*updated to EU Reg 2016/679 (GDPR)
This page describes how personal data are processed through this website with reference to users consulting it and/or interacting with the web services provided through it.
1 - DATA CONTROLLER and DATA PROTECTION OFFICER (DPO)
The data controller of the data processed through the website is Garda Dolomiti S.p.A. - Azienda per il Turismo, via Largo Medaglie d'oro, 5, 38066 - Riva del Garda (TN) - Email firstname.lastname@example.org - tel +39 0464 554444 - Fax +39 0464 025442.
The Data Protection Officer (DPO) can be reached at the following email address: email@example.com
2 - TYPES OF DATA PROCESSED, PURPOSE AND LEGAL BASIS FOR PROCESSING
2.1 - Data voluntarily provided by the user for requested services
If, in order to access the services/information offered, the user voluntarily provides some of his or her personal data, collected through specific forms on the website, this action entails the acquisition of such data by the Data Controller in order to provide the services requested. In particular:
- Newsletter/Marketing/Commercial Communications: with the user's consent, personal data may be collected for the above-mentioned purposes;
- Request for information: data (personal details, contact details, holiday preferences and reason for request) are collected in order to provide the information (e.g. general information request on scope);
- Information request for third parties on the portal: data (personal details, contact details, holiday preferences and reason for the request) are collected and communicated to the third parties concerned in order to process the request (e.g. request for availability of a room, a table in a restaurant or requests concerning an event);
- Statistics: some data collected from users (such as the type of device used to connect to the website) are used, exclusively in aggregate form, for statistical analysis.
Some of the data requested in the forms are mandatory for the provision of the service and are indicated with an asterisk. Other data are purely optional and may be entered by the user to enable a more complete and personalised service or, subject to consent in the cases provided for by current legislation, to receive informative and commercial communications or to analyse interests and personal information or habits or consumption choices.
The purposes of the processing, are therefore, depending on the services requested:
- Execution of the service requested by the user by filling in forms on the website;
- Fulfilment of contractual and legal, administrative and accounting obligations related to the booking, payment, provision of the requested services;
- Communication with the customer regarding the requested service;
- Marketing activities and the sending of related commercial communications subject to the consent of the data subject;
- Prevention of fraud and abuse to the detriment of the website.
The legal basis for processing is the fulfilment of contractual obligations if and to the extent requested by the user, as well as for optional services performed with the consent of the data subject.
Specific summary information and requests for consent, if necessary, will be progressively reported or displayed on the pages of the website set up for particular on-demand services.
2.2 - Browsing Data
In addition to the information below regarding cookies, during normal operation the computer systems and software procedures used to operate this website acquire certain personal data the transmission of which is implicit in the use of Internet communication protocols.
This is information that is not collected in order to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes the IP addresses or domain names of the computers used to connect to the website, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment.
This data is used to obtain anonymous statistical information on the use of the website and to check its correct functioning.
The data could be used to identify liability in the event of possible cybercrimes against the website.
The website uses Google Analytics 4, a web analysis service provided by Google, Inc. ('Google').
The purposes of processing for such data are therefore:
- To enable operation of the website and performance of the services requested by the user;
- To monitor and improve the functioning of the website;
- To obtain and use statistical information on the use of the website;
- To establish liability in the case of hypothetical computer crimes.
The legal basis for the processing of such data is therefore the data controller’s legitimate interest in the performance and improvement of the website services provided.
2.3 - Cookies and Tracking
A cookie, and similar technologies, are small pieces of information used to store technical and/or personal details on the computer, to identify users of a service and to enable certain functionalities.
These cookies are used by the data controller and its partners for technical, statistical and/or profiling reasons. You can configure your browser so that accepting cookies is, in principle, denied or you are notified before a cookie is stored.
The legal basis for processing is therefore the data controller’s legitimate interest in the case of technical cookies and the data subject’s consent in the case of profiling cookies.
For more information on the cookies used by the services and how to reject them, visit the section on cookies by clicking here.
3 - DISCLOSURE OF DATA TO THIRD PARTIES
3.1 - Data provided voluntarily by the user
The personal data provided by the user are managed by subjects inside the above-identified data controller companies (collaborators and employees) according to their skills and within the scope of their duties and/or contractual obligations.
Some data may be communicated to: external subjects/companies to whom the communication of personal data is necessary or in any case functional for the performance of the service requested or the management of the contractual relationship with the data subject (consultancy, strategic, IT, hosting companies or companies that manage services on behalf of the Data Controllers, or send documentation or material, insurance companies) in the manner and for the purposes illustrated above.
3.2 - Diffusion of Data
No data from the web services is diffused, with said term meaning the disclosure of such data in any way to an unspecified number of persons.
4 - TRANSFER TO THIRD COUNTRIES
The personal data provided by the user and other types of processed data and browsing data may be processed or transferred to non-EU countries, for the above-mentioned purposes, in compliance with the regulations in force on the transfer of data to third countries pursuant to Article 44 et seq. of EU Reg. 2016/670 (GDPR) and the local regulations in force.
5 - PROCESSING METHODS
Personal data are processed using IT tools and in compliance with the confidentiality and protection measures provided for by current legislation. Specific security measures are observed to prevent loss of data, unlawful or incorrect use and unauthorised access.
6 - DATA RETENTION PERIOD
Data provided by the user: The personal data provided by the user are stored for the period required to fulfil the stated purpose(s) and, if necessary, for the fulfilment of contractual, fiscal and legal obligations for the period provided for by the local legislation in force.
Browsing data: 26 months
7 - AUTOMATED PROCESSES
Automated decision-making processes (e.g. cookies) may be carried out for the website's functions and/or automated processes aimed at analysing the user's habits, choices and browsing patterns, through cookies or third-party services, subject to the consent of the data subject as specified below.
8 - PROVISION OF DATA AND CONSEQUENCES OF FAILURE TO PROVIDE DATA
Apart from what is specified for browsing data, the user is free to provide personal data on the website's service request forms. Failure to provide the mandatory data, however, will not allow the requested service to be executed. Failure to provide the data indicated as optional, on the other hand, could result in the provision of an incomplete service and the impossibility of carrying out the Controller's further activities.
9 - RIGHTS OF DATA SUBJECTS, RIGHT TO LODGE A COMPLAINT AND WITHDRAWAL OF CONSENT
Subjects for whom personal data have been collected, in the manner described in this Policy, have the right at any time to request access to their personal data, or rectification, deletion, and restriction thereof, to object to the processing and to exercise the right to data portability, if the legal requirements are met.
The data subject has the right to revoke any consent given to the processing of data at any time, without prejudice to the lawfulness of the processing based on the consent given before the revocation.
It should be borne in mind that once one's personal data has been deleted, it can no longer be recovered, and stored contents will also be permanently deleted. The user's personal data will also be deleted when they are no longer required for the purposes for which they were originally collected.
To exercise your rights under current data protection legislation and to know the full list of the External Data Processors appointed for each area and activity or to obtain information on the transfer of data to non-EU countries and their guarantees, you may write to firstname.lastname@example.org We will reply to your request as soon as possible, in all cases within a maximum of 30 days.
The data subject also has the right to lodge a complaint with a data protection authority located in particular in the Member State where he/she normally resides or in the Member State where he/she works or where the alleged infringement took place.
10 - MINORS, TRUTHFULNESS OF ENTERED DATA AND USER'S OBLIGATIONS
This website does not address its services to children and minors, as understood by local law.
In any event, we reserve the right to contact the user and check that he or she meets said requirements and, in the event of failure to do so, the right to interrupt or suspend the services provided.
Date last updated: 07/2023