacy policy is provided for this site and also for other domains, websites, and landing pages owned by Teasa Innovation SRL. This notice contains important information about the personal data that is collected when visiting this Website, as a registered or unregistered user, and describes how such data is used.

This document contains important information on the following:

1. DATA CONTROLLER

2. PURPOSES AND METHODS OF PROCESSING

3. NATURE OF DATA PROVISION AND CONSEQUENCES OF REFUSAL

4. PLACE OF DATA PROCESSING

5. TYPES OF DATA PROCESSED/SPECIFIC PROCESSING

6. DATA RETENTION PERIOD

7. RECIPIENTS/CATEGORIES OF RECIPIENTS OF PERSONAL DATA

8. RIGHTS OF DATA SUBJECTS

9. RIGHT TO WITHDRAW AND OBJECT

10. PROTECTION OF MINORS' PRIVACY

11. SECURITY AND CONFIDENTIALITY OF PERSONAL DATA

12. UPDATES TO THIS POLICY - COMMUNICATIONS

  1. DATA CONTROLLER

For the purposes of this Privacy Policy and the data processing described herein, it is specified that the term “Company” refers to Teasa Innovation S.r.l. registered office in C.so Castelfidardo 30/a 10129 TURIN – Italy, VAT number 13100310013; e-mail info@helpytravel.com. The Company is the data controller (as defined in Reg. (EU) 2016/679) of the collected data. For any comments or questions about this Privacy Policy, you can contact the Company's customer service at the e-mail address info@helpytravel.com.

  1. PURPOSES AND METHODS OF PROCESSING

Following consultation of this site and use of one or more services, data relating to identified or identifiable natural persons may be processed. Any personal data acquired, always in compliance with current legislation, will be processed solely for the following purposes: a) purposes strictly connected and instrumental to allowing access to and use of the site, its features, the services requested and the services provided by the Company; b) to fulfill obligations provided for by law and European regulations; c) for operational and management needs internal to the Company and related to the services and/or products offered; d) in the case of explicit and optional expression of consent, the data collected for the purposes referred to in paragraph a) will also be processed for direct marketing purposes by the Data Controller, in particular for sending informational, commercial or advertising material relating to the services and/or products offered by the Company, also by e-mail, SMS, fax, other instant messaging tools and not, including those operating on third-party platforms. The data will be processed lawfully and fairly and used only for the purposes referred to in the preceding paragraphs. The processing will be carried out using suitable tools to guarantee the security and confidentiality of personal data and may be carried out with paper and/or automated and computerized tools designed to store, manage and transmit the data.

  1. NATURE OF DATA PROVISION AND CONSEQUENCES OF REFUSAL

The provision of personal data is mandatory exclusively for the purposes referred to in art. 2, paragraph a), to allow the use of the site and the related services requested by the user, possibly after information for each additional service provided in the manner established by law. Your refusal will make it impossible to use these services. It will still be possible to consult the site without providing any personal data, but some features will not be available and some services cannot be provided. The provision of data and the granting of consent for its processing for the purposes referred to in art. 2, paragraph d), is optional: in the absence of explicit consent, these services will not be provided, but there are no other consequences. If you do not intend to provide your consent for these purposes, you can still use the site and the services for the purposes referred to in art. 2, paragraph a). In other words, the consequences of a refusal to respond or to give consent are always explicit and are connected to each service rendered. For example, a refusal of the relevant processing may prevent the consultation of the site with all its features (in the case of cookies) or the receipt of advertising material (in the case of art. 2 paragraph d). Therefore, the user is informed in the appropriate manner for each specific case, but in any case, can consult the website even while denying consent to the processing of personal data, where required: in this case, some features and characteristics of the site may be disabled.

  1. PLACE OF DATA PROCESSING

The processing connected to the web services of this site takes place at the Company's headquarters, subject to explicit exceptions, and is handled only by technical personnel of the Company specifically in charge of the processing. The site's hosting service is provided by Vercel, through a cloud server rented from the provider's data center located in the European Union, which guarantees the Data Controller, as far as it is competent, (based on a specific contractual addendum), compliance with current legislation on the processing of personal data.

  1. TYPES OF DATA PROCESSED/SPECIFIC PROCESSING

       Information about users is collected in several ways:

  1. Site Registration: During site registration, we collect the personal data provided directly by the user. This data is used to identify the user, provide them with access to restricted services, and communicate with them regarding relevant information.
  2. Public, partner, and private sources: We may also collect data from external sources, such as public registers, publicly accessible databases, business partners, or other private entities. Such data may be used to supplement the information we already have, improve the quality of our services, and for marketing purposes, always in compliance with applicable regulations and after obtaining consent, if necessary.
  3. User interaction with the site: We automatically collect some information related to the user's interaction with the site through technological tools such as cookies, server logs, and other similar technologies.

In addition to these main methods, we may collect information about users through surveys, contests, newsletter subscriptions, and other forms of voluntary interaction with our services. All data collection is done with transparency and, where necessary, we request the user's explicit consent for specific processing, always ensuring the possibility of revoking it at any time.

The processing of users' personal data is carried out for a series of purposes, all aimed at providing an efficient, secure, and personalized service. The main purposes for which the data is collected and processed include:

  1. Marketing/Promotional: We use personal data to send marketing and promotional communications regarding our products, services, special offers, and other information that we believe may be of interest to users. These communications may be made via email, SMS, or other methods permitted by the user.
  2. Account creation for platform use: Personal data is used to create and manage user accounts, allowing access to and use of the platform's features, such as order management, viewing personalized content, and interacting with other users.
  3. Reviews on third-party platforms (e.g., Google, Trustpilot): With the user's consent, we may share some information to allow the publication of reviews and feedback on third-party review platforms such as Google or Trustpilot, improving our reputation and providing transparency to future customers.
  4. Collection of customer feedback: The data collected may be used to request and collect feedback from users, in order to improve our services, identify areas for improvement, and better understand the needs of our clientele.
  5. Enforcement of Terms and Conditions: Personal data may be processed to ensure the application and respect of the Terms and Conditions of the service, including the management of violations and the adoption of appropriate measures in case of non-compliant behavior.
  6. Payment processing: The data necessary for the management of financial transactions is collected and used to process order payments, ensure the security of operations, and manage any refunds or disputes relating to such transactions.
  7. Support: Personal data is used to provide technical support and customer assistance, answer questions, solve problems, and improve the overall user experience on the platform.
  8. Administrative information: Users may receive administrative communications related to the use of the service, such as updates to the terms of service, changes to the privacy policy, security notifications, or other relevant information for the management of the contractual relationship.
  9. Targeted advertising: We collect and use personal data to offer targeted advertising based on users' interests and previous interactions, in order to make advertising campaigns more relevant and improve their effectiveness.
  10. Management of services offered to customers: Personal data is processed to manage the entire service delivery cycle, from the initial request to the provision of the service itself. This includes communicating with the customer for updates on the status of the service, managing any changes or additional requests, and resolving any problems that may arise during the provision of the service.
  11. Site protection: Data may be used to monitor and prevent fraudulent activities, ensure the security of the website, and protect users and the information in our possession from threats and security breaches.
  12. Dispute resolution: Personal data may be processed to manage and resolve disputes or complaints, both contractually and legally, ensuring that all issues are addressed fairly and in a timely manner.
  13. User account management: In addition to creation, personal data is used for the ongoing management of the user account, including updating information, managing preferences, and controlling security settings.

Depending on the service provided, different types of personal data may be processed, as specified in the following articles.

  1. Navigation Data

The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of web Browse. This data is collected on our behalf by Google Analytics, a web analysis platform provided by Google, Inc. This information is not collected to be associated with identified interests: however, by its very nature, it could, through processing and association with data held by third parties, allow users to be identified. The data collected by Google Analytics includes IP addresses or domain names of the computers used by users who connect to the site, the URL addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server and other parameters relating to the operating system and the platform used by the user. This data is used by Google Analytics for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning. The collected data is processed in an anonymous and aggregated form and is deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.

5.2 Data voluntarily provided by the user (communications)

The optional, explicit and voluntary sending of communications by means of contact forms on the site or by e-mail to the addresses indicated on this site, involves the subsequent acquisition of the data communicated to the sender, including his e-mail address, and the consent to receive any reply messages to their requests. The personal data thus provided is used for the sole purpose of satisfying or responding to the requests sent and is communicated to third parties only if this is necessary for that purpose.

5.2.1 Data voluntarily provided by the user (to receive communications for marketing and/or commercial promotion purposes)

Each data subject can voluntarily provide their personal data to the Company in order to receive commercial or promotional communications, however named, with both digital and paper communications. Only if the e-mail coordinates are provided by the data subject in the context of the sale of a product or service, the e-mail address thus provided may be used for the direct sale of other similar products or services, pursuant to EU Regulation 2016/679 (GDPR) and Legislative Decree 196/2003 (Personal Data Protection Code, so-called “Privacy Code”), without the need for express and prior consent. In any communication, however, the data subject is reminded that they can withdraw consent at any time and without formalities. The data is deleted at the request of the data subject.

5.2.2. Registration on the Helpy Travel platform

Some features of our service require prior registration. You will need to provide some information about yourself and choose a username and password for the account we will create for you. For this purpose, we use your name, surname, e-mail address, and phone number. We will keep this data so that you do not have to re-enter it every time you visit our website and to contact you in connection with the execution of the agreement, billing and payment, and to provide an overview of the services you have used from us.

5.3 Cookies

Our site uses cookies and similar technologies to ensure the proper functioning of the platform and improve the user experience. Cookies can be used for various purposes, such as user authentication, storing preferences, analyzing traffic, and personalizing content.

For a detailed description of the cookies we use, their purposes, and how to manage your consent, please consult our Cookie Policy.
In this section you will find all the necessary information to understand how cookies are used, how you can manage your preferences and, if necessary, how to disable them.

  1. DATA RETENTION PERIOD

We will retain users' personal information for a period ranging from 90 days to 2 years after account termination or for as long as necessary to fulfill the purposes for which it was collected, as described in this Privacy Policy. However, in some cases we may need to retain certain information for longer periods, for example for recording or reporting needs in accordance with current legislation, or for other legitimate reasons, such as the enforcement of legal rights, fraud prevention, and other similar situations. Anonymous residual information and aggregated data, which do not allow the identification of the user (neither directly nor indirectly), may be stored indefinitely.

  1. RECIPIENTS/CATEGORIES OF RECIPIENTS OF PERSONAL DATA

For the purposes referred to in art. 2, where necessary only with prior consent, the data may be communicated to third parties whose collaboration the Committee may and/or must use for the performance of these offered services. The data acquired via the web, or in any case deriving from web services, may be communicated to the technological and instrumental partners that the Data Controller uses for the provision of the services requested by users/visitors, always in compliance with the purposes indicated in art. 2. The data collected for the above purposes may also be communicated to companies connected to or belonging to the same corporate group as the Data Controller and to subjects authorized for this purpose by legal provisions and European regulations. A list of subjects to whom the Data Controller communicates the personal data collected for the aforementioned purposes is available to data subjects at the Data Controller's office and can be obtained upon written request sent to the Data Controller.

  1. RIGHTS OF DATA SUBJECTS

The data subject is the identified or identifiable natural person to whom the personal data being processed refers. We inform you that, as a data subject, you have the right to access at any time the data concerning you processed by the Data Controller (right of access) in order to verify its correctness and to verify the lawfulness of the processing carried out. You can also exercise all the rights recognized by current national and European legislation on the protection of personal data (by Legislative Decree 196/2003 and by EU Reg. no. 2016/679 and subsequent amendments and additions): in particular, you can request at any time the correction and updating of incorrect or inaccurate data, the limitation of the processing carried out and their cancellation (right to be forgotten), as well as lodge a complaint with the Personal Data Protection Authority. With reference to personal data processed by automated means, you are also recognized the right to receive the data concerning you in a structured and commonly used format and to transmit them, possibly, to another data controller (right to data portability). Any request regarding the processing of personal data and any communication relating to the exercise of your rights may be addressed to the Data Controller using the appropriate "Contacts" form on the site or by sending a communication via e-mail: info@helpytravel.com.

  1. RIGHT TO WITHDRAW AND OBJECT

Each data subject is also recognized the right to withdraw the consent given at any time, without prejudice to the lawfulness of the processing carried out by the controller before such withdrawal. The data subject is also always recognized the possibility of objecting to the processing of data concerning him/her if it is carried out for direct marketing purposes as per art. 2, paragraph d; in this case, your data will no longer be processed for these purposes (right to object).

  1. PROTECTION OF MINORS' PRIVACY

This Website is aimed at a general audience; however, its services are intended for people aged 18 or over. The Company does not knowingly request, collect, use, and disclose personal data provided by persons under the age of 18. If the Company becomes aware that it has personally collected data from a minor, it will delete it. If the user is not of the required age, they are asked not to register and to ask an adult (i.e., their parents or guardian) to perform the necessary procedures. It is specified that pursuant to art. 8 of the European Regulation, where article 6, paragraph 1, letter a) applies, regarding the direct offer of information society services to minors, the processing of a minor's personal data is lawful where the minor is at least 16 years old.

  1. SECURITY AND CONFIDENTIALITY OF PERSONAL DATA

The Company has implemented appropriate measures to protect the user's personal data from accidental loss and from unauthorized access, use, modification, and disclosure. Despite this, the user should be aware that it is not possible to guarantee 100% security. Therefore, the user provides their personal data at their own risk and, to the maximum extent permitted by applicable law, the Company will not be in any way responsible for their disclosure due to errors, omissions, or unauthorized actions of third parties during or after their transmission to it. The Committee recommends that the user periodically update their software to protect the transmission of data over networks (e.g., antivirus software) and check that the provider of electronic communication services has adopted suitable means for the security of data transmission over networks (e.g., firewalls and anti-spam filters); keep confidential and not communicate to anyone the username and password to access the account; and change the password periodically. In the unlikely event that the Company believes that the security of the user's personal data in its possession or under its control has been or may have been compromised, it will inform the user of the incident in the manner provided for by applicable law, using the methods prescribed by it (by providing the Company with your email address, the user consents to receive such communications in electronic format through that email address).

  1. UPDATES TO THIS POLICY - COMMUNICATIONS

The Company, at its own discretion, reserves the right to change, modify, add or delete parts of this Privacy Policy at any time, by publishing the revised version on this page of the Website. It is the user's responsibility to review the Privacy Policy from time to time to become aware of any changes made. In some cases, the Committee may provide further communications relating to significant changes to this Privacy Policy by posting a notice on the home page of this Website or, in the case of registered users, by sending a notification email or by posting a notice on their account page.