TO THE PRIVACY POLICY "GIGGO OLANG VALDAORA" ("CHATBOT")
(In accordance with Art. 13 of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data)
Dear User,
Thank you for visiting www.olang.com, the website of Tourist Office Valdaora-Olang (“Tourist Office Valdaora-Olang” or “we”). Here you can find information about our organization, access our services and explore the Kronplatz Dolomites Region.
We invite you to read our privacy notice, in which you will find information regarding the processing of personal data carried out through our website (“Website”) in compliance with Regulation (EU) 2016/679 (“GDPR”).
“Personal data” means personal information that, regardless of its format, can be used, alone or in combination with other information, to identify a natural person.
“Processing of personal data” means any operation or set of operations applied to personal data, also through automated processes, such as collecting, recording, storing, consulting and sharing of personal data.
By “User” we mean all those who access and navigate our website.
If you have any questions or concerns regarding the processing of your personal data or if you wish to exercise your data protection rights, you can contact us using the contact details provided in Section 1 (Who we are).
We are committed to protecting your personal data. However, we do not pre-screen the information provided by users and we assume no responsibility for the accuracy and completeness of the information that users share and/or receive through our website.
Summary
1. Data controller – Who we are
2. Which personal data we process and how
3. Legal basis and purposes of the Processing of Personal Data
4. Data recipients - How and with whom we share Personal Data
5. Transfer of data – Where Personal Data is Processed
6. Retention period for personal data
7. Data security – How we protect Personal Data
10. Changes to this privacy notice
Tourist Office Valdaora-Olang
VAT No. 00477260210
Florianiplatz 19
I-39030 Olang
+39 0474 496277
processes the user's data as data controller, pursuant to Art. 4 para. 1 no. 7 GDPR.
In the course of normal use of the website and for the sole duration of the connection, we acquire certain personal data that are technically necessary and the transmission of which is implicit in the use of Internet communication protocols (so-called browsing data), such as IP addresses, date and time of requests, time zone, browser, language and version of browser software and referrer URL, i.e. the website from which access is made.
This is information that is not collected in order to be associated with individual users, but which by its very nature could, through processing and association with data held by third parties, make it possible to identify users.
In addition to the purely informative use of the website, we offer a wide range of services, which you can use according to your preferences and interests. However, in order for Tourist Office Valdaora-Olang to be able to provide these services, the user will usually have to provide additional Personal Data, such as first name, last name and e-mail address.
The user's Personal Data will be processed by means of IT/telematic tools in such a way as to guarantee the confidentiality and security of the data in compliance with the applicable data protection regulations.
We exclusively collect and use your personal data if there is a valid legal basis for doing so.
In particular, the following legal bases apply:
|
The fulfilment of contractual obligations or pre-contractual measures (Art. 6, para. 1, letter b) GDPR): when the user accesses and uses the website and the services we offer.
|
a) Personal data that we process to communicate with users We Process users' Personal Data, such as first name, last name, email address and telephone number to interact directly with them or to respond to specific requests made by them, through any channel made available on the Website, such as the contact forms on the Website and/or on Internet channels. We regularly review the necessity of retaining such requests and messages and delete the corresponding data when they are no longer needed. The user is free to provide their Personal Data for the above-mentioned purposes or not. However, the provision of this data is necessary for the processing of the request and/or the performance of the relationship with Tourist Office Valdaora-Olang Without providing this data, we may not be able to respond to requests or provide our services. b) Personal Data that we Process for the purpose of processing availability requests at accommodation facilities Through the communication channels on the Website, it is possible to search for accommodation facilities in the Kronplatz Dolomites Region and submit availability requests. The Personal Data provided by the user via the appropriate form (first name, last name, e-mail address, arrival and departure dates) will be Processed by us for the sole purpose of processing the request. The transmission of the availability request necessarily implies the exchange of the user's Personal Data between Tourist Office Valdaora-Olang and the accommodation facility for which the request was made, including the information necessary for the accommodation facility to respond to the user's request and manage the associated products and services. The execution of the contractual relationship between the user and the accommodation facility is the responsibility of the latter, which Processes the Personal Data provided as data controller in accordance with Art. 4 para. 1 no. 7 GDPR. Any further Processing of the user's Personal Data by the accommodation facility will therefore be beyond our control. The user is free to provide their Personal Data for the above-mentioned purposes or not; however, if they do not provide us with the contact details requested in the contact form, we will not be able to process the user's request. c) Personal Data that we Process for the purpose of processing bookings at accommodation facilities Through the communication channels on the Website, it is possible to book a stay at accommodation facilities in the Kronplatz Dolomites Region. The Personal Data provided by the user via the appropriate form (first name, last name, e-mail address, arrival and departure dates, physical address, telephone number, any other data entered by the user in the "Notes/Comments" section) will be Processed by us for the sole purpose of processing the request. The booking necessarily implies the exchange of the user's Personal Data between Tourist Office Valdaora-Olang and the accommodation facility at which the user makes the booking, including the information necessary for the accommodation facility to complete the booking process and manage the associated products and services. In some cases, we may also communicate additional information, such as the number of bookings made through our website. The execution of the contractual relationship between the user and the accommodation facility is the responsibility of the latter, which processes the Personal Data provided as data controller in accordance with Art. 4 para. 1 no. 7 GDPR. Any further Processing of the user's Personal Data by the accommodation facility will therefore be beyond our control. The user is free to provide their Personal Data for the above-mentioned purposes or not; however, if they do not provide us with the contact details requested in the booking form, we will not be able to process the user's request. |
|
Express consent (Art. 6, para. 1, letter a) GDPR): to subscribe to our newsletter or receive other communications.
|
d) Data Processing for sending our newsletter With your express and informed consent, by checking the appropriate box, you can subscribe to the newsletter to receive regular updates on our services as well as promotional communications relating to the Kronplatz Dolomites Region, and related areas falling under the remit of the tourism associations of Bruneck, Olang, Antholz, St. Vigil and St. Martin, and Kiens. e) Communications to third parties for promotional purpose With the user's consent, we may disclose the collected personal data to third parties, including companies of the Kronplatz Dolomites Region, operating in different product categories including, but not limited to, the real estate, hotel and sports sectors, in order for them to pursue their own independent commercial and promotional purposes. f) Direct marketing We may also promote our services and those of the Kronplatz Dolomites Region companies and third-party business partners, including market research via digital communication channels, which may be automated. We provide specific summarized privacy notices on the pages of the Website specifically set up for the above-mentioned services. Providing the data is optional; however, if you do not give us your consent to process it, we will not be able to send you our newsletter and promotional communications. You may revoke your consent at any time via the deactivation link available at the bottom of each communication, or by contacting us directly at the contact details provided above. |
|
Legitimate interest (Art. 6, para. 1, letter f) GDPR): to ensure the availability, proper functioning and security of the Website, to investigate possible computer crime or to pursue other legitimate interests, provided that the pursuit of our interests or the interests of third parties does not adversely affect the fundamental rights and freedoms of the user.
|
g) Personal data that we Process for technical and analytical purposes of the Website We process technical data or navigation data that may indirectly reveal the identity of the user in order to ensure a reliable user experience. This data is collected automatically during the normal operation of each website and is Processed for technical purposes (including troubleshooting, testing, system maintenance, technical support and reporting), or statistical and analytical purposes to improve the user experience. The latter are usually Processed in an aggregate and non-identifiable form for statistical purposes. For instance, usage data may be Processed to measure the engagement rate, or the time spent on a certain section or feature of the Website. h) Personal Data that we Process for “soft spam” purposes We may Process your Personal Data in order to send you marketing communications via e-mail or paper mail about services similar to those you have previously purchased. You have the right to object to the Processing of your Personal Data at any time by writing to the contact details provided above or by clicking on the deactivation link at the end of the communications sent. i) Personal Data that we Process in the context of extraordinary operations In the context of extraordinary business operations involving Tourist Office Valdaora-Olang (e.g. mergers, demergers, assignment or transfer of credits, assets or business units, etc.) as well as in the course of any activities in preparation for and/or subsequent to such operations, it is possible that Personal Data relating to the user, such as the e-mail address, may be shared. j) Personal Data that we Process with other affiliated or associated companies We may disclose the user's Personal Data to companies of the Kronplatz Dolomites Region or affiliated companies, current or future, for administrative and accounting purposes and to fulfil legal obligations. |
|
Legal obligations (Art. 6, para. 1, letter c) GDPR): to comply with applicable laws and regulations and to respond to requests from competent authorities. |
k) Personal Data we Process to fulfil regulatory obligations We Process users' personal data to fulfil eventual legal obligations, such as tax, administrative and accounting obligations. |
We may also Process your Personal Data if we need to protect our interests or to defend ourselves in legal proceedings.
The disclosure of Personal Data is also a form of Processing, which is why we would like to provide users with further information on how and to whom we transfer, transmit and disclose Personal Data.
To achieve the above-mentioned purposes, the user's Personal Data will be made accessible to persons who are explicitly authorized by Tourist Office Valdaora-Olang to process Personal Data under its direct supervision (e.g. employees and collaborators). These persons may obtain knowledge of the user's Personal Data, but only in the context of the performance of their duties and in accordance with our written instructions.
Users' Personal Data may also be processed with the support of persons and companies (cloud systems providers, hosting service providers, etc.) who act as data processors for us and who are contractually obliged under Article 28 GDPR to strictly protect the data Processed on our behalf and to use it exclusively for the contractually agreed purposes.
In order to fulfil certain legal obligations, we may be required to disclose the user's Personal Data to public or private third parties (e.g. public institutions, police authorities, etc.). In this case, the legal basis for processing is the need to fulfil the legal obligation to which the data controller is subject pursuant to Art. 6 para. 1 letter c) GDPR.
Processing under joint control
In collaboration with the joint data controllers indicated below, we may also process certain Personal Data collected as part of our marketing activities, such as identification data (e.g. first name, last name, e-mail, if provided) or data related to the user's interaction with promotional content (e.g. opening newsletters, clicking on links, browsing behaviour). For this purpose and in accordance with the data protection regulations, we have concluded a joint controllership agreement pursuant to Art. 26 GDPR, in which we, jointly with the other data controllers, determine the purposes, methods and procedures of the Processing carried out as joint controllers. With the joint controllership agreement, as joint controllers, we have also established, in a clear and transparent manner, the procedures that will provide timely feedback to users in case they wish to exercise their rights, as further explained in section 8 (Rights of the data subject) of this notice.
We Process Personal Data together with the following joint controllers:
- Kronplatz Brand Konsortialgesellschaft m.b.H., registered in Johann-Georg-Mahl-Straße 40, 39031 – Bruneck (BZ);
- Tourist Office Bruneck Kronplatz Tourism, registered in Rathausplatz 7, 39031 – Bruneck (BZ);
- Tourist Office Antholz Valley, registered in Niederrasner Straße 35/F, 39030 – Rasen-Antholz (BZ);
- Tourist Office Chienes-Kiens, registered in Kiener Dorfweg 4B, 39030 – Kiens (BZ);
- Tourist Office San Vigilio/San Martin, registered in Str. Plan de Corones 38/1, 39030 – St. Vigil (BZ);
- Skirama Kronplatz – Plan de Corones, registered in Johann-Georg-Mahl-Straße 40, 39031 – Bruneck (BZ);
Personal Data will be Processed under joint control for the following purposes:
a) managing of advertising campaigns concerning the Kronplatz Dolomites Region;
b) analysing and monitoring of interactions with promotional content and conducting market research in order to improve the effectiveness of the aforementioned advertising campaigns; and
c) complying with legal obligations, including those arising from the privacy regulations.
Tourist Office Valdaora-Olang, as coordinator, ensures the operational management of advertising campaigns and the monitoring of processing procedures.
The legal basis for the Processing is:
- for the purposes mentioned under a) and b), the fulfilment of contractual obligations or pre-contractual measures (Art. 6 para. 1 letter b) GDPR) and, if necessary, the prior consent of the user (Art. 6 para. 1 letter a) GDPR), which can be revoked at any time without affecting the legality of the Processing carried out before the revocation;
- for the purposes mentioned under c), the fulfilment of the legal obligations of the joint controllers (Art. 6 para. 1 letter c) GDPR).
The management and storage of personal data takes place within the EU and/or the EEA, on servers managed by Tourist Office Valdaora-Olang and/or third-party companies appointed by it. We do not intend to transfer personal data to third countries or international organizations; should such a transfer take place, we will take all appropriate measures and safeguards required by the GDPR and applicable legislation.
We Process and store users' Personal Data only for the time strictly necessary to achieve the purposes for which they were collected and, in any case, in compliance with the terms provided for in the current regulations.
With reference to the specific purposes of:
· Navigation on the website: Personal Data collected in this way is retained for a period of 7 days and may be processed for a longer period if circumstances arise that justify a longer retention period.
· Contract performance and/or pre-contractual activities/measures: Personal Data will be processed only for the time necessary to Process the user's requests and in any case for a period not exceeding 10 years.
· Sending of the newsletter and communications to third parties for marketing purposes: Personal Data will be Processed until consent is revoked; after consent is revoked, we can no longer use the Personal Data for the purposes set out above, but we may continue to keep consent logs, should it be necessary to protect our interests.
· Soft Spam: Personal Data will be stored for a maximum period of 24 months. The user can object to this Processing at any time, for example by selecting the deactivation link available at the bottom of the communications sent.
At the end of the retention periods mentioned above, the data will be deleted or anonymized to be used for statistical purposes.
We take the protection of our users' Personal Data very seriously. For this reason, we always adapt organizational, technical and administrative measures to protect users' Personal Data from unauthorized access, alteration, disclosure or destruction.
For example:
· We take appropriate measures to ensure that we only process Personal Data that is necessary and relevant for the purposes specified above.
· We implement mechanisms and technologies to ensure the availability, confidentiality and integrity of Personal Data.
· We only select business partners and suppliers who, through specific provisions in the contracts concluded with them, can guarantee a level of security for Personal Data that complies with our own protection standards.
As a data subject, the users can exercise their rights in accordance with the GDPR (Articles 15 to 21), in particular:
· Right of Withdrawal (Art. 7 GDPR): to revoke at any time the consent given for the different processing operations that require it. The lawfulness of the Processing of the user's Personal Data carried out before revocation remains unaffected. A revocation determines that from then on, Personal Data will no longer be Processed for the purposes to which the revoked consent referred.
· Right of Access (Art. 15 GDPR): to obtain confirmation as to whether or not Processing is taking place and, where this is the case, to be informed of the purposes of the Processing, the categories of Personal Data processed, the recipients and categories of recipients, the retention period of the data, etc.
· Right to Rectification (Art. 16 GDPR): to request the rectification of inaccurate Personal Data and/or the completion of incomplete Personal Data.
· Right to Erasure (Art. 17 GDPR): to obtain the erasure of Personal Data in the cases and under the conditions laid down in the legislation.
· Right to Restriction of Processing (Art. 18 GDPR): to obtain restriction of Processing in the cases and under the conditions laid down in the legislation.
· Right to Data Portability (Art. 20 GDPR): to obtain the portability of Personal Data, i.e. the transmission of Personal Data, where technically feasible, from one data controller to another, in the cases and under the conditions laid down in the legislation.
· Right to Object (Art. 21 GDPR): to object to the Processing of Personal Data for reasons related to the users` particular situation or if Personal Data are Processed for direct marketing purposes.
You can exercise your rights by sending a request to the data controller using the contact details provided above.
If the user is of the opinion that the processing concerning him/her violates the GDPR, he/she has the right to file a complaint with the supervisory authority: Italian Data Protection Authority, Piazza Venezia 11, 00187 - Rome, https://www.garanteprivacy.it/.
Our website contains links to other websites, plug-ins and third-party applications, including links to our social media accounts (Facebook, YouTube, Instagram and Pinterest), which allow the user to interact directly with these social networks.
By clicking on these links, the user may be authorizing the companies that own these websites to collect or share your Personal Data. Please note that we have no control over these websites and are not responsible for their privacy policies. After leaving our Website, users are always advised to read the privacy notice of the website they are visiting.
We reserve the right to modify this notice to bring it into line with current regulations. The updated information will be published on the Website.
“Data Protection Icons” created by Maastricht European Centre on Privacy and Cybersecurity; licence ECPC CC BY 4.0.
Cookies
For detailed information on the cookies used on the Website, and to change your preferences, please refer to the following link: https://www.kronplatz.com/en?cmpscreen=1
(Pursuant to Article 13 of Regulation (EU) 2016/679 concerning the protection of natural persons with regard to the processing of personal data)
We invite you to read this privacy notice, which provides information on the processing of personal data in connection with the operation of our Website www.olang.com (“Website”) and our official WhatsApp channel (together, the “Chat Channels”), as well as the use of our Chatbot “Giggo Olang Valdaora” (“Chatbot”), in accordance with Regulation (EU) 2016/679 (“GDPR”).
This privacy notice supplements our general privacy notice for visitors to our Website, which contains all information pursuant to Articles 13 and 14 GDPR and is also available on the Website.
For comprehensive information about the processing of your personal data, we also recommend that you consult the general privacy notice.
The Chatbot is made available with the aim of providing users (“Users” or “you”) with quick, accessible and interactive access to information concerning accommodation as well as cultural and leisure offerings in Valdaora. Any further use for purposes not compatible with this informational purpose is excluded.
Associazione Turistica Valdaora]
VAT No. and Tax No.: 0047 726 0210
Piazza Floriani 19
I-39030 Valdaora
+39 0474 496277
processes Users’ data as Controller within the meaning of Article 4, No. 7 GDPR.
a) Technical data, system and security logs:
In the course of providing the Chatbot, we collect certain personal data that are technically necessary and the transmission of which is inherent in the use of internet and communications protocols, such as IP addresses, date and time of requests, time zone, browser, language and version of the browser software and the operating system of the end device, and the referrer URL, i.e. the Website from which access occurs. If the Chatbot is provided via our WhatsApp channel, we may also collect the User’s phone number and displayed profile name, which we retain for the duration of use and for maintenance purposes.
These are not collected with the intention of being associated with individual Users; however, by their nature they could, through processing and matching with data held by third parties, allow Users to be identified.
b) Dialogue content and other information
Use of the Chatbot, regardless of the Chat channel, also entails the processing of the messages you send and receive. This may include, in particular, information or files you provide or upload about yourself as well as information about your interactions with the Chatbot.
c) Contact details
To respond to enquiries or to handle complaints regarding the Chatbot, we also process contact details provided by Users for that purpose, such as first name, surname, email address and telephone number.
No information relating to your health, religious or political beliefs, or other special categories of personal data is required for the provision and use of the Chatbot. Please do not transmit such data. If you nevertheless share such information via the message window, you expressly consent to processing thereof pursuant to Article 9, paragraph 2, letter a) of the GDPR.
Personal data are processed using IT-based tools, including cookies. Further information on the cookies used for this purpose can be found on our website: https://www.olang.com/en/privacy-policy.
In relation to the provision and use of the Chatbot, we collect and use your personal data solely for the following purposes and on the following legal bases:
|
Legal basis |
Purposes of processing |
|
Fulfilment of contractual obligations or pre-contractual measures (Article 6, para. 1, letter b) GDPR): when Users use the Chatbot through one of the Chat Channels provided.
|
a) Provision of the Chatbot via one of our Chat Channels We process Users’ personal data, such as technical data, system and usage logs, dialogue content, profile names and phone numbers, to provide the Chatbot via our Chat Channels and to enable its use and the delivery of information. We regularly assess the necessity of retaining such requests and messages and delete the relevant data when they are no longer needed. Users are free to provide their personal data for the above purposes. However, the provision of this data is necessary in order to process requests via the Chatbot and/or to maintain the business relationship with Associazione Turistica Valdaora. If these data are not provided, we may be unable to process the request or provide our services. b) Management of complaints The Chatbot is able to detect indications of negative feedback or complaints. Relevant dialogue excerpts may—after a preliminary technical relevance check—be forwarded to us in order to be recorded as part of an internal process that includes an individual review, feedback to the complaining User and, where appropriate, further measures. For this purpose, in addition to the dialogue content we also process the contact details provided for contacting the User, as well as, where applicable, booking- or order-related information relevant to handling the complaint. Users are free to provide their personal data for the above purposes. However, the provision of this data is necessary in order to process requests via the Chatbot and/or to maintain the business relationship with Associazione Turistica Valdaora. If these data are not provided, we may be unable to process the request or provide our services. |
|
Legitimate interests (Article 6, para. 1, letter f) GDPR): to ensure the availability, proper operation and security of the Chatbot, to detect and prosecute potential criminal offences, and to pursue other legitimate interests—provided that the protection of our interests or those of third parties does not override the user’s fundamental rights and freedoms.
|
c) Security and maintenance We process technical and network data that could indirectly reveal the User’s identity in order to ensure a reliable User experience. These data are automatically collected during normal operation of the Chatbot and are processed for technical purposes (including troubleshooting, testing, system maintenance, technical support and reporting) or for statistical and analytical purposes to improve the User experience. The latter are generally processed in aggregated and non-identifiable form for statistical purposes. For example, it may be assessed how often certain functions are used or how much time is typically required for certain requests. These evaluations help us to identify technical weaknesses and to further develop the Chatbot in a targeted manner. d) Quality assurance, content maintenance and reporting We use excerpts from the Chatbot’s dialogue content to continuously verify the quality of the information provided, maintain content and compile reports to assess and improve our digital offering. For these purposes, the dialogue excerpts are cleansed of personal characteristics—such as phone numbers, profile names or other identifiers traceable to a natural person—or pseudonymised before analysis, in order to prevent the prepared content from being attributed to individual Users. e) Disclosure of dialogue content to affiliated companies To improve the Chatbot’s content offering, response speed and subject-matter quality, we may share dialogue excerpts via secure technical interfaces with software solutions of affiliated companies in the same tourism region. For these purposes, dialogue excerpts are cleansed of personal characteristics—such as phone numbers, profile names, or other identifiers traceable to a natural person—or pseudonymised before analysis, to prevent attribution of the prepared content to individual Users. The receiving companies use these dialogue excerpts solely to answer the User’s enquiry automatically and, where applicable, to evaluate them statistically. |
|
Legal obligations (Article 6, para. 1, letter c) GDPR): to comply with applicable laws and regulations and to respond to requests from competent authorities. |
f) Personal data we process to comply with legal obligations We process Users’ personal data in order to comply with any legal obligations, such as fiscal, administrative and accounting obligations. |
g) Use of dialogue content and technical data by SaaS service providers
To operate the Chatbot, we rely on the specialist and technical support of a service provider that processes technical data, aggregated User statistics and dialogue content for the provision of the Chatbot under a contractual arrangement with us (Article 6, para. 1, letter b) GDPR).
In addition, these data are also used by the service provider on its own responsibility to train the algorithms and models underlying the Chatbot, to improve response quality and to enhance system stability (Article 6 para. 1, letter f) GDPR). For this purpose, the service provider uses pseudonymised, or where possible fully anonymised, dialogue excerpts and usage statistics. The service provider cannot readily infer your identity from these data.
You may object at any time to the transmission of your data to the service provider, unless compelling legitimate grounds prevail.
Without prejudice to the provision set out in our general privacy notice, we may forward certain dialogue excerpts and contact information for the above purposes to affiliated companies in the tourism region. Each receiving affiliated company processes these data under its own responsibility pursuant to Article 4, no. 7 GDPR and solely for the purpose of responding to your enquiry for quality assurance reasons.
If the Chatbot is used via our WhatsApp channel, your phone number may also be stored and processed for internal service purposes by WhatsApp Ireland Ltd. under its own responsibility. We have no influence over such processing activities. Details can be found in the privacy notice made available by WhatsApp: https://www.whatsapp.com/legal/privacy-policy-eea.
Management and storage of the personal data processed in connection with the operation of the Chatbot take place within the EU and/or the EEA, on servers managed by Associazione Turistica Valdaora and/or third-party companies engaged by it. However, as part of individual functional components (e.g. cloud hosting, monitoring or support tools), a transfer of personal data outside the EU or EEA may be required. In such cases, before any transfer we ensure that all appropriate measures and safeguards required by the GDPR and applicable law are duly adopted.
We process and store Users’ personal data in accordance with our general privacy notice and in any event only for as long as is strictly necessary to achieve the purposes for which they were collected.
In particular:
· Plain-text dialogues: retained for a period necessary to process User enquiries and to deliver information, and generally deleted or anonymised after 72 hours. Where the Chatbot is used via our WhatsApp channel, message texts and the phone number stored with WhatsApp may be retained for up to one year from the creation of the relevant chat. They may be processed for a longer period where circumstances exist that justify an extension of the data storage period. In such cases, the personal data will be deleted or anonymised no later than 30 days after the reason for retention ceases to apply.
· System and security logs: are kept for the period required for stable operation and network security, but generally no longer than 90 days.
After expiry of the above storage periods, the data are deleted from our live and backup systems or anonymised for statistical purposes.
We take the protection of our Users’ personal data very seriously. For this reason, we continuously adapt organisational, technical and administrative measures to protect Users’ personal data against unauthorised access, alteration, disclosure or destruction.
As a data subject, the User may exercise his or her rights under the GDPR (Articles 15 to 21), in particular:
· Right to withdraw consent (Article 7 GDPR): to withdraw at any time the consent given for the various processing operations that require it. The lawfulness of the processing of the User’s personal data carried out before withdrawal remains unaffected. Withdrawal means that from that moment the personal data will no longer be processed for the purposes to which the withdrawn consent related.
· Right of access (Article 15 GDPR): to obtain confirmation of whether personal data are being processed and, if so, to be informed about the purposes of processing, the categories of personal data processed, the recipients and categories of recipients, the data storage period, etc.
· Right to rectification (Article 16 GDPR): to request the rectification of inaccurate personal data and/or the completion of incomplete personal data.
· Right to erasure (Article 17 GDPR): to obtain the erasure of personal data in the cases and under the conditions laid down by law.
· Right to restriction of processing (Article 18 GDPR): to obtain restriction of processing in the cases and under the conditions laid down by law.
· Right to data portability (Article 20 GDPR): to obtain the portability of personal data, i.e. the transmission of personal data, insofar as technically feasible, from one Controller to another, in the cases and under the conditions laid down by law.
· Right to object (Article 21 GDPR): to object to the processing of personal data on grounds relating to his or her particular situation, or where personal data are processed for the purposes of direct marketing.
You may exercise your rights by sending a request to the Controller at the contact details given above.
If the User considers that the processing concerning him or her infringes the GDPR, he or she has the right to lodge a complaint with the supervisory authority: Garante per la protezione dei dati personali (Italian Data Protection Authority), Piazza Venezia 11, 00187 Rome, https://www.garanteprivacy.it/.
The Chatbot is intended solely for individuals who are 18 years of age or older. If we become aware that a individual under the age of 18 years is using our Chatbot, we will prevent further use and delete all associated personal data.
If you have reason to believe that a minor has provided personal data to the Chatbot, please contact us immediately at the contact addresses indicated in section 1 (Who we are). We will endeavor to remove the relevant information from our systems without delay.
We reserve the right to amend this privacy notice in order to adapt it to applicable provisions. The updated privacy notice will be published on our Website.
"Privacy icons" created by the Maastricht European Centre on Privacy and Cybersecurity; licence ECPC CC BY 4.0.
***