This information has been provided exclusively for this site and no other websites consulted by the user through the links present in the pages of this website.
EU regulation 679/2016, concerning the protection of personal data (hereinafter the “Regulation”), establishes standards relating to the protection of individuals with regard to the processing of their personal data, in addition to standards regarding to the free circulation of this data and protects the fundamental rights and liberties of individuals, with particular regard to the right to the protection of their personal data.
Article 4 no. 1 of the Regulation stipulates that “Personal Data” is to be understood as any information that may concern an identified or identifiable individual (hereinafter the “Data Subject”).
“Processing” is to be understood as the operation of complex of operations, performed with or without the assistance of automated processes and applied to Personal Data or sets of Personal Data, such as the collection, registration, organisation, structuring, preservation, adaptation or amendment, extraction, consultation, use, transmission, dissemination or any other form of disclosure, comparison or interconnection, restriction, deletion or destruction (Article 4 no. 2 of the Regulation).
Pursuant to Articles 12 and following, it also stipulates that the Data Subject must be made aware of the appropriate information relating to the Processing activities to be performed by the Data Controller and of the rights of the Data subjects.
Madonna di Campiglio Azienda per il Turismo S.p.A.
Via Pradalago 4
38086 – Madonna di Campiglio (TN)
Tel.: +39 0465 447501
The user’s personal data will be processed in pursuit of purposes and on the legal basis indicated below:
The Data necessary for the pursuit of the objectives described above will be collected and processed:
Computer systems and software processes responsible for the functioning of this website will acquire certain personal data in the course of their normal use, for which transmission is implied when using internet communication protocols.
This concerns information that is not collected in order for it to be associated to identified Data Subjects, but which due to their same nature could, through processing and association with data held by third parties, enables users to be identified.
Falling into this category is data such as the IP addresses or domain names of the computers used by users visiting the site, addresses in the URI (Uniform Resource Identifier) notation of the requested resources, the time requested, the method used to make the request to the server, the size of the file received in response, the numeric code indicating the status of the response given by the server falls into this category (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment.
This data is used exclusively to pull anonymous statistical information concerning the use of the site and to monitor that it is functioning correctly and is immediately deleted after processing.
The data could be used to ascertain liability in the event of hypothetical cyber crimes against the site.
Apart from what is specified for the navigation data, user/visitors are free to provide their own personal data. The provision of Data is required in some cases, as any refusal to provide it could lead to a failure to conclude, or the incorrect fulfilment of the contract of which the Data Subject is a party and/or a failure to comply with legal obligations that the Controller is subject to.
The provision of Data for processing requiring consent is optional, failure to provide it will not lead to users being unable to benefit from the products/services offered by the Controller. Even in the event where consent is provided, the Data Subject will in any case be entitled to subsequently object, fully or in part, to the processing of their personal data for the above purposes, simply by making a request to the Controller at the above contact details.
Data will be provided by the Data Subject or collected from third parties.
With reference to the provisions of Article 5 of the regulation, the Personal Data subject to processing will be:
Processing will be carried out using both manual and/or computerised and electronic methods using organisational and processing logic strictly related to the purpose itself and in any case in such a way that guarantees the security, integrity and confidentiality of the data in compliance with the organisational, physical and logical measures stipulated by the provisions in effect.
Personal Data may be communicated to parties authorised for processing, as well as to external managers appointed for processing by the Controller (the full list of external managers is available from the Controller), responsible for managing the purposes described above. With their consent, the Data may also be communicated to the Controller’s third party sponsor companies and/or commercial partners who may use it for the purposes described in no. 3) of the Article concerning “Purposes of Processing” cited above. In the context of pursuing the purposes stated above, the Data may be communicated to other parties acting as autonomous Controllers.
Personal data will not be subject to dissemination.
For the purposes stated above,Personal Data will be processed within the European Economic Area (EEA). If it were to be transferred to a Third Party country, in the absence of an adequacy decision by the European Commission, the provisions stipulated by the applicable legislation concerning the transfer of Personal Data to Third Party Countries will be complied with, such as the European Commission’s Standard Contractual Clauses.
In general, Personal Data will be stored for the time strictly necessary for the pursuit of the purposes for which it was collected and subjected to processing, including the storage period required by the applicable legislation and, in any case, for maximum of 10 years from the termination of the relationship with the Controller, and for a maximum of 2 years for the purposes in which consent was required, unless there is a need for the Controller to defend their rights in court.
Pursuant to European Regulation 679/2016, Articles 15 to 21 and the national legislation on the subject, the data subject may, in accordance with the methods and within the limits set down by the legislation in force, exercise the following rights:
- request confirmation of the Personal Data concerning them (right of access);
- discover its origin;
- receive an intelligible communication;
- receive information concerning the logic, methods and purposes of the processing;
- request that it be updated, supplemented, corrected, deleted, anonymised, that it be blocked from processing that is in breach of the law, including that which is not necessary for the purposes for which it has been collected;
- the right to make a complaint to the Data Protection Authority;
- additionally, more generally, to exercise all of the rights that have been recognised to them by the legal provision in force.
The exercise of these rights can occur by sending a request, which must be addressed without formality to the Data Controller at the addresses stated above.
The Data Processor appointed by the Data Controller can be contacted via mail at: firstname.lastname@example.org
Template version: 2.1
Last edit: 02/08/2021