Information on processing of personal data, in compliance with article 13 of the General Data Protection Regulation (GDPR) EU 2016/679.
In compliance with article 13 of the (EU) Regulation 2016/679 of the European Parliament and Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “General Data Protection Regulation”, from here on referred to as “GDPR” or “Regulation”), we would like to inform you that the personal data you have provided during the registration phase on www.visittrentino.info, will be subject, in compliance with the aforementioned regulation and in accordance with the confidentiality obligations, to the process indicated in article 4 of Regulation EU 2016/679. In particular, we would like to inform you of the following.
1. Data Controller’s identity and contact information
Trentino Marketing S.r.l. (from here on TM)
Via Romagnosi, n. 11 - 38122 Trento
2. Contact information for the Data Protection Officer (Trentino Marketing)
Data Protection Officer’s (“DPO”) Office
Via G. Gilli, n. 2 - 38121 Trento
3. Purpose of the process
Your personal data will be processed:
a) with Your consent (article 7, GDPR), for the following purposes:
- For the correct management of the request for information sent via the Trentino Tourism Site and to respond to the request itself.
- To send newsletters concerning, for example, events, promotional initiatives and, in general, to promote tourism in the Trentino territory and to send our best holiday offers.
b) without Your consent (article 6, letters b, c, f, GDPR), for the following purposes:
- To comply with requirements in (national and European) laws and regulations, or to execute an order received from Judicial Authorities or Supervisory Authorities to whom the owners are subjected.
Transmission of the data for the purposes indicated in section a) is optional. This means that you may decide not to give your consent, or to withdraw it at any time, unless it is impossible for TM to provide the service you have requested.
Transmission of the data for the purposes mentioned in section b) is mandatory. A lack of data and/or a possible explicit refusal concerning the process may cause a violation of the requests of competent Authorities.
4. Categories of processed personal data
Within the field of the purposes of processing as identified in the previous paragraph 3, the only personal data processed will be those concerning, for example, the name and surname, email address, etc.
5. Categories of recipients of the personal data
For the purposes mentioned in the previous paragraph 3 section b), the personal data you provide will be made available:
- To judicial or supervisory authorities, administrations, and public bodies (national and foreign).
Wherever you provide your consent to the use of your personal data for the purposes mentioned in the previous paragraph 3 section a), the data in question will be made available to the subjects indicated in the previous points.
6. Storage and transfer of the personal data abroad
Management and storage of the personal data takes place by cloud, and on servers located within the European Union, either owned by or available to the Data Controller and/or designated third-party companies, duly nominated as Data Processor.
Your personal data will not be broadcast.
7. Storage period of the personal data
The personal data collected for the purposes indicated in the previous paragraph 3, section b) will be processed and preserved for the entire duration of the relationship.
As of the date of the end of said relationship, whatever the reason, the data will be preserved for the applicable duration required by law.
Personal data collected for the purposes indicated in the previous paragraph 3, section a), will be processed and preserved for the time necessary to fulfil this purpose, and anyway until the user actually deletes it.
8. Exercisable rights
In compliance with what is indicated in articles 15 to 22 of the GDPR, you may exercise the rights indicated therein, and in particular:
- Right of access - To obtain confirmation as to whether or not personal data concerning you is being processed and, in that case, to receive information concerning, in particular: the purpose of the processing, the categories of personal data concerned and the storage period, the recipients to whom the data may be communicated (article 15, GDPR).
- Right to rectification - To obtain, without unjustified delay, rectification of incorrect personal data concerning you and the integration of incomplete personal data (article 16, GDPR).
- Right to erasure - To obtain, without unjustified delay, the deletion of personal data concerning you, in the cases mentioned by the GDPR (article 17, GDPR).
- Right to restriction of processing - To obtain, from the Joint Controllers, a limitation of process, in the cases mentioned by the GDPR (article 18, GDPR).
- Right to data portability - To receive, in a structured format, commonly used and machine-readable, the personal data concerning you, provided by the Joint Controllers, as well as to transmit those data to another Controller without hindrance in the cases mentioned by the GDPR (article 20, GDPR).
- Right to object - To object to the processing of personal data concerning yourself, unless there are legitimate grounds for the Joint Controllers to continue the process (article 21, GDPR).
- Right to lodge a complaint with the competent supervisory authority – To lodge a complaint with the Supervisory Authority for the protection of personal data.
You may exercise these rights by sending a simple request to the Data Protection Officer, indicated above.
9. Processing Means
Your personal data is processed by means of the operations indicated in article 4, n° 2) of the GDPR - made with or without the help of automated means - and precisely: collection, recording, organisation, structuring, updating, storage, adaptation or alteration, extraction and analysis, consultation, use, disclosure by transmission, alignment or combination, restriction, erasure or destruction.
In any case, logical and physical safety of the data will be guaranteed and, in general, confidentiality, integrity, and availability of the personal data processed, putting into practise all the necessary technical and organisational measures.