Privacy Policy websites APT Trento S. cons. a. r. l.  

Information on the processing of data of visitors consulting our sites

Kindest,
as a result of your visits to our website, filling in forms, preliminary contacts and possible establishment of business relations, our company will collect and process some of your personal data. 
That is why in this document we intend to provide you with information on how we collect and process your data in our websites www.trento.info and www.natale.trento.info, in accordance with the provisions of Article 13 of the European Regulation 2016/679 (henceforth GDPR).

1. Who is the data controller? How to contact the DPO?
The data controller is Azienda Per il Turismo (APT) Trento, (C.F. and P. Iva 01850080225) with head office in Trento (TN), Via Torre Verde 7, contactable by phone 0461.216000, email address info@trento.info and pec office@pec.trento.info.

The data controller has appointed a Data Protection Officer (DPO), who can be contacted at: dpo@apttrentino.it.

2. What are the purposes of the processing and what are its legal bases?
The purposes for which your personal data are collected and processed are many and varied, specifically: 

  • a) Contractual purposes (the data are processed to allow you to view the web pages of the site and to allow you to take advantage of the services offered by the site itself, to manage the activities resulting from filling in the forms in the various sections of our site, to satisfy your requests/questions, and to manage business relations). Legal basis of the processing: performance of a contract to which you are party and of the services you have requested. 
  • b) Purposes of statistical analysis (the data are processed for web analysis activities, checking the number of visitors to the site, monitoring the progress of relations with users of the site). Legal basis of the processing: legitimate interest of the owner to manage the site, to maintain its proper functioning and to protect its rights. 
  • c) General marketing purposes and sending of newsletters (the data are processed for sending by email or SMS, telephone or similar means - including by automated contact methods - promotional and commercial communications relating to services/products similar to those you have already used offered by the data controller and/or on new services offered by the data controller, notification of company events, conventions, workshops, training courses, webinars or whitepapers, subscription and forwarding of newsletters only in the event of express request ). Legal basis for processing: legitimate interest of the data controller pursuant to Article 6(1)(f) of the GDPR and consent.
  • d) Legal obligations (data are processed for the fulfilment of obligations laid down in regulations and in national and supranational legislation). Legal basis for processing: fulfilment of a legal obligation to which the data controller is subject.
  • e) Exercise of the holder's rights (data are processed if necessary to ascertain, exercise or defend the holder's rights in court). Legal basis of the processing: legitimate interest of the holder.

Further information on the purposes of processing is set out in the " Cookie Policy  " published on this Site.  

3. How long will your personal data be stored?
The retention period of the data depends on the specific purpose for which they are collected and processed: 
a) Contractual purposes, legal obligations: for the entire duration of the contract and, after termination, for 10 years. 
b) General marketing purposes, statistical analysis and the sending of newsletters: until the right of objection is exercised by contacting the holder directly at privacy@trento.info; if no objection is expressed, for 24 months.
c) Owner's right: in the event of litigation, for the entire duration of the litigation, until the time limit for appeal has been exhausted.
After the above-mentioned retention periods have expired, your personal data will be deleted and destroyed or rendered anonymous. 

4. How are personal data processed?
Data will be processed in accordance with the principles of minimisation, necessity and proportionality, and always in a way that guarantees security and confidentiality, avoiding processing where operations can be carried out using anonymous data or by other means.
The processing may be carried out in paper form or by means of electronic or otherwise automated, computerised, manual tools and according to logics that are in any case designed to ensure that the data are processed securely, are always intact and available, and are managed in compliance with the principles set out in the GDPR and for the purposes envisaged only. 
We have adopted specific security measures to prevent the loss of personal data, unlawful or incorrect use and unauthorised access, but please note that it is essential, for the security of your data, that your device is also equipped with tools such as antivirus software, which is constantly updated, and that the provider who supplies you with the Internet connection guarantees the secure transmission of data through firewalls, spam filters and similar devices.

5. Where is your data processed and by whom? 
The data are processed within the organisational structure of the data controller, at its premises and for the purposes indicated above, by staff, employees and collaborators of the data controller, appointed/authorised by the latter and/or appointed as external data processors and not by third parties. The data are not subject to dissemination.
The data may be communicated and processed by companies and consultants of the data controller - and/or their appointees - for the design and/or maintenance of the technological part of the site and for the performance of activities that are instrumental, supportive or functional to the performance of the contracts or services you have requested.  In any case, these subjects will process and communicate the data to other third parties in their capacity as autonomous "data controllers" or "data processors" (ex art. 28 GDPR) on the basis of the owner's directives, including with regard to security, for the purposes indicated above. 

6. Are data transferred to a non-EU country?
The transfer of Data outside the territory of the European Union will take place in compliance with the EU Regulation 679/2016 and in particular on the basis of the European Commission's Adequacy Decisions of the level of protection of Personal Data guaranteed by the third country including - most recently - the EU-US Data Privacy Framework (art. 45 GDPR). In the absence of an adequacy decision - or in the event that the entity importing the Data does not adhere to the EU-US Data Privacy Framework - the transfer of Data outside the EU will be based on the adoption of the adequate safeguards by the Data Controller referred to in Articles 46 and 47 of EU Regulation 679/2016 or, failing that, on the specific consent of the Data Subject or will be carried out in accordance with the provisions of Article 49 of the aforementioned Regulation in the specific cases indicated therein.

7. What types of data are processed?
The data collected and processed are divided into: 
Browsing data: The computer systems and software procedures used to operate this site acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI/URL (Uniform Resource Identifier/Locator) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters relating to the user's operating system and computer environment.
This data is necessary for the use of the web service and is also processed for the purpose of: 

  • obtain statistical information on the use of the services (most visited pages, number of visitors per time slot or per day, geographical areas of origin, etc.); 
  • Monitor the proper functioning of the services offered. 

Browsing data are deleted immediately after processing (except for possible use for any need to ascertain criminal offences or liability on the part of the judicial authorities).

Data communicated by the user: the optional, explicit and voluntary sending of e-mails to the addresses indicated on the site, private messages sent by users to institutional profiles/pages on social media, as well as the filling in and forwarding of forms on the site, replies to specific questions on uses, habits, interests, preferences and other personal information shared, entail the subsequent acquisition of the sender's address, which is necessary in order to reply to requests, as well as any other personal data communicated by the user.

Cookies: cookies are information (small text files) that websites transmit to the device you are using (PC, smartphone, tablet, etc.). This information makes it possible to carry out navigation, perform computer authentication, collect information on the number of visitors and how they use the site, and monitor users. 
For more information on the cookies used by our site and the type of data collected please see our Cookie Policy  .

Depending on the specific purposes, different categories of data will be processed:  

  • for contractual purposes, legal obligations, and the exercise of the holder's rights, navigation data and data communicated by the user are collected and processed;
  • for the purposes of statistical analysis, navigation data are processed;
  • for the purposes of generic marketing and sending newsletters, navigation data and data communicated by the user are processed and collected;

8. Are you obliged to give your personal data?
The provision of data is only optional for the processing of data connected with the purposes set out in point 2. b), c) d). For the purposes of point 2. a), e), f), on the other hand, it is mandatory.
Some personal data are strictly necessary for the operation of the site, others are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct operation. Browsing data are acquired automatically by the owner and are also necessary to fulfil the contractual purpose.
With regard to the data communicated by the user in the site's request forms and subsequently acquired also by virtue of questions or input from the data controller, on the other hand, you are free to choose whether or not to provide them, and failure to do so may only make it impossible to be contacted or to obtain what you have requested.
Refusal to provide the data or complete opposition to their processing for the purposes indicated in points 2.a), e), f) may result in the impossibility of fulfilling certain requests/questions and managing future and possible business relations. 
On the other hand, the refusal to use the data for the purposes set out in points 2. b), c) d) will have no effect on existing business relations with you.
Attention:

  • with regard to generic marketing activities (including the sending of the newsletter), you may decide at any time to stop receiving related communications by contacting the data controller directly at privacy@trento.info

9. What are your rights?
By contacting the data controller at privacy@trento.info you can exercise the rights specifically provided for in Articles 15 to 22 of EU Regulation 679/2016, and this in order to:

  • request confirmation as to whether or not your data is being processed and, if so, obtain access to it;
  • request their rectification and/or integration, cancellation or restriction of their processing in the cases provided for by Article 18 GDPR; 
  • oppose their processing; 
  • request portability; 
  • file a complaint with a supervisory authority; obtain all available information on the origin and categories of data, if it is not you who gave it to the holder; 
  • obtain information on the existence of an automated decision-making process, including profiling, and, at least in such cases, meaningful information on the logic used, as well as the significance and expected consequences of such processing; 
  • not be subject to a decision based solely on automated processing, including profiling.

In cases where the legal basis for the processing is consent or a contract and is carried out by automated means, you have the right to request the portability of your data and to receive them in a structured, commonly used and machine-readable format, as well as, if technically feasible, to transmit them to another data controller without hindrance.
Furthermore, you have the right to revoke your consent at any time if given for marketing and/or profiling purposes, as well as to object to the processing of your data, even in cases of public interest or legitimate interest of the data controller.
The data controller will refrain from processing in such cases, except for legitimate reasons overriding your interests, rights and freedoms, or for the establishment, exercise or defence of a legal claim.
You have the right to lodge a complaint with the competent supervisory authority in the Member State in which you habitually reside or work or in the State in which the alleged infringement occurred, pursuant to Article 77 of the Regulation itself, or to bring an action before the appropriate courts (Article 79 of the Regulation). 

March 2024                                The data controller
                                        ATP Trento, Monte Bondone S. cons. a. r. l.