We use cookies to optimize the design of this website and make continuous improvements. By continuing your visit on this website, you consent to the use of cookies. More Information

Login

Log in

Login to your account

Username *
Password *
Remember Me
Data Protection Policy – TIC-Web, Widgets & Shop
add_circle
Data Protection Policy – Article 13 and Article 14 of the GDPR
Contents
1.Policy regarding the data protection of LTS, TIC-Web, widgets, Touristmanager, membership management and financial accounting
2.Corporate Privacy Policy regarding Touristmanager
3.Privacy Policy for use of the online booking platform shop.mysuedtirol.info of LTS – Soc. Coop. as Data Processor
4.Policy on Data Protection Rights
1. Policy regarding the data protection of LTS, TIC-Web, widgets, tourism managers, membership management and financial accounting
Data Controller
Provincial Association of South Tyrolean Tourism Organisations / LTS Soc. Coop.
Via Conciapelli 60
I – 39100 Bolzano
Tel. +39 0471 978060
Contact details of the Data Protection Officer
Steger Lukas
This email address is being protected from spambots. You need JavaScript enabled to view it.

Amongst other things, LTS has developed Internet-based software for the tourism sector, called the TIC-Web. All TIC-Web programme functions can be accessed online by the South Tyrolean Tourism Organisations (TOs), and eventually their members, hence access to the TIC-Web is possible from any workstation. With the TIC-Web, South Tyrol’s tourist reception services are 100% registered and managed. The TIC-Web also provides TOs with effective support in their daily undertakings.

Throughout the years, the TIC-Web’s functional scope has been constantly extended. The TIC-Web supports TOs with the following modules:

  • Management of the main data for accommodation and catering establishments, POIs (Points of Interests)
  • Requests for availability
  • Management of requests
  • An Info Point for 24–hour guest information
  • Webcams
  • Management of attractions and activities in South Tyrol
  • Management, booking and payment of events
  • Management of regional offers

The TIC-Web constantly adapts to the rapid evolution of the tourism and IT sector. The LTS software development division is continuously working on the various modules so they may be adapted to current demands and requirements.

Handling operational data and updating availability are certainly the main TIC-Web modules, in addition to managing requests. Additionally, the TOs have a number of other functions, such as an event manager for handling, booking and paying for events, a separate module for maintaining contact with journalists, Info Point solutions for providing information to guests 24 hours a day, as well as an online booking solution.

LTS also offers graphics elements – or, widgets – for applications on external websites, by means of which data from the TIC-Web can be easily integrated into other websites. The following widgets are managed by LTS:

  • Accommodation search (LTS Hotelfinder)
  • Holiday offers (LTS Packagefinder)
  • Gastronomy (LTS Gastronomyfinder)
  • Events (LTS Eventfinder)
  • Cultural heritage, attractions and activities (LTS POIfinder)
  • LTS catalogue requests
  • Possibility to make reservations for guests
  • “Online Shop”

LTS has also developed Internet-based software for guest administration in the tourism sector, in particular for ASTAT (the Provincial Statistics Institute), local taxes and police reporting, through the LTS Touristmanager. As part of the LTS Touristmanager service, each accommodation and catering establishment (or, “business”) can manage its (potential) guests and their data in particular. If necessary, the staff of the business can also access the data.

Both the TIC-Web and the LTS Touristmanager widgets and service are organised and operated by LTS, hence LTS must be qualified as a Data Processor, within the meaning established by law (Article 28 of the GDPR). Within the meaning of the Data Protection Act, the relative TO, company or website operator are to be regarded as Data Processors (Article 24 of the GDPR). Consequently, the obligations arising from the GDPR are distributed, hence the TOs or respective business must fulfil their obligations envisaged in the Data Protection Act, in particular the obligation to provide information to and exercise the rights of Data Subjects.

LTS also carries out data processing in its capacity as Data Protection Officer (see Points 5 and 6). To this end, the data protection obligations are the responsibility of LTS.

LTS asks you to consider that there is not necessarily information on data protection that you are already familiar with or that there is also information on data protection for particular sectors (specifically, human resources), hence this Data Protection Policy does not necessarily include all details concerning all processing activities.

For information on data protection

LTS, the TOs and companies all respect and safeguard the law on data protection and the right to privacy, adopting all necessary legal measures to protect the personal data of the Data Subjects.

This Data Protection Policy will provide you with a quick and simple overview regarding how your personal data is processed as members, officers, promoters, customers, suppliers or even potential customers, businesses and their employees, or as TOs, journalists, and so on, for which purposes the data is processed and on what legal basis. Thus, the possible distribution of roles with regard to data protection under Point 1 between LTS, the TOs and companies must be taken into account. In addition, you will be informed about the laws concerning data protection, referred to as the Rights of Data Subjects.

Processing data in the TIC-Web and for the widgets

The TIC-Web processes data for the provisions of the modules listed under 1.2 and for the widgets listed under 1.3, the data entered for the TOs by the operators/service providers or organisers, including data on contact persons, the data on the organiser’s company/event, along with any images, equipment, prices and availability for advertising the companies on the LTS and/or third-party tourism portals (websites, widgets, info points, booking platforms). The legal basis for the processing is the respective consent (Article 6(1)(a) of the GDPR), which can be revoked at any time by the TOs or the respective company in accordance with the procedures set out in the pertinent consent.

Whereby such data is not supplied, the services offered in accordance with the forms or widgets cannot be provided by the respective TO or company.

The Data Subjects, regarding whom the applications of the respective TO or company are reproduced, may be, for example:

  • Internet agencies
  • Suppliers of hotel management software
  • Literature site operators
  • Operators of destination portals
  • App providers
  • Ski resort/weather site providers
  • Public authorities

For Touristmanager, if (potential) guests make enquiries or bookings via the TIC-Web or widgets, the data they enter – such as the name, address, services or documents and their relative communication, date of birth, gender, nationality, country of birth, document data, payment data, communicated interests and incompatibilities, disabilities or other health data provided, along with the registration data and residence information – is processed. This data can also be processed for local taxes, registering people accommodated in the reception facilities (reporting to the local police) and necessary statistics. As a rule, if the relevant data is not disclosed, the services cannot be provided. The legal basis for the processing is both the need to execute the company’s contract with the guest, the implementation of pre-contractual measures which, at the guest’s request (Article 6 (1)(b) of the GDPR) or, in particular with regard to any data on health, of the respective (express) consent (Article 6(1)(a) or Article 9(2)(a) of the GDPR), can be revoked at any time by the TOs or the respective company in accordance with the procedures stipulated in the respective provision of consent. Processing shall be carried out in connection with the processing of contractual data until such time as the contractual purpose or statutory obligations on archiving have been fulfilled, in particular under tax and/or company law, or in connection with the legal basis of consent until revocation.

The details of journalists, such as their name, contact information and medium, are processed on the TIC-Web. The legal basis is the legitimate interest, meaning the promotion of tourism and informing the public about the activities of the TIC-Web by the TOs or the respective company, without the interests of journalists taking precedence (Article 6(1)(f) of the GDPR). For the right to contest, please see the subsequent Point 7.6. Processing will continue until the cessation of the purposes or an objection is raised.

The Data Subjects can register – in particular via the widgets – by submitting their data to subscribe to the newsletters of the respective TO or company, thus granting consent (Article 6(1)(a) of the GDPR) to receive newsletters or communications in particular via electronic means, with information and/or promotional material on new products, services and events, which is communicated via the TIC-Web or widgets to the respective TO or company, or even receive the latest news about them. Consequently, all submission logs and erroneous notifications are processed as part of the sending of the newsletter. The provision of data by the Data Subject is required, without such the newsletters cannot be sent or received. As part of this consent, the Data Subjects are also informed about their right of revocation, which can be exercised at any time vis-à-vis the respective TO or company. In this respect, each newsletter has a link or contains information about erasure. The data shall be stored until revoked.

LTS may avail of IT service providers (sub-processors) based in the EU for the technical administration of the TIC-Web or widgets that may have access to the aforementioned data. LTS has entered into the necessary data protection agreements with these parties, so that the aforementioned data is only processed legally and securely.

Data processing in LTS Touristmanager

With LTS Touristmanager, the company can specifically manage the data of its (potential) guests, including the name, address, services used and the invoicing and accounting data (also for reporting to the Revenue Agency’s Interchange System), documents and correspondence, date of birth, gender, nationality, country of birth, document particulars, accounting and payment details, interests and incompatibilities disclosed, disabilities or other health data shared, registration and residence data. In certain circumstances, such information is linked to the support staff of the company, hence in their name, to the support service provided. The company can then also manage the payment of local taxes, the registration of guests (reporting to the police) and the necessary statistics. As a rule, if the relative data is not communicated, the services cannot be provided by the businesses.

The legal basis for processing is both the need to execute the business contract with the guest or the pre-contractual measures that can be revoked at any time at the request of the guest or the agreements with the staff of the company (Article 6(1)(b) of the GDPR) or – in particular with regard to any health data – the corresponding (express) consent (Article 6(1)(a) or Article 9(2)(a) of the GDPR), which can be revoked in accordance with the procedures set out in the respective consent granted to the company. The processing shall be conducted in connection with the processing of contractual data until such time as the contractual purpose or statutory obligations on retention have been fulfilled, in particular under tax and/or company law (thus, the processing of billing and accounting data is also carried out on the legal basis of Article 6(1)(c) of the GDPR), or in relation to the legal basis for consent until revocation.

LTS may utilise EU-based IT service providers for the technical administration of the LTS Touristmanager, which may have access to the aforementioned data. LTS has entered into the necessary data protection agreements with these sub-processors so that the aforementioned data is only processed legally and securely. Under certain circumstances, a company may utilise other companies to provide services to the guest. To this end, the Policy of the company concerned must be observed, including information on the name and contact details of the Data Processor, and even the contact details of the Data Protection Officer and other comprehensive circumstances regarding the processing of data by the Data Protection Officer.

If the company changes its data in LTS Touristmanager and has given its consent to the updating of the TIC-Web, the updated data shall be transferred to the TIC-Web (see Point 3 above).

Processing of data concerning member administration and financial accounting

As the legal Data Protection Officer, LTS processes data communicated by members, officers and sponsors regarding the administration of members, contributions, member relations or sponsorship of public and private entities, in particular associations and communities, including automatically-created and archived text documents (such as correspondence) on this matter. The legal basis is membership of the association and the Articles of Association pursuant to Article 6(1)(b) of the GDPR or the Italian Civil Code pursuant to Article 6(1)(c) of the GDPR. The transmission of personal data is necessary, hence registration is not possible if the data is not available.

As the Data Protection Officer, LTS processes the following personal data in the context of financial accounting, including text documents created and stored automatically for this purpose: customers or suppliers of the Data Processor (as the recipient and supplier of deliveries or services), employees or contact persons of the Data Processor, third parties involved in the business, contact persons of the customer, supplier or third parties involved in the business or even just recipients of deliveries, invoices and the like, financiers and shareholders. This is done within the framework of the legal obligations (Article 6(1)(c) of the GDPR), in particular accounting and tax law. The transmission of personal data is necessary, given that the contract cannot be executed if such data is not available.

The data shall be deleted by LTS once the aforementioned purposes have ceased, provided that there are no legal rights or obligations that necessitate retention of the data. Thus, the data will be erased by LTS after the aforementioned purposes have ceased, insofar as there is no legal right or obligation for retention of such.

2. Corporate Privacy Policy regarding Touristmanager
The company and Touristmanager

The Company respects and protects the right to privacy and adopts all measures required by law in order to protect the personal information of guests.

Consequently, within the scope of this Privacy Policy, you can quickly and easily obtain an overview of the information collected, which of your personal data is processed as potential customers and/or guests, for what purposes and on what legal basis. In addition, you will be informed about your Data Protection Rights, also referred to as the Rights of the Data Subject.

Data processing in Touristmanager

In particular, through the Touristmanager, the company handles and processes data of its (potential) guests – such as the name, address, services and documents utilised, correspondence, date of birth, gender, nationality, country of birth, document data, accounting and payment details, communicated interests or intolerances, physical handicaps or other health data, along with the dates of registration and dates for the stay. The company may thus also manage the payment of the local taxes, the registration of guests staying in the establishments (reporting to the police) and the necessary statistical data. If such data is not communicated, the services offered by the company cannot be provided.

The legal basis for processing the personal data is both the need to fulfil the contract entered into with the guest and the execution of pre-contractual measures requested by the guest (Article 6(1)(b) of the GDPR) or else – in particular with regards to data on health – the relevant and explicit consent (Article 6(1)(a) or Article 9(2)(a) of the GDPR), which can be revoked at any time before the company in accordance with the procedures set out in the consent itself. The revocation can also be communicated to LTS via email sent to This email address is being protected from spambots. You need JavaScript enabled to view it.. Upon receipt, LTS shall immediately forward the revocation request to the company. Processing takes place within the scope of data processing until the end of the contractual purposes or legal filing obligations, in particular pursuant to tax and/or company law, or rather in relation to the legal basis of consent until revocation.

The company utilises IT service providers for technical operations of the tour operator, being LTS – the Provincial Association of South Tyrolean Tourism Organisations, Via Conciapelli 60 – 39100 Bozen, Italy, Tel. +39 0471 978060, Fax +39 0471 977661, email: This email address is being protected from spambots. You need JavaScript enabled to view it., web: www.lts.it, (henceforth, “LTS”), which may access the aforementioned data. The company has entered into data protection agreements with LTS so that the aforementioned data may be processed exclusively within the limits of the law and security.

3. Privacy Policy for use of the online booking platform shop.mysuedtirol.info of LTS – Soc. Coop. as Data Processor

It is the prerogative of LTS – Soc. Coop. (“LTS”) to protect your personal data. When processing your personal data, we comply with the applicable data protection provisions, in accordance with the General Data Protection Regulation (GDPR).

The Data Processor for the archiving and processing of personal data is LTS – Soc. Coop., Via Conciapelli 60 – I-39100 Bolzano.

Personal Data Policy

When registering or creating a personal account, LTS requires the following personal data (hereinafter, also “master data”) for the purpose of processing any possible future contract with the User:

  • Surname
  • Name
  • Date of birth
  • Telephone number
  • Email address
  • Street and street number
  • Postal code, location
  • Region

The issues concerning the retention and processing of personal data are explained below.

Website visit
  • Purpose: If you utilise our website solely for information purposes (ergo, no registration or transmission of other information), the personal data collected shall be transmitted from your browser to our server. This is necessary on a technical level so as to enable the display of our website and ensure the stability and security of the website itself.
  • Legal basis: Legitimate interest (Article 6(1)(f) of the GDPR).
  • The following data is processed: IP address, date and time of the request, time difference from GMT, content of the request (concrete page), access status/HTTP status code, amount of data transferred, the requesting website, browser, operating system and interface, language and browser software version.
  • Retention period: For as long as our website is utilised.
  • Receiver/recipient categories: The Data Processor.
Electronic contact requests via the website
  • Purpose: Management of requests for contact via email or the website contact form.
  • Legal basis: Execution of an order, which is necessary for the implementation of pre-contractual measures (Article 6(1)(b) of the GDPR), legitimate interest (Art 6(1)(f) of the GDPR).
  • The following personal data will be processed: Personal details.
  • Retention period: Until there is a response to the order request. If required by law, the data shall be retained for the period stipulated.
  • Recipient/categories of recipients: The appointed Data Processor.
Customer administration, accounting, litigation
  • Purpose: Processing personal data in connection with all business dealings with customers and suppliers throughout business practices, including the systematic recording of all business transactions relating to income and expenditure.
  • Legal basis: Consent (Article 6(1)(a) of the GDPR), fulfilment of a contract, necessary for the execution of pre-contractual measures (Article 6(1)(b) of the GDPR), fulfilment of a legal obligation (Article 6(1)(c) of the GDPR), legitimate interest, in particular the defence, exercise and assertion of legal remedies (Article 6(1)(f) of the GDPR) and explicit consent (Article 9(2)(a) of the GDPR).
  • The following personal data will be processed: Personal details.
  • Retention period: Until the termination of the business relationship or until the expiry of the applicable statutory retention or prescription period. In addition, the data is retained as evidence until the resolution of any disputes.
  • Recipient/categories of recipients: Organisers, service providers, legal representatives, accountants, tax authorities, courts and authorities.
Customer service and marketing
  • Purpose: Processing of customer and potential customer data for the initiation of activities pertaining to the range of services, sending additional information on travel and leisure activities throughout the contractual relationship by way of additional services, implementation of advertising initiatives and sending of newsletters; management of the customer relationship.
  • Legal basis: Consent (Article 6(1)(a) of the GDPR), fulfilment of a contract, necessary for the execution of pre-contractual measures (Article 6(1)(b) of the GDPR), fulfilment of a legal obligation (Article 6(1)(c) of the GDPR), legitimate interest, in particular the defence, exercise and assertion of legal claims (Article 6(1)(f) of the GDPR).
  • The following personal data is processed for the purpose of sending further information regarding the trip or free time within the contractual relationship as an additional service and for sending newsletters from our website: Personal details.
  • Retention period: Until the termination of the business relationship or until the expiry of the retention period or applicable legal prescription.
  • Beneficiary/category of beneficiaries: Service providers.
4. Policy on Data Protection Rights
Right of Withdrawal

Insofar as the processing is based on (explicit) consent, the Data Subject has the right to withdraw their consent at any time, without affecting the lawfulness of the processing based on the consent until revocation. For this procedure, please refer to Point 2.2. above.

Right to Information

Any person regarding whom the processing of the data pertains has the right to ask the Data Processor for confirmation that their personal data is being processed. In the affirmative, the Data Subject has the right to receive information about such personal data (a copy of the personal data being processed) and to have access to the following information: (a) the purposes of processing; (b) the categories of personal Data Subject to processing; (c) the recipients or categories of recipients to whom the personal data has been disclosed or to whom it is still disclosed, in particular to recipients in third countries or to international organisations; (d) if possible, the proposed duration of retention of the personal data or, if not possible, the criteria for determining that duration; (e) the right to rectification or erasure of their personal data or else the restriction of processing by the Data Processor or the right to object to such processing; (f) the existence of a right of recourse to a supervisory authority; (g) if the personal data is not issued by the Data Subject, all available information on the source of the data; (h) the existence of automated decision-making processes, including profiling. The Data Processor shall provide a copy of the personal data being processed. For any further copies requested by the Data Subject, the Data Processor may charge a fee commensurate with the administrative costs. If the Data Subject submits the request via electronic means, this information must be provided in a standard electronic format, unless otherwise specified.

Right of Rectification and Erasure

The Data Subject has the right to immediately request that that Data Processor corrects any incorrect personal data concerning them. In view of the scope of the processing, the Data Subject has the right to request the updating of incomplete personal data, also by means of a supplementary declaration. In addition, the Data Subject has the right to request from the Data Processor the immediate erasure of their personal data. The Data Processor is then obliged to delete the personal data immediately, in any of the following cases: (a) whereby the personal data is no longer necessary for the purposes for which it was collected or otherwise processed; (b) the Data Subject withdraws the consent on which the processing is based and there is no other legal basis for processing; (c) the Data Subject lodges an objection (see below) to the processing; (d) the personal data has been processed unlawfully; (e) the erasure of the personal data proves necessary to comply with a legal obligation to which the Data Processor is subject; (f) the personal data was collected on the basis of the services offered by the information society (consent of a minor). In particular, the right of withdrawal does not exist to the extent that the processing is necessary for compliance with a legal obligation by the Data Processor or for the performance of a task carried out in the public interest or in the exercise of official duties delegated to the Data Processor and/or for the assertion, exercise or defence of legal claims.

Right to Limitations on Processing

The Data Subject has the right to request the Data Controller restrict the processing of their data whereby one of the following conditions is met: (a) the accuracy of the personal data is contested by the Data Subject and precisely upon expiry of the period of time granted to the Data Processor to verify the accuracy of the personal data; (b) the processing is unlawful, the Data Subject refuses to proceed with erasure of the personal data and requests the restriction of use instead; (c) the Data Processor no longer needs the personal data for the purposes of the processing yet the Data Subject requests to assert, exercise or defend their legal rights; (d) the Data Subject has lodged an objection to the processing, provided that it has not been established that the legitimacy of the reasons of the Data Processor outweighs that of the Data Subject. Where processing has been restricted, such personal data may only be retained with the consent of the Data Subject or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person, or else for reasons of substantial public interest of the European Union or a Member State. Any Data Subject who has restricted the processing of their personal data will be informed by the Data Processor if this restriction is revoked.

Right to Data Portability

Where the processing of data is based on consent or on a contract and is conducted via automated means, the Data Subject shall have the right to receive their personal data to have been provided to the Data Processor in a structured, commonly-used and machine-readable format. When exercising their right to data portability – where technically possible – the Data Subject has the right to obtain their personal data to be transferred directly from one Data Processor to another.

Right to Object

The Data Subject shall have the right – at any time and for motives pertaining to their particular situation – to object to the processing of their personal data whereby necessary for the performance of an exercise carried out in the public interest or in the execution of official authority in which they are vested, having been assigned to the Data Processor, or which is necessary for the protection of the legitimate interests of the Data Processor or of a third party.
The Data Processor may thus cease to process the personal data, unless the Data Processor is able to present legitimate grounds for processing that override the interests, rights and freedoms of the Data Subject, or if the purpose of the processing is to assert, pursue or defend the Data Processor’s legal rights. If the personal data is expressly processed for promotional purposes, the Data Subject has the right to object to its processing at any time. If the Data Subject objects to their personal data being processed for the express purpose of marketing, it shall no longer be processed for said purpose.

Right to File a Complaint with the Supervisory Authority

Without prejudice to any other administrative or judicial remedy, any Data Subject who considers that the processing of their personal data does not comply with this Policy has the right to lodge a complaint with a supervisory authority, in particular against any Member State, in the State of residence, the place of work or of the alleged infringement. In Italy, the Supervisory Authority is the Garante per la Protezione dei Dati Personali (or, the Data Protection Authority).

Processing your data and your rights – Customer
add_circle

Dear Customer,
the protection of personal data is important to us. Pursuant to Article 13 of the European General Data Protection Regulation (GDPR), we are obliged to inform you about the purpose of the data collection, storage and forwarding effectuated by our company. To this end, our Data Protection Policy also provides you with information regarding your data protection rights.

Data Controller
Provincial Association of South Tyrolean Tour-ism Organisations / LTS Soc. Coop.
Via Conciapelli 60
I – 39100 Bolzano
Tel. +39 0471 978060
Contact details of the Data Protection Officer
This email address is being protected from spambots. You need JavaScript enabled to view it.

Pursuant to Legislative Decree 196/2003 and Articles 13, 14 and 21 of the European Regulation 2016/679 (GDPR), we process the data outlined below.

The personal data can be of the following types:
  • Personal details (name, address, date of birth, tax code)
  • Operational details (data on the organisation, projects, employee master data)

This data is stored and processed to provide our services and, if necessary, transmitted to third parties only within the framework of our business relationship. Your data shall not be transmitted to non-EU countries and will not be subject to profiling and/or automated decision-making pro-cesses.

The legal bases for the data processing are:
  • Fulfilment of our pre-contractual and contractual obligations before you
  • Our legal, contractual or other legal obligations (such as rights and obligations pertaining to accounting, tax law, contracts, reports, etcetera)
  • Legitimate interest
Who receives my data?

Your data will not be divulged but shall be processed confidentially within the framework of the business relationship in order to provide the services you have requested, namely by:

  • Tax consultants
  • Public administrations and authorities, if regulatory obligations so require
  • Any natural or legal person – public or private – whereby communication of the data proves necessary or lawful

In the event of any legal dispute, the data required for court proceedings may be transmitted to legal representatives and the court.

Nonetheless, service providers are contractually bound and particularly obliged to process your data confidentially.

Purpose

For the fulfilment of the business relationship, since failure to provide data shall prevent us from offering you the service.

How long is the data retained?

The retention period is measured according to the duration of our business relationship and pursu-ant to our regulatory obligations in terms of the data retention.

Your rights

The Data Subject has the right to obtain confirmation from the Data Controller as to whether or not there exists any personal data pertaining to them and, should there be, they have the right to access the personal data (Article 15 of the GDPR).

The Data Subject has the right to demand that the Data Processor immediately corrects any inaccurate personal data concern-ing them and, if necessary, completes any incomplete personal data (Article 16 of the GDPR).

The Data Subject has the right to demand the immediate deletion of personal data concerning their person if one of the grounds set out in Article 17 of the GDPR applies, such as if the data is no longer necessary for the purposes pursued (Right to Erasure).

The Data Subject has the right to request the Data Processor restrict processing upon any of the conditions set out in Article 18 of the GDPR being met – for example if the Data Subject has objected to the processing for the duration of any investigation by the Data Processor.

Regarding the personal data provided to a Data Controller, the Data Subject has the right to receive such data in a structured, commonly-used and machine-readable format and has the right to then transmit such data to another Data Controller without hindrance from the Data Controller to whom such data was initially provided – for example, if the processing is based on the consent of the Data Subject and the processing is carried out by automated means (Right to Data PortabilityArticle 20 of the GDPR).

At any time, the Data Subject may further avail of the Right to Object to the processing of their personal data on the grounds pertaining to their particular situation. The Data Processor is to cease processing the personal data, unless they can demon-strate compelling grounds for processing worthy of protection which outweigh the interests, rights and freedoms of the Data Subject or that the processing serves to assert, exercise or defend a legal claim (Article 21 of the GDPR).

Without prejudice to any other administrative or judicial remedy, any Data Subject who considers that the processing relating to them is in breach of this Regulation has the Right to Lodge a Complaint with a Supervisory Authority (Article 77 of the GDPR), in particular within the Member State in which they habitually reside, work or where the alleged breach has occurred. In Italy, the Supervisory Authority is the Garante per la Protezione dei Dati Personali (or, the Data Protection Authority).

You may exercise your rights via the above addresses.

Data protection declaration on the processing of personal data – Website
add_circle
Data protection declaration on the processing of personal data
Data controller
South Tyrol Association of Tourism Organisations / LTS cooperative
Gerbergasse 60
I – 39100 Bozen
Tel. +39 0471 978060

Personal data will be processed only by employees and collaborators of the company who have been expressly designated as data processors in accordance with this Privacy Policy. The employees have been adequately trained in this respect and work under the direct supervision and responsibility of the data controller.

Data Protection Officer (DPO)

The contact details of the data protection officers are: This email address is being protected from spambots. You need JavaScript enabled to view it.www.steger-consulting.it

Privacy information – Website

South Tyrol Association of Tourism Organisations and LTS cooperative (hereinafter also referred to as the "Company") has drawn up this privacy policy to inform visitors to this website of the methods and purposes of data processing. In particular, the visitors or those persons who make use of the web services offered on the website are informed in accordance with article 13 of Regulation (EU) 679/2016 on the protection of personal data. Your personal data will be processed in accordance with the Legislative Decree no. 196/2003, the EU Regulation 2016/679 (General Data Protection Regulation) and the Legislative Decree 101/2018. The present privacy policy refers to the above-mentioned website and does not apply to linked websites and to websites that users may visit.
Your data is processed to provide our services based on your request, our legitimate interests and to fulfill our pre-contractual and contractual obligations to you.
We check links that we mention on our website very carefully. Nevertheless, we do not assume any responsibility or liability for the content on external websites linked to from this website.
The use of the website implies that you agree with this privacy information letter, otherwise we ask you not to use the website. This privacy information letter may be updated at any time.

Purpose of processing personal data

In order to ensure the functionality of the website, statistical purposes, technical data with potential personal reference, such as the IP address, the time of requests, the name of the domain and similar data are processed (Art. 6f GDPR).
Furthermore, personal data are processed in order to offer various services.

Contact form

The website visitor can contact the company using the contact form. For this purpose, the personal data entered will be processed in order to respond to the request. An explicit consent to the processing of data in the contact form is available.

Transmission of personal data of special categories

The main legal basis for the processing is Art. 6b) GDPR and Art. 6f) GDPR (functionality of the website).

Cookies

This website also collects personal data through the use of cookies.

There are four categories of cookies:

  • Strictly necessary cookies - for the basic functionality of the website.
  • functional cookies - for ensuring the optimal performance of the website, including, for example, saving the language selection.
  • performance cookies - for improving the user experience, including, for example, measuring loading times.
  • marketing cookies - e.g., for targeting advertisements to the user - These cookies are deactivated by default on our websites and are only activated if you have given us your consent to do so.

The majority of cookies used are "session cookies" which are deleted after closing the browser. Other cookies are stored for example to display the correct language the next time you visit the website.
For all cookies that are not subject to a legitimate interest of the website operator (Art. 6f) GDPR), you will be explicitly asked for your consent.

Provision of the data

Apart from navigation data or processing requiring consent, only data provided voluntarily will be processed by the Company. If this information is not provided, it is possible that this will result in a restriction of the services offered.

Data transfer to third parties

Data will not be disseminated except where required by law. Your data may be passed on to third parties, if necessary, but only within the framework of our business relationship, e.g. for the fulfilment of services such as making payments via third parties. In principle, they will not be transferred to non-EU countries without your explicit consent. This also applies to the use of profiling and automated decisions. If Google Maps is used: It cannot be excluded that data is sent to non-EU countries, please consider this before using this application.

Hosting of the website

This website is hosted by an exterņal service provider.
For this purpose, the external hoster receives personal data collected on the website. The legal basis is Art. 6b) GDPR - pre-contractual measures as well as Art. 6f) (Smooth guarantee of the tools on our website). The hoster processes this data exclusively for the fulfillment of its service obligations.

With given consent: Web analysis with Google Analytics

Our website uses functions of the web analysis service Google Analytics. The provider is Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, U S A. Google Analytics.
The information obtained through the cookies about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the U SA. The full information letter can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en .
We use Google Analytics as an analysis tool to monitor the performance of our website, analyse customer behaviour and take appropriate action.
You can also prevent the described collection and processing of data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en .
The legal basis is Art. 6a) GDPR.

Google Maps

In our internet presence we use Google Maps to show our location and to provide directions. This is a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter only "Google".
If you access the Google Maps component of our website, Google will store a cookie on your device via your internet browser. In order to display our location and to create a route description, your user settings and data are processed. We cannot exclude the possibility that Google uses servers in the USA. The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the optimization of the functionality of our Internet presence.
Through the connection to Google established in this way, Google can determine from which website your request has been sent and to which IP address the directions are to be sent. If you do not agree with this processing, you have the possibility to prevent the installation of cookies by the appropriate settings in your internet browser.
In addition, the use of Google Maps and the information obtained via Google Maps is subject to the Google Terms of Use and the Termini e condizioni per Google Maps.
In addition, Google offers further information at adssettings.google.com/authenticated and policies.google.com/privacy .

SSL Encryption

This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the requests you send to us as site operator. You can recognize an encrypted connection by the fact that the address line of your browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

Underage visitors

This website is not intended for use by minors. We therefore do not collect and store data of underage visitors (except involuntarily).

The duration of data retention

The duration of data retention is measured according to the statutory retention obligations and legal obligations applicable to us.

Information on the rights of the data subjects

The data subject has the right to obtain confirmation from the controller as to whether or not personal data concerning him/her are being processed; if this is the case, he/she has the right to be informed of such personal data and to receive the information specified in Art. 15 GDPR.
The person concerned has the right to request the person responsible to correct incorrect personal data concerning him/her and, if necessary, to complete incomplete personal data (Art. 16 GDPR).
The data subject has the right to request the controller to delete personal data concerning him/her immediately if one of the reasons listed in Art. 17 GDPR applies, e.g. if the data is no longer needed for the purposes for which it was collected (right to erasure).
The data subject has the right to request the controller to restrict processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if the data subject has lodged an objection to processing, for the duration of the controller's examination.
The data subject has the right to receive the personal data concerning him/her that he/she has provided to a controller in a structured, common and machine-readable format and has the right to transfer this data to another controller without hindrance from the controller to whom the personal data has been provided, under certain circumstances, e.g. if the processing is based on consent and the processing is carried out with the aid of automated procedures (right to data transferability Art. 20 GDPR).
The data subject shall have the right to object at any time, on grounds relating to his particular situation, to the processing of personal data concerning him. The data controller will then no longer process the personal data unless he can demonstrate compelling reasons for processing that are worthy of protection, which outweigh the interests, rights and freedoms of the data subject, or if the processing serves to assert, exercise or defend legal claims (Art. 21 GDPR).
Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to him or her is in breach of the data protection regulation (GDPR) (Art. 77 GDPR). The data subject may assert this right with a supervisory authority in the Member State in which he or she is resident, at his or her place of work or at the place where the alleged infringement is committed. In Italy the competent supervisory authority is: Garante della privacy

You can exercise your rights at the above addresses (data controller).

Privacy policy – Candidates
add_circle

Dear Candidate,
the protection of personal data is important to us. Pursuant to Article 13 of the European General Data Protection Regulation (GDPR), we are obliged to inform you about the purpose of the data collection, storage and forwarding effectuated by our company. To this end, our Data Protection Policy also provides you with information regarding your data protection rights.

Data Processor
Provincial Association of South Tyrolean Tourism Organisations / LTS Soc. Coop.
Via Conciapelli 60
I – 39100 Bolzano
Tel. +39 0471 978060
Contact details of the Data Protection Officer
This email address is being protected from spambots. You need JavaScript enabled to view it.

Pursuant to Legislative Decree 196/2003, Legislative Decree 101/2018 and Articles 13, 14 and 21 of the European Regulation 2016/679 (GDPR), the below data may be processed, inter alia.

Personal data can be of the following types:
  • Personal data (such as your name, address, contact details – data provided in your CV)
  • Personal data of family members (which may be taken from your CV)
  • Photographs (data from your CV, if applicable)
Purpose of the processing

The acquisition and processing of this data is exclusively for the internal processing of your application. Although the provision of data is voluntary, we cannot consider you in the application process if you do not provide the data.

Recipients to whom personal data may be communicated

Your data will not be passed on to third parties nor shall it be transmitted to countries outside the EU or be subject to profiling and/or automated decisions.

The legal basis for data processing
  • Article 6(b) – the processing is necessary for the execution of a contract to which the Data Subject is party or for the implementation of pre-contractual measures adopted at the request of the Data Subject.
How long is the data retained?

Application documents shall be stored for a maximum of 2 years.

References to data subjects' rights

The Data Subject has the right to obtain confirmation from the Data Controller as to whether or not there exists any personal data pertaining to them and, should there be, they have the right to access the personal data ("Article 15 of the GDPR).

The Data Subject has the right to demand that the Data Processor immediately corrects any inaccurate personal data concerning them and, if necessary, completes any incomplete personal data (Article 16 of the GDPR). The Data Subject has the right to demand the immediate deletion of personal data concerning their person if one of the grounds set out in Article 17 of the GDPR applies, such as if the data is no longer necessary for the purposes pursued (Right to Erasure).

The Data Subject has the right to request the Data Processor restrict processing upon any of the conditions set out in Article 18 of the GDPR being established – for example if the Data Subject has objected to the processing for the duration of the Data Processor’s investigation.

The Data Subject has the right to receive their personal data, supplied in a structured, commonly-used and machine-readable format. At the Data Subject’s request, this data may be provided to another Data Controller without hindrance by the Data Controller to have provided such data (Right to Data PortabilityArticle 20 of the GDPR).

At any time, the Data Subject may further avail of the Right to Object to the processing of their personal data on the grounds pertaining to their particular situation. The Data Controller may no longer process personal data except whereby the Data Controller can demonstrate compelling grounds for processing worthy of protection and which outweigh the interests, rights and freedoms of the Data Subject or if the processing serves to assert, exercise or defend a legal claim (Article 21 of the GDPR).

Without prejudice to any other administrative or judicial remedy, any Data Subject who considers that the processing relating to them is in breach of this Regulation has the Right to Lodge a Complaint with a Supervisory Authority (Article 77 of the GDPR), in particular within the Member State in which they habitually reside, work or where the alleged breach has occurred. In Italy, the Supervisory Authority is the Garante per la Protezione dei Dati Personali (or, the Data Protection Authority).

You can exercise your rights via the above addresses.