PRIVACY NOTICE FOR THE PROCESSING OF PERSONAL DATA

(In accordance with Art. 13 of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data)

 

Dear User,

Thank you for visiting www.kronplatz.com, the website of Kronplatz Brand Konsortialgesellschaft m.b.H. (“Kronplatz Brand Konsortialgesellschaft m.b.H.” or “we”). Here you can find information about our organization, access our services and explore the Kronplatz Dolomites Region.

We invite you to read our privacy notice, in which you will find information regarding the processing of personal data carried out through our website (“Website”) in compliance with Regulation (EU) 2016/679 (“GDPR”).

Personal data” means personal information that, regardless of its format, can be used, alone or in combination with other information, to identify a natural person.

Processing of personal data” means any operation or set of operations applied to personal data, also through automated processes, such as collecting, recording, storing, consulting and sharing of personal data.

By “User” we mean all those who access and navigate our website.

If you have any questions or concerns regarding the processing of your personal data or if you wish to exercise your data protection rights, you can contact us using the contact details provided in Section 1 (Who we are).

We are committed to protecting your personal data. However, we do not pre-screen the information provided by users and we assume no responsibility for the accuracy and completeness of the information that users share and/or receive through our website.

Summary

 

1.       Data controller – Who we are.

2.       Which personal data we process and how.

3.       Legal basis and purposes of the Processing of Personal Data.

4.       Data recipients - How and with whom we share Personal Data.

5.       Transfer of data – Where Personal Data is Processed.

6.       Retention period for personal data.

7.       Data security – How we protect Personal Data.

8.       Rights of the data subject

9.       Links to other websites.

10.     Changes to this privacy notice.

11.      Licences.

 

1.      Data controller – Who we are

Kronplatz Brand Konsortialgesellschaft m.b.H.

VAT No. 03206150215

Johann-Georg-Mahl-Straße 40

I-39031 Bruneck

+39 0474 431580

info@kronplatz-brand.com

processes the user's data as data controller, pursuant to Art. 4 para. 1 no. 7 GDPR.

 
2.      Which personal data we process and how

In the course of normal use of the website and for the sole duration of the connection, we acquire certain personal data that are technically necessary and the transmission of which is implicit in the use of Internet communication protocols (so-called browsing data), such as IP addresses, date and time of requests, time zone, browser, language and version of browser software and referrer URL, i.e. the website from which access is made.

This is information that is not collected in order to be associated with individual users, but which by its very nature could, through processing and association with data held by third parties, make it possible to identify users.

In addition to the purely informative use of the website, we offer a wide range of services, which you can use according to your preferences and interests. However, in order for Kronplatz Brand Konsortialgesellschaft m.b.H. to be able to provide these services, the user will usually have to provide additional Personal Data, such as first name, last name and e-mail address.

The user's Personal Data will be processed by means of IT/telematic tools in such a way as to guarantee the confidentiality and security of the data in compliance with the applicable data protection regulations.

 
3.      Legal basis and purposes of the Processing of Personal Data

We exclusively collect and use your personal data if there is a valid legal basis for doing so.

In particular, the following legal bases apply:

The fulfilment of contractual obligations or pre-contractual measures (Art. 6, para. 1, letter b) GDPR):

when the user accesses and uses the website and the services we offer.

 

a)      Personal data that we process to communicate with users

We Process users' Personal Data, such as first name, last name, email address and telephone number to interact directly with them or to respond to specific requests made by them, through any channel made available on the Website, such as the contact forms on the Website and/or on Internet channels.

We regularly review the necessity of retaining such requests and messages and delete the corresponding data when they are no longer needed.

The user is free to provide their Personal Data for the above-mentioned purposes or not. However, the provision of this data is necessary for the processing of the request and/or the performance of the relationship with Kronplatz Brand Konsortialgesellschaft m.b.H. Without providing this data, we may not be able to respond to requests or provide our services.

b)      Personal Data that we Process for the purpose of processing availability requests at accommodation facilities

Through the communication channels on the Website, it is possible to search for accommodation facilities in the Kronplatz Dolomites Region and submit availability requests. The Personal Data provided by the user via the appropriate form (first name, last name, e-mail address, arrival and departure dates) will be Processed by us for the sole purpose of processing the request. The transmission of the availability request necessarily implies the exchange of the user's Personal Data between Kronplatz Brand Konsortialgesellschaft m.b.H. and the accommodation facility for which the request was made, including the information necessary for the accommodation facility to respond to the user's request and manage the associated products and services. The execution of the contractual relationship between the user and the accommodation facility is the responsibility of the latter, which Processes the Personal Data provided as data controller in accordance with Art. 4 para. 1 no. 7 GDPR. Any further Processing of the user's Personal Data by the accommodation facility will therefore be beyond our control.

The user is free to provide their Personal Data for the above-mentioned purposes or not; however, if they do not provide us with the contact details requested in the contact form, we will not be able to process the user's request.

c)      Personal Data that we Process for the purpose of processing bookings at accommodation facilities

Through the communication channels on the Website, it is possible to book a stay at accommodation facilities in the Kronplatz Dolomites Region. The Personal Data provided by the user via the appropriate form (first name, last name, e-mail address, arrival and departure dates, physical address, telephone number, any other data entered by the user in the "Notes/Comments" section) will be Processed by us for the sole purpose of processing the request. The booking necessarily implies the exchange of the user's Personal Data between Kronplatz Brand Konsortialgesellschaft m.b.H. and the accommodation facility at which the user makes the booking, including the information necessary for the accommodation facility to complete the booking process and manage the associated products and services. In some cases, we may also communicate additional information, such as the number of bookings made through our website. The execution of the contractual relationship between the user and the accommodation facility is the responsibility of the latter, which processes the Personal Data provided as data controller in accordance with Art. 4 para. 1 no. 7 GDPR. Any further Processing of the user's Personal Data by the accommodation facility will therefore be beyond our control.

The user is free to provide their Personal Data for the above-mentioned purposes or not; however, if they do not provide us with the contact details requested in the booking form, we will not be able to process the user's request.

Express consent (Art. 6, para. 1, letter a) GDPR):

to subscribe to our newsletter or receive other communications.

 

d)      Data Processing for sending our newsletter

With your express and informed consent, by checking the appropriate box, you can subscribe to the newsletter to receive regular updates on our services as well as promotional communications relating to the Kronplatz Dolomites Region, and related areas falling under the remit of the tourism associations of Bruneck, Olang, Antholz, St. Vigil and St. Martin, and Kiens.

e)      Communications to third parties for promotional purpose

With the user's consent, we may disclose the collected personal data to third parties, including companies of the Kronplatz Dolomites Region, operating in different product categories including, but not limited to, the real estate, hotel and sports sectors, in order for them to pursue their own independent commercial and promotional purposes.

f)       Direct marketing

We may also promote our services and those of the Kronplatz Dolomites Region companies and third-party business partners, including market research via digital communication channels, which may be automated.

We provide specific summarized privacy notices on the pages of the Website specifically set up for the above-mentioned services.

Providing the data is optional; however, if you do not give us your consent to process it, we will not be able to send you our newsletter and promotional communications. You may revoke your consent at any time via the deactivation link available at the bottom of each communication, or by contacting us directly at the contact details provided above.

Legitimate interest (Art. 6, para. 1, letter f) GDPR):

to ensure the availability, proper functioning and security of the Website, to investigate possible computer crime or to pursue other legitimate interests, provided that the pursuit of our interests or the interests of third parties does not adversely affect the fundamental rights and freedoms of the user.

 

g)      Personal data that we Process for technical and analytical purposes of the Website

We process technical data or navigation data that may indirectly reveal the identity of the user in order to ensure a reliable user experience. This data is collected automatically during the normal operation of each website and is Processed for technical purposes (including troubleshooting, testing, system maintenance, technical support and reporting), or statistical and analytical purposes to improve the user experience.

The latter are usually Processed in an aggregate and non-identifiable form for statistical purposes. For instance, usage data may be Processed to measure the engagement rate, or the time spent on a certain section or feature of the Website.

h)      Personal Data that we Process for “soft spam” purposes

We may Process your Personal Data in order to send you marketing communications via e-mail or paper mail about services similar to those you have previously purchased. You have the right to object to the Processing of your Personal Data at any time by writing to the contact details provided above or by clicking on the deactivation link at the end of the communications sent.

i)       Personal Data that we Process in the context of extraordinary operations

In the context of extraordinary business operations involving Kronplatz Brand Konsortialgesellschaft m.b.H. (e.g. mergers, demergers, assignment or transfer of credits, assets or business units, etc.) as well as in the course of any activities in preparation for and/or subsequent to such operations, it is possible that Personal Data relating to the user, such as the e-mail address, may be shared.

j)       Personal Data that we Process with other affiliated or associated companies

We may disclose the user's Personal Data to companies of the Kronplatz Dolomites Region or affiliated companies, current or future, for administrative and accounting purposes and to fulfil legal obligations.

Legal obligations (Art. 6, para. 1, letter c) GDPR):

to comply with applicable laws and regulations and to respond to requests from competent authorities.

k)      Personal Data we Process to fulfil regulatory obligations

We Process users' personal data to fulfil eventual legal obligations, such as tax, administrative and accounting obligations.

 

We may also Process your Personal Data if we need to protect our interests or to defend ourselves in legal proceedings.

 
4.      Data recipients - How and with whom we share Personal Data

The disclosure of Personal Data is also a form of Processing, which is why we would like to provide users with further information on how and to whom we transfer, transmit and disclose Personal Data.

To achieve the above-mentioned purposes, the user's Personal Data will be made accessible to persons who are explicitly authorized by Kronplatz Brand Konsortialgesellschaft m.b.H. to process Personal Data under its direct supervision (e.g. employees and collaborators). These persons may obtain knowledge of the user's Personal Data, but only in the context of the performance of their duties and in accordance with our written instructions.

Users' Personal Data may also be processed with the support of persons and companies (cloud systems providers, hosting service providers, etc.) who act as data processors for us and who are contractually obliged under Article 28 GDPR to strictly protect the data Processed on our behalf and to use it exclusively for the contractually agreed purposes.

In order to fulfil certain legal obligations, we may be required to disclose the user's Personal Data to public or private third parties (e.g. public institutions, police authorities, etc.). In this case, the legal basis for processing is the need to fulfil the legal obligation to which the data controller is subject pursuant to Art. 6 para. 1 letter c) GDPR.

Processing under joint control

In collaboration with the joint data controllers indicated below, we may also process certain Personal Data collected as part of our marketing activities, such as identification data (e.g. first name, last name, e-mail, if provided) or data related to the user's interaction with promotional content (e.g. opening newsletters, clicking on links, browsing behaviour). For this purpose and in accordance with the data protection regulations, we have concluded a joint controllership agreement pursuant to Art. 26 GDPR, in which we, jointly with the other data controllers, determine the purposes, methods and procedures of the Processing carried out as joint controllers. With the joint controllership agreement, as joint controllers, we have also established, in a clear and transparent manner, the procedures that will provide timely feedback to users in case they wish to exercise their rights, as further explained in section 8 (Rights of the data subject) of this notice.

We Process Personal Data together with the following joint controllers:

-        Tourist Office Bruneck Kronplatz Tourism, registered in Rathausplatz 7, 39031 – Bruneck (BZ);

-        Tourist Office Antholz Valley, registered in Niederrasner Straße 35/F, 39030 – Rasen-Antholz (BZ);

-        Tourist Office Chienes-Kiens, registered in Kiener Dorfweg 4B, 39030 – Kiens (BZ);

-        Tourist Office San Vigilio/San Martin, registered in Str. Plan de Corones 38/1, 39030 – St. Vigil (BZ);

-        Skirama Kronplatz – Plan de Corones, registered in Johann-Georg-Mahl-Straße 40, 39031 – Bruneck (BZ);

-        Tourist Office Valdaora-Olang, registered in Florianiplatz 19, 39030 – Olang (BZ).

Personal Data will be Processed under joint control for the following purposes:

a)         managing of advertising campaigns concerning the Kronplatz Dolomites Region;

b)         analysing and monitoring of interactions with promotional content and conducting market research in order to improve the effectiveness of the aforementioned advertising campaigns; and

c)          complying with legal obligations, including those arising from the privacy regulations.

Kronplatz Brand, as coordinator, ensures the operational management of advertising campaigns and the monitoring of processing procedures.

The legal basis for the Processing is:

-        for the purposes mentioned under a) and b), the fulfilment of contractual obligations or pre-contractual measures (Art. 6 para. 1 letter b) GDPR) and, if necessary, the prior consent of the user (Art. 6 para. 1 letter a) GDPR), which can be revoked at any time without affecting the legality of the Processing carried out before the revocation;

-        for the purposes mentioned under c), the fulfilment of the legal obligations of the joint controllers (Art. 6 para. 1 letter c) GDPR).

 
5.      Transfer of data – Where Personal Data is Processed

The management and storage of personal data takes place within the EU and/or the EEA, on servers managed by Kronplatz Brand Konsortialgesellschaft m.b.H. and/or third-party companies appointed by it. We do not intend to transfer personal data to third countries or international organizations; should such a transfer take place, we will take all appropriate measures and safeguards required by the GDPR and applicable legislation.

 
6.      Retention period for personal data

We Process and store users' Personal Data only for the time strictly necessary to achieve the purposes for which they were collected and, in any case, in compliance with the terms provided for in the current regulations.

With reference to the specific purposes of:

·           Navigation on the website: Personal Data collected in this way is retained for a period of 7 days and may be processed for a longer period if circumstances arise that justify a longer retention period.

·           Contract performance and/or pre-contractual activities/measures: Personal Data will be processed only for the time necessary to Process the user's requests and in any case for a period not exceeding 10 years.

·           Sending of the newsletter and communications to third parties for marketing purposes: Personal Data will be Processed until consent is revoked; after consent is revoked, we can no longer use the Personal Data for the purposes set out above, but we may continue to keep consent logs, should it be necessary to protect our interests.

·           Soft Spam: Personal Data will be stored for a maximum period of 24 months. The user can object to this Processing at any time, for example by selecting the deactivation link available at the bottom of the communications sent.

At the end of the retention periods mentioned above, the data will be deleted or anonymized to be used for statistical purposes.

 
7.      Data security – How we protect Personal Data

We take the protection of our users' Personal Data very seriously. For this reason, we always adapt organizational, technical and administrative measures to protect users' Personal Data from unauthorized access, alteration, disclosure or destruction.

For example:

·           We take appropriate measures to ensure that we only process Personal Data that is necessary and relevant for the purposes specified above.

·           We implement mechanisms and technologies to ensure the availability, confidentiality and integrity of Personal Data.

·           We only select business partners and suppliers who, through specific provisions in the contracts concluded with them, can guarantee a level of security for Personal Data that complies with our own protection standards.

 
8.      Rights of the data subject

As a data subject, the users can exercise their rights in accordance with the GDPR (Articles 15 to 21), in particular:

·           Right of Withdrawal (Art. 7 GDPR): to revoke at any time the consent given for the different processing operations that require it. The lawfulness of the Processing of the user's Personal Data carried out before revocation remains unaffected. A revocation determines that from then on, Personal Data will no longer be Processed for the purposes to which the revoked consent referred.

·           Right of Access (Art. 15 GDPR): to obtain confirmation as to whether or not Processing is taking place and, where this is the case, to be informed of the purposes of the Processing, the categories of Personal Data processed, the recipients and categories of recipients, the retention period of the data, etc.

·           Right to Rectification (Art. 16 GDPR): to request the rectification of inaccurate Personal Data and/or the completion of incomplete Personal Data.

·           Right to Erasure (Art. 17 GDPR): to obtain the erasure of Personal Data in the cases and under the conditions laid down in the legislation.

·           Right to Restriction of Processing (Art. 18 GDPR): to obtain restriction of Processing in the cases and under the conditions laid down in the legislation.

·           Right to Data Portability (Art. 20 GDPR): to obtain the portability of Personal Data, i.e. the transmission of Personal Data, where technically feasible, from one data controller to another, in the cases and under the conditions laid down in the legislation.

·           Right to Object (Art. 21 GDPR): to object to the Processing of Personal Data for reasons related to the users` particular situation or if Personal Data are Processed for direct marketing purposes.

You can exercise your rights by sending a request to the data controller using the contact details provided above.

If the user is of the opinion that the processing concerning him/her violates the GDPR, he/she has the right to file a complaint with the supervisory authority: Italian Data Protection Authority, Piazza Venezia 11, 00187 - Rome, https://www.garanteprivacy.it/.

 
9.      Links to other websites

Our website contains links to other websites, plug-ins and third-party applications, including links to our social media accounts (Facebook, YouTube, Instagram and Pinterest), which allow the user to interact directly with these social networks.

By clicking on these links, the user may be authorizing the companies that own these websites to collect or share your Personal Data. Please note that we have no control over these websites and are not responsible for their privacy policies. After leaving our Website, users are always advised to read the privacy notice of the website they are visiting.

10.    Changes to this privacy notice

We reserve the right to modify this notice to bring it into line with current regulations. The updated information will be published on the Website.

11.    Licences

“Data Protection Icons” created by Maastricht European Centre on Privacy and Cybersecurity; licence ECPC CC BY 4.0.

 

Cookies

For detailed information on the cookies used on the Website, and to change your preferences, please refer to the following link.