INFORMATION NOTICE REGARDING PERSONAL DATA PROCESSING
pursuant to Art. 13 of Regulation (EU) No. 2016/67
WHY WE ARE GIVING YOU THIS INFORMAITON
Pursuant to Regulation (EU) No. 2016/679 (herein after “Regulation”), this page describes how the personal data of the users visiting the website web www.mav.it are processed.
The following information does not apply to other websites, online pages or services that can be reached via any hypertextual links published in the afore named website.
DATA CONTROLLER
As a result of visiting the website, data regarding identifiable or identified individuals may be processed.
The Data Controller is MAV spa, with main office at Altopiano della Vigolana (Trento, Italy) – Frazione Bosentino, Via Venezia No. 12, postal code 38049.
Should you need to contact us, please send an e-mail to [email protected].
TYPES OF DATA PROCESSED, PROCESSING PURPOSES AND RELATING LEGAL BASIS
| TYPES OF DATA PROCESSED | PURPOSE OF PROCESSING | LEGAL BASIS OF PROCESSING |
| Navigation data (language settings, IP address, device settings, operating system for mobile devices, login information, use time, URL request, status information, user agent (browser version information), operating system, ID of user booking and types of data displayed. The website may also collect the data automatically, using cookies (see Cookie Policy). | Navigation control inside the website and technical management of the services provided, as well as allowing for analysis, checking numbers of visitors and ensuring security and excellent functioning of the website and of the navigation/services to users. | The legal basis of processing consists in the legitimate interests pursued by the data controller to ensure security and the best operation of the website, as well as to protect its rights. |
| Identification and contact data voluntarily provided by the data subject when using the services offered by the website, third party data provided by the data subject under his/her responsibility functional to booking, data regarding any payment methods provided by the data subject for booking the services. | Reply to any requests for information from the data subjects and/or supply the services they request, and especially the handling of the travel/tourist service package, the booking of services, etc.. | The legal basis for processing is the execution of measures put in place at the request of the data subject, the performance of a contract the data subject is a party to, or pre-contractual measures adopted at the data subject’s request. |
| Identification and contact data voluntarily provided by the data subject while using the services offered by the website. | Sending the data subject, via the contact data provided in the website, notifications regarding initiatives, services offered by the Data Controller as well as sending newsletters via e-mail following the data subject’s registration with the service and only after the expression of specific consent that will be requested during registration with the service. | The legal basis for processing is the data subject’s consent as well as the Data Controller’s legitimate interests (see Recital 47 of EU Reg. 679/2016) in publicising and developing its business, provided that the interests or rights and freedom of the data subject are not overriding, taking into consideration the reasonable expectations of the data subjects based on their relationship with the data controller. |
| Identification and contact data voluntarily provided by the data subject while using the services offered by the website, data of third parties provided by the data subject under his/her own responsibility functional to booking, data regarding any payment methods provided by the data subject for booking the services. | Compliance with obligations deriving from laws, regulations, Community legislation. | The legal basis for processing is compliance with a legal obligation to which the Data Controller is subject. |
COOKIES AND OTHER TRACKING SYSTEMS
As regards the use of cookies, go to the specific Cookie Policy published on the website.
PERSONAL DATA RECIPIENTS
The data subject’s personal data will be accessed by and therefore made known only to subjects authorized by the Data Controller, and limited to the data necessary for carrying out their tasks.
Without prejudice to the notifications sent in compliance with legal and contractual obligations, all of the data collected and processed may be released, only for the purposes specified above, to:
- Subjects authorized by the Data Controller (employees, trainees and collaborators);
- Data Processors and/or independent contractors of the Data Controller (e.g.: legal counsel, accountants, IT technicians, providers of services linked to the website activities, etc.);
- Public and private subjects to whom disclosure is required under any laws or regulations;
- Subjects carrying out activities functional to the performance of contracts or services requested by the data subject (e.g.: hotels that can be booked via the website), who then will process the data in their capacity as autonomous data controllers;
- Companies of the Michelin Group.
Your data will not be released.
TRANSFER OF DATA
The data may be transferred within the Michelin Group, including outside the European Union, provided that the Michelin Group’s companies offer levels of personal data protection in line with the European standards.
The data may be transferred to companies based in foreign third countries only if the Data Controller decides to avail itself of IT services (website, electronic mail, cloud services, direct marketing e-mail) run by suppliers residing in non-EU countries or that use servers located in non-EU countries.
The Data Controller will transfer the personal data only to recipients offering adequate levels of data protection. In this case, the transfer will be done based on contractual clauses or agreements designed to ensure protection measures in line with the European standards.
OPTIONALITY OF PERSONAL DATA PROVISION
Apart from the foregoing specifications about navigation data, data subjects are free to provide personal data in the website’s request forms, for example when requesting the sending of information material, of newsletters or of notifications and/or replies to the requests sent through the website. Non-provision of the data may imply the impossibility of obtaining the service requested. Data provision is optional for the sending of commercial notifications and offers. Refusal will not prejudice the provision of the other services. The data subject may object to processing at any time, even after giving his/her consent for commercial purposes, by sending a request to the Data Controller’s e-mail address: [email protected].
DATA STORAGE
Personal data will be stored for the period of time necessary for their use and for supply of the services, in compliance with the laws in force, as well as for handling any disputes with any third party and in any case for the time necessary to complete the activities, including the identification and prevention of fraud or of other illegal actions.
RIGHTS OF THE DATA SUBJECT
Data subjects have the right to obtain from the Data Controller, where envisaged, access to their personal data and to have the data rectified or erased or to have their processing restricted or to object to their processing (articles 15 and following of the Regulation). The relevant request can be sent by contacting the Data Controller via the addresses given in this website.
RIGHT TO LODGE A COMPLAINT
Data subjects who believe that the processing of their personal data carried out through this website occurred in violation of the provisions of the Regulation have the right to lodge a complaint with the Supervisory Authority (in Italy: ‘Garante’), as envisaged in Art. 77 of the Regulation, or to seek an effective judicial remedy (art. 79 of the Regulation).