Website Privacy and Cookie Policy

This policy has been written and personalized for visitors of the website www.passostelvio.eu.

Party concerned: users of the website www.passostelvio.eu
As the Data Controller of your personal data, SIFAS S.p.a., with operational office at the Stelvio Pass, hereby informs you, pursuant to and for the purposes of articles 13-14 of EU Regulation 2016/679, hereinafter ‘GDPR’, that the aforementioned regulation provides for the protection of persons and other parties regarding the processing of personal data and that such processing shall be based on the principles of fairness, lawfulness and transparency, as well as on the protection of your privacy and your rights.

The information and personal data provided by you or collected while you use the website shall be processed in accordance with the provisions of the above-mentioned regulation and the obligations of confidentiality set forth therein.

Type of data processed

Navigation data

During their normal operation, the computer systems and software procedures used to operate this website acquire some personal data, the transmission of which is implicitly included in Internet communication protocols. This information is not collected with the purpose of associating it with identified interested parties; however, given its nature, such information could, through processing and in combination with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users to connect to the website, URI (Uniform Resource Identifier) addresses of the resources requested, the time of any such requests, the method used to submit any such requests to the server, the size of any files sent in response to such requests, the numerical code indicating the status of the response from the server (successful, error, etc.), and other parameters regarding the users’ operating system and computer environment. These data are only used to obtain anonymous statistical information on the use of the website and to check that the website is working correctly, and they are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the website.;

Data provided voluntarily by users

When a user elects to expressly and voluntary send any email to the addresses shown on this website, their e-mail address is acquired, which is necessary to reply to any requests. Any further personal data included in the message are acquired as well.

Specific summarized privacy policies about particular on-demand services are progressively shown or displayed on the pages of the website that include forms for data collection.

Methods of data processing: personal data collected via any forms are processed manually or electronically. All processing is carried out in compliance with the methods set forth in Articles 6, 32 of the GDPR, while adopting the appropriate security measures provided.

Data processing connected to webservices is carried out at the office of the Data Controller and at the office of the hosting provider of this website, which is William Onesti’s company Kreandoweb with registered office in Via Brolo Sopra 18 in Scandiano (RE), Italy, tax code NSTWILM67D15F257J and VAT number 02645940350, the servers of which that host the website are located in France. 

Announcement: your data are processed within the company by categories of persons who have been authorized by the Data Controller to process personal data (for more information, please contact the Data Controller)::

Your data may be disclosed to third parties, in particular to:

• the external provider;
• Companies that carry out ordinary and extraordinary maintenance of the website.

Disclosure:your data shall not be disclosed

Storage period:please note that, in accordance with the principles of lawfulness, purpose limitation and data minimization, your personal data shall be stored for a period of time no longer than necessary to provide the services, as provided for by Article 5 of the GDPR

Data Controller: pursuant to the law, the Data Controller is the Company SIFAS S.P.A., e-mail address info@passostelvio.eu represented by its legal representative.

You have the right to have your personal data deleted, communicated, updated, amended or integrated by the Data Controller, and in general you can exercise all the rights provided for in Articles 15, 16, 17, 18, 19, 20, 21, 22 of EU Regulation 2016/679, a copy of which is provided below.

COOKIE
No personal data of users are acquired by the site in connection with cookies.

Cookies are not used to transmit any personal information, and no so-called persistent cookies or user tracking systems of any kind are used.

So-called session cookies (which are not permanently stored on the user’s computer and disappear when the browser is closed) are only used to transmit the session identifiers (consisting of random numbers generated by the server) necessary to allow users to navigate the website in a safe and efficient manner.

The so-called session cookies used by this website avoid the use of other computer techniques that could potentially compromise users’ privacy during browsing, and they do not allow users’ personal identification data to be acquired.

 APPLICATION OF THIS PRIVACY POLICY  
If you have any doubts about this privacy policy, first contact SIFAS S.P.A. by sending an e-mail to info@passostelvio.eu

AMENDMENTS TO THIS PRIVACY POLICY
SIFAS S.P.A. reserves the right to update this privacy policy for regulatory compliance purposes, as well as for implementing any suggestions submitted by employees, customers, collaborators and users. If any changes are made by SIFAS S.P.A., the word ‘update’ will be displayed next to the link “Website Privacy Policy” on the main privacy page on the main page of www.passostelvio.eu

If any substantial changes are made to the privacy policy, SIFAS S.P.A. will publish such changes in a clearly visible way.

EU Reg. 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22 – Rights of data subjects

1. Data subjects have the right to obtain confirmation as to whether any personal data concerning them have been collected, even if such data have not yet been recorded, and that any such data be communicated to them in an intelligible form.

2. Data subjects have the right to obtain the information about the following:

• the source of their personal data;
• the purposes and methods of processing;
• the logic applied if the data are processed with the aid of electronic tools;
• the identification data of the Data Controller, of the persons in charge of the processing and of the representative appointed pursuant to article 5, paragraph 2;
• the recipients or categories of recipients, as appointed representatives in the territory of the State, or persons in charge of or authorized to process the data, to whom the personal data may be communicated or who may become aware of them.

3. Data subjects have the right to:

• have their data updated, amended or, if they are interested, integrated;
• have their data deleted, anonymized, or that their data being processed in violation of the law, including any such data which need not be stored for the purposes for which they were collected or processed, be blocked;
• obtain a confirmation that the activities and the contents as per letters a) and b) have been notified to those to whom the data have been communicated or disclosed, unless obtaining such confirmation proves impossible or requires a clearly disproportionate effort compared with the right that is to be protected;

4. Data subjects have the right to oppose, in whole or in part:

• for legitimate reasons, the processing of their personal data, even if such data are processed for the purpose for which they have been collected;
• the processing of their personal data for sending advertising material, for direct selling, for market research or for advertising messages.