Data Protection Notice

Regulation (EU) 2016/679 (hereinafter the “GDPR”) lays down rules relating to the protection of natural persons with regard to the processing of personal data. In compliance with the principle of transparency set out by art. 5 of the Regulation, Trentino Marketing S.r.l. hereby provides you with the information required by art. 13 of the GDPR regarding the processing of the personal data about you that was collected when you registered to receive daily emails recommending routes and trips throughout your stay, thanks to the “What are you doing tomorrow?” service. This service is associated with your Trentino Guest Card and it shall be provided until the end of your holiday.

1. Identity and contact details of the Controller
   Trentino Marketing S.r.l. – Address: via Romagnosi 11, 38122 Trento, Italy – Email address: privacy@trentinomarketing.org.
2. Data Protection Officer contact details
   Trentino Marketing S.r.l. – Email address: dpo@trentinomarketing.org
3. Types of personal data processed
   Within the scope of the purposes of the processing highlighted below in paragraph 4, only personal data regarding the following shall be processed: name, surname, email address.
4. Purposes of the processing and legal basis
   Your personal data shall be processed with your consent in order to provide the “What are you doing tomorrow?” service, thanks to which you shall receive daily emails recommending routes and trips throughout your stay. This service is associated with your Trentino Guest Card and it shall be provided until the end of your holiday. The legal basis for the processing is point a) of art. 6 of the GDPR: the data subject has given consent to the processing of his or her personal data for one or more specific purposes. This consent is not mandatory, but it is necessary in order to begin providing the service. In addition, the data shall be processed without your consent in order to comply with a legal obligation to which the controller is subject; the legal basis for this processing is point c) of article 6 of the GDPR.
5. Categories of recipients of the personal data
   For the purposes referred to in the previous paragraph, the personal data provided shall be accessible to internal members of staff who are authorised to process the personal data in question as part of their duties, external suppliers who have been properly appointed as data processors and all entities for which there is a legal obligation of communication or other entities for which specific authorisation is acquired on request.
6. Processing methods
   The personal data shall be processed using the operations indicated in paragraph 2 of article 4 of the GDPR, with or without the use of computer systems. These operations are as follows: collection, recording, organisation, structuring, updating, storage, adaptation or alteration, retrieval and analysis, consultation, use, disclosure by transmission, alignment, combination, restriction, erasure or destruction. In any case, the logical and physical security of the data and, in general, the confidentiality, integrity and availability of the personal data processed, shall be ensured by implementing all of the appropriate technical and organisational measures necessary.
7. Dissemination and profiling
   The personal data processed for the purposes indicated in paragraph 4 above shall not be disseminated or used in profiling operations. 
8. Storage and transfer of personal data to other countries
   The personal data shall be managed and stored in the cloud and/or on servers that are located in the European Union and owned and/or available to the Controller and/or mandated third-party companies that are properly appointed as data processors. 
9. Period for which the personal data shall be stored
   The personal data collected for the purposes indicated in paragraph 4 above shall be processed and stored until you withdraw your consent and in any event for no longer than the duration of your Trentino Guest Card. After this period, the data shall be erased, unless storage of them is provided for by EU or national law.
10. Exercisable rights
    In accordance with the provisions of articles 15 to 21 of the GDPR, you can exercise the rights indicated therein, in particular:
    • Right of access (Art. 15, GDPR) – obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, receive the following information regarding them in particular: the purposes of the processing, the categories of personal data processed, the storage period, and the recipients to whom they can be disclosed.
    • Right to rectification (Art. 16, GDPR) – obtain without undue delay the rectification of inaccurate personal data concerning you and have incomplete personal data completed.
    • Right to erasure (Art. 17, GDPR) – obtain the erasure of personal data concerning you without undue delay, in the cases provided for by the GDPR.
    • Right to restriction (Art. 18, GDPR) – obtain restriction of processing, in the cases provided for by the GDPR.
    • Right to portability (Art. 20, GDPR) – receive the personal data concerning you, which you provided to the controller, in a structured, commonly used and machine-readable format, and have those data transmitted to another controller without hindrance, in the cases provided for by the GDPR.
    • Right to object (Art. 21, GDPR) – object to processing of personal data about you, unless there are legitimate grounds for the controller to continue processing them.

You can exercise these rights by simply sending a request to Trentino Marketing S.r.l. or the DPO using the details provided above. Follow this link to see full details: https://www.trentinomarketing.org/it/privacy

In addition, you have the right to lodge a complaint with a supervisory authority (article 77, GDPR) or the competent judicial authority.