Information pursuant to art. 13 of EU Regulation 679/2016
This page represents the "Privacy Policy" of this site and is intended to provide information on how the personal data of users who interact with this website are processed, who use the services provided by the same to users, as well as to provide the disclosure imposed by art. 13 and 14 of EU Regulation 2016/679.
This information is provided only for this site and not for other websites that may be consulted by the user through links on the web pages of this site.
The Regulation (EU) 2016/679 on the protection of personal data (hereinafter, the "Regulation") establishes rules relating to the protection of individuals with regard to the processing of personal data, as well as rules relating to the free circulation of such data and protects the fundamental rights and freedoms of individuals, with particular reference to the right to the protection of personal data.
"Personal Data" means any information relating to an identified or identifiable natural person (‘data subject’); (Article 4, No. 1 of the Regulation).
"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; (Article 4, No. 2 of the Regulation).
Pursuant to art. 12 and ss. of the Regulations, it is also provided that the data subject must be made aware of the appropriate information relating to the processing activities that are carried out by the data controller and the rights of the data subjects.
Data Controller
Azienda per il Turismo S.p.A. Madonna di Campiglio Pinzolo Val Rendena Via Pradalago 4, 38086 – Madonna di Campiglio (TN)
Tel.: +39 0465 447501
Mail: info@campigliodolomiti.it
Sito: https://www.campigliodolomiti.it
P.IVA 01854660220
The Data Protection Officer appointed by the Data Controller can be contacted at the following email address: dpo@campigliodolomiti.it
Purposes and legal bases
The user's personal data will be processed for the pursuit of the following purposes and with the following legal bases:
1. for the conclusion and correct execution of the contract of which the data subject is a party or for the execution of pre-contractual measures adopted at the request of the same, for the bike bus service; the legal basis for the treatments listed is represented by art. 6 par. 1 letter b) of the 2016/679 EU Regulation;
-
send e-mails for the purpose of commercial and promotional information for the sale of our products / services, of the same type as the previous purchases of the data subject, except for the refusal to treatment by the same, which can be opposed at any time; the legal basis for this type of processing is represented by the legitimate interest of the Data Controller as provided for in Article 6 par. 1 letter f);
-
respond to requests sent by the user via email and / or form on the site; the legal basis for the treatments listed is represented by art. 6 par. 1 letter b) of the 2016/679 EU Regulation;
-
make site navigation possible and functional, as well as guarantee an adequate level of security, integrity and availability; the legal basis for this type of processing is the legitimate interest of the data controller as provided for in Article 6 par. 1 letter f);
-
analysis of statistical data on aggregate or anonymous data, with the aim of monitoring the correct functioning of the Site, traffic, usability and interest; the legal basis for this type of processing is represented by the legitimate interest of the Data Controller as provided for in Article 6 par. 1 letter f);
-
ascertain, exercise or defend a right in court; the legal basis for this type of processing is the legitimate interest of the data controller as provided for in Article 6 par. 1 letter f);
-
to fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority; the legal basis for this type of processing is represented by Article 6 paragraph 1 letter c);
-
carry out market research to develop and improve our range of products, services and activities proposed by the data controller and their partners; the legal basis is represented by consent as required by art. 6 par. 1 letter a) of the 2016/679 EU Regulation;
Data type
The data necessary for the pursuit of the aforementioned purposes will be collected and processed:
-
identification data
-
contact details
-
data relating to the contractual relationship
Refusal to provide data
Users / visitors are free to provide their personal data. The provision of data is in some cases necessary as, any refusal to provide them, could lead to the failure to conclude or incorrect fulfillment of the contract of which the data subject is a party and / or failure to comply with the legal obligations to which the Data controller is submitted.
The provision of data for processing that requires consent is optional, failure to provide it will not make it impossible to use the products / services offered by the data controller. Even in the event of consent, the data subject will still have the right to subsequently object, in whole or in part, to the processing of their personal data for the purposes set out above, by simply making a request to the Data Controller at the addresses indicated above.
Data source
The data will be provided by the data subject.
Processing methods
In accordance with the provisions of art. 5 of the Regulation, the personal data processed will be:
-
processed in a lawful, correct and transparent manner towards the data subject;
-
collected and recorded for specific, explicit and legitimate purposes, and subsequently processed in terms compatible with these purposes;
-
adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
-
accurate and, if necessary, updated;
-
processed in such a way as to guarantee an adequate level of security;
-
kept in a form that allows the identification of the data subject for a period of time not exceeding the achievement of the purposes for which they are processed.
The treatment will be carried out both with manual and / or IT and telematic tools with organization and processing logics strictly related to the purposes themselves and in any case in such a way as to guarantee the security, integrity and confidentiality of the data in compliance with the organizational and physical measures. and logic provided for by the provisions in force.
Data comunication
Personal data may be communicated to the subjects authorized to process the processing, as well as to the external data processors appointed by the data controller (the complete list of external managers is available upon request to be presented to the data controller at the addresses indicated above), in charge of managing the aforementioned purposes. As part of the pursuit of the aforementioned purposes, the data may be disclosed to other subjects acting as independent data controllers.
Data dissemination
Personal data will not be disseminated.
Data transfer abroad
For the purposes indicated above, the Personal Data will be processed within the European Economic Area (EEA). Should they be transferred to Third Countries, in the absence of an adequacy decision by the European Commission, the provisions of the applicable legislation on the transfer of Personal Data to third countries will be respected, such as the Standard Contractual Clauses provided by the European Commission.
Data retention
In general, the Personal Data will be kept for the time strictly necessary to pursue the purposes for which they were collected and processed, including the retention period required by the applicable legislation and, in any case, for a maximum period of 10 years from the termination. of the relationship with the data controller and for a maximum period of 2 years for the purposes in which your consent is required, except for the possible need for the data controller to defend their right in court.
Rights of data subject
Pursuant to EU Regulation 2016/679 art. 15 and following and of the national legislation in force, the data subject may, according to the methods and within the limits established by current legislation, exercise the following rights:
- request confirmation of the existence of personal data concerning him (right of access);
- know its origin;
- receive intelligible communication;
- have information about the logic, methods and purposes of the processing;
- request the updating, rectification, integration, cancellation, transformation into anonymous form, blocking of data processed in violation of the law, including those no longer necessary for the pursuit of the purposes for which they were collected;
- the right to lodge a complaint with the Supervisory Authority (Privacy Guarantor);
- as well as, more generally, to exercise all the rights that are recognized by the current provisions of the law.
The exercise of rights may take place by sending a request that must be addressed without any formalities to the data controller, at the addresses indicated above.
Before providing an answer, the data controller may need to identify the data subject, by requesting to provide a copy of his identity document.
Written feedback will be provided without undue delay and, in any case, no later than one month from receipt of the request.
Version: 1.0
Change: 11/04/2022