Privacy Policy
PRIVACY POLICY – OUR COMMITMENT TO DATA PROTECTION
Information in accordance with art. 19 FDPA of the Regulation (EU) 2016/679 of the European Parliament and of the Council
By virtue of art. 19 FDPA and art. 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council concerning the protection of individuals with regard to the processing of personal data (hereinafter “European Regulation”), Funicular Monte San Salvatore SA wishes to inform you that they need to process your personal data collected automatically or provided by you through navigation or use of the website montesansalvatore.ch (hereinafter “Website”).
1. DATA CONTROLLER
The Data Controller is Funicolare Monte San Salvatore SA, as a legal representative, domiciled at the registered office of Via delle scuole 7 / CP 442, CH-6902 Lugano-Paradiso (hereinafter “Data Controller”).
2. DEFINITION AND TYPE OF PERSONAL DATA PROCESSED
To allow you to use the Website and its services, the Data Controller needs to know and process some of your personal data.
By personal data, we mean information concerning an identified or identifiable individual, such as, for example, name, contact details, IP addresses.
To respond to any requests for information by means of the contact form, we will have to process the following personal data: name, surname, telephone number, email address.
To subscribe to the newsletter and be constantly informed about the initiatives of Funicolare Monte San Salvatore SA and receive discounts and promotions, you will have to provide us with your email. As far as the simple navigation of the Website is concerned, the types of data processed and the related specific information for “cookies” are specified below.
Navigation data
The computer systems and software procedures used to operate the Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected in order to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or domain names of the computers used by users connecting to the Website, the addresses in the URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the operating system and the user’s computer environment. These data are used by the Data Controller for the sole purpose of obtaining anonymous statistical information on the use of the Website and to check its correct functioning. The data could also be used to verify responsibility in case of hypothetical computer crimes against the Data Controller. Without prejudice to this possibility, data on contacts to the Website are not kept for more than seven days.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of reports to the addresses indicated on the Website entails the subsequent acquisition of the sender’s address, which is necessary to respond to requests, as well as any other personal data, such as the email address, and the address of the location of the decoder.
Cookie Policy
The following are the types of cookies used by this Website, to understand how personal data will be processed by means of this kind of technology.
Technical cookies
This Website uses so-called “technical cookies”, which are small text files containing a certain amount of information exchanged between the Website and your terminal (or rather your terminal’s browser), which allow for the correct operation and use of the same. However, cookies are not used to transmit information of a personal nature, nor are c.d. persistent cookies of any kind used.
– Browsing data, Data provided voluntarily by the user, Cookie Policy, Technical cookies
Analytical cookies
This Website uses so-called “analytical cookies” that are realised and made available by third parties, or rather, Google Analytics. This is done by mere internal statistical analysis of access, to improve the Website and simplify its use, as well as to monitor its correct functioning. The Data Controller has in any case adopted the most suitable tools to reduce the power of identification of this type of cookie to the maximum. Google Analytics publishes its cookie policy here.
Profiling cookies
This site does not use so-called “profiling cookies”, as the Data Controller does not intend to create profiles related to the user in order to send advertising messages in line with the preferences expressed by the same, as far as navigation on the Internet is concerned.
Third-party cookies
Third parties can also install cookies on your device. We do not control the use of third-party cookies and, therefore, we are not responsible for their use. Third parties have their own privacy information and data collection methods. The privcy policies are available at the following links:
- hotjar – https://www.hotjar.com/legal/policies/terms-of-service
- facebook – https://www.facebook.com/legal/FB_Work_Privacy
- google analytics – https://www.google.com/analytics/terms/us.html
– Analytical cookies
Options regarding the use of cookies by the site via browser settings
The provision of all cookies can be deactived by adjusting the settings of your browser. It should be noted, however, that intervening in these settings could make the Website unusable in the event that cookies, which are indispensable for the provision of our services, are blocked. Each browser has different settings for deactivating cookies. Links to instructions for the most common browsers can be found here: Apple Safari, Google Chrome, Microsoft Internet Explorer, Mozilla Firefox, Opera.
3. PURPOSE OF THE TREATMENT OF DATA AND LEGAL BASIS
The personal data of which the Data Controller is in possession are exclusively those provided during navigation and/or during the forwarding of any requests for information.
Therefore, personal data will be processed to:
A) Allow the Website to be used;
B) Satisfy the requests received through the contact form, also allowing us to contact you at the e-mail address that was communicated to us;
C) Send useful information, news, discounts and promotions via the newsletter.
In consideration of the choice to use the services provided by the Website, the legal basis on which the processing of personal data is based may be:
– express consent, accepting the Cookie Policy and continuing to browse the Website;
– express consent, by subscribing to the Newsletter and accepting this Privacy Policy;
– the need to fulfill a legal obligation, if this is deemed necessary, and to communicate your personal data if we are asked to do so by the competent authorities;
– the legitimate interest in processing personal data to offer the best service; to allow us to respond where a request is submitted; to prevent fraud; to keep the Website, our services and the IT system secure; to ensure that our processes, procedures and systems are always kept efficient.
Personal data may be processed either by means of IT tools or paper documents.
To unsubscribe from the newsletter, simply click on the unsubscribe link that you can find in each communication received.
4. PERIOD OF CONSERVATION OF PERSONAL DATA
The Data Controller intends to keep personal data for a period of time no longer than it is necessary to achieve the purposes for which it was collected and processed.
The data and contact data on the Website will not be kept for more than seven days, unless these are necessary to verify responsibility in case of hypothetical computer crimes against the Data Controller. Data relating to requests sent that contain personal data are deleted after 6 months from receipt.
As far as any additional personal data are concerned, since the Data Controller cannot accurately determine the period of conservation, from now on the Data Controller undertakes to inspire the processing of personal data in accordance with the principles of adequacy, relevance and minimization of data, as required by the European Regulation, and constantly checking the need for their conservation. Therefore, once the purposes for which they were collected and processed are fulfilled, they will be removed from the systems or made completely anonymous.
5. CATEGORIES OF PERSONS ADDRESSED TO DATA
Processed data will not be disclosed to third parties. They can, however, acquire the data, in relation to the aforementioned purposes of treatment:
• individuals that can access data in accordance with the provisions of the law that are provided for by Swiss law and/or European Union law;
• our employees, provided that they are assigned Data Manager or individuals acting under the authority of the Data Controller;
• data controllers who are a part of our business group, exclusively for internal administrative purposes;
• individuals that perform, in Switzerland or within the borders of the European Union, in complete autonomy, as separate Data Controllers, or as Data Processors appointed for this purpose by the Data Controller, purposes auxiliary to the activities and services referred to in paragraph 3 ., including companies that offer advertising, marketing and communication services, IT and information technology services, the design and creation of websites, companies that offer services which are useful for analysing and developing data and developing and conducting market research.
Any communication of personal data will take place in full compliance with the provisions of the law, which are provided for by the Federal Act on Data Protection and/or by the European Regulations, respectively with the technical and organisational measures prepared by the Data Controller, in order to ensure an adequate level of security.
6. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
Third parties, including abroad, may become aware of the data by virtue of paragraph 5.
If the recipient is located in a country that does not have adequate legal data protection, we require the recipient to undertake to comply with the applicable data protection legislation, unless the recipient is already subject to a legally accepted set of rules aimed at ensuring data protection or we can invoke an exception. An exception applies, for example, in the case of legal proceedings abroad, in the case of an overriding public interest or when the performance of a contract requires the disclosure of data, as well as if you have consented to the transfer of the data or if the data have been generally made available directly by you and you have not objected to the processing.
Please note that data exchanged via the Internet often pass through third countries. Your data may therefore be sent abroad even if the sender and recipient are in the same country.
7. POSSIBLE AUTOMATED DECISION-MAKING PROCESSES
The Data Controller does not use automated decision-making processes, including the aforementioned profiling referred to in Article 5 litt. f FDPA and in Article 22, paragraphs 1 and 4, of the European Regulation. Therefore, the Data Controller deems it does not have to provide information on the type of logic used, or even the importance and the consequences for the person concerned regarding this type of treatment.
8. RIGHTS OF THE INTERESTED PARTY
In relation to the processing of your personal data, in accordance with the FDPA and the European Regulation, the interested party has the right to:
- withdraw consent to processing at any time. It should be noted, however, that the withdrawal of consent does not affect the lawfulness of the treatment based on consent before revocation;
- ask the Data Controller to access personal data;
- obtain the correction and integration of personal data that is deemed inaccurate from the Data Controller, providing a simple supplementary statement;
- obtain the cancellation of personal data from the Data Controller;
- obtain the limitation of the processing of personal data from the Data Controller if one of the hypotheses provided for by art. 18 of the European Regulations occurs;
- require from the Data Controller that the personal data concerning him/her be transmitted in a commonly used electronic format, or that he/she transfer them to another Data Manager
- oppose at any time to the profiling of personal data;
- not be subjected to decisions based solely on automated processing, including profiling, that produce legal consequences that affect you, if you previously did not give explicit consent to. By way of example and by no means exhaustive, this category includes any form of automated processing of personal data aimed at analysing or predicting aspects concerning consumption and purchase choices, one’s economic situation, interests, reliability and behaviour;
- if you consider the treatment of data that concern you to be in violation of the Federal Act on Data Protection and/or the European Regulation file a complaint to a supervisory authority. In Switzerland at the FDPIC (Federal Data Protection and Information Commissioner) and in the European Union at the Data Protection Authority of the country of residence.
To exercise each of your rights, you can contact the Data Controller, as a legal representative, addressing a communication at the registered office in Via delle scuole 7 / CP 442 CH-6902 Lugano-Paradiso, or by sending an email to info@montesansalvatore.ch, providing the following data:
- Name, surname and postal address
- Details of the request
- Photocopy of a valid identity document
9. CONSENT OF MINORS IN RELATION TO THE SERVICES OF THE INFORMATION SOCIETY
To be able to use the services provided through the Website it is necessary to be at least sixteen years of age: consent to the processing of personal data of those who are under 16 years of age is permissible provided that it is exercised by those who exercise parental responsibility.
Original official text (this is a translation): Italian version (link)