Privacy Notice

1. Introduction

Welcome to ExploreItalyGuide.com, this website and all its subdomains (collectively referred to as the “Website“) are operated by Explore Southern Europe, VAT number: SE930203510101 (“we“, “our” or “us“), incorporated and registered in Sweden. We are a forward-thinking company specializing in creating innovative websites, providing marketing solutions to companies and promotes businesses through our websites. Our expertise lies in developing innovative and effective websites that not only help companies enhance their online presence but also offer valuable content and insights to the visitors of these sites. Through our websites, we provide a unique blend of creative design, user-friendly interfaces, and effective marketing strategies, all aimed at helping businesses connect with their target audiences and offering enriching experiences to the visitors.

References to “You” or “Your” in this Privacy Notice are directed towards you as the Data Subject.

Privacy Notice overview

This document provides detailed insights into how we handle and Process Your Personal Data.  In this Privacy Notice, You will find information on various aspects of our Personal Data Processing activities, including:

• what Personal Data We Process
• why Processing is taking place
• where Personal Data is stored
• to whom Personal Data may be shared
• what rights the Data Subjects have under the GDPR
• other information about our Processing of Personal Data.

This Privacy Notice is designed to give You a clear understanding of our data Processing practices, ensuring transparency and aiding You in exercising Your rights under the GDPR.

2. Definitions

In addition to any terms defined in the running text of this Privacy Notice, the definitions below shall have the following meaning when expressed in capital letters as initial letters, whether used in plural or singular, in the definite or indefinite form:

Controller: refers to the person or entity who determines the purpose of a particular Processing of Personal Data and how the Processing is to be carried out. Individuals, legal persons, authorities, institutions, or other bodies may be Controllers.

Data Subject: refers to the natural person who can be identified through the Personal Data.

GDPR: refers to regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the Processing of Personal Data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

Personal Data: refers to all data that, directly or indirectly, alone or together with other data, can be linked to an identified or identifiable physical living person.

Processing: refers to everything made with Personal Data, regardless of whether it is being performed automated or not. Processing can occur through an individual measure or a combination of different measures. Common examples of Processing Personal Data are storage, erasure, sharing, usage, registration, copying, collection, organisation, use, adjustment, destruction, etc.

Processor: refers to the one who Processes Personal Data on behalf of a Controller, according to the Controller’s instructions.

SCC: refers to Commission implementing decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of Personal Data to third countries according to Regulation (EU) 2016/679 of the European Parliament and of the Council, or later updated version.

Third Party: refers to anyone other than, the Controller (and the persons authorised to Process the Personal Data), the Data Subject or the Processor (and the persons authorised to Process the Personal Data). Third parties may be a legal person or a natural person, institution, authority or other body.

Any other GDPR-related terms not defined herein shall have the same meaning in this Privacy Notice as outlined in Article 4 of the GDPR.

3. Personal Data Controller

We are the Controller for all Processing of Personal Data carried out by us or on our behalf, to the extent that we determine the means and purposes of the Processing (in accordance with the principle of accountability). Our Processing of Personal Data is carried out in accordance with the GDPR (and SCC where applicable) and the data protection principles. Unless expressly stated otherwise, we are the Controller for the Processing described in this Privacy Notice.

Comprehensive Data Protection Practices in Web Development and Marketing

Data Minimization and Accuracy: We adhere to the principles of data minimization and accuracy. This means we only collect and Process Personal Data that is directly relevant and necessary for our business purposes. Furthermore, we take steps to ensure that the Personal Data we hold is accurate and up-to-date, particularly when used for decision-making or marketing purposes.

Regular Data Privacy Training: We provide regular training to our employees on data privacy and protection. This helps in creating a data-conscious culture within the organization and ensures that our team members are aware of the importance of handling Personal Data responsibly.

Data Subject Rights: We recognize and facilitate the rights of Data Subjects, such as the right to access, rectification, erasure, and data portability. We have procedures in place to respond to Data Subject requests in a timely and compliant manner.

Data Security Measures: In addition to protecting against external threats, we implement internal data security measures. This includes secure access controls, regular security audits, and employing encryption technologies where necessary to safeguard data integrity and confidentiality.

Impact Assessments and Audits: We conduct regular data protection impact assessments, particularly when launching new marketing campaigns or implementing new technologies on our websites. This helps in identifying potential privacy risks and implementing mitigating measures upfront.

Partnerships and Third-Party Management: When working with third parties or vendors, we ensure they comply with applicable data protection laws and standards. This includes conducting due diligence and incorporating data protection agreements into our contracts.

Transparency and Communication: We maintain transparency in our data Processing activities. Our privacy notices and policies are clear, concise, and easily accessible, providing individuals with an understanding of how their data is used.

Innovation and Privacy by Design: In our web development practices, we incorporate the concept of ‘privacy by design’, ensuring that privacy and data protection principles are integrated into our products and services from the initial design stages.

4. How we get access to Personal Data 

Our acquisition of Personal Data typically occurs in the following scenarios:

– Direct Communication: When an individual initiates contact with us, either through inquiries, email, feedback or any other form of communication.

– Establishing Agreements: Upon entering into a contract or agreement with You or any third-party entity, where the exchange of Personal Data is necessary for the establishment and/or fulfilment of the agreement.

– Website Interactions: When someone visits our website, certain Personal Data may be collected, either directly (through forms and inquiries) or indirectly (via cookies and website analytics tools).

5. Categories of Personal Data we Process

We only Process Personal Data that is adequate, necessary and relevant to fulfil the purpose for which it was collected (in accordance with the principle of data minimisation). We primarily Process the following categories of Personal Data:

Identifying Information: This comprises the first name and last name of a) individuals representing our corporate clients or potential business contacts or b) other individuals who contact us.

Contact Details: This includes email addresses, physical addresses, telephone numbers, and social media user IDs (if applicable).

Contractual Information: Details of agreements and contracts entered into with our corporate clients, encompassing relevant information needed for the execution and management of these contracts.

Consent Records: Records of consents provided by individuals, particularly in contexts such as direct marketing or cookie usage, ensuring compliance with preferences and legal requirements.

Additional Information: Any other Personal Data that is voluntarily provided to us, such as information communicated when contacting our support team or during business interactions.

6. Legal basis for Processing Personal Data

Purpose and Compliance with GDPR

In accordance with the principle of purpose limitation, we Process Personal Data solely for specific, explicit, and legitimate purposes, ensuring each Processing activity is legally grounded as per the GDPR provisions.

Legal Bases for Processing

We primarily Process Personal Data based on one of the following four legal bases:

– Consent-Based Processing, Article 6(1)(a) GDPR: Your consent is obtained for Processing Your Personal Data for one or more specified purposes.

– Contractual Necessity, Article 6(1)(b) GDPR: Processing is necessary to fulfill a contract You are party to, or to take actions at Your request prior to entering a contract.

– Legal Obligations, Article 6(1)(c) GDPR: Processing is required to comply with legal obligations applicable to us.

– Legitimate Interests, Article 6(1)(f) GDPR: Processing is necessary for purposes related to our or a third party’s legitimate interests, except where such interests are overridden by Your rights and freedoms.

Data Processing in Business-to-Business Context

As we exclusively engage with corporate clients for marketing services, the provision of certain Personal Data by individuals representing these entities is essential. This data is crucial for entering into agreements, providing requested services, and adhering to legal or contractual obligations.

For individuals representing our corporate clients or potential business contacts, providing Personal Data may sometimes be optional. However, its absence might impede our ability to deliver effective services or support. Not providing Personal Data does not generally lead to negative legal consequences.

Inquiries from Private Individuals

We also Process Personal Data from private individuals inquiring about our website content. This Processing, including details like name and email address, is necessary for effective communication and record-keeping.

Consent Withdrawal and Data Protection

You have the right to withdraw Your consent at any time, without affecting the lawfulness of Processing based on consent before its withdrawal.

Processing Based on Legitimate Interests

When Processing is based on legitimate interests, we ensure it does not infringe on Your privacy and integrity. This involves a careful assessment of the impact of Processing on Your interests and privacy rights versus our or a Third Party’s legitimate interests. Note that we do not Process any sensitive Personal Data based on legitimate interest as the legal basis.

7. Specific Processing activities

Below You can read more about the legal basis we rely on for a particular Processing activity and the purpose of our Processing of Your Personal Data that we conduct in our capacity as the Controller. Where appropriate, we have also identified what the legitimate interests are.

• Website Visits and Cookie Usage

Cookie Policy and User Consent

Our Website uses cookies to enhance user experience and functionality. While necessary cookies are used for basic operations of the website, the use of non-necessary cookies is subject to Your explicit consent. You have the right to withdraw Your consent at any time, which will not affect the lawfulness of Processing based on the consent prior to its withdrawal. The legal basis for Processing Personal Data through non-necessary cookies is Your consent. Detailed information about our cookie usage, types of cookies, and their purposes can be found in our Cookie Notice available on the Website.

Interactions with Third-Party Links and Services

Our website and digital channels may feature links to external websites, plug-ins, applications or other services operated by Third Parties. It’s important to be aware that interacting with these links or enabling these connections may allow Third Parties to collect or share Your Personal Data. We wish to clarify that we do not exercise control over these third-party websites, plug-ins, applications or services and are not responsible for their privacy policies or practices.

Exercising Caution and Privacy Awareness

We strongly advise You to be cautious and to review the privacy notices of any third-party websites, applications, or services You visit or interact with. Understanding their privacy practices is crucial, especially as we cannot be held liable for the actions, omissions, or data handling practices of these third parties.

Our responsibility does not extend to the privacy practices of third-party websites, plug-ins, applications or other services. Should You have any queries or concerns about how these third parties manage Your Personal Data, we encourage You to contact them directly for clarification and further information. This proactive approach can help ensure Your Personal Data is handled in a manner that aligns with Your privacy expectations.

• Communication via Email, Phone, or Social Media

Nature of Contact and Access to Personal Data

Whenever we engage in communication, whether You reach out to us or we contact You through email, telephone, or social media platforms, we gain access to certain Personal Data associated with these interactions.

Types of Personal Data Accessed

In the context of such contact, we may access various types of Personal Data including, but not limited to, Your first name, last name, phone number, email address, social media user ID (if applicable), and the content of the messages or communications You share with us. Additionally, any other relevant information You provide during our interactions may also be Processed.

Legitimate Interest in Processing Personal Data

We Process this Personal Data under the premise of a legitimate interest. This interest lies in our need to identify who we are communicating with and to maintain a continuous and effective dialogue regarding the matter at hand. It allows us to provide more tailored responses and better service.

Balancing Interests and Rights

In our assessment, Processing this Personal Data is necessary to fulfill our legitimate interests. We have carefully weighed this against Your interests in protecting Your Personal Data and concluded that our Processing does not disproportionately infringe upon Your fundamental rights and freedoms.

Voluntary Provision of Personal Data

It is important to note that providing us with Your Personal Data in these instances is entirely voluntary. It is neither a statutory nor a contractual requirement, nor is it a prerequisite to enter into a contract with us. While You are not obligated to provide this data, please be aware that not doing so may impact our ability to effectively address or resolve the matter in question.

Legal Basis for Processing

The legal basis for the aforementioned Processing activities is our legitimate interest. This approach ensures that we can manage communications efficiently while respecting Your privacy and adhering to data protection regulations.

• Contractual Agreements and Performance

Processing Personal Data for Contractual Purposes

In the context of entering into and performing contracts, we Process the following categories of Personal Data belonging to the client and/or their representatives (like signatories or contact persons):

– Identifying Information

  – First name

  – Last name

– Contact Information:

  – Email address

  – Phone number

  – Contract number

The primary purpose of this data Processing is to facilitate the formation of agreements with our clients and to fulfill our contractual commitments. The Processing of this Personal Data is limited to what is necessary and relevant for these specific purposes.

Handling Complaints and Contractual Obligations

In the event of complaints or similar matters, we also Process Personal Data as required to manage these issues effectively. This includes exercising our rights and fulfilling our obligations under the contract. The legal basis for this Processing activity is the performance of a contract.

Processing of Accounting Records

In compliance with our business practices and legal requirements, such as those imposed by the Swedish Tax Agency and the Accounting Act (1999:1078), we Process various accounting records. This includes:

– Invoices

– Receipts

– Other relevant accounting documents

These records may, in some instances, contain Personal Data like names, delivery addresses, order information, and contact details of individuals (e.g., clients, reference persons, signatories). We store such documentation for the duration mandated by law or as required by the Swedish Tax Agency.

Legal Obligations and Data Storage

The legal basis for Processing and storing these accounting records, which may contain Personal Data, is our legal obligation. We ensure that all Personal Data within these records is handled and stored securely, respecting the privacy and confidentiality of the individuals involved, and in accordance with applicable legal requirements.

• Additional Purposes for Processing Personal Data in Our Web Development and Marketing Business:

Compliance with Legal Obligations

When legally mandated by laws, court orders, or government directives, we Process specific Personal Data. This Processing is strictly limited to what is necessary for us to adhere to our legal responsibilities. In these instances, the legal basis for Processing is the fulfillment of legal obligations.

Contractual Obligations

Our Processing of Personal Data under the legal basis of “Contract” is necessary to fulfill our obligations under agreements with Data Subjects. This includes managing and maintaining contracts with clients for whom we develop and manage websites, as well as those we market on these platforms.

Legitimate Interests:

We Process Personal Data based on our legitimate interests, which include, but are not limited to, the following activities:

Direct Marketing: To promote our services, we engage in direct marketing activities. This involves sending information, promotions, and offers via email or other communication channels to our customers. Our approach respects privacy laws and includes opt-out options for recipients.

Technical Functionality of Our Website: To ensure the smooth operation and functionality of our websites, we engage developers or use specialized programs for testing and optimization. This includes monitoring website performance, identifying and fixing technical issues, and enhancing user experience.

Security and Fraud Prevention: safeguard against abuse, crime, fraud, unauthorized access, and other potential damages, we take necessary measures. This involves reporting incidents and providing essential information to relevant authorities like the police or Supervisory Authority as needed.

Data Subjects’ Security Notification: In the event of security incidents involving Personal Data, we inform Data Subjects in accordance with applicable data protection laws. Our commitment is to promptly address and communicate any issues that may impact the privacy or integrity of the data we manage.

In all these activities, we ensure that our Processing of Personal Data is conducted with the utmost care for privacy and in compliance with relevant data protection legislation. We balance our legitimate interests with the rights and freedoms of the Data Subjects, ensuring that their privacy is not unduly impacted by our operations.

8. Data storage and international transfers

Prioritizing EU/EEA Data Processing: Our primary objective is to Process Your Personal Data within the boundaries of the European Union (EU) and the European Economic Area (EEA). This is to ensure that Your data benefits from the high level of protection afforded under EU/EEA data protection laws.

Circumstances of International Data Transfer: There are instances where Your data may need to be transferred to, and Processed in, countries outside of the EU/EEA. In such cases, our commitment to the security and integrity of Your Personal Data remains unwavering.

Ensuring Adequate Protection Measures: We implement robust legal, technical, and organizational measures to guarantee that Your Personal Data is managed securely and with a degree of protection equivalent to that offered within the EU/EEA. This includes:

– Data Subject Consent: Where necessary, we obtain explicit consent from You for the transfer of Your Personal Data to non-EU/EEA countries.

– Contractual Safeguards: We establish contractual agreements with international recipients, incorporating Standard Contractual Clauses (SCCs) approved by the European Commission, to ensure that Your data is adequately protected.

– Assessment of Recipient Country Laws: We evaluate the data protection laws and practices of the recipient country, ensuring they provide an adequate level of data protection.

Commitment to Compliance and Security: Regardless of the location where Your Personal Data is Processed, we maintain our commitment to safeguarding its security and confidentiality. All international data transfers are conducted in strict compliance with applicable EU data protection laws. Our aim is to uphold the highest standards of data protection, ensuring that Your Personal Data is handled with care and responsibility at all times.

9. Storage duration

Principles of Data Retention

Our data retention practices adhere strictly to the principle of storage limitation. We retain Personal Data only for the time necessary to fulfill the specific purposes for which it was collected. This includes meeting any relevant legal, accounting, or reporting requirements. The retention period varies depending on the type and nature of the Personal Data and the reasons for its collection.

Retention Period for Contractual Data

Personal Data collected in relation to contract agreements is retained in our customer or supplier records for the duration of the contract, plus an additional period of four (4) years post-contract termination. This timeframe supports both operational needs and compliance with potential legal claims or inquiries.

Data Retention for Non-Contractual Purposes

For Personal Data stored for reasons beyond our contractual obligations, such as complying with anti-money laundering laws, accounting standards, and regulatory requirements, the retention period is limited to what is necessary and/or legally mandated for each specific purpose.

Data Disposal and Anonymization

Upon reaching the end of its retention period, Personal Data is either securely erased, de-identified, or anonymized, ensuring that it no longer carries personal identifiers. This Process is handled with great care to protect Your privacy.

Data Subject Request for Deletion

We also consider requests from Data Subjects to delete their Personal Data, except where we are legally obligated to retain the data for contractual or legal compliance purposes.

Retention in Legal Claims and Disputes

In cases of legal claims or disputes involving our company, we may retain relevant Personal Data until the expiration of any statutory limitation periods. During ongoing disputes, we store necessary Personal Data until the dispute is fully resolved. Throughout these situations, our data retention practices comply with all applicable laws and regulations.

Our approach ensures that Personal Data is not held for longer than necessary, balancing operational needs with legal obligations and the privacy rights of Data Subjects.

10. Data sharing of Personal Data and third-party collaboration

Commitment to Data Confidentiality

While we prioritize the protection of Your Personal Data and maintain strict confidentiality, the nature of our business operations sometimes necessitates sharing Your data. This sharing occurs with selected companies renowned for their expertise or when compliance with applicable laws, such as social, labor, or tax legislation, is required. We ensure these entities are trusted partners, adhering to stringent confidentiality and data protection standards.

Compliance with Privacy Laws in Data Sharing

All sharing of Personal Data is executed in strict accordance with applicable privacy laws and regulations, with a focus on safeguarding Your rights and privacy.

Use of Aggregated Data

We may share aggregated, non-identifiable data with our clients, other Third Parties, or the public. This data, derived from our technical/digital platforms or service performance, does not contain information that can identify individuals, thereby not constituting Personal Data.

Disclosure to Specific Entities

In line with the purposes outlined in sections 6 (Legal Basis) and 7 (Specific Processing Activities), we disclose Personal Data to:

Authorities: We may be legally compelled to provide Personal Data to authorities (e.g., police, tax authorities) to comply with legal obligations or in response to legal requests. This includes sharing data for preventing, detecting, or investigating criminal activities, or protecting our and others’ interests and safety.

Suppliers and Service Providers: Our suppliers and service providers receive Personal Data to safeguard our legal interests, fulfill our contractual and legal obligations, and address technical or security issues. They also help in enhancing our services and maintaining our website and digital channels. Our suppliers are chosen for their expertise and commitment to GDPR-compliant data Processing. Categories include server and hosting companies, cloud services, email clients, and other service providers.

Other Third Parties: Personal Data may be disclosed to legal advisers, banks, auditors, and other partners as required by law, to fulfill contractual obligations, or to satisfy our legitimate interests. In events like mergers, sales, or acquisitions, Personal Data might be shared with involved parties.

Data Processing Agreement and GDPR Compliance

Prior to sharing Personal Data with service providers who will Process Personal Data on our behalf and in accordance with our instructions, we establish a data Processing agreement in line with GDPR Article 28, ensuring secure and proper data handling. This includes Standard Contractual Clauses (SCCs) for data Processed outside the EU/EEA.

Independent Controllers and Third-Party Responsibilities

In instances where we share Personal Data with third parties having a legitimate interest in its Processing, these entities act as independent Controllers. They are responsible for their own compliance with data protection laws, including informing Data Subjects about their Processing activities.

Legal basis and Processing interests

The legal basis for the aforementioned Processing activities is our legitimate interest, carefully balanced against Your right to privacy and integrity. We are committed to ensuring that all data sharing is conducted responsibly, transparently, and in compliance with applicable data protection laws.

11. Data subjects rights

As a Data Subject under the GDPR, You have certain privacy rights. These rights include:

Right to information: You have the right to be informed about the collection and use of Your Personal Data. This includes details about the purposes of Processing, the categories of Personal Data involved, and any third parties with whom Your Personal Data may be shared. In addition, there are certain situations where specific information should be provided to You, such as in the event of a data breach or similar incident (a Personal Data breach) occurring at our end as the Controller, and there is a risk of identity theft or fraud, for example.

Right of access: You have the right to access Your Personal Data held by us. You can request information about the Processing of Your Personal Data, obtain a copy of the Personal Data in a machine-readable format (provided that there is no applicable exception to the right of access), and be informed about the safeguards for cross-border transfers. The compilation will be designed to allow You to verify the accuracy and lawfulness of the information. However, this does not mean You have the right to obtain the documents containing the Processed Personal Data.

Right to rectification: You can request the correction of inaccurate or incomplete Personal Data about You that we Process. If we Process Personal Data about You that are inaccurate or incomplete, we will, at Your request or on our initiative, complete, rectify or delete the Personal Data in question. If data is corrected at the request of the Data Subject, we will inform those to whom the data has been disclosed that the information has been corrected. However, this does not apply if it proves impossible or involves a disproportionate effort. You also have the right to request information about to whom the data has been disclosed.

Right to erasure: In certain circumstances, You have the right to have Your Personal Data erased. This applies, for example, if the data is no longer necessary for the purpose it was collected or if You withdraw Your consent and there is no other legal basis for the Processing. However, legal obligations may prevent us from immediately deleting parts of the Personal Data. These obligations may come from, for example, but are not limited to, accounting and tax legislation, banking and money laundering legislation, and consumer law. If data is erased at the request of the Data Subject, we will also inform those to whom the data has been disclosed about the erasure. However, this does not apply if it proves impossible or involves a disproportionate effort.

Right to restriction: You have the right to request the restriction of Processing of Your Personal Data in certain cases. Restriction means that the data is marked so that it can only be Processed for specific limited purposes in the future. The right to restriction applies, among other things, when You believe the information is inaccurate and request rectification. In such cases, You can also request that the Processing of the data be restricted while the accuracy of the information is being investigated. When the restriction is lifted, we will inform You about this.

Right to data portability: You can receive and transfer Your Personal Data to another Controller where technically feasible. Another prerequisite is that the Processing of the Personal Data is based on Your consent or for fulfilling a contract. This right also only applies to Personal Data that You have provided Yourself.

Right to object: You have the right to object to our Processing of Your Personal Data. The right to object applies when Personal Data is Processed based on a legitimate interest. If You object to the Processing, we may only continue Processing the data if we can demonstrate compelling legitimate grounds for the Processing that override Your interests, rights, and freedoms or if the Processing is necessary to establish, exercise, or defend legal claims. However, You always have the right to object to using Your Personal Data for direct marketing. Such objections can be made at any time. If an objection is raised against direct marketing, the Personal Data may no longer be Processed for such purposes, and we will inform You when we have deleted the Personal Data if You request it.

Right not to be subject to automated decision-making: You have the right not to be subjected to decisions based solely on automated Processing, including profiling, if these decisions significantly affect You. Exceptions apply in cases where the decision is necessary for the performance of a contract or is authorised by law. If an automated decision has been made, with or without profiling, You can request that it be reviewed or contested. We do not conduct any automated decisions, either with or without profiling.

12. Guidelines for exercising your data subjects rights

Initiating a Request

To exercise Your rights as a Data Subject concerning the Personal Data we Process as a Controller, please feel free to reach out to us using the contact details provided at the end of this document. It’s important to be aware that the rights outlined in the GDPR come with certain limitations and conditions.

Conditions for Exercising Rights

While exercising Your rights typically incurs no charge, we reserve the right to levy a reasonable fee or refuse to act on requests that are excessive, repetitive, or baseless. Our aim is to ensure fairness and prevent misuse of these rights.

Identity Verification

Upon receiving Your request, we may require additional information to confirm Your identity. This step is crucial to prevent unauthorized access to or modification of Your Personal Data.

Response Timeframe

We are committed to responding to Your requests promptly. You will be informed about the status of Your request within one (1) month of its receipt. However, for complex requests or in instances where multiple requests are received, we may extend this period by an additional two (2) months. Should such an extension be necessary, You will be notified within the first month following Your initial request.

Legal and Regulatory Limitations

In cases where we are unable to fulfill Your request due to legal obligations or other regulatory exceptions, we will provide You with a detailed explanation. This includes outlining the specific legal or regulatory constraints that prevent us from complying with Your request.

Contact Information for Requests

Our commitment is to respect and facilitate Your rights under the GDPR, ensuring transparent and responsible handling of Your Personal Data. We encourage You to reach out with any requests or inquiries related to Your data rights. You can find our contact details under section 14 below.

13. Updates and revisions to this Privacy Notice

Commitment to Current Information

Our Privacy Notice is subject to ongoing evaluation and revision to ensure it remains accurate, relevant, and aligned with current data protection standards. We are committed to keeping this document reflective of our latest practices and legal requirements.

Notice of Updates

We reserve the right to amend this Privacy Notice as needed, which may occur with or without prior notification. However, we understand the importance of keeping You informed. Therefore, significant changes, particularly those affecting Your rights or the manner in which Your Personal Data is Processed, will be communicated to You when legally required.

Your Responsibility to Stay Informed

We encourage You to periodically review this Privacy Notice for any updates or changes. Staying informed about our privacy practices is crucial, and Your regular review of this document will help ensure You are always aware of how we handle Your Personal Data.

Availability of the Latest Version

The most current version of our Privacy Notice will always be accessible on our Website. This ensures that You have access to the latest information regarding our data protection practices at all times.

By proactively managing and communicating updates to our Privacy Notice, we aim to foster transparency and trust in our privacy practices, ensuring that You, as a user, client, client representative or other Data Subject, are always informed and Your data is protected according to the highest standards.

14. Inquiries and concerns regarding privacy and data processing

Contact Us for Support and Questions

Should You have any queries about this Privacy Notice or our practices in Processing Personal Data, or if You have concerns about how Your Personal Data is handled, we encourage You to get in touch with us. Our team is committed to providing clarity and support regarding our data protection practices. Below You find or company details and contact details:

Company details

Company: Explore Southern Europe

VAT number: SE930203510101

Registration number: 930203-5101

Contact details

Email: contact@exploresoutherneurope.com

Postal address: Renstiernas Gata 23, 116 31 Stockholm, Sweden.

Right to Lodge a Complaint

If You are not satisfied with our handling of Your Personal Data, You have the right to file a complaint with the appropriate supervisory authority. For those within Sweden, our primary supervisory authority is:

Swedish Authority for Privacy Protection (IMY):

Phone: 08-657 61 00

Email: imy@imy.se

Postal Address: Integritetsskyddsmyndigheten, Box 8114, 104 20 Stockholm, Sweden.

EU Member States’ Supervisory Authorities

If You are a resident of another EU country, You also have the option to contact Your local supervisory authority. A comprehensive list of EU Member States’ Supervisory Authorities is available at the following link: https://edpb.europa.eu/about-edpb/about-edpb/members_en.

We value Your privacy and are dedicated to ensuring that Your Personal Data is Processed transparently and responsibly. Your feedback and concerns are important to us, and we are here to address any issues You may have.