Data controller
Ski Area Carezza
I - 39056 Karersee (BZ) - Südtirol
Tel.: 0471 612527
info@carezza.it
Privacy information - Website
Dear website visitor,
We are pleased to inform you about how your personal data is processed when you visit our website. You can also see from this information letter which rights you can exercise as a data subject.
Your personal data will be processed in accordance with EU Regulation 2016/679 (the General Data Protection Regulation) and national data protection legislation.
The use of the website implies that you agree with this privacy information letter, otherwise we ask you not to continue using the website.
In addition, we would like to inform you that links on our website that lead to other websites have been carefully selected and checked by us. Since these websites can be updated without our knowledge and their contents can change continuously, we do not assume any liability or responsibility for them.
Purpose of processing personal data:
In order to ensure the functionality of the website, statistical purposes, technical data with potential personal reference, such as the IP address, the time of requests, the name of the domain and similar data are processed. In addition, the website operator has a legitimate interest (Art. 6f GDPR) in providing you with a visually appealing website and a pleasant user experience. With given consent (Art. 6a GDPR), user behavior can also be analyzed, and marketing purposes pursued.
The main purpose of the data processing is the provision of our website and its contents as well as the fulfilment of your requests.
Furthermore, personal data are processed in order to offer various services:
Newsletter
Each visitor can register on the website for our newsletter using the double opt-in method. This voluntary registration and this processing can be revoked by the user at any time by clicking on the "unsubscribe" button or by sending us an email (the contact details can be found at the beginning of the information letter). Registration for the newsletter is voluntary, so the legal basis is Art. 6 1a) GDPR. The consent expires upon revocation.
Transmission of personal data of special categories
We ask you not to transmit sensitive data (personal data of special categories - Art. 9 as well as Art. 10 GDPR) via the website, e.g. by using the contact form. Sensitive data should always be transmitted in an appropriately protected manner, e.g. protected with a password or handed over personally.
Booking request and booking
You can make a booking request and bookings on our website. For this we need your name and e-mail address. All other fields, such as the address is optional. For the booking we need additional data, such as your choice of room or type of board and your request will be forwarded to the selected accommodation for the completion of the booking. To complete the payment, you will be redirected to Mastercard/Visa to complete the payment. However, you can also complete the transfer by direct bank transfer.
Privacy Policy Mastercard: https://www.mastercard.us/en-us/vision/corp-responsibility/commitment-to-privacy/privacy.html
Privacy Policy Visa: https://www.visaeurope.at/legal/privacy-policy.html
Your data will be retained in accordance with the statutory retention requirements and legal obligations applicable to us (all fiscal data must be retained for 10 years).
The legal basis is Art. 6 1 b) GDPR - implementation of pre-contractual measures, the input of the data is necessary to process the request/booking, failure to provide it will result in the request/booking not being able to be carried out.
Stripe
Our website offers you payment with the payment service provider Stripe. The data controller is: Stripe Payments Europe Limited 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland. We offer this service in order to offer you this payment method (Art. 6 1f GDPR) and to process the purchase for the fulfilment of the contract (Art. 6 1b GDPR). The following data, among others, may be processed and passed on to Stripe:
The provision of payment details is voluntary, however, the payment cannot be made with Stripe without this information.
Stripe assumes the role of data controller as well as processor in the data processing. As a controller, for the fulfilment of regulatory obligations (Art. 6 1f GDPR) as well as for contract execution/payment processing (Art 6 1b GDPR). As a processor, Stripe processes data in order to be able to carry out payment transactions within the payment networks.
Your data will be stored by our side until the completion of the payment processing. This also includes the period required for processing refunds, claims management and fraud prevention.
For more information on how Stripe processes your data and on how to object to Stripe, please visit https://stripe.com/privacy-center/legal.
PayPal
Our website offers you payment with the payment service provider PayPal. The data controller is: PayPal Europe S.a.r.l. et Cie s.c.a, 22-24 Boulevard Royal, L-2449 Luxembourg.
We offer this service in order to offer you this payment method (Art. 6 1f GDPR) and to process the purchase for the fulfilment of the contract (Art. 6 1b GDPR). Among other things, the following data may be processed and passed on to PayPal:
The provision of payment data is voluntary, however, without its transmission the payment with PayPal cannot be carried out.
PayPal may carry out credit checks to ensure the ability to pay. The legal basis for this is Art. 6 1f) GDPR. The legal basis for the execution of the contract is Art. 6 1b) GDPR. In the course of the credit assessment, your data (e.g. name, address, bank account details and similar) may be passed on to credit agencies (here the legal basis is Art. 6 1f GDPR - legitimate interest of the data controller). We have no influence on this and only learn whether the payment was rejected or carried out.
Your data will be stored until the payment has been processed. This includes the period required for processing refunds, claims management and fraud prevention.
You can find more information on how PayPal processes your data and on how to object to PayPal at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Legal basis of data processing:
The main legal basis for the processing is Art. 6b) GDPR (Fulfilment of precontractual/contractual measures) and Art. 6f) GDPR (functionality of the website) as well as the consent obtained, if given by you (Art. 6a GDPR).
Cookies
Our website uses cookies, whereby personal data can be processed.
There are four categories of cookies:
Non-essential cookies are deactivated by default on our websites and are only activated if you have given us your consent to do so.
Most cookies used are "session cookies" which are deleted after closing the browser. Other cookies are stored for example to display the correct language the next time you visit the website.
For all cookies that are not subject to a legitimate interest of the website operator (Art. 6f) GDPR), you will be explicitly asked for your consent.
You can delete your cookies at any time by, depending on your browser, usually clicking on the 3 dots/stripes at the top right and then opening the settings, entering cookies in the search field, and selecting: delete cookies/delete browser data.
Provision of the data
The provision of your data is voluntary (with the exception of the processing of navigation data) and not required by law. However, failure to provide it may result in restricted use of the website and the services offered.
Data transfer to third parties
Your data may be passed on to third parties, if necessary, but only within the scope of our business relationship, e.g. for the fulfilment of your request or, if applicable, the execution of payments via third parties and for the fulfilment of legal obligations. Your data will not be transferred to other EU countries without your explicit consent. The same also applies to the use of profiling and automated decisions.
Hosting of the website
This website is hosted by an external service provider.
For this purpose, the external hoster receives personal data collected on the website. The legal basis is Art. 6b) GDPR - pre-contractual measures as well as Art. 6f) (Smooth guarantee of the tools on our website).
Google services
Our website uses services from the operator Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google may therefore process information and personal data. Please note that American authorities could theoretically gain access to this data due to American legislation (in particular the Cloud Act). Information on the legal framework for data transfer can be found at https://policies.google.com/privacy/frameworks.
Google Tag Manager
Our website uses Google Tag Manager. The provider is Google Ireland Limited ("Google"), House, Barrow Street, Dublin 4, Ireland.
The Google Tag Manager makes it easier to integrate tracking codes. It also gives site operators the opportunity to make changes that are automatically applied to the pages without having to adapt the source code.
The Google Tag Manager can communicate with the Tag Manager servers, in the course of which, when a tag is triggered, personal data may be processed (e.g. the IP address).
You will be explicitly asked for your consent before the Google Tag Manager is activated. The legal basis is Art. 6a) GDPR.
You can find detailed information at: https://policies.google.com/privacy
Web analysis with Google Analytics
Our website uses functions of the web analysis service Google Analytics. The provider is Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, U S A. Google Analytics.
The information obtained through the cookies about your use of the website (including your IP address) can be transmitted to Google on servers in the U S A.
The full information letter can be found in Google's privacy policy:
https://support.google.com/analytics/answer/6004245?hl=en.
We use Google Analytics as an analysis tool to monitor the performance of our website, analyse customer behavior and take appropriate action.
You will be explicitly asked for your consent before Google Analytics is activated. The legal basis is Art. 6a) GDPR.
You can also prevent the described collection and processing of data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
YouTube
We use social plugins from YouTube, a site operated by Google. The operator of this site is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, U S A. When you visit a page equipped with a YouTube plugin, a connection to the YouTube servers is established. This informs the YouTube server that you have visited our site and user statistics can be compiled, e.g. by means of cookies.
If you are logged into your YouTube account, YouTube can assign your visit to our website to your user account. You can prevent this by logging out of your YouTube account.
For more information on how YouTube handles your user data, please see the privacy policy at https://www.google.de/intl/de/policies/privacy.
Facebook Pixel
Our website uses the so-called "Facebook Pixel" of the social network Facebook, which is operated by Facebook Inc. or, if you are a resident of the EU, by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
A direct connection to the Facebook servers is established via Facebook Pixel when you visit the website. This transmits to the Facebook server that you have visited this website and Facebook may be able to assign this information to your personal Facebook user account. We can thus track the effect of advertising campaigns.
It cannot be ruled out that information is transmitted to servers in non-EU countries.
If you give your consent to the use of the Facebook Pixel, it will be integrated by Facebook and a cookie will be stored on your device as described above. When you log in to Facebook, the offers you have visited are recorded in your profile. The data is anonymized for us, but Facebook can process this data.
For more information on the collection and use of data by Facebook, as well as your rights in this regard and options for protecting your privacy, please refer to Facebook's privacy policy at: https://www.facebook.com/business/m/privacy-and-data.
You will be explicitly asked for your consent before Facebook Pixel is activated. The legal basis is Art. 6a) GDPR.
Open Street Map
We use Open Street Map to display the map and thus make it easier to see our location. The operator is: OpenStreetMap Foundation, St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS United Kingdom.
With the use of the map service, data is forwarded to OpenStreetMap, e.g.: IP address, device type, time of access.
According to OpenStreetMap, this data is not passed on, the third-party provider Piwik stores your IP address in shortened form (shortened 2 bytes), for a maximum of 180 days.
The legal basis is Art. 6a GDPR (your voluntarily obtained consent).
Matomo
Our website uses Matomo (formerly Piwik) to analyze the surfing behavior of website visitors. The data processor for this open-source service is "InnoCraft Ltd", 7 Waterloo Quay PO625, 6140 Wellington, New Zealand.
If consent is given, Matomo becomes active, a cookie is set and various data is processed, such as: IP address (shortened 2 bytes), time of access, browser type, duration of the visit, subpages visited.
Before Matomo is activated, you are explicitly asked for your consent. The legal basis is therefore Art. 6a) GDPR.
You can find the complete information letter on this at: https://matomo.org/privacy-policy/.
Other tools
Through our website you can use other tools that are embedded with widgets on our website, such as viewing webcams. For this purpose, your IP address is passed on to the external provider in order to fulfil the request and display the webcam. The legal basis is the legitimate interest of the website operator, as described in Art. 6 1 f) GDPR. Your data will only be processed in EU countries, profiling and automated decisions will not take place.
SSL Encryption
This site uses SSL encryption for transmission security, e.g. for enquiries in contact forms. Active SSL encryption is used to encrypt the transmission of data that you send to us.
Underage visitors
This website is not intended for use by minors. We therefore do not collect and store data of underage visitors (except involuntarily)
The duration of data retention
Your data will be retained in accordance with the legal retention requirements and legal obligations applicable to us, unless a specific retention period is mentioned in this privacy policy. Fiscally relevant data will be retained for 10 years.
Information on the rights of the data subjects
You can exercise your rights free of charge at any time: right to access (Art. 15 GDPR), right to rectification (Art. 16 GDPR), right to erasure (Art. 17 GDPR), right to restriction of processing (Art. 18 GDPR), right to data portability (Art. 20 GDPR), right to object (Art. 21 GDPR).
Please contact the above data controller.
You also have the right to lodge a complaint with the Italian supervisory authority for data protection "Garante per la protezioni dei dati personali".
This privacy Information may be updated at any time.
