1.Policy regarding the data protection of LTS, TIC-Web, widgets, Touristmanager, membership management and financial accounting
2.Corporate Privacy Policy regarding Touristmanager
3.Privacy Policy for use of the online booking platform shop.mysuedtirol.info of LTS – Soc. Coop. as Data Processor
4.Policy on Data Protection Rights This email address is being protected from spambots. You need JavaScript enabled to view it.

Amongst other things, LTS has developed Internet-based software for the tourism sector, called the TIC-Web. All TIC-Web programme functions can be accessed online by the South Tyrolean Tourism Organisations (TOs), and eventually their members, hence access to the TIC-Web is possible from any workstation. With the TIC-Web, South Tyrol’s tourist reception services are 100% registered and managed. The TIC-Web also provides TOs with effective support in their daily undertakings.

Throughout the years, the TIC-Web’s functional scope has been constantly extended. The TIC-Web supports TOs with the following modules:

• Management of the main data for accommodation and catering establishments, POIs (Points of Interests)
• Requests for availability
• Management of requests
• An Info Point for 24–hour guest information
• Webcams
• Management of attractions and activities in South Tyrol
• Management, booking and payment of events
• Management of regional offers

The TIC-Web constantly adapts to the rapid evolution of the tourism and IT sector. The LTS software development division is continuously working on the various modules so they may be adapted to current demands and requirements.

Handling operational data and updating availability are certainly the main TIC-Web modules, in addition to managing requests. Additionally, the TOs have a number of other functions, such as an event manager for handling, booking and paying for events, a separate module for maintaining contact with journalists, Info Point solutions for providing information to guests 24 hours a day, as well as an online booking solution.

LTS also offers graphics elements – or, widgets – for applications on external websites, by means of which data from the TIC-Web can be easily integrated into other websites. The following widgets are managed by LTS:

• Accommodation search (LTS Hotelfinder)
• Holiday offers (LTS Packagefinder)
• Gastronomy (LTS Gastronomyfinder)
• Events (LTS Eventfinder)
• Cultural heritage, attractions and activities (LTS POIfinder)
• LTS catalogue requests
• Possibility to make reservations for guests
• “Online Shop”

LTS has also developed Internet-based software for guest administration in the tourism sector, in particular for ASTAT (the Provincial Statistics Institute), local taxes and police reporting, through the LTS Touristmanager. As part of the LTS Touristmanager service, each accommodation and catering establishment (or, “business”) can manage its (potential) guests and their data in particular. If necessary, the staff of the business can also access the data.

Both the TIC-Web and the LTS Touristmanager widgets and service are organised and operated by LTS, hence LTS must be qualified as a Data Processor, within the meaning established by law (Article 28 of the GDPR). Within the meaning of the Data Protection Act, the relative TO, company or website operator are to be regarded as Data Processors (Article 24 of the GDPR). Consequently, the obligations arising from the GDPR are distributed, hence the TOs or respective business must fulfil their obligations envisaged in the Data Protection Act, in particular the obligation to provide information to and exercise the rights of Data Subjects.

LTS also carries out data processing in its capacity as Data Protection Officer (see Points 5 and 6). To this end, the data protection obligations are the responsibility of LTS.

LTS asks you to consider that there is not necessarily information on data protection that you are already familiar with or that there is also information on data protection for particular sectors (specifically, human resources), hence this Data Protection Policy does not necessarily include all details concerning all processing activities.

LTS, the TOs and companies all respect and safeguard the law on data protection and the right to privacy, adopting all necessary legal measures to protect the personal data of the Data Subjects.

This Data Protection Policy will provide you with a quick and simple overview regarding how your personal data is processed as members, officers, promoters, customers, suppliers or even potential customers, businesses and their employees, or as TOs, journalists, and so on, for which purposes the data is processed and on what legal basis. Thus, the possible distribution of roles with regard to data protection under Point 1 between LTS, the TOs and companies must be taken into account. In addition, you will be informed about the laws concerning data protection, referred to as the Rights of Data Subjects.

The TIC-Web processes data for the provisions of the modules listed under 1.2 and for the widgets listed under 1.3, the data entered for the TOs by the operators/service providers or organisers, including data on contact persons, the data on the organiser’s company/event, along with any images, equipment, prices and availability for advertising the companies on the LTS and/or third-party tourism portals (websites, widgets, info points, booking platforms). The legal basis for the processing is the respective consent (Article 6(1)(a) of the GDPR), which can be revoked at any time by the TOs or the respective company in accordance with the procedures set out in the pertinent consent.

Whereby such data is not supplied, the services offered in accordance with the forms or widgets cannot be provided by the respective TO or company.

The Data Subjects, regarding whom the applications of the respective TO or company are reproduced, may be, for example:

• Internet agencies
• Suppliers of hotel management software
• Literature site operators
• Operators of destination portals
• App providers
• Ski resort/weather site providers
• Public authorities

For Touristmanager, if (potential) guests make enquiries or bookings via the TIC-Web or widgets, the data they enter – such as the name, address, services or documents and their relative communication, date of birth, gender, nationality, country of birth, document data, payment data, communicated interests and incompatibilities, disabilities or other health data provided, along with the registration data and residence information – is processed. This data can also be processed for local taxes, registering people accommodated in the reception facilities (reporting to the local police) and necessary statistics. As a rule, if the relevant data is not disclosed, the services cannot be provided. The legal basis for the processing is both the need to execute the company’s contract with the guest, the implementation of pre-contractual measures which, at the guest’s request (Article 6 (1)(b) of the GDPR) or, in particular with regard to any data on health, of the respective (express) consent (Article 6(1)(a) or Article 9(2)(a) of the GDPR), can be revoked at any time by the TOs or the respective company in accordance with the procedures stipulated in the respective provision of consent. Processing shall be carried out in connection with the processing of contractual data until such time as the contractual purpose or statutory obligations on archiving have been fulfilled, in particular under tax and/or company law, or in connection with the legal basis of consent until revocation.

The details of journalists, such as their name, contact information and medium, are processed on the TIC-Web. The legal basis is the legitimate interest, meaning the promotion of tourism and informing the public about the activities of the TIC-Web by the TOs or the respective company, without the interests of journalists taking precedence (Article 6(1)(f) of the GDPR). For the right to contest, please see the subsequent Point 7.6. Processing will continue until the cessation of the purposes or an objection is raised.

The Data Subjects can register – in particular via the widgets – by submitting their data to subscribe to the newsletters of the respective TO or company, thus granting consent (Article 6(1)(a) of the GDPR) to receive newsletters or communications in particular via electronic means, with information and/or promotional material on new products, services and events, which is communicated via the TIC-Web or widgets to the respective TO or company, or even receive the latest news about them. Consequently, all submission logs and erroneous notifications are processed as part of the sending of the newsletter. The provision of data by the Data Subject is required, without such the newsletters cannot be sent or received. As part of this consent, the Data Subjects are also informed about their right of revocation, which can be exercised at any time vis-à-vis the respective TO or company. In this respect, each newsletter has a link or contains information about erasure. The data shall be stored until revoked.

LTS may avail of IT service providers (sub-processors) based in the EU for the technical administration of the TIC-Web or widgets that may have access to the aforementioned data. LTS has entered into the necessary data protection agreements with these parties, so that the aforementioned data is only processed legally and securely.

With LTS Touristmanager, the company can specifically manage the data of its (potential) guests, including the name, address, services used and the invoicing and accounting data (also for reporting to the Revenue Agency’s Interchange System), documents and correspondence, date of birth, gender, nationality, country of birth, document particulars, accounting and payment details, interests and incompatibilities disclosed, disabilities or other health data shared, registration and residence data. In certain circumstances, such information is linked to the support staff of the company, hence in their name, to the support service provided. The company can then also manage the payment of local taxes, the registration of guests (reporting to the police) and the necessary statistics. As a rule, if the relative data is not communicated, the services cannot be provided by the businesses.

The legal basis for processing is both the need to execute the business contract with the guest or the pre-contractual measures that can be revoked at any time at the request of the guest or the agreements with the staff of the company (Article 6(1)(b) of the GDPR) or – in particular with regard to any health data – the corresponding (express) consent (Article 6(1)(a) or Article 9(2)(a) of the GDPR), which can be revoked in accordance with the procedures set out in the respective consent granted to the company. The processing shall be conducted in connection with the processing of contractual data until such time as the contractual purpose or statutory obligations on retention have been fulfilled, in particular under tax and/or company law (thus, the processing of billing and accounting data is also carried out on the legal basis of Article 6(1)(c) of the GDPR), or in relation to the legal basis for consent until revocation.

LTS may utilise EU-based IT service providers for the technical administration of the LTS Touristmanager, which may have access to the aforementioned data. LTS has entered into the necessary data protection agreements with these sub-processors so that the aforementioned data is only processed legally and securely. Under certain circumstances, a company may utilise other companies to provide services to the guest. To this end, the Policy of the company concerned must be observed, including information on the name and contact details of the Data Processor, and even the contact details of the Data Protection Officer and other comprehensive circumstances regarding the processing of data by the Data Protection Officer.

If the company changes its data in LTS Touristmanager and has given its consent to the updating of the TIC-Web, the updated data shall be transferred to the TIC-Web (see Point 3 above).

As the legal Data Protection Officer, LTS processes data communicated by members, officers and sponsors regarding the administration of members, contributions, member relations or sponsorship of public and private entities, in particular associations and communities, including automatically-created and archived text documents (such as correspondence) on this matter. The legal basis is membership of the association and the Articles of Association pursuant to Article 6(1)(b) of the GDPR or the Italian Civil Code pursuant to Article 6(1)(c) of the GDPR. The transmission of personal data is necessary, hence registration is not possible if the data is not available.

As the Data Protection Officer, LTS processes the following personal data in the context of financial accounting, including text documents created and stored automatically for this purpose: customers or suppliers of the Data Processor (as the recipient and supplier of deliveries or services), employees or contact persons of the Data Processor, third parties involved in the business, contact persons of the customer, supplier or third parties involved in the business or even just recipients of deliveries, invoices and the like, financiers and shareholders. This is done within the framework of the legal obligations (Article 6(1)(c) of the GDPR), in particular accounting and tax law. The transmission of personal data is necessary, given that the contract cannot be executed if such data is not available.

The data shall be deleted by LTS once the aforementioned purposes have ceased, provided that there are no legal rights or obligations that necessitate retention of the data. Thus, the data will be erased by LTS after the aforementioned purposes have ceased, insofar as there is no legal right or obligation for retention of such.

The Company respects and protects the right to privacy and adopts all measures required by law in order to protect the personal information of guests.

Consequently, within the scope of this Privacy Policy, you can quickly and easily obtain an overview of the information collected, which of your personal data is processed as potential customers and/or guests, for what purposes and on what legal basis. In addition, you will be informed about your Data Protection Rights, also referred to as the Rights of the Data Subject.

In particular, through the Touristmanager, the company handles and processes data of its (potential) guests – such as the name, address, services and documents utilised, correspondence, date of birth, gender, nationality, country of birth, document data, accounting and payment details, communicated interests or intolerances, physical handicaps or other health data, along with the dates of registration and dates for the stay. The company may thus also manage the payment of the local taxes, the registration of guests staying in the establishments (reporting to the police) and the necessary statistical data. If such data is not communicated, the services offered by the company cannot be provided.

The legal basis for processing the personal data is both the need to fulfil the contract entered into with the guest and the execution of pre-contractual measures requested by the guest (Article 6(1)(b) of the GDPR) or else – in particular with regards to data on health – the relevant and explicit consent (Article 6(1)(a) or Article 9(2)(a) of the GDPR), which can be revoked at any time before the company in accordance with the procedures set out in the consent itself. The revocation can also be communicated to LTS via email sent to This email address is being protected from spambots. You need JavaScript enabled to view it.. Upon receipt, LTS shall immediately forward the revocation request to the company. Processing takes place within the scope of data processing until the end of the contractual purposes or legal filing obligations, in particular pursuant to tax and/or company law, or rather in relation to the legal basis of consent until revocation.

The company utilises IT service providers for technical operations of the tour operator, being LTS – the Provincial Association of South Tyrolean Tourism Organisations, Via Conciapelli 60 – 39100 Bozen, Italy, Tel. +39 0471 978060, Fax +39 0471 977661, email: This email address is being protected from spambots. You need JavaScript enabled to view it., web: www.lts.it, (henceforth, “LTS”), which may access the aforementioned data. The company has entered into data protection agreements with LTS so that the aforementioned data may be processed exclusively within the limits of the law and security.

It is the prerogative of LTS – Soc. Coop. (“LTS”) to protect your personal data. When processing your personal data, we comply with the applicable data protection provisions, in accordance with the General Data Protection Regulation (GDPR).

The Data Processor for the archiving and processing of personal data is LTS – Soc. Coop., Via Conciapelli 60 – I-39100 Bolzano.

When registering or creating a personal account, LTS requires the following personal data (hereinafter, also “master data”) for the purpose of processing any possible future contract with the User:

• Surname
• Name
• Date of birth
• Telephone number
• Email address
• Street and street number
• Postal code, location
• Region

The issues concerning the retention and processing of personal data are explained below.

• Purpose: If you utilise our website solely for information purposes (ergo, no registration or transmission of other information), the personal data collected shall be transmitted from your browser to our server. This is necessary on a technical level so as to enable the display of our website and ensure the stability and security of the website itself.
• Legal basis: Legitimate interest (Article 6(1)(f) of the GDPR).
• The following data is processed: IP address, date and time of the request, time difference from GMT, content of the request (concrete page), access status/HTTP status code, amount of data transferred, the requesting website, browser, operating system and interface, language and browser software version.
• Retention period: For as long as our website is utilised.
• Receiver/recipient categories: The Data Processor.

• Purpose: Management of requests for contact via email or the website contact form.
• Legal basis: Execution of an order, which is necessary for the implementation of pre-contractual measures (Article 6(1)(b) of the GDPR), legitimate interest (Art 6(1)(f) of the GDPR).
• The following personal data will be processed: Personal details.
• Retention period: Until there is a response to the order request. If required by law, the data shall be retained for the period stipulated.
• Recipient/categories of recipients: The appointed Data Processor.

• Purpose: Processing personal data in connection with all business dealings with customers and suppliers throughout business practices, including the systematic recording of all business transactions relating to income and expenditure.
• Legal basis: Consent (Article 6(1)(a) of the GDPR), fulfilment of a contract, necessary for the execution of pre-contractual measures (Article 6(1)(b) of the GDPR), fulfilment of a legal obligation (Article 6(1)(c) of the GDPR), legitimate interest, in particular the defence, exercise and assertion of legal remedies (Article 6(1)(f) of the GDPR) and explicit consent (Article 9(2)(a) of the GDPR).
• The following personal data will be processed: Personal details.
• Retention period: Until the termination of the business relationship or until the expiry of the applicable statutory retention or prescription period. In addition, the data is retained as evidence until the resolution of any disputes.
• Recipient/categories of recipients: Organisers, service providers, legal representatives, accountants, tax authorities, courts and authorities.

• Purpose: Processing of customer and potential customer data for the initiation of activities pertaining to the range of services, sending additional information on travel and leisure activities throughout the contractual relationship by way of additional services, implementation of advertising initiatives and sending of newsletters; management of the customer relationship.
• Legal basis: Consent (Article 6(1)(a) of the GDPR), fulfilment of a contract, necessary for the execution of pre-contractual measures (Article 6(1)(b) of the GDPR), fulfilment of a legal obligation (Article 6(1)(c) of the GDPR), legitimate interest, in particular the defence, exercise and assertion of legal claims (Article 6(1)(f) of the GDPR).
• The following personal data is processed for the purpose of sending further information regarding the trip or free time within the contractual relationship as an additional service and for sending newsletters from our website: Personal details.
• Retention period: Until the termination of the business relationship or until the expiry of the retention period or applicable legal prescription.
• Beneficiary/category of beneficiaries: Service providers.

Insofar as the processing is based on (explicit) consent, the Data Subject has the right to withdraw their consent at any time, without affecting the lawfulness of the processing based on the consent until revocation. For this procedure, please refer to Point 2.2. above.

Any person regarding whom the processing of the data pertains has the right to ask the Data Processor for confirmation that their personal data is being processed. In the affirmative, the Data Subject has the right to receive information about such personal data (a copy of the personal data being processed) and to have access to the following information: (a) the purposes of processing; (b) the categories of personal Data Subject to processing; (c) the recipients or categories of recipients to whom the personal data has been disclosed or to whom it is still disclosed, in particular to recipients in third countries or to international organisations; (d) if possible, the proposed duration of retention of the personal data or, if not possible, the criteria for determining that duration; (e) the right to rectification or erasure of their personal data or else the restriction of processing by the Data Processor or the right to object to such processing; (f) the existence of a right of recourse to a supervisory authority; (g) if the personal data is not issued by the Data Subject, all available information on the source of the data; (h) the existence of automated decision-making processes, including profiling. The Data Processor shall provide a copy of the personal data being processed. For any further copies requested by the Data Subject, the Data Processor may charge a fee commensurate with the administrative costs. If the Data Subject submits the request via electronic means, this information must be provided in a standard electronic format, unless otherwise specified.

The Data Subject has the right to immediately request that that Data Processor corrects any incorrect personal data concerning them. In view of the scope of the processing, the Data Subject has the right to request the updating of incomplete personal data, also by means of a supplementary declaration. In addition, the Data Subject has the right to request from the Data Processor the immediate erasure of their personal data. The Data Processor is then obliged to delete the personal data immediately, in any of the following cases: (a) whereby the personal data is no longer necessary for the purposes for which it was collected or otherwise processed; (b) the Data Subject withdraws the consent on which the processing is based and there is no other legal basis for processing; (c) the Data Subject lodges an objection (see below) to the processing; (d) the personal data has been processed unlawfully; (e) the erasure of the personal data proves necessary to comply with a legal obligation to which the Data Processor is subject; (f) the personal data was collected on the basis of the services offered by the information society (consent of a minor). In particular, the right of withdrawal does not exist to the extent that the processing is necessary for compliance with a legal obligation by the Data Processor or for the performance of a task carried out in the public interest or in the exercise of official duties delegated to the Data Processor and/or for the assertion, exercise or defence of legal claims.

The Data Subject has the right to request the Data Controller restrict the processing of their data whereby one of the following conditions is met: (a) the accuracy of the personal data is contested by the Data Subject and precisely upon expiry of the period of time granted to the Data Processor to verify the accuracy of the personal data; (b) the processing is unlawful, the Data Subject refuses to proceed with erasure of the personal data and requests the restriction of use instead; (c) the Data Processor no longer needs the personal data for the purposes of the processing yet the Data Subject requests to assert, exercise or defend their legal rights; (d) the Data Subject has lodged an objection to the processing, provided that it has not been established that the legitimacy of the reasons of the Data Processor outweighs that of the Data Subject. Where processing has been restricted, such personal data may only be retained with the consent of the Data Subject or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person, or else for reasons of substantial public interest of the European Union or a Member State. Any Data Subject who has restricted the processing of their personal data will be informed by the Data Processor if this restriction is revoked.

Where the processing of data is based on consent or on a contract and is conducted via automated means, the Data Subject shall have the right to receive their personal data to have been provided to the Data Processor in a structured, commonly-used and machine-readable format. When exercising their right to data portability – where technically possible – the Data Subject has the right to obtain their personal data to be transferred directly from one Data Processor to another.

The Data Subject shall have the right – at any time and for motives pertaining to their particular situation – to object to the processing of their personal data whereby necessary for the performance of an exercise carried out in the public interest or in the execution of official authority in which they are vested, having been assigned to the Data Processor, or which is necessary for the protection of the legitimate interests of the Data Processor or of a third party.
The Data Processor may thus cease to process the personal data, unless the Data Processor is able to present legitimate grounds for processing that override the interests, rights and freedoms of the Data Subject, or if the purpose of the processing is to assert, pursue or defend the Data Processor’s legal rights. If the personal data is expressly processed for promotional purposes, the Data Subject has the right to object to its processing at any time. If the Data Subject objects to their personal data being processed for the express purpose of marketing, it shall no longer be processed for said purpose.

Without prejudice to any other administrative or judicial remedy, any Data Subject who considers that the processing of their personal data does not comply with this Policy has the right to lodge a complaint with a supervisory authority, in particular against any Member State, in the State of residence, the place of work or of the alleged infringement. In Italy, the Supervisory Authority is the Garante per la Protezione dei Dati Personali (or, the Data Protection Authority).

Dear client,
Dear supplier,
Herewith we would like to inform you in terms of Art. 13 of the GDPR about how your personal data is processed. From this information letter you can also see what rights you can exercise.

Pursuant to the EU Regulation 2016/679 (General Data Protection Regulation) and applicable national data protection legislation, the following data, among others, may be subject to processing:

• Anagraphic data (name, address, date and place of birth, tax number)
• Operational data (data on the company, data on projects, Anagraphic data of employees)

The purpose of the data processing is the fulfillment of the business relationship and the related pre-contractual/contractual measures.

Any failure to provide the data will prevent us from offering you our service(s).

Your data will not be disseminated and will be processed confidentially exclusively for the fulfillment of the pre-contractual/contractual measures. However, in order to offer our service(s), it may be necessary that the personal data are disclosed to third parties, for the fulfillment of the business relationship, e.g., to:

• Our tax consultant
• External IT service providers
• Public authorities and legal representatives
• Sub-contractors
• Forwarding companies (possibly)

External suppliers, such as the external IT service provider, may also have access to personal data under certain circumstances. Such so-called processors have been appointed in writing as processors in accordance with Art. 28 of the GDPR.

Legal bases used with examples:

• Pre-contractual/contractual measures (Art. 6b GDPR) e.g., for the fulfillment of inquiries and the business relationship.
• Fulfillment of legal obligations (Art. 6c GDPR) e.g., transfer of data to our tax advisor
• Legitimate interests (Art. 6f GDPR) e.g., processing of data in the internal system, sending relevant information letters
• If available: Obtaining your voluntarily given consent (Art. 6a GDPR) e.g., newsletter

The duration for the storage of your personal data is determined by the legal obligations and the duration of our business relationship.

If you have agreed to receive a newsletter, this data will be stored until revoked.

Your data will not be transferred to non-EU countries. Automated decision-making including profiling is not used.

You can exercise your rights free of charge at any time: right to access (Art. 15 GDPR), right to rectification (Art. 16 GDPR), right to erasure (Art. 17 GDPR), right to restriction of processing (Art. 18 GDPR), right to data portability (Art. 20 GDPR), right to object (Art. 21 GDPR).

Please contact the above data controller.

You also have the right to lodge a complaint with the Italian supervisory authority for data protection "Garante per la protezioni dei dati personali".

Personal data will be processed only by employees and collaborators of the company who have been expressly designated as data processors in accordance with this Privacy Policy. The employees have been adequately trained in this respect and work under the direct supervision and responsibility of the data controller.

The contact details of the data protection officers are: This email address is being protected from spambots. You need JavaScript enabled to view it. – www.steger-consulting.it

South Tyrol Association of Tourism Organisations and LTS cooperative (hereinafter also referred to as the "Company") has drawn up this privacy policy to inform visitors to this website of the methods and purposes of data processing. In particular, the visitors or those persons who make use of the web services offered on the website are informed in accordance with article 13 of Regulation (EU) 679/2016 on the protection of personal data. Your personal data will be processed in accordance with the Legislative Decree no. 196/2003, the EU Regulation 2016/679 (General Data Protection Regulation) and the Legislative Decree 101/2018. The present privacy policy refers to the above-mentioned website and does not apply to linked websites and to websites that users may visit.
Your data is processed to provide our services based on your request, our legitimate interests and to fulfill our pre-contractual and contractual obligations to you.
We check links that we mention on our website very carefully. Nevertheless, we do not assume any responsibility or liability for the content on external websites linked to from this website.
The use of the website implies that you agree with this privacy information letter, otherwise we ask you not to use the website. This privacy information letter may be updated at any time.

In order to ensure the functionality of the website, statistical purposes, technical data with potential personal reference, such as the IP address, the time of requests, the name of the domain and similar data are processed (Art. 6f GDPR).
Furthermore, personal data are processed in order to offer various services.

The website visitor can contact the company using the contact form. For this purpose, the personal data entered will be processed in order to respond to the request. An explicit consent to the processing of data in the contact form is available.

The main legal basis for the processing is Art. 6b) GDPR and Art. 6f) GDPR (functionality of the website).

This website also collects personal data through the use of cookies.

There are four categories of cookies:

• Strictly necessary cookies - for the basic functionality of the website.
• functional cookies - for ensuring the optimal performance of the website, including, for example, saving the language selection.
• performance cookies - for improving the user experience, including, for example, measuring loading times.
• marketing cookies - e.g., for targeting advertisements to the user - These cookies are deactivated by default on our websites and are only activated if you have given us your consent to do so.

The majority of cookies used are "session cookies" which are deleted after closing the browser. Other cookies are stored for example to display the correct language the next time you visit the website.
For all cookies that are not subject to a legitimate interest of the website operator (Art. 6f) GDPR), you will be explicitly asked for your consent.

Apart from navigation data or processing requiring consent, only data provided voluntarily will be processed by the Company. If this information is not provided, it is possible that this will result in a restriction of the services offered.

Data will not be disseminated except where required by law. Your data may be passed on to third parties, if necessary, but only within the framework of our business relationship, e.g. for the fulfilment of services such as making payments via third parties. In principle, they will not be transferred to non-EU countries without your explicit consent. This also applies to the use of profiling and automated decisions. If Google Maps is used: It cannot be excluded that data is sent to non-EU countries, please consider this before using this application.

This website is hosted by an exterņal service provider.
For this purpose, the external hoster receives personal data collected on the website. The legal basis is Art. 6b) GDPR - pre-contractual measures as well as Art. 6f) (Smooth guarantee of the tools on our website). The hoster processes this data exclusively for the fulfillment of its service obligations.

Our website uses functions of the web analysis service Google Analytics. The provider is Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, U S A. Google Analytics.
The information obtained through the cookies about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the U SA. The full information letter can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en .
We use Google Analytics as an analysis tool to monitor the performance of our website, analyse customer behaviour and take appropriate action.
You can also prevent the described collection and processing of data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en .
The legal basis is Art. 6a) GDPR.

In our internet presence we use Google Maps to show our location and to provide directions. This is a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter only "Google".
If you access the Google Maps component of our website, Google will store a cookie on your device via your internet browser. In order to display our location and to create a route description, your user settings and data are processed. We cannot exclude the possibility that Google uses servers in the USA. The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the optimization of the functionality of our Internet presence.
Through the connection to Google established in this way, Google can determine from which website your request has been sent and to which IP address the directions are to be sent. If you do not agree with this processing, you have the possibility to prevent the installation of cookies by the appropriate settings in your internet browser.
In addition, the use of Google Maps and the information obtained via Google Maps is subject to the Google Terms of Use and the Termini e condizioni per Google Maps.
In addition, Google offers further information at adssettings.google.com/authenticated and policies.google.com/privacy .

This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the requests you send to us as site operator. You can recognize an encrypted connection by the fact that the address line of your browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

This website is not intended for use by minors. We therefore do not collect and store data of underage visitors (except involuntarily).

The duration of data retention is measured according to the statutory retention obligations and legal obligations applicable to us.

The data subject has the right to obtain confirmation from the controller as to whether or not personal data concerning him/her are being processed; if this is the case, he/she has the right to be informed of such personal data and to receive the information specified in Art. 15 GDPR.
The person concerned has the right to request the person responsible to correct incorrect personal data concerning him/her and, if necessary, to complete incomplete personal data (Art. 16 GDPR).
The data subject has the right to request the controller to delete personal data concerning him/her immediately if one of the reasons listed in Art. 17 GDPR applies, e.g. if the data is no longer needed for the purposes for which it was collected (right to erasure).
The data subject has the right to request the controller to restrict processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if the data subject has lodged an objection to processing, for the duration of the controller's examination.
The data subject has the right to receive the personal data concerning him/her that he/she has provided to a controller in a structured, common and machine-readable format and has the right to transfer this data to another controller without hindrance from the controller to whom the personal data has been provided, under certain circumstances, e.g. if the processing is based on consent and the processing is carried out with the aid of automated procedures (right to data transferability Art. 20 GDPR).
The data subject shall have the right to object at any time, on grounds relating to his particular situation, to the processing of personal data concerning him. The data controller will then no longer process the personal data unless he can demonstrate compelling reasons for processing that are worthy of protection, which outweigh the interests, rights and freedoms of the data subject, or if the processing serves to assert, exercise or defend legal claims (Art. 21 GDPR).
Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to him or her is in breach of the data protection regulation (GDPR) (Art. 77 GDPR). The data subject may assert this right with a supervisory authority in the Member State in which he or she is resident, at his or her place of work or at the place where the alleged infringement is committed. In Italy the competent supervisory authority is: Garante della privacy

You can exercise your rights at the above addresses (data controller).

Dear Applicant,
We are pleased to inform you about how we process your personal data. From this information, you can also see what rights you can exercise.

Pursuant to the EU Regulation 2016/679 (General Data Protection Regulation) and applicable national data protection legislation, the following data, among others, may be subject to processing:

• Your Anagraphic data such as name, address, contact details, academic as well as professional career (contained in your CV), etc.
• Anagraphic data of family members (possibly included in your CV)
• Photo (may be included in your CV)

The purpose of the data processing is to carry out the application process. This includes the pre-selection of applicants in this respect, organisation of the application processes as well as the possible contacting of the applicant for the holding of the interview.

If you do not provide us with the data required for the application process, it will not be possible for us to fulfil our pre-contractual obligations and consider you in the application process.

Your personal data will only be processed internally, it will not be forwarded to external third parties.

Legal bases with examples:

• Pre-contractual/contractual measures (Art. 6b GDPR): e.g., implementation of the application process, contacting the applicant
• Legitimate interests of the data controller (Art. 6f GDPR): e.g., organisation of the application process, ensuring the smooth running of the business

Your personal data will only be stored until the purpose of the data processing has ceased (max. 6 to 12 months).

Your data will not be transferred to non-EU countries. Automated decision-making including profiling is not used.

You can exercise your rights free of charge at any time: right to access (Art. 15 GDPR), right to rectification (Art. 16 GDPR), right to erasure (Art. 17 GDPR), right to restriction of processing (Art. 18 GDPR), right to data portability (Art. 20 GDPR), right to object (Art. 21 GDPR).

Please contact the above data controller.

You also have the right to lodge a complaint with the Italian supervisory authority for data protection "Garante per la protezioni dei dati personali".