Information on the processing of personal data

Articles 13 and 14 of EU Regulation No. 679/2016 –

Legislative Decree No. 196/2003, as amended by Legislative Decree No. 101/2018

Dear User,

This notice describes how this website (hereinafter, the ‘Site’) manages the processing of personal data of users who visit it, as well as the data processing practices through the Site.

In compliance with Articles 13 (for data collected from the data subject) and 14 (for data not collected from the data subject) of Regulation (EU) 2016/679 (hereinafter, ‘GDPR’), the following information is provided to Site Users. It refers exclusively to processing carried out through the Site and not through other websites possibly visited via links from this Site, for which we suggest reviewing the respective privacy notices provided by their Controllers.

The Site and any services offered through it are reserved for individuals who are at least 18 years old. The Controller does not process personal data relating to minors under 18. Upon request, the Controller will promptly delete any personal data inadvertently collected from such users.

1. Data Controller

The Data Controller is K&M S.r.l. (hereinafter, ‘K&M’), with registered office at Via Cassa di Risparmio n. 5, 39100 Bolzano (BZ), tax code 03303530210 (hereinafter, ‘Controller’).

The Controller reserves the right to appoint web agencies or consultants as Data Processors for the management of personal data processed for purposes of technical assistance, maintenance, technical management, and similar activities related to the Site. Their details may be provided upon request at the addresses indicated above.

The Controller and the Processor(s) also process Users’ data through their own internal personnel, specifically designated, instructed, and authorized to carry out the processing.

 

2. Categories of Data Processed and Sources

  • Browsing data: (the IT systems and software procedures used to operate the Site acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes: IP addresses, the type of browser used, the operating system, the domain name and addresses of websites from which access or exit occurred, information on the pages visited by Users within the Site, access time, time spent on individual pages, internal navigation paths, and other parameters related to the User’s operating system and IT environment. These technical/IT data are collected and used exclusively in aggregated and anonymous form. Such data are processed for the purpose of enabling and monitoring the correct use of the Site, as well as to obtain anonymous statistical information on its use, and are deleted immediately after processing).
  • Cookies: Please refer to our Cookie Policy.
  • Data voluntarily provided by the User, including:

– common data (identification, personal, billing data and similiar); only in exceptional cases: special categories of data (Art. 9 GDPR)

– only in exceptional cases  criminal data (Art. 10 GDPR)

Sources: browsing, other websites, cookies and similar; user; public sources.

We may process, primarily: browsing data, as well as cookies.

We may also process data voluntarily provided by the User, for example through the contact form or by sending an email communication, including common personal data (identification, personal, billing data and similar), and, in exceptional cases, special categories of data pursuant to Art. 9 GDPR or criminal data pursuant to Art. 10 GDPR, strictly to the extent necessary for the information request received and subject to the Data Subject’s consent.

Data may originate from automated sources or voluntary sources, as well as from public sources. For example, they may come from the User’s browsing activity, which may carry information relating to previous visits to other websites, including, in particular, cookies and other similar technologies. Data may also be voluntarily provided by the User or by related parties. Other data may come from public sources, such as those processed in the context of searches and obtained from registries, public databases, and similar.

3. Purposes of Processing

The personal data of Site Users, as described above, will be processed in the manner and form prescribed by the GDPR, for the performance of the Site’s functionalities, with particular, but not exclusive, reference to page navigation and the data collection procedures described therein, contact forms, any registration/login process for reserved areas, newsletter subscription, and similar activities. Specifically, the personal data provided to the Controller will be processed for the following purposes:

·       to respond to specific requests made to the Controller by the User through the Site and its communication tools (contact forms, information request forms, and similar);

·       to send informational communications regarding the Controller’s services, following a request for information via email messages or completion of the contact form and other communication tools;

·       for possible registration to events organized by the Controller and related activities (e.g., verification of participation, notifications regarding updates or changes to the event, etc.);

·       for other purposes ancillary or related to those indicated above and, in any case, falling within the scope of the Site’s activities.

The processing of data provided in general terms will also be carried out following automatic collection during navigation, solely for the purpose of verifying and controlling access to the Site. This also applies to technical cookies, understood as session, functionality, or analytics cookies that meet the requirements specified by the Supervisory Authority. In particular, regarding analytics cookies, it is clarified that they may be assimilated to technical cookies where they are created and used directly by the Site. In any case, for such analytics cookies, the Site, in compliance with the Supervisory Authority’s clarifications, has implemented IP address anonymization and adjustments to data processing. The collection and use of the aforementioned browsing data (subject to IP anonymization) allow monitoring of the Site’s performance and enable service improvement, offering the User a better browsing experience. Please refer to the specific Cookie Policy for further information.

4. Legal Basis

The processing of personal data is based on the fulfillment of contractual or pre-contractual obligations related to the request made by the User (for example: requests for information regarding the services provided by the Controller, requests for quotations, etc.), as well as, where necessary, on consent given through the free and informed completion of the specific information fields in the form dedicated to data collection and provision, and by ticking the relevant checkbox, where applicable.

It should be noted that completing the specific fields provided in forms for requesting information is inherent to the request itself and therefore entails the fulfillment of a pre-contractual or contractual obligation, depending on the context. Consent may subsequently be requested for the processing of additional data.

A specific privacy notice will be provided wherever necessary (different from this notice).

In any case, processing is also based on legitimate interest, including the right to information, as referred to in the following paragraph.

5. Legitimate Interest

The processing of personal data is also based on the Controller’s legitimate interest, such as the exercise of its rights in the context of the information society, the performance of contractual obligations, and the implementation of direct marketing activities (in the manner, by the means, and within the timeframes provided by law).

6. Mandatory Data Provision

The provision of browsing data by Users, for the purposes indicated above, depends on the level of privacy enabled or disabled by the User through their browser settings. In some cases, disabling such settings may impair navigation on the Site. For certain modules of the Site, the provision of browsing data and/or the use of technical cookies is mandatory for the proper functioning of the Site itself.

The provision of certain personal data is, in any case, necessary for the structure of the Site and its procedures. Any request for additional optional data will be preceded by a specific approval checkbox. The provision of all other data is optional, depending on the type of information the User wishes to provide to the Site.

Notwithstanding the above, for example, the provision of an email account is necessary to respond to a request made through the contact form, as well as other mandatory data indicated therein with an asterisk. Other data are optional.

Failure to provide the data necessary for the requested action (for example, the email account via the form for requesting information by this means) makes it impossible for the Controller to fulfill the request.

PROVISIONS APPLICABLE TO ALL PROCESSING.  
In any case, even where the Data Subject has given consent authorizing the Controller to pursue all the purposes mentioned above, they remain free to revoke such consent at any time.

Specifically and separately, as required by Article 21 of the Regulation, the Data Subject is informed that they have the right to object at any time to the processing of personal data concerning them carried out for the purposes indicated above and that, should the Data Subject object to the processing, the personal data can no longer be processed for such purposes.

7. Data Recipients

The data may be disclosed to companies connected, affiliated, or controlled by the Controller, as well as to consultants, or to third parties acting, including in the name and on behalf of the Controller, for the fulfillment of services related to the purposes indicated in this notice, both within the EU and outside the EU (in the latter case, exclusively to entities compliant with applicable regulations)         .
Browsing data and similar information (as referenced above), as well as profiling cookies, including those of third parties (as referred to in this Site’s Cookie Policy), will be communicated to the respective third parties concerned, where they do not manage such data directly as Data Controllers.
In any case, the data may be communicated to Data Processors, as well as to persons authorized and duly instructed to process the data, always within the scope of the processing purposes.
For brevity, the detailed list of such entities is available at our office.

8. Data Retention

The data voluntarily provided by the Data Subject will be retained until the Data Subject expressly revokes consent, including by taking action through their browser, clearing cookies, making an explicit request, or otherwise indicating such revocation.

Browsing data will be retained, in compliance with the principle of proportionality, in a form that allows identification of the Data Subject for no longer than is necessary for the purposes for which they were collected or subsequently processed.
The above retention periods do not apply in cases where it is necessary to keep the data for a longer period to defend or assert a right or to comply with legal obligations or orders from Authorities.

9. Data Subject Rights

Each Data Subject has the right of access, rectification, erasure (right to be forgotten), restriction, notification in case of rectification, portability, objection, and not to be subject to an automated individual decision, including profiling, pursuant to Articles 15 to 22 of the GDPR. These rights may be exercised in the forms and within the terms set out in Article 12 of the GDPR, by sending a written communication to the Controller (see point 10 below).
The Controller will provide an appropriate response as soon as possible and, in any case, within 1 month of receiving the request.

10. Consent Withdrawal

Consent can be withdrawn, where applicable, at any time by and/or exercise your rights by sending:

–  a registered letter with acknowledgment of receipt to the Controller with an explicit request (see the address indicated in point 1 above);

– an email to:  info@chaletfranzkraler-clubmoritzino.it.

11. Complaints

Each Data Subject has the right to lodge a complaint pursuant to Articles 77 et seq. of the GDPR with a supervisory authority, which for Italy is the Data Protection Authority (Garante per la protezione dei dati personali). The forms, methods, and terms for filing complaints are provided and regulated by the applicable national legislation. Filing a complaint does not affect administrative or judicial actions, which in Italy may alternatively be brought before the same Authority or the competent Court.

12. Profiling

The personal data provided through browsing the Site and any completion of forms published therein may be subject to profiling by third-party providers through third-party cookies.

Profiling allows these third-party providers, who are independent Controllers of their respective personal data processing for profiling purposes (different from the Site Controller), to assess certain personal aspects of the Data Subject, particularly regarding their preferences, interests, and tastes, based on the pages visited and activities carried out. This is aimed at enabling these independent Controllers to offer the Data Subject a more specific service tailored to their needs.

For more information, the User is invited to read the Cookie Policy.

13. Controller, DPO, Authorized Staff, Processors

Below we provide you with some information that you need to be aware of, not only to comply with legal obligations, but also because transparency and fairness towards data subjects are a fundamental part of our business

Data Controller:.

Data controllore is K&M S.r.l. (c.f. 03303530210), Via Cassa di Risparmio n. 5, 39100 Bolzano (BZ), responsible for the lawful and proper use of your personal data and whom you can contact for any information or request at the following contact details: email: info@chaletfranzkraler-clubmoritzino.it.

Authorized Personnel

Updated lists of authorized staff and processors are available at the Controller’s office.

Data Processors.
For brevity, the detailed list of these roles is available at our office.

  1. Social Media Plug-ins

The Site may contain plug-ins from certain social media platforms (e.g., Facebook). Social plug-ins are special tools that allow the functionalities of social networks to be incorporated directly into the Site (for example, the Facebook “like” button) and are marked by the logo of the respective social platform. When you visit a page of the Site and interact with the plug-in (e.g., by clicking the “like” button) or decide to leave a comment, the corresponding information is transmitted from the browser directly to the social network platform (in this case, Facebook) and stored by it. For information on the purposes, type, and methods of collection, processing, use, and storage of personal data by the social network platform, as well as on how to exercise your rights, please consult the social network’s privacy policy.

15. Third-Party Links

From the Site, it is possible to connect via specific links to other third-party websites. The Controller declines any responsibility regarding the possible management of personal data by third-party sites and concerning the handling of authentication credentials provided by third parties.

16. Cookies

Cookies are packets of information sent by a web server (for example, the Site) to the User’s Internet browser, automatically stored on the computer and automatically returned to the server at each subsequent access to the Site. For detailed information on the characteristics, types, methods of use, and options for removing, deleting, or disabling cookies on the Site, please refer to the specific Cookie Policy.

Data Controller:

K&M S.r.l.

To contact us.
K&M S.R.L. is pleased to receive comments regarding this privacy notice.
We invite you to contact us at the following address: info@chaletfranzkraler-clubmoritzino.it