REGULATION (EU) 2016/679 - GDPR
Information for processing of personal data acquired
As required pursuant to GDPR EU Reg. 2016/679 (European Regulation on the Protection of Personal Data), we provide the information required for the processing of the personal data provided. The information should not be considered appropriate for other websites that may be consulted by means of the links presented on websites owned by the controller, who should not in any way be deemed responsible for third-party websites.
Personal data that can be processed: “personal data”: any information regarding an identified or identifiable natural person (“interested party”); a natural person is considered identifiable if such person can be identified, whether directly or indirectly, with particular reference to an identifier, such as a name, an identification number, location data, an online identifier or one or more of the elements characteristics of their physical, physiological, genetic, psychological, economic, cultural or social identity (C26, C27, C30 EU Reg. 2016/679).
Data Controller: Azienda Promozione Turistica Dolomiti Paganella
Owner of email address to which requests are sent: firstname.lastname@example.org
Personal Data Collected
At this site, we acquire personal data by means of the behavioral entry data forms during normal content consultations. The data is processed for the following purposes and using the following services at the corresponding storage and handling sites:
CONTACT USER/DISPATCH ORDERS AND REQUESTS
Mailing List or Newsletter Personal data acquired: name, surname, email, language. Processing site: Italy, Europe
Contact Form Personal data acquired: name, surname, email, address, certified email, country, province, telephone, processing site: Italy, Europe
INTERACTION WITH SOCIAL NETWORKS AND EXTERNAL PLATFORMS
Share social buttons, add-this plugin, other plugins Personal data acquired: anonymous, cookies and use data. Processing site: USA, Europe
REGISTRATION AND AUTHENTICATION
Direct registration Personal data acquired: name, surname, email, address, certified email, nation, province, telephone and various types of also in multiple forms (billing, shipping, gift option), Processing site: Italy, Europe
Remarketing AND behavioral targeting
AdWords Remarketing, Facebook Remarketing e Remarketing con Google Analytics per la pubblicità display Personal data acquired: Cookies and anonymous Use Data Processing site: USA
Google Analytics and Google Analytics with anonymized IP Personal data acquired: Cookies and anonymous Use Data. Processing site: USA.
Newsletter Stats. Personal data acquired: Behavioral use data, also non-anonymous. Processing site: Italy.
DISPLAY OF CONTENTS FROM EXTERNAL PLATFORMS
Widget and Embed conents such as: Vimeo, Youtube, TripAdvisor, Trust You, Google Map, Personal data acquired: Cookie and Use Data. Processing site: USA
Web Services content automatically imported from external data sources Personal data acquired: none
Users may exercise certain rights with respect to the Data processed by the Data Controller.
Specifically, the User has the right to:
- withdraw consent at any time. The user may withdraw consent previously provided to the processing of his or her Personal Data.
- object to the processing of his or her Data. The User can object to the processing of his or her Data when such objection has a legal basis other than consent. Further details regarding the right of objection are provided in the section below.
- access their Data. The User has the right to obtain information regarding the Data processed by the Data Controller, regarding certain aspects of the processing and to receive a copy of the Data processed.
- verify the accuracy and request the correction. The User may verify the accuracy of his or her Data and request its update or correction.
- obtain limitation on processing. When certain conditions are met, the User may request limiations on the processing of his or her Data. In such case, the Data Controller will not process the Data for any purpose other than its storage.
- obtain the deletion or removal of his or her Personal Data. When certain conditions are met, the User may request that the Data Controller delete his or her Data.
- receive his or her data or request its transfer to another data controller. The User has the right to receive his or her data in a structured, commonly-used format that is readable by an automatic device and, where technically feasible, to obtain its transfer without hindrance to another data controller. This provision is applicable when the Data is processed with automated tools and the processing is based upon the consent of the User, on a contract to which the User is a party or on contractual measures related thereto.
- file a complaint. The User may file a complaint before the the competent personal data protection oversight authority or before a judicial body.
DETAILS ON THE RIGHT OF OBJECTION
When Personal Data is processed in the public interest, in order to exercise public authority with which the Data Controller has been vested or in order to pursue a legitimate interest of the Data Controller, Users have the right to object to processing for reasons related to their particular situation.
Users are reminded that, in the event that their Data is processed for direct marketing purposes, they may object to the processing without providing any reasons. In order to determine whether the Data Controller is processing data for direct marketing purposes, Users may refer to the respective sections of this document.
HOW TO EXERCISE RIGHTS
In order to exercise the User’s rights, Users may direct requests to the contact details of the Data Controller indicated in this document. Requests are deposited free of charge and processed by the Data Controller as soon as possible, in any case, within one month. Some editing functions may be exercised independently by the user, as reported in the following section.
Recipients and sharing of data with third parties
We never sell personal information to third parties. We do not exchange, share or transfer your personal data to third parties, except in the following limited circumstances.
Personal data provided may be disclosed to recipients who will process the data as managers and/or as natural persons who act under the authority of the Data Controller and the Data Manager in order to comply with contracts or for related purposes.
Specifically, your personal information may be disclosed to recipients in the following categories:
- to our parent companies, subsidiaries and affiliates;
- to third-party service providers to enable these individuals to provide services that help us in our business activities, which may include marketing assistance, customer support, data analysis, advertising of our product/supply offerings/services, maintaining and improving the features and functionality of products and services. For example, we may provide personal data to our service providers for sending direct e-mail of our newsletters or notifications of our product/service offerings;
- with our commercial partners who offer you a service in collaboration with us, for example, during a cross-promotion;
- with online banking institutions and not to process the payment of services or goods (booking, ecommerce, services);
We may also share and/or transfer your personal data if we are involved in a merger, acquisition, bankruptcy or any form of corporate transformation.
We may share your personal information with third parties (outside the above categories) if we have your explicit consent to do so.
We may also share aggregate or anonymized data with third parties for other purposes. This data does not identify the user individually, but may include data on the use, display and behavior of users.
Security of your personal data
We use a number of technologies and security procedures to protect personal data from unauthorize access, use or disclosure. We protect the personal data provided on the cloud and local servers in controlle and secure environments, protected from unauthorized access, use or disclosure. When the personal data is confidential (like credit card numbers and/or geographic data), it is collected on our App and/or transmitted to another website, is protected through the use of cryptography, such as the Secure Socket Layer (SSL) protocol.
This site is equipped with an https certificate which makes it more secure, especially for the personal information entry processes.
User control of data
For Users for whom we store Personal Data acquired in the past, we offer an opt-out opportunity according to which the User may be removed from the lists and withdraw consent to our use of the Data. If you decide to withdraw, we are no longer able to provide certain functions or fulfill your requests.
On the contrary, for new users, an opt-in certification and, specifically, a double opt-in certifying the date provided in a first insertion and expression of consent to processing of the Data is mandatory. The user is always able to manage his or her profile and is also able to withdraw consent.
If you no longer wish to receive our newsletter and promotional communications, you may opt not to receive them by following the instructions included in those communications or offers. Please note, however, that customers may not choose to not receive transactional emails relating to their account.
Access to your personal area
ACCESS AND UPDATE PERSONAL DATA
Newsletter: each newsletter includes access to the personal area where you may change or correct inaccurate data or delete such data.
Areas reserved following registration: you may access, review, correct, update, change your data at any time. Independently. If you have forgotten your credentials, you may recover them. To do so, please contact the email provided for the Data Controller with your name and the data required for access, correction or removal, or log onto your account, go to your profile and make the desired changes. We may refuse to process requests that are unreasonably repetitive or systematic.
Storage of personal data
We store the Personal Data collected using the deadlines indicated below and as long as we believe they may be used to contact you regarding the service requested, commercial information, subscription services and, if necessary, regarding our legal obligations, to resolve disputes and to enforce our agreements: to eliminate them.
Data storage time varies according to the type of data, as follows:
- for requests for contacts, information or reservations (no expiration);
- newsletter or promotional communications, usually via e-mail (no expiration);
- fulfillment of contractual obligations, pursuant to law and administrative-accounting purposes (maximum 10 years, except for greater or lesser terms established by law);
Once the storage period has concluded, the Personal Data will be deleted. Therefore, right of access, the right to deletion, the right to correction and the right to data portability can no longer be enforced after conclusion of the storage period.
No minors under 18 years of age