Information in accordance with art. 13 of the Regulation (EU) 2016/679 of the European Parliament and of the Council
Funicolare Monte San Salvatore SA wishes to inform you that, in accordance with art. 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council concerning the protection of individuals with regard to the processing of personal data (hereinafter “European Regulation”), you must proceed with the treatment of your personal data that are collected automatically or provided by you through the navigation or use of the website montesansalvatore.ch (hereinafter referred to as “Website”).
1. DATA CONTROLLER
The Data Controller is Funicolare Monte San Salvatore SA, as a legal representative, domiciled at the registered office of Via delle scuole 7 / CP 442
CH-6902 Lugano-Paradiso (hereinafter “Data Controller”).
2. DEFINITION AND TYPE OF PERSONAL DATA PROCESSED
To allow you to use the Website and its services, the Data Controller needs to know and process some of your personal data.
By personal data, we mean information concerning an identified or identifiable individual, such as, for example, name, contact details, IP addresses.
To respond to any requests for information by means of the contact form, we will have to process the following personal data: name, surname, telephone number, email address.
To subscribe to the newsletter and be constantly informed about the initiatives of Funicolare Monte San Salvatore SA and receive discounts and promotions, you will have to provide us with your email. As far as the simple navigation of the Website is concerned, the types of data processed and the related specific information for “cookies” are specified below.
The computer systems and software procedures used to operate the Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected in order to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or domain names of the computers used by users connecting to the Website, the addresses in the URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the operating system and the user’s computer environment.
These data are used by the Data Controller for the sole purpose of obtaining anonymous statistical information on the use of the Website and to check its correct functioning. The data could also be used to verify responsibility in case of hypothetical computer crimes against the Data Controller. Without prejudice to this possibility, data on contacts to the Website are not kept for more than seven days.
Data provided voluntarily by the user
The optional, explicit and voluntary sending of reports to the addresses indicated on the Website entails the subsequent acquisition of the sender’s address, which is necessary to respond to requests, as well as any other personal data, such as the email address, and the address of the lcoation of the decoder.
The following are the types of cookies used by this Website, to understand how personal data will be processed by means of this kind of technology.
This Website uses so-called “technical cookies”, which are small text files containing a certain amount of information exchanged between the Website and your terminal (or rather your terminal’s browser), which allow for the correct operation and use of the same. However, cookies are not used to transmit information of a personal nature, nor are c.d. persistent cookies of any kind used.
This site does not use so-called “profiling cookies”, as the Data Controller does not intend to create profiles related to the user in order to send advertising messages in line with the preferences expressed by the same, as far as navigation on the Internet is concerned.
Third parties can also install cookies on your device. We do not control the use of third-party cookies and, therefore, we are not responsible for their use. Third parties have their own privacy information and data collection methods. The privcy policies are available at the following links:
- hotjar – https://www.hotjar.com/legal/policies/terms-of-service
- facebook – https://www.facebook.com/legal/FB_Work_Privacy
- google analytics – https://www.google.com/analytics/terms/us.html
– Analytical cookies
The provision of all cookies can be deactived by adjusting the settings of your browser. It should be noted, however, that intervening in these settings could make the Website unusable in the event that cookies, which are indispensable for the provision of our services, are blocked. Each browser has different settings for deactivating cookies. Links to instructions for the most common browsers can be found here: Apple Safari, Google Chrome, Microsoft Internet Explorer, Mozilla Firefox, Opera.
3. PURPOSE OF THE TREATMENT OF DATA AND LEGAL BASIS
The personal data of which the Data Controller is in possession are exclusively those provided during navigation and/or during the forwarding of any requests for information.
Therefore, personal data will be processed to:
A) Allow the Website to be used;
B) Satisfy the requests received through the contact form, also allowing us to contact you at the e-mail address that was communicated to us;
C) Send useful information, news, discounts and promotions via the newsletter.
In consideration of the choice to use the services provided by the Website, the legal basis on which the processing of personal data is based may be:
– the need to fulfill a legal obligation, if this is deemed necessary, and to communicate your personal data if we are asked to do so by the competent authorities;
– the legitimate interest in processing personal data to offer the best service; to allow us to respond where a request is submitted; to prevent fraud; to keep the Website, our services and the IT system secure; to ensure that our processes, procedures and systems are always kept efficient.
Personal data may be processed either by means of IT tools or paper documents.
To unsubscribe from the newsletter, simply click on the unsubscribe link that you can find in each communication received.
4. PERIOD OF CONSERVATION OF PERSONAL DATA
The Data Controller intends to keep personal data for a period of time no longer than it is necessary to achieve the purposes for which it was collected and processed.
The data and contact data on the Website will not be kept for more than seven days, unless these are necessary to verify responsibility in case of hypothetical computer crimes against the Data Controller. Data relating to requests sent that contain personal data are deleted after 6 months from receipt.
As far as any additional personal data are concerned, since the Data Controller cannot accurately determine the period of conservation, from now on the Data Controller undertakes to inspire the processing of personal data in accordance with the principles of adequacy, relevance and minimization of data, as required by the European Regulation, and constantly checking the need for their conservation. Therefore, once the purposes for which they were collected and processed are fulfilled, they will be removed from the systems or made completely anonymous.
5. CATEGORIES OF PERSONS ADDRESSED TO DATA
Processed data will not be disclosed to third parties. They can, however, acquire the data, in relation to the aforementioned purposes of treatment:
• individuals that can access data in accordance with the provisions of the law that are provided for by European Union law, or by that of the Member State to which the Data Controller is subjected;
• our employees, provided that they are assigned System Administrators or individuals acting under the authority of the Data Controller or the Data Manager, in accordance with European Regulations;
• data controllers who are a part of our business group, exclusively for internal administrative purposes;
• individuals that perform, within the borders of the European Union, in complete autonomy, as separate Data Controllers, or as Data Processors appointed for this purpose by the Data Controller, purposes auxiliary to the activities and services referred to in paragraph 3 ., including companies that offer advertising, marketing and communication services, IT and information technology services, the design and creation of websites, companies that offer services which are useful for analysing and developing data and developing and conducting market research.
Any communication of personal data will take place in full compliance with the provisions of the law, which are provided for by the European Regulations and the technical and organisational measures prepared by the Data Controller, in order to ensure an adequate level of security.
6. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
Il Titolare del trattamento potrebbe trasferire i dati verso Paesi Terzi. L’eventuale trasferimento sarà sempre soggetto a garanzie adeguate, in quanto il Paese di destinazione ha ottenuto una decisione di adeguatezza della Commissione ai sensi dell’articolo 45 del Regolamento Europeo, oppure sono state adottate le clausole contrattuali standard previste dall’articolo 46, comma 2, lett. c) del Regolamento Europeo.
7. POSSIBLE AUTOMATED DECISION-MAKING PROCESSES
The Data Controller does not use automated decision-making processes, including the aforementioned profiling referred to in Article 22, paragraphs 1 and 4, of the European Regulation. Therefore, the Data Controller deems it does not have to provide information on the type of logic used, or even the importance and the consequences for the person concerned regarding this type of treatment.
8. RIGHTS OF THE INTERESTED PARTY
In relation to the processing of your personal data, in accordance with the European Regulation, the interested party has the right to:
• withdraw consent to processing at any time. It should be noted, however, that the withdrawal of consent does not affect the lawfulness of the treatment based on consent before revocation, as provided for by art. 7, paragraph 3, of the European Regulation;
• ask the Data Controller to access personal data, as provided for by art. 15 of the European Regulations;
• obtain the correction and integration of personal data that is deemed inaccurate from the Data Controller, providing a simple supplementary statement, as provided for by art. 16 of the European Regulations;
• obtain the cancellation of personal data from the Data Controller if at least one of the reasons provided for by art. 17 of the European Regulations subsists;
• obtain the limitation of the processing of personal data from the Data Controller if one of the hypotheses provided for by art. 18 of the European Regulations occurs;
• receive personal data concerning you in a structured format from the Data Controller, commonly used and readable by automatic devices, as well as the right to transmit such data to another data controller without impediments, as provided for by art. 20 of the European Regulations;
• oppose at any time, for reasons connected to your particular situation, to the processing of personal data carried out in accordance with art. 6, paragraph 1, letters e) or f), including profiling on the basis of these provisions, as provided for by art. 21 of the European Regulation;
• not be subjected to decisions based solely on automated processing, including profiling, that produce legal consequences that affect you, if you previously did not give explicit consent to, as required by art. 22 of the European Regulation. By way of example and by no means exhaustive, this category includes any form of automated processing of personal data aimed at analysing or predicting aspects concerning consumption and purchase choices, one’s economic situation, interests, reliability and behaviour;
• file a complaint to a supervisory authority, if you consider the treatment of data that concern you to be in violation of the European Regulation. The complaint may be lodged in the Member State in which you reside or work, or in the place where the alleged violation occurred, as provided for by art. 77 of the European Regulation.
To exercise each of your rights, you can contact the Data Controller, as a legal representative, addressing a communication at the registered office in Via delle scuole 7 / CP 442 CH-6902 Lugano-Paradiso, or by sending an email to firstname.lastname@example.org, providing the following data:
• Name, surname and postal address
• Details of the request
• Photocopy of a valid identity document.
9. CONSENT OF MINORS IN RELATION TO THE SERVICES OF THE INFORMATION SOCIETY
To be able to use the services provided through the Website it is necessary to be at least sixteen years of age: consent to the processing of personal data of those who are under 16 years of age is permissible provided that it is exercised by those who exercise parental responsibility.