Privacy Policy

PRIVACY POLICY

B2B Digital Marketplace – Ospito Consorzio a r.l.

Last Updated: May 2026

1. INTRODUCTION AND DATA CONTROLLER

Ospito Consorzio a r.l. (hereinafter referred to as "the Consortium", "we", "us", or "our") is deeply committed to protecting the personal data of corporate users, operators, and professionals interacting with our Business-to-Business (B2B) digital marketplace, booking.matchingapulia.it (the "Platform").

This Privacy Policy describes how we collect, use, process, store, and safeguard personal data provided by Buyers (Tour Operators, Travel Agencies, DMCs) and Sellers (Accommodations, Tour Guides, NCC/Transfer Providers) operating within the South-East Bari tourism ecosystem.

Data Controller Details:

Data Controller: Ospito Consorzio a r.l.

Registered Office (Sede Legale): Via Nicola Lagravinese 50 - 70043 Monopoli (BA)

VAT Number / Tax ID (P.IVA / C.F.): 08638610728

REA Number: 640098

Contact Email: booking@ospitoconsorzio.it

Contact Phone: +39 0809696542

2. CATEGORIES OF PERSONAL DATA WE PROCESS

As a specialized B2B infrastructure, the Platform processes data relating to corporate entities, their legal representatives, employee accounts, and specific operational end-user details required to execute travel bookings:

A. Corporate and Account Data (Buyers and Sellers)

Full name of the legal representative or corporate point of contact.

Company name, registered address, operational licenses, and tax identification details (VAT/Partita IVA).

Corporate contact information (business email addresses, phone numbers).

Encrypted platform authentication credentials (usernames and passwords).

B. Transactional and Financial Data

Corporate banking details, IBAN, and credit card/merchant payment logs used to process marketplace clearing.

Billing history and electronic invoicing (Fatturazione Elettronica) metadata routed via the Italian Revenue Agency's exchange network (SDI).

C. Booking and Operational Fulfillment Data

To fulfill the tripartite marketplace services (Accommodations, Tours, Transfers), we process travel itinerary details entered into the platform engine by Buyers. This may include:

End-user/Passenger names and surnames.

Identification documents (passports or national IDs) required exclusively for the compliance of local Public Safety Laws (TULPS registration for accommodations).

Specific logistical details (flight numbers, pick-up times, and destination coordinates for NCC Transfer dispatches).

D. Technical and Navigation Data

IP addresses, browser types, device identifiers, and timestamps gathered automatically via technical tracking mechanisms (for further details, see our Cookie Policy).

3. PURPOSES OF PROCESSING AND LEGAL BASES

We process personal data only when authorized by an explicit legal framework outlined in Art. 6 of the GDPR:

4. DATA RETENTION PERIOD

Personal data will be stored only for the duration strictly necessary to achieve the specific purposes for which it was collected:

Account and Profile Data: Retained for the entire duration of the active contractual relationship between the Operator and the Consortium.

Fiscal and Transactional Records: Retained for a mandatory period of 10 years, in strict compliance with Art. 2220 of the Italian Civil Code and tax regulations.

Booking and Operational Data: Retained for up to 5 years from the completion of the travel itinerary to manage potential contractual liabilities, cross-claims, or preemption disputes.

Technical Logs: Automatically deleted or anonymized within 7 days, unless required for cybersecurity investigations.

5. RECIPIENTS OF DATA AND DISCLOSURE

To ensure seamless marketplace operations, your data may be shared with the following categories of external recipients, formally appointed as Data Processors (Responsabili del Trattamento) under Art. 28 of the GDPR where required:

The Interconnected Trading Partner: Buyers' data is disclosed to the corresponding Sellers (and vice versa) to execute, finalize, and dispatch the requested Accommodation, Tour, or Transfer service.

Technical Infrastructure Providers: Cloud hosting providers, IT administrators, and development teams managing the marketplace software engine.

Financial and Legal Intermediaries: Secure payment gateways (e.g., Stripe), accounting firms, corporate consultants, and banking institutions.

Public Authorities: The Italian Revenue Agency (Agenzia delle Entrate), law enforcement agencies (Questura / Alloggiati Web), and judicial bodies, in compliance with mandatory statutory provisions.

We do not sell, rent, or trade your personal data to third-party marketing companies.

6. DATA TRANSFERS OUTSIDE THE EUROPEAN UNION (EU)

All primary databases and servers hosting the Matching Apulia platform are located within the European Economic Area (EEA). In the event that specific third-party operational integrations (such as payment elements or technical log metrics) require data processing in countries outside the EEA, the Consortium guarantees that such transfers are protected under Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring strict data sovereignty and equivalence of rights.

7. YOUR RIGHTS UNDER THE GDPR

As a data subject, you possess comprehensive rights regarding your personal data under Articles 15–22 of the GDPR. You may exercise these rights at any time:

Right of Access (Art. 15): Request confirmation as to whether or not your data is being processed, and obtain a copy of it.

Right to Rectification (Art. 16): Demand the immediate correction of inaccurate or incomplete corporate/personal information.

Right to Erasure / "Right to be Forgotten" (Art. 17): Request the deletion of data when it is no longer required for its original purpose, or when legal retention limits have expired.

Right to Restriction of Processing (Art. 18): Terminate processing activities temporarily while data accuracy or legal claims are contested.

Right to Data Portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format to transfer it to another controller.

Right to Object (Art. 21): Oppose processing carried out on the basis of legitimate interest or for direct B2B marketing communication purposes.

How to Exercise Your Rights:

To submit a formal request, please send an explicit written inquiry to the Consortium's Privacy Desk at:

📩 booking@ospitoconsorzio.it

If you believe your personal data has been handled in breach of the GDPR framework, you retain the legal right to lodge an official complaint with the competent national authority—in Italy, the Garante per la protezione dei dati personali(www.garanteprivacy.it).

    All Rights Reserved by Matching Apula B2B
Powered by   phptravels  OSPITO CONSORZIO v9.1