Mistral Air srl, (hereafter also referred to as “Mistral”), with its headquarters at Viale Lincoln, 3, Rome, will act as the Data Controller, in full compliance with the provisions laid down by Legislative Decree No 196/03 (Law on personal data protection, hereafter referred to as the “Law”). It is now supplying the following information regarding the processing of the personal data of customers (hereafter referred to as “Data Subjects”).

When a user visits this website, some information is provided that is classified as personal data. 
For these purposes, the Data Controller is Mistral Air srl. 
Users’ personal data is processed by persons who, pursuant to Article 30 of Legislative Decree No 196/03, are designated as Data Processors by the Data Controller and who work under the direct authority of the Data Controller on the basis of instructions received.

Users’ personal data are also processed by persons designated as System Administrators pursuant to the Order of the Italian Data Protection Authority dated 27 November 2008 and subsequent additions thereto. 
Users’ data may also be communicated to a legal or administrative authority or another public entity with a right to demand them, in the cases laid down by law.
This information note refers to the Mistral Air website and therefore does not apply to visits to any other websites that may be consulted by users via a link.

If a user decides to book a ticket and clicks on the relevant link, he/she may then view a further privacy information note pursuant to Article 13 of Legislative Decree No 196/2003, with a view to giving his/her consent in relation to the processing of the data supplied for the purposes indicated therein.

METHODS AND PURPOSE OF PROCESSING

Personal data will be processed using computerised/telematic tools for purposes that are strictly necessary for the viewing of the website www.mistralair.it, and for purposes connected to and/or instrumental in the consultation. Data processing will take place using tools and methods designed to guarantee the confidentiality and security of the data, in compliance with the provisions of Articles 33 et seq. of Legislative Decree No 196/2003 and the legislation in force.

TYPES OF DATA PROCESSED

Navigation data:

the information systems and software procedures used to operate this website acquire some personal data as part of their normal operation. The transmission of these data is an inherent feature of internet communication protocols. This information is not collected in order to be linked to identified Data Subjects, but by its nature, it might allow user identification if it is processed and matched with data held by third parties. This data category includes IP addresses or domain names of the computers used by any user connecting to this website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of a request, the method used to submit a request to the server, returned file size, a digital code indicating server response status (successfully performed, error, etc.) and other parameters relating to the user’s operating system and computer environment. This data is only used to extract anonymous statistical information on website use and to check its functioning; they are kept only for the periods laid down by the reference legislation. The data might be used to establish liability in the event of IT offences being committed that have an adverse impact on the website.

Cookies

No cookies are used to transmit personal information, and “persistent cookies” or user tracking cookies are not used. Use of “session cookies” (which are not stored permanently on the user’s computer and disappear when the browser is closed) is strictly limited to the transmission of session IDs (consisting of server-generated random numbers) that are required to allow secure, effective navigation of the website. Session cookies used by this website make it unnecessary to implement other computer techniques that might be detrimental to the confidentiality of user navigation, and they do not permit the acquisition of the user’s personal identification data.

Categories of person to whom user data may be disclosed.

Some processing of user’s personal data may be carried out by third parties, including companies in the Poste Italiane Group, to which Mistral Air entrusts or may entrust certain activities relating to website consultation. These persons will act as independent Data Controllers or Data Processors. In the latter case, the Data Controller, Mistral Air, will give the Data Processors appropriate operating instructions, with particular reference to the adoption of minimum safety measures, in order to guarantee the confidentiality, integrity and safety of data.

 

Rights of Data Subjects

To exercise the rights laid down in Article 7 of Legislative Decree 196/2003 of 30 June 2003 (such as the right to obtain confirmation of the existence of personal data concerning them and be informed of their contents and origin, verify their accuracy or request that they be supplemented, updated, rectified, removed, anonymised or blocked if they have been processed unlawfully etc.), users may contact the Data Controller, Mistral Air srl, or email infomistralair@posteitaliane.it.