Privacy Policy

Why this notice

This notice applies solely to the website www.stralivigno.it (hereinafter referred to as the “site”) and not to any other websites that the user may access through links provided on this site.
This notice is also inspired by Recommendation No. 2/2001 of May 17, 2001, Opinion No. 04/2012 on Cookie Consent Exemption of June 7, 2012, and Working Document 02/2013 on obtaining consent for cookies of October 2, 2013, issued by the European data protection authorities within the Article 29 Working Party established under Directive 95/46/EC.
These documents outline certain minimum requirements for the collection of personal data online, specifically regarding the methods, timing, and nature of the information that data controllers must provide to users when they access web pages, regardless of the purpose of the connection.

THE DATA CONTROLLER

Following the consultation of this website, data relating to identified or identifiable natural persons (so-called “data subjects”) may be processed.

The Data Controller is Azienda di Promozione e Sviluppo Turistico srl, with registered office at Via Saroch 1098/a, c/o Plaza Placheda, I-23041 Livigno (SO) – Italy, VAT no. 92015260141, represented by its legal representative.

Methods and purposes of data processing

The processing of personal data will be carried out in compliance with applicable laws and according to the principles of fairness, lawfulness, transparency, relevance, completeness, and non-excessiveness of information. The data will be collected and recorded solely for the purposes outlined below and retained only for as long as strictly necessary to achieve those purposes.

Processing activities may include the collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other method of making data available, restriction, erasure, or destruction. These activities will be carried out using electronic tools designed to ensure the integrity and confidentiality of the data.

The individuals or categories of individuals who may have access to or receive the data in relation to the purposes outlined below include both internal staff involved in the website’s operation and external parties (e.g., service providers, consultants, legal, accounting, financial, technical, or data processing professionals; banking, insurance, and debt collection services; parent companies, subsidiaries, affiliates, and associated companies). These external parties may also be appointed, where necessary, as Data Processors by the Data Controller.

Data may also be communicated to Public Authorities, Law Enforcement, or other public and private entities, but only to fulfill legal obligations, regulations, or EU legislation.

Unless otherwise specified on separate pages of the website with dedicated notices, the personal data collected through this website are processed for the following purposes:

  • to provide the services requested by users and to respond to user inquiries;
  • to offer user support;
  • to perform statistical analyses (on an anonymous basis) in order to improve the services offered;
  • to manage user registration and website access, where applicable;
  • to fulfill legal obligations related to the above-mentioned purposes;
  • to measure user satisfaction anonymously.

Data may be shared in aggregated and anonymous form for statistical purposes only.

If the processing includes so-called “special categories of personal data” (i.e., data revealing racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership in political parties, trade unions, religious, philosophical or political organizations, as well as data concerning health, sex life, or sexual orientation) or “judicial data” (relating to criminal convictions and offenses), such processing will be carried out within the limits set by the applicable Authorizations issued by the Data Protection Authority and in accordance with Regulation (EU) 2016/679. Processing of such data will only occur when strictly necessary for the regular performance of services, operations, or to meet contractual and/or legal obligations.

Users are advised to avoid including unnecessary sensitive or judicial data, as this may result in the message being deleted.

Processing related to the website’s web services (“contacts”) takes place at the above-mentioned headquarters and is handled solely by the Data Controller.

Apart from the details specified for browsing data, users are free to provide their personal data via information/request/registration forms. Failure to provide such data may result in the inability to fulfill the request.

Personal data are processed using automated tools for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are in place to prevent data loss, unlawful or improper use, and unauthorized access.

Data Retention Period

Data is processed and stored for as long as required by the purposes for which it was collected. Therefore:

  • Personal data collected for purposes related to the performance of a contract between the Data Controller and the User will be retained until the full execution of that contract, and may also be retained thereafter as required by legal obligations or for the establishment, exercise, or defense of legal claims by the Data Controller.
  • When processing is based on the User’s consent, the Data Controller may retain personal data for a longer period until such consent is withdrawn. Additionally, the Data Controller may be obliged to retain personal data for a longer period to comply with a legal obligation or upon order of an authority.
  • At the end of the retention period, personal data will be deleted. Therefore, after this period has expired, the rights of access, erasure, rectification, and data portability can no longer be exercised.

Data Subjects’ Rights

Data subjects have the right, at any time, to obtain confirmation from the Data Controller as to whether or not personal data concerning them is being processed. They also have the right to request access to their personal data, verify its accuracy, request rectification, restriction of processing, data portability, or to object to the processing (pursuant to Regulation (EU) 679/2016).

Requests must be addressed to the operational headquarters of Azienda di Promozione e Sviluppo Turistico srl (via Saroch 1098/a c/o Plaza Placheda I-23041 Livigno (So) – Italy), or writing to [email protected].

Place of data processing

The data processing related to the web services of this site takes place primarily at the Data Controller’s headquarters, as well as in any other location where the parties involved in the processing are located.

Types of Data Processed

The IT systems and software procedures used for the operation of this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected to be associated with identified individuals, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes: the computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the server‘s response (successful, error, etc.), and other parameters related to the user’s operating system and IT environment.

When visiting the website, the following information is collected automatically:

  • 1. User’s hostname – the hostname or IP address of the user requesting access to the site.
  • 2. HTTP headers and “user agent” string – including browser type and version, and the operating system on which the browser is running.
  • 3. System date – the date and time of the user’s visit.
  • 4. Full request – the exact request made by the user.
  • 5. Content length – the size, in bytes, of each document sent to the user.
  • 6. Method – the request method used.
  • 7. URI (Uniform Resource Identifier) – the location of the resources on the server.
  • 8. URI query string – everything following the question mark in the URI.
  • 9. Device type – the kind of device used to access the site.
  • 10. Protocol – the communication protocol and its version.

The information collected automatically by Azienda di Promozione e Sviluppo Turistico srl through access to the website is used to improve the quality of the services offered to users. This data is collected for the purpose of carrying out anonymous statistical analysis, identifying which content is more or less useful or interesting to users, and improving the effectiveness of the material provided on the website.

Data provided voluntarily by the user

The voluntary, explicit, and optional sending of emails to the addresses indicated on this website entails the subsequent acquisition of the sender’s address—necessary to respond to inquiries—as well as any other personal data included in the message.

Apart from the data collected automatically, users are free to provide personal information through information/request/registration forms. Some data fields may be marked as mandatory, as they are necessary to fulfill the user’s request. Failure to provide such information may make it impossible to process the request.

When such data is collected directly, it is the visitor who chooses to provide their personal data and consent to its processing in connection with the specific services requested from Azienda di Promozione e Sviluppo Turistico srl, such as: website registration, job applications, access to reserved areas, information requests, course and event registrations, or subscription to newsletters or mailing lists.
Consent may be withdrawn at any time.

Specific information notices will be provided or displayed on the website pages dedicated to particular on-demand services.

Cookies

The Data Controller uses so-called cookies to allow safe and efficient navigation of the Site, for profiling and marketing purposes, and to enable interaction with social networks.
For more information about cookies and their use on the Site, users can refer to the Cookie Policy page, which forms an integral part of this privacy notice.
Social buttons and widgets
The Site may also include social buttons/widgets. These are icons of social networks—such as Facebook, Twitter, Instagram, Pinterest, and Google+—that allow users to access the respective social platforms by simply clicking on the icon. These tools allow the user, for example, to log into their social media account, share content, or recommend Site products on their social networks. After clicking on a social button/widget, the social network may collect data relating to the user’s visit to the Site. As previously stated, this privacy notice does not cover the processing of user data by social networks. For this purpose, users should refer exclusively to the privacy policies provided by the respective social networks. Except in cases where the user voluntarily shares their browsing data by interacting with the social buttons/widgets, the Data Controller does not disclose or share any personal user data with the social networks.