1. DATA CONTROLLER
2. PROCESSING PURPOSES AND METHODS
3. NATURE OF DATA CONFERRAL AND CONSEQUENCES OF A REFUSAL
4. DATA PROCESSING LOCATION
5. TYPES OF DATA PROCESSED/SPECIFIC PROCESSING
6. DATA CONSERVATION PERIOD
7. RECIPIENTS/CATEGORIES OF RECIPIENTS OF PERSONAL DATA
8. RIGHTS OF THE DATA SUBJECT
9. RIGHT TO OBJECT AND REVOKE
10. CHILDREN’S PERSONAL DATA PROTECTION
11. SECURITY AND CONFIDENTIALITY OF PERSONAL DATA
12. UPDATES OF THIS STATEMENT/NOTICES
1. DATA CONTROLLER HERO
SOCIETA' SPORTIVA DILETTANTISTICA A RESPONSABILITA' LIMITATA, STR. MEISULES 144 , 39048, SELVA DI VAL GARDENA (BZ), firstname.lastname@example.org , C.F. 94106770210, P.IVA 02683860213 is the Data Controller (as defined in Reg. (EU) 2016/679) of the data collected. For any comment or query on this Data Protection Statement and to talk to the local reference contact, you may contact the Company’s customer service at the following e–mail address email@example.com; Tel. +39 0471 773033; Fax +39 0471 773035.
The Joint Controller is Dolomiti Adventures S.r.l., in person of the legal representative, with registered office in 39048 Selva di Val Gardena (BZ), P. IVA/C.F. and registration number in the Register of Companies of 02365190210, email: firstname.lastname@example.org. Dolomiti Adventures also operates the e-commerce platform of the Hero Mall https://www.theheromall.com/it/privacy.
2. PROCESSING PURPOSES AND METHODS
After accessing this website and using one or more services, information related to identified or identifiable natural persons may be processed. Any personal data collected, always in compliance with applicable regulations, will be processed solely for the following purposes: a) purposes strictly connected and instrumental to allowing access to and use of the website, its features, the services requested and the services rendered by the Company; b) to comply with the requirements of the law and European regulations; c) for the Company’s internal operating and administration requirements and related to the services and/or products offered; d) when expressly requested, to implement the newsletter service; In the event of explicit and freely given consent, the data collected for the purposes indicated in point a) above will be also be processed for direct marketing purposes by the Controller and in particular for sending information, commercial or advertising material related to the services and/or products offered by the Company also by means of electronic mail, text messages, fax and other instant messaging instruments also functioning on third party platforms. The data will be processed fairly and lawfully and used solely for the purposes indicated in the paragraphs above. Processing will take place by means of appropriate instruments to guarantee the security and confidentiality of the personal data which may be handled using paper-based instruments and/or automated means or computer systems suitable for recording, managing and transmitting data.
3. NATURE OF THE DATA CONFERRAL AND CONSEQUENCES OF A REFUSAL
The conferral of personal data is mandatory solely for the purposes indicated in Article 2, para. a) , to allow use of the website and related services and requested by the user, if necessary subject to a statement for each additional service as established by the law. Your refusal will lead to your being unable to benefit from such services. However, it will still be possible to access the website without providing any personal information but some features will not be available and some services cannot be provided. The conferral of data and consent granted for processing for the purposes indicated in Article 2, para. d), are optional. However, lack of explicit consent will mean that such services cannot be provided but there are no further consequences. If you do not intend to supply us with your consent for such purposes, you can still use the site and services for the purposes indicated in Article 2, para a). In other words, the consequences of a refusal to reply or to grant your consent are always explicit and are connected with each service provided. For example, a refusal of the related processing can prevent you from accessing the site with all its features (in the case of cookies), the receipt of our newsletter (with regard to the newsletter service) or the receipt of advertising material (with reference to Article 2, para. d). Therefore, the user will be informed by appropriate means when an actual case occurs, but in any event he/she will be able to access the website even in the event of refusal to give consent to the processing of personal data, when requested: in this case some of the features and characteristics of the site may be disabled.
4. DATA PROCESSING LOCATION
Processing connected to the web services related to this site are performed at the registered office of the Company in STR. MEISULES 144 , 39048, SELVA DI VAL GARDENA (BZ), save for explicit exceptions and are handled only by the Company’s technical personnel specifically appointed for the processing. The site’s hosting service is provided by Mediatria located in Milan, who warrant to the Controller, in accordance with their remit, full compliance with the applicable laws in the matter of processing personal data.
5. TYPES OF DATA PROCESSED/SPECIFIC PROCESSING
Depending on the service provided, different types of personal data may be processed as specified in this article.
5.1. Navigation data
The information systems and software procedures used for the functioning of this site collect, during their normal exercise, some personal data whose transmission is implicit in the navigation of websites. This information is not collected to be associated with identified interests. However, by their very nature they could, through processing and association with data held by third parties, lead to the identification of the users. These include the IP addresses or the domain names of the computers used by the users accessing the site, the URL addresses of the resources requested, time of the request, method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the reply from the server and other parameters related to the operating system and the platform used by the user. The information referred to above is used for the sole purpose of acquiring anonymous statistical data on the use of the site and to verify its correct functioning; these data are cancelled immediately after elaboration. The data may be used for ascertaining responsibility in the event of potential computer crimes to the detriment of the site: apart from this possibility, at the current time data on web contacts do not persist for more than seven days. Retention of access logs, maintained directly on servers that register users' IPs, are kept for 12 months. As far as cookies are concerned, reference should be made to paragraph 5.4. below.
5.2.1. Data provided voluntarily by the user (communications)
Optional, explicit and voluntary communications by means of contact forms available on this site or by electronic mail to the addresses indicated on this site, will lead to the subsequent collection of the data forwarded by the sender, including his/her e-mail address and consent to receiving further messages in answer to his/her requests. The personal data thus supplied can be used only for the purpose of fulfilling or acknowledging requests transmitted and are communicated to third parties only when necessary for such purpose. Specific statements prepared for special services on request will be listed in the related web pages.
5.2.2. Data provided voluntarily by the user (in order to receive communications related to marketing and/or commercial promoting)
Each person interested may provide his/her personal data voluntarily to the Hero Società Sportiva Dilettantistica S.r.l. in order to receive trade communications or promotions however they may be called either by digital or paper notices. Only in the case where electronic mail details are provided by the interested party in the context of sale of a product or a service, the e-mail address thus supplied may be used for the direct sale of other similar products or services pursuant to EU Regulation 2016/679 (GDPR) and Legislative Decree 196/2003 (Italian Personal Data Protection Act, the so-called “Privacy Code”), without the need for prior express consent. However, in each communication the data subject will be reminded that he can withdraw his consent at any time and without any formalities. The data will be erased at the request of the data subject.
5.2.3 DATA Collection HERO Race App
User data is collected anonimously. The data collected are related to app usage, device identifiers and crash report data that cannot be traced back to a specific user. Geographic data are used to position the user on Google (for Android) or Apple (iOS) maps, but are not stored or used directly by the app.
The Company’s newsletter is sent by e-mail to whoever explicitly requests it by compiling the specific form found on this website, thus authorizing the Company to process his/her personal data for the above purpose.
Consent: conferral of data requested for such purpose (e-mail and, possibly, the selection of pre-established categories of areas of interest) is mandatory only for receiving the newsletter: a refusal to provide the data will result in your being unable to benefit from the newsletter service, but there are no other consequences.
Purposes: personal information provided by users are utilised only for the purpose of sending the newsletter and will not be disclosed to third parties.
Methods: the data collected are processed by IT instruments. Appropriate security measures are adopted to prevent any data loss, unlawful or improper use and unauthorized access.
Cancellation of the service: if you no longer wish to receive the newsletter, all you have to do is to click on the cancellation link to be found at the end of each e-mail or send a request to the e-mail address. Cancellation is handled by automated means, and you could receive other newsletters the mailing of which had been planned prior to receipt of your request for cancellation, in any case within a period of maximum 72 hours.
What are they? Cookies are information recorded by the browser when you visit a website with any appropriate device (such as a pc, tablet or smartphone). Each cookie contains several data (e.g., the name of the server it comes from, numerical identification, etc.), it may remain in the system for the length of a session (until the browser is closed) or for longer periods and may contain a unique user ID.
What are they used for? Cookies are used for different purposes according to their type. Some are strictly necessary for the proper functioning of a website (technical cookies), while others enhance the services rendered in order to offer users a better experience or allow the collection of statistics on the use of the site, such as analytic cookies or the viewing of personalized advertising, such as profiling cookies.
Consent? Consent granted by the user is recorded by the Company, within its remit, through a technical cookie for 12 months. The user is informed either by means of a short statement (a banner visible until consent is either provided or refused as explained in paragraph 5.4.4. “How can I disable cookies?”) or by this extended information . Moreover links to the privacy policies of third parties are indicated in paragraph 5.4.3., also for the purpose of disabling them (when directly available).
How can I disable them? You can disable cookies by using your browser settings (see para 5.4.4. “How can I disable cookies?”) or the mechanisms made available by some third parties (para. 5.4.3. “Cookies used on the site”).
5.4.2. General types of cookies used on the site
Technical Cookies (first party): they are essential for proper website functioning and viewing and for recording storing the user’s consent to use the cookies.
Technical Cookies (third party): they are essential for proper website functioning and viewing and any photos contained therein, to indicate authentication by the user, to ascertain whether or not the customer’s browser accepts the cookies and for use of the site by the administrator, by means of a third party service.
Analytic Cookies (third party): they are used for the purpose of an aggregate analysis of visits to the site, by using the services of a third party.
Profiling Cookie (third party): they are used to create user profiles and for the purpose of sending advertising messages in line with the preferences shown during web navigation, by means of third party services.
5.4.3. Cookies used on the site
First Party Cookies: only technical cookies are used for proper website functioning and viewing for the purpose of recording user consent to use the cookies (duration: 12 months).
Technical Cookies: The website www.herodolomites.com uses a technical cookie to detect the navigation language and third party cookies to analyse user navigation.
Profiling Cookies: For cookies consequent to sharing via the social network, reference should be made to each of them (because the cookies are related to them)
5.4.4. How can I disable cookies?
Monitoring by browser: the most widely used browsers (e.g.. Internet Explorer, Firefox, Chrome, Safari) accept cookies for predefined settings, but these settings can be modified by the user at any time. This is valid both for PC’s and mobile devices such as tablets and smartphones:it is a function generally and widely supported. Therefore cookies can easily be deactivated or disabled by accessing the options or preferences on the browser used and usually third party cookies can also be blocked. In general, these options will only be effective for that particular browser and on that particular device, unless there are options available uniting preferences on several devices. Specific instructions can be found on the options or help page of the browser itself. However, disabling technical cookies may impact the full and/or proper functioning of several sites, including this site. Usually, browsers these days: - offer the “Do not track” option, which is supported by some websites (but not all of them). In this way, some websites may not collect certain navigation data; - offer the anonymous or incognito mode option: in this way data will not be collected by the browser or saved in the navigation chronology but the navigation data will nevertheless be available for collection by the manager of the website visited; - allow you to eliminate cookies recorded fully or in part but when you visit a site again, they will usually be reinstalled unless such possibility has been blocked. Links to the help pages of the major and most widely-used browsers are indicated below (with instructions for disabling cookies on such browsers):
Chrome: (https://support.google.com/chrome/answer/95647?hl=en) Opera:(https://www.opera.com/help/tutorials/security/privacy/)
Third-party Cookies: third-party cookies can be disabled either with the modalities described above or by referring to each third party (following the links indicated in the above paragraph.
On line Instruments: please note tht from the site https://www.youronlinechoices.com/it/ is is possible not only to collect further information, but also to verify the installation of numerous cookies on your browser and, if supported, also disable them.
6. CONSERVATION PERIOD
Data conferred are kept for the length of time provided for by legislation and, in any case, for the time strictly necessary to implement the activities for which the data has been collected and/or until withdrawal of the consent given for the purposes contained in Article 2. However, personal data collected will not be kept for more than twenty-four months for marketing purposes as set out in Article 2, paragraph d) (save for any amendments and/or addenda to such reference legislation in terms of personal data protection which will be expressly notified to you).
7. CATEGORIES OF PERSONAL DATA RECIPIENTS
For the purposes set out in Article 2, if only prior consent is required, the data can be disclosed to third parties whose cooperation may and/or needs be used by the Company for performing the services offered. The data collected on the web or, in any case, generated by web services, can be disclosed to technological and instrumental partners used by the Controller for rendering the services requested by users/visitors and always in compliance with the purposes indicated in Article 2. Moreover, data collected for the above purposes can be disclosed to related companies or those belonging to the same Group as the Controller and to parties authorized for such purpose by provisions of law and European regulations. A list of the parties to whom the Controller discloses personal data collected for the purposes indicated above is available for data subjects care of the Controller and can be obtained on written request sent to the latter.
HERO Dolomites informs all users that data related to travelling arrangements, accessible on the platform, will fall under the purview of the data controller Raetia Tours di Werner Mahlknecht & Co. S.n.c., with registered offices in Via Rezia 123 Ortisei (BZ).
To this end, HERO Dolomites informs users that data inserted for the purpose of booking journeys will not be processed by HERO Dolomites but will be fully managed by Raetia Tours. Users can contact the controller to exercise their rights: email@example.com; Tel. +39 0471798500, fax +39 0471 798501, www.raetiatours.com.
We inform you that requests related to data processing relating to travel bookings will not be managed by HERO Dolomites. We ask you to forward queries to Raetia Tours di Werner Mahlknecht & Co. S.n.c.
8. RIGHTS OF THE DATA SUBJECT
The data subject is the natural person, identified or identifiable, to whom the personal data processed refers. We wish to inform you that, in your capacity as data subject, you have the right to access at any time the data processed by the Controller (right of access) in order to ascertain the correctness and verify the lawfulness of the processing carried out. Moreover, you may exercise all the rights granted by the applicable national and European regulations (by Legislative Decree 196/2003 and Reg. EU n. 2016/679 and subsequent amendments and addenda): in particular, you may request at any time the correction and updating of inexact or erroneous data, limitation of the processing carried out and the erasure of such data (right to be forgotten), as well as lodge a complaint with the Data Protection Commissioner. Regarding personal data processed by automated means, you have the right to receive in a structured and commonly used format , the personal data concerning you and to transmit them, if so wished, to another controller (right to data portability). To allow the Company to operate in the best interests of the user, the latter is requested to regularly verify and update your personal data. If you are a registered user, you can access your personal data and amend them but using the user account setting on the Website. Otherwise you can contact the Company (email: firstname.lastname@example.org; Tel. +39 0471 773033; Fax +39 0471 773035, Str. Meisules 144, 39048, Selva di Val Gardena (BZ) to receive help to update your personal data. Any request concerning the processing of personal data and any communication related to your rights may be addressed to the Controller by using the specific “Contacts” form on the site or by sending a message by e-mail: email@example.com or by post to Hero Società Sportiva Dilettantistica S.r.l., Str. Meisules 144, 39048, Selva di Val Gardena (BZ)
9. RIGHT TO OBJECT AND REVOKE
In addition, each data subject has the right to withdraw his consent at any time, without affecting the lawfulness of processing performed by the Controller prior to withdrawal. The data subject always has the right to object to the processing of the data concerning him/her if it is performed for the purpose of direct marketing as indicated in Article 2, paragraph d). In this case, your personal data will no longer be subject to processing for such purposes (right to object).
10. PROTECTION OF CHILDREN’S PERSONAL DATA
This website addresses a general public but its services are intended for persons of 18 years and over. The Company does not request, collect, utilize and disclose personal data provided by persons under the age of 18. If the Company becomes aware that it has personally collected data concerning a minor, it will erase them. If the user is not of the required age, he/she is kindly requested not to register and to ask an adult (i.e. his/her parents or guardian) to undertake the necessary procedures. It should be noted that pursuant to Article 8 of the European Regulation, where Article 6, paragraph 1, letter a) applies regarding the direct offer of information services to minors, the processing of the minor’s personal data is lawful if the minor is at least 16 years old.
11. SECURITY AND CONFIDENTIALITY OF PERSONAL DATA
The Company has taken appropriate steps to protect the user’s personal data from accidental loss and unauthorized access, utilization, amendment and disclosure. The management of this Website uses password controls, firewall technology and other technological safety measures based on procedures. Although the Company has put the above security measures into place for its Website, the user should be aware that it is impossible to guarantee 100% security. Therefore, the user provides his/her personal data at his/her own risk and, to the maximum extent allowed by applicable law, the Company cannot be held responsible for their disclosure due to errors, omissions or unauthorized actions of third parties during or after their transmission to the latter. The Company advises the user to periodically update the software to protect transmission of data on the networks (for example, antivirus software) and to ensure that the supplier of the electronic communication services has adopted appropriate means for the security of data transmission on the networks ( for example, firewalls and spam filters); maintain the confidentiality of user name and password to access the user account and not communicate them to anybody as well as periodically changing the password. In the unlikely event that the Company is of the opinion that the security of the user’s personal data in its possession or under its control has been or could have been compromised, the Company will inform the user in accordance with the procedures envisaged by applicable law, using the methods required by law (by supplying the Company with his/her e-mail address, the user agrees to receive such communications in electronic format through such e-mail address).
12. UPDATES OF THIS DATA PROTECTION STATEMENT - NOTICES
The Company, at its own discretion, reserves the right to change, amend, add or remove parts of this Data Protection Statement at any time by publishing the revised version on this page of the Website and changing the date of the “Last Amendment” indicated below. It is the user’s responsibility to re-read the Data Protection Statement from time to time in order to discover any changes made. In some cases, the Company may provide further notices concerning major changes to this Data Protection Statement by publishing a notice on the first page of this Website or, in the case of registered users, by sending an e-mail notice or by inserting a notice on their account page. Accepting such revised Data Protection Statement by clicking on the “accept” button found in the e-mail notice or in the notice published on the account page (where this is envisaged to comply with applicable regulations), by using or sending information to the Website after publication of the revised Data Protection Statement, the user accepts such revised Data Protection Statement. After the amendments made if envisaged by applicable regulations, user data will not be subject to processing without the explicit consent of the user.