updated to the EU Reg 2016/679 (GDPR)
On this page the management of the personal details performed by this website will be explained as for the Users consulting it and/or interacting with the web services it provides.
1 - DATA PROTECTION OFFICER (RPD/DPO)
The data protection officer of the website is Garda Trentino S.p.A - Azienda per il Turismo, via Largo Medaglie d'oro, 5, 38066 - Riva del Garda (TN) - Email firstname.lastname@example.org - tel +39 0464 554444 - Fax +39 0464 025442
The Data Protection Officer (RPD/DPO) is on call at email@example.com
2 - TYPE OF PERSONAL DATA, SCOPES AND LEGAL BASIS OF THIS REGULATION
2.1 - Intentionally provided data by the User for the requested Services
To have access to the offered services/information, would the user provide some of his/her personal data on purpose, collected by some special forms on the website, this action will involve the Personal Data Officer in the collection of these data as to be able to provide the requested services. Specifically:
Newsletter/Direct marketing campaigns/Commercial activities: given the User’s prior consent, the personal data can be collected for the above-mentioned scopes.
Promotional material submission: the personal address is collected to arrange for the free shipping of promotional materials (leaflets, maps, guides).
Request to accommodation facilities or ancillary services: personal details like name, surname, email address, as well as additional personal details of the User are collected to arrange for the handling of the requested information.
Bookings of accommodation facilities or ancillary services: personal and contractual data are collected for the booking, payment and supply of the requested services.
Statistics: few of the data collected by the users (like the nationality) are used for statistical purposes, implying that the result of processing for statistical purposes is not personal data, but aggregate data.
Some of the requested data are necessary for the supply of services and are marked with an asterisk. Some other data are discretionary and may be given by the User to allow a more complete and tailor-made service or, prior to the consent provided for by the law, to receive information and commercial materials, or to analyse the personal interests and details as well as habits or purchasing selections.
According to the requested services, hence the regulation scopes are:
The legal basis of the regulation consists in complying with the contract obligations if requested by the User, as well as for the discretionary services carried out with the consent of the person concerned.
When necessary, some specific concise reports and potential consent requests will be gradually given or displayed on the website pages devoted to the specific service requests.
2.2. - Web surfing data
Together with what is hereafter provided for the cookie, during their working the IT systems and the software procedures necessary to the functioning of this website may acquire some personal data whose transmission is implicit in the use of the Internet protocols.
These are details collected not to be associated to identified people involved, but they may allow to identify the Users through the processing of third parties data.
This type of data includes the IP addresses or the domain names of the User’s computers connecting to the website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the mean of submitting the request to the server, the size of the file obtained, the digital codes identifying the progress of the answer given by the server (positive ending, error, etc.) and other parameters connected to the User’s operating system and IT framework.
These data are used for anonymous statistical purposes about the use of the website and to check the proper functioning.
Data may be used to identify the responsibilities in case of computer violations to the website.
The website uses Google Analytics, a web analysis service provided for by Google, Inc. ("Google").
WIth regards to it, see the Google Analytics cookie usage.
Hence, the regulation scopes for these data are:
The legal basis of the data regulation is hence the legitimate interest of the owner to carry out and improve the website services.
2.3 Cookies and tracking
A cookie, or similar, is a small piece of data sent from a website and stored on the user's computer by the user's web browser while the user is browsing, designed to identify the Users or enable some specific functions. These cookies are used by the Owner and his partners for technical, statistical and/or profiling purposes.
It is possible to configure the browser as for the cookie acceptance to be denied or notified before a cookie is stored.
The legal basis of the regulation is therefore the legitimate interest of the owner in case of technical cookies and the consent of the person involved for the profiling cookies.
3 - THIRD PARTIES COMMUNICATION
3.1 - Intentionally provided data by the User
The personal data submitted by the User are managed by the internal operators of the abovementioned site management companies (both associates and employees) according to the competences and the connected duties and/or potential contract obligations.
Some data may be transferred to: external subjects and companies which need the personal data for the performing of the requested service, or for the management of the contract with the person involved (consulting, strategy and IT companies, hosting companies or service management, or sending of information and material, assurance companies) according to the abovementioned manners and scopes.
3.2 - Data distribution
No data collected by the web services will be spread, with it meaning that giving knowledge in any ways to a multitude of undetermined subjects.
4 - THIRD COUNTRIES TRANSFER
The personal and other types of data provided for by the User may be transferred to countries outside the European Union for the above-mentioned scopes. Whenever we transfer your personal data out of Italy, we ensure the respect to current regulations about the international data transfer in accordance with the art. 44 of the 2016/670 EU Regulation and the local law in force.
5 - MANAGING THE DATA
The personal data may be managed with computer programmes and respecting the privacy and the protection measures in accordance with the law in force. Some specific security measures are respected in order to prevent the data leakage, the illegal or incorrect usages and the unauthorised accesses.
6 - DATA STORAGE PERIOD
Data provided by the User: The personal data provided by the User are stored for the period necessary to accomplish with the cited scopes and, when necessary, to comply with the contract, tax and law obligations for the period of time expected by the local regulation in force.
Web surfing data: 26 months
7 - AUTOMATED PROCESSES
8 - DATA PROVISION AND CONSEQUENCES FOR THE UNSUCCESSFUL PROVISION
Together with what has been specified for the web surfing data, the User is free to provide the personal data contained in the service request forms on the website. The unsuccessful provision of the mandatory data doesn’t allow to carry out the requested service. The unsuccessful provision of the discretionary data may imply instead the supply of an incomplete service, or rather the impossibility to perform some further activities by the Owner.
9 - RIGHTS OF THE PEOPLE CONCERNED, COMPLAINT POWER AND WITHDRAWAL OF THE CONSENT
The people involved have the right to access their personal data, its rectification, its erasure, to restrict processing, to object to processing and the right to data portability, under the data protection law at any time.
The person concerned has the right to withdraw as to whether or not we process your personal data, without comprising the legal consent given before the withdrawal.
It may be remembered that, once deleted, the personal data can’t be retrieved anymore, and also the stored contents will be erased permanently. The User’s personal data will be deleted also when they will not be necessary for the purposes they have initially been collected for.
To exercise your legal rights and to know the full list of the data protection officers for each area of activity, or to have further information on the international data transfers and related warranties, you could send a request to the email address: firstname.lastname@example.org. The request will be processed as soon as possible, and no later than 30 days.
The person involve has also the right to file a complaint to a supervisory Authority on data protection in the country where he lives or works or where the presumed violation has been made.
10 - MINORS, TRUTHFULNESS OF THE PROVIDED DATA AND USER’S OBLIGATIONS
This website doesn’t address its services to children and minors, as in the local regulation.
We reserve the right to contact the User and to verify these requirements and, when they are missing, the right to stop or interrupt the provided services.
Last update: 02/2019