Privacy Policy – EU Regulation 2016/679
This page represents the "Privacy Policy" of this website and is intended to provide you with information on how the personal data of users who interact with this website, who use the services provided by it to users, are processed.
La presente informativa è resa solo per questo sito e non anche per altri siti web eventualmente consultati dall’utente tramite link presenti nelle pagine web di questo sito.
The EU Regulation 2016/679 on the protection of personal data (hereinafter, the "Regulation") establishes rules relating to the protection of individuals with regard to the processing of personal data, as well as rules relating to the free circulation of such data and protects the fundamental rights and freedoms of individuals, with particular reference to the right to the protection of personal data.
Art. 4 of the Regulation provides that for:
- “personal data” means any information relating to an identified or identifiable natural person (“data subject”)- art. 4 n. 1 of the Regulation
- “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;- art. 4, no. 2 of the Regulation.
Pursuant to art. 12 and ss. of the Regulation, it is also provided that the data subject must be made aware of the appropriate information relating to the processing activities that are carried out by the data controller and the rights of the data subjects.
A.P.T. Valsugana Soc. Coop., pursuant to Articles 13 and 14 of the Regulation, provides you the following information:
Data Controller
Azienda Per il Turismo Valsugana soc. coop.
Viale Vittorio Emanuele, 3
38056 Levico Terme (TN) – Italia
Mail:
info@visitvalsugana.it
Phone: +39 0461 727700
Purpose of processing and legal bases
The user's personal data will be processed for the pursuit of the following purposes and with the legal bases indicated below:
- for the correct management of the request for information sent via forms and / or emails to the addresses on the site, as well as for the processing of the request itself; the legal basis for the listed treatments is represented by art. 6 par. 1 letter b) of the 2016/679 EU Regulation
- processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, including subscribing to the information newsletter and / or registering for events requested by the user; the legal basis for the listed treatments is represented by art. 6 par. 1 letter b) of EU Regulation 2016/679;
- periodically send, via remote communication technologies (mail, telephone, sms, whatsapp, social networks), newsletters and marketing communications on the services and activities offered and promoted by the Data Controller; the legal basis is represented by consent as required by art. 6 par. 1 letter a) of EU Regulation 2016/679;
- ensure that the marketing communications relating to the services and activities offered and/or promoted by the Data Controller, as well as those of its partners and sponsors, including online advertising, are relevant to the interests of the data subject; personal data may be used to better understand the interests and preferences of the data subject in order to be able to predict which services, activities and information he may be most interested in, allowing us to customize communications to make them more relevant; the legal basis is represented by consent as required by art. 6 par. 1 letter a) of EU Regulation 2016/679;
- send e-mails and/or newsletters and marketing communications on the services and activities offered and promoted by the Data Controller, of the same type previously acquired data by the data subject, except for his/her refusal to treatment, which can be opposed at any time; the legal basis for this type of treatment is the legitimate interest of the Data Controller as provided for by art. 6 par. 1 letter f) of EU Regulation 2016/679;
- respond to requests sent by the user via email and/or form on the website; the legal basis for the listed treatments is represented by the contractual fulfillment as indicated in art. 6 par. 1 letter b) of EU Regulation 2016/679;
- make navigation of the site possible and functional, as well as guaranteeing an adequate level of security, integrity and availability of the same; the legal basis for this type of treatment is the legitimate interest of the Data Controller as provided for by art. 6 par. 1 letter f) of EU Regulation 2016/679;
- for the analysis of statistical data on aggregate and/or anonymous data, with the aim of monitoring the correct functioning of the website, usability traffic and interest; the legal basis for this type of treatment is the legitimate interest of the Data Controller as provided for by art. 6 par. 1 letter f) of EU Regulation 2016/679;
- ascertain, exercise and/or defend a right in court; the legal basis for this type of treatment is the legitimate interest of the Data Controller as provided for in art.6 par. 1 letter f) of EU Regulation 2016/679;
- to fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority; the legal basis for this type of treatment is represented by compliance with the law to which the Data Controller is subjected as required by art. 6 par.1 lett. c)
Data type
The data necessary for the pursuit of the aforementioned purposes will be collected and processed:
- identification data
- contact details
- data relating to the contractual relationship
- data relating to the preferences and interests of the data subject
Navigation data
During their normal operation, the IT systems and software procedures used to operate this website acquire some personal data whose transmission is implicit in the use of Internet communication protocols.
This is information that is not collected to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's computer environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing.
The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.
Refusal to provide data
Apart from what is specified for navigation data, users/visitors are free to provide their personal data. The provision of data is in some cases necessary because, any refusal to provide it, could result in the failure to conclude or incorrect fulfillment of the contract of which the data subject is a part and/or failure to comply with the legal obligations to which the Data Controller is subject.
The provision of data for treatments that require consent is optional, failure to provide it will not make it impossible to use the products / services offered by the owner. Even in the case of consent, the data subject will still have the right to subsequently object, in whole or in part, to the processing of their personal data for the purposes set out above, making a simple request to the Data Controller at the addresses indicated above.
Data source
The data will be provided by the data subject or collected from third parties.
Processing methods
In accordance with the provisions of art. 5 of the Regulation, the personal data being processed will be:
- processed in a lawful, correct and transparent way towards the interested party;
- collected and recorded for specific, explicit and legitimate purposes, and subsequently processed in terms compatible with these purposes;
- adequate, relevant and limited to what is necessary with respect to the purposes for which they are processed;
- exact and, if necessary, updated;
- treated in such a way as to guarantee an adequate level of security;
- stored in a form that allows the identification of the interested party for a period of time not exceeding the achievement of the purposes for which they are processed.
The treatment will be carried out both with manual and/or IT and telematic tools with organization and processing logics strictly related to the purposes themselves and in any case in order to guarantee the security, integrity and confidentiality of the data in compliance with the organizational, physical measures and logics required by current provisions.
Data communication
Personal data may be communicated to the persons authorized to process, as well as to the external data processors appointed by the Data Controller (the complete list of external managers is available from the Data Controller), responsible for managing the purposes set out above. As part of the pursuit of the aforementioned purposes, the data may be disclosed to other subjects who act as independent Data Controllers.
Data dissemination
Personal data will not be disseminated.
Data transfer abroad
For the purposes indicated above, personal data will be processed within the European Economic Area (EEA). If they are transferred to third countries, in the absence of an adequacy decision by the European Commission, the provisions of the applicable legislation on the transfer of personal data to third countries will be respected, such as the Standard Contractual Clauses provided by the European Commission. For partners and sponsors whose establishment is located in non-EU countries, consent for the transfer is required and for each person with these characteristics the country will be specified.
Data retention
In general, personal data will be kept for the time strictly necessary to pursue the purposes for which they were collected and subjected to processing, including the retention period required by applicable legislation and, in any case, for a maximum period of 10 years from the termination of the relationship between the Data Controller anda data subject, for a maximum period of 2 years or until revocation for the purposes in which your consent is required, except for the possible need of the Data Controller to defend his right in court.
Rights of the data subjects
Pursuant to EU Regulation 2016/679 art. from 15 to 22 and of the current national legislation, the data subject may, according to the methods and within the limits established by the current legislation, exercise the following rights:
- request confirmation of the existence of personal data concerning him (right of access);
- know its origin;
- receive intelligible communication;
- have information about the logic, methods and purposes of the treatment;
- request the updating, correction, integration, cancellation, transformation into anonymous form, blocking of data processed in violation of the law, including those no longer necessary for the pursuit of the purposes for which they were collected;
- as well as, more generally, exercise all the rights that are recognized by the current provisions of the law.
The exercise of rights may take place by sending a request that must be addressed without any formality to the Data Controller at the addresses indicated above.
Before providing an answer, the Data Controller may need to identify the data subject, by requesting to provide a copy of his identity document.
Written feedback will be provided without undue delay and, in any case, no later than one month after receipt of the request.
Complaint
In the event that the data subject believes that the processing of their personal data violates the provisions of EU Regulation 2016/679, he has the right to lodge a complaint with the supervisory authority, pursuant to art. 77 of the Regulation itself, as well as resorting to the judicial authority.