Pursuant to Regulation (EU) 2016/679 (hereinafter "Regulation") this page describes the methods for processing the personal data of users who consult the websites of the Consortium for the promotion of tourism in Valchiavenna accessible electronically at the following addresses:
This information does not concern other websites, pages or online services that can be reached through hyper-textual links that might be published on the sites but referenced to resources outside the domain of the Consortium for the promotion of tourism in Valchiavenna
The same Consortium for the promotion of tourism in Valchiavenna guarantees compliance with the legislation on the protection of personal data (Reg. 2016/679/EU). Users are therefore invited to read this page carefully before submitting any personal information and/or filling in any electronic forms on the site.
The data controller of personal data is the Consortium for the promotion of tourism in Valchiavenna with its base in Chiavenna (SO), Piazza Caduti per la Libertà 3, P. IVA e C.F 00738460146, tel. 0343 37485, e-mail firstname.lastname@example.org, pec email@example.com
Responsibility for data protection (“DPO” or “RPD”)
The Data Controller has appointed a Data Protection Officer (DPO) who can be contacted for information at the e-mail address: firstname.lastname@example.org.
Objective of the Processing
1) Navigation data
The computer systems and software procedures used to operate this site will acquire, during normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes:
Internet Protocol (IP) address or domain name of the computers and terminals used;
type of browser and device parameters used to connect to the Site;
the addresses of the URI/URL(Uniform Resource Identifier/Locator) of the resources requested or the means used to submit the request to the server;
name of the internet service provider (ISP);
date and time of visit;
web page of origin (referral) and the User's exit;
potentially the number of clicks;
the size of the file secured in response;
the numerical code indicating the status of the response given by the server (successful, error etc.);
other parameters relating to the operating system and the IT environment of the device used.
This information is processed in automated form and collected exclusively in an aggregated manner in order to verify the correct functioning of the Site. Navigation data endures for no more than seven days and are deleted immediately after their aggregation, except for any investigations of computer violations against the site. No data originating from the web service will be communicated or disseminated.
2) Data provided voluntarily by Users
In the case of Users, connecting to this Site, sending their personal data in order to access certain services, or to make requests by e-mail, they are aware that this involves the procurement by the data Controller of the sender's address and/or further personal data that will be processed exclusively in order to respond to the request, or for the provision of the service. The personal data provided by Users will be disclosed to third parties only if the communication is necessary to comply with the requests of the users/visitors themselves or by legal obligation (as in the case of invoicing).
The processing is carried out through automated tools (e.g. using electronic procedures and support) by persons specifically appointed, authorised and instructed in the processing pursuant to articles 28 and 29 of the Regulation for the time strictly necessary to effect the purposes for which the data has been collected, and in any case in compliance with the regulations in force on the subject. We inform you that appropriate security measures are also observed pursuant to art.5 and 32 of the Privacy Regulation to prevent data loss, illicit or incorrect use and unauthorised access.
The aims of the processing carried out by the Data Controller:
a. collection, storage and processing to facilitate the establishment and operational and administrative management of the contractual relationship in connection with the development of the established contractual rapport and the delivery of the services offered on the site including subscription to information newsletters;
b. responses to user requests (in the case of spontaneous e-mails)
c. processing of personal data provided and other obtained from Site browsing in order to provide a service consistent with the information transmitted during service use;
d. collection, storage and processing of data to facilitate statistical analysis in anonymous and/or aggregate form;
Should the Data Controller have the intention of the further processing of personal data for purposes other than that for which they were collected, prior to such processing it will provide the interested party with information on the ulterior purpose along with other relevant information.
Legal base of the processing
The legal base of the processing of User data carried out by the Data Controller through the Site exists in the contract agreed upon with the interested parties, or in the pre-contractual phase connected to it, while, in the absence of this the legal base can be found in the legitimate interest of the Data Controller. With regard to any additional purpose that requires consent, it will be requested using an appropriate form and must be considered equally on a valid legal basis.
Discretionary or compulsory provision of data
Apart from what is specified for navigation data that is obtained automatically, users/visitors are free either to provide further personal data or indeed not. Failure to provide them might result in the unfeasibility of obtaining what has been requested. The optional. explicit and voluntary sending of e-mails to addresses indicated on this site will entail the procurement of the sender's address, necessary in order to respond to the service request, for product or information, as well as any other personal information included in the communication.
In addition to the Data Controller, in some cases certain categories of managers/authorised persons involved in the corporate organisation of the Site (administrative, commercial, marketing, legal, system administrators) might have access to the data. Furthermore the Data Controller may make use of external individuals (such as third party technical service providers, transporters, hosting providers, cloud service, IT companies, communication agencies) who may be appointed as external managers. To those authorised or in designated managerial posts, the Company gives adequate operating instructions, with particular reference to the adoption and compliance with security measures, in order to guarantee the confidentiality and security of the data. An updated list of Managers can always be requested from the Data Controller by contacting the address indicated above.
Transfer to a third Country
The Data Controller uses servers located in the following countries for the services offered by the site:
and therefore on the basis of Reg. 2016/679/EU to be considered appropriate as falling within the scope of the EU.
The data processed by the Data Controller will not be disseminated.
Time and date of data conservation
Data are processed only for the time necessary to undertake the service requested by the User and then eliminated safely and securely, without prejudicing the possible necessity for the Data Controller to defend their rights in court.
Rights of interested parties
With reference to the data processed the User has the right to
1. obtain confirmation of the existence or otherwise of your personal data, their communication in an intelligible form and awareness of their origin, as well as the logic on which the processing is based;
2. request the cancellation, with an appropriate period of your data, their transformation into anonymous form or the blocking of those processed in violation of the law;
3. obtain the updating of data, their correction or, if of interest their integration;
4. object, in whole or part for legitimate motives, to the processing of personal data concerning yourself;
5. request the correction or cancellation of data concerning yourself or the restriction of processing.
6. withdraw consent to data processing, should it be called for;
For this purpose, the Data Controller invites Users to submit a request in writing, including date and signature, sending it by e-mail, certified e-mail or registered letter. The outcome of the application will be provided within a month, except in particularly complex cases for which the response could take up to three months. In all cases, the Data Controller will explain the reason for any delay within one month of the request.
The result will be provided in writing or electronically. In the event of the User requesting the correction, cancellation as well as limitation of the processing, the Data Controller undertakes to communicate the results of any request to each of the recipients of the data, unless this proves impossible or might involve disproportionate endeavour. We remind you that the withdrawal of consent does not affect the legitimacy of the processing based on consent given prior to its withdrawal.
The User has the right to lodge a claim, as established by Art, 77 of the Regulation, to the Guarantor for the protection of personal data in the manner indicated on the institutional website of Privacy Guarantor www.garanteprivacy.it.
Automated decision-making processes
No automated decision-making processes are carried out on the aggregate data collected, if not settled within the best management of the site.