Disclosure pursuant to Art. 13 of EU Regulation 679/2016
This information is provided only for this site and not for other websites that may be consulted by the user via links on the web pages of this site.
Regulation (EU) 2016/679 on the protection of personal data (hereinafter, the "Regulation") lays down rules relating to the protection of individuals with regard to the processing of personal data, as well as rules relating to the free movement of such data, and protects the fundamental rights and freedoms of natural persons, with particular reference to the right to the protection of personal data.
Article 4(1) of the Regulation provides that "Personal Data" shall mean any information relating to an identified or identifiable natural person (hereinafter, "Data Subject").
"Processing" shall be understood to mean any operation or set of operations which are performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (Art. 4(2) of the Regulation).
Pursuant to Articles 12 et seq. of the Regulation, it is also provided that the Data Subject must be made aware of the appropriate information concerning the Processing activities carried out by the Data Controller and the rights of the Data Subjects.
Azienda per il Turismo S.p.A. Madonna di Campiglio
Via Pradalago 4
38086 - Madonna di Campiglio (TN)
Tel: +39 0465 447501
VAT NO. 01854660220
The Data Protection Officer appointed by the Data Controller can be contacted at the following email address: firstname.lastname@example.org
Parco Naturale Adamello – Brenta
Via Nazionale n. 24 – 38080 Strembo (TN)
Tax code no. 95006040224
Tel: +39 0465 80 66 66
VAT NO. 01854660220
The Data Protection Officer (DPO) can be reached at the following address: Studio Kompas Srls, Via del ponte 8 – 38060 Nogaredo (TN) (email: email@example.com, Telefono 348 4798326)
Purpose of processing and legal basis of processing
The user's personal data will be processed by the joint controllers for the following purposes and on the following legal bases:
1. for the conclusion and proper performance of the contract to which the data subject is party or for the performance of pre-contractual measures taken at the request of the data subject, for the integrated mobility service; the legal basis for the processing operations listed is Article 6 par. 1(b) of EU Regulation 2016/679;
2. to send e-mails for the purpose of commercial and promotional information for the sale of our products/services, of the same type as previous purchases by the data subject, unless the data subject refuses, which he/she can do at any time; the legal basis for this type of processing is the legitimate interest of the Data Controller as provided for by Art. 6 par. 1(f);
3. to respond to requests sent by the user via e-mail and/or form on the site; the legal basis for the processing operations listed is represented by Art. 6 par. 1(b) of EU Regulation 2016/679;
4. to make the navigation of the site possible and functional, as well as to ensure an adequate level of security, integrity and availability; the legal basis for this type of processing is the legitimate interest of the joint controllers as provided for by Art.6 par. 1(f);
5. for the analysis of statistical data on aggregated or anonymous data, with the purpose of monitoring the proper functioning of the Site, usability traffic and interest; the legal basis for this type of processing is the legitimate interest of the Controller as provided for in Art. 6 par. 1(f);
6. to ascertain, exercise or defend a right in court; the legal basis for such processing is the legitimate interest of the joint controllers as provided for in Art. 6 par. 1(f);
7. in order to fulfil the obligations provided for by law, by a regulation, by European legislation or by an order of the Data Protection Authority; the legal basis for this type of processing is described in Art.6 par.1(c);
8. to carry out market research in order to develop and improve our range of products, services and activities offered by the data controller and their partners; the legal basis is consent as provided for in Art. 6 par. 1(a) of EU Regulation 2016/679;
Type of data
Data necessary for the pursuit of the above purposes will be collected and processed:
1. identification data
2. contact details
3. data relating to the contractual relationship
Refusal to provide data
Users/visitors are free to provide their personal data. In some cases, the provision of data is necessary because a refusal to provide such data could lead to the failure to conclude or the incorrect fulfilment of the contract to which the Data Subject is a party and/or the failure to comply with the legal obligations to which the Data Controller is subject.
The provision of data for processing that requires consent is optional; failure to provide such data will not make it impossible to use the products/services offered by the Controller. Even in the event of consent, the data subject shall still be entitled to object subsequently, in whole or in part, to the processing of his or her Personal Data for the purposes set out above, by making a simple request to the Data Controller at the addresses indicated above.
Source of personal data
The Data will be provided by the data subject.
In accordance with the provisions of Article 5 of the Regulation, the Personal Data processed will be:
1. processed lawfully, fairly and in a transparent manner in relation to the data subject;
2. collected and recorded for specified, explicit and legitimate purposes, and further processed in terms compatible with those purposes;
3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
4. accurate and, if necessary, updated;
5. processed in a manner that ensures an adequate level of security;
6. stored in a form which enables identification of the data subject for a period of time not exceeding the fulfilment of the purposes for which they are processed.
The processing will be carried out with manual, paper, computer and/or electronic tools, using organisational and processing logic strictly related to said purposes and in any case in such a way as to guarantee the security, integrity and confidentiality of the said data in compliance with the organisational, physical and logical measures provided for in the current provisions.
Communication of data
The personal data may be communicated to persons authorised to process them, as well as to external data processors appointed by the joint controllers (the complete list of external data processors is available on request to be presented to the joint controllers at the above-mentioned addresses), responsible for managing the above-mentioned purposes. In the pursuit of the above-mentioned purposes, the data may be communicated to other parties acting as autonomous controllers.
The personal data will not be disseminated.
Transfer of Data Abroad
For the above purposes, Personal Data will be processed within the European Economic Area (EEA). If Personal Data are transferred to Third Countries, in the absence of an adequacy decision by the European Commission, the provisions of the applicable legislation on the transfer of Personal Data to Third Countries will be respected, such as the Standard Contractual Clauses provided by the European Commission.
In general, Personal Data will be kept for the time strictly necessary to fulfil the purposes for which they were collected and processed, including the storage period required by applicable legislation and, in any case, for a maximum period of 10 years from the termination of the relationship with the joint controllers and for a maximum period of 2 years for the purposes for which your consent is required, unless the joint controllers need to defend their rights in court.
Rights of the data subject
Pursuant to EU Regulation 2016/679 art. 15 et seq. and the national legislation in force, the Data Subject may, in accordance with the procedures and within the limits provided for by the legislation in force, exercise the following rights:
- request confirmation of the existence of personal data concerning the data subject (right of access);
- know its origin;
- receive intelligible communication;
- obtain information about the logic, methods and purposes of the processing;
- request the updating, rectification, integration, erasure, transformation into anonymous form, blocking of data processed in violation of - -the law, including those no longer necessary for the purposes for which they were collected;
- the right to lodge a complaint with the supervisory authority (Data Protection Authority);
- as well as, more generally, to exercise all the rights recognised to the data subject by the applicable legal provisions.
The rights may be exercised by sending a request which must be addressed without procedural formalities to the joint controllers at the addresses indicated above.
Before providing a reply, the joint controllers may need to identify the data subject by requesting a copy of his or her identity document.
A written reply will be provided without undue delay and, in any case, no later than one month after receipt of the request.
Last modified: 17/06/2021