In the following chapters you will find information about how your personal data are treated. Your data may be collected during your navigation on our website or as a consequence of the services that we provide you. In order to take advantage of all the services offered by our website, it is necessary for us to collect and treat your personal data. The treatment of your personal data may consist in collecting, organising, storing, analysing, interpreting, modifying, selecting, comparing, using, connecting, blocking, communicating, cancelling and destructing data. The treatment of your personal data follows the principles of lawfulness and correctness, in compliance with the current law and EU Regulation 2016/679 of the European Parliament and Council. With this privacy notice, we like to inform you about the data we collect, why the collection is necessary, and also of your rights in connection with the treatment of your data.
Owner of the Treatment
The Owner of the Treatment of your personal data on this website site is GRAN BAITA SRL with legal offices at Str. Nives 11, I – 39048 Selva Val Gardena, VAT no. IT 01119680211.
For more information, please contact us using the following addresses:
Tel +39 0471 795210
Fax +39 0471 795080
Purposes of the treatment
We treats your data for the following purposes:
- to fulfil legal obligations
- to fulfil contractual obligations
- to make available the requested information and deliver the agreed services
- to monitor system efficiency
- to carry marketing activities, such as forwarding commercial information and advertising material, market research activities
- to safeguard obligations (e.g.: payments)
- to ascertain the level of satisfaction for the quality of the products and services offered
Type of treatment
Your personal data are treated manually, but also electronically, mainly through the use of automated processes, depending on the objectives. In this case, we specifically use databases and computerised platforms that may be managed by both us and third parties. Each type of treatment guarantees the respect and the confidentiality of the data treated. We store such data and general information in the database and in the servers as logfiles. In order to provide you with a unique navigation experience, we need to collect some technical data that are necessary for the correct operation of the website:
- Browser type and browser version
- Operating system
- The „referrer“ website
- The on our website linked webpages
- Date and time of access
- IP address
- Other similar data and information
The legal basis for this type of treatment is article 6 of the GDPR. By accessing the website, computerised systems and management software automatically and indirectly collect and/or manage this number of data and information.
At first, the collection of these data in anonymous format is static. However, later on the data are treated to ensure a high level of protection and safety for any data that we collect.
Period of data conservation
In compliance with current laws, the owner of the treatment has defined different periods of data conservation depending on their usage:
- As far as handling and answering your questions about products and activities, your personal data will be stored for a period of time strictly necessary for processing your request.
- As far as managing activities connected with the navigation through our website, your personal data will be stored for a period of time strictly necessary to satisfy your requests.
- As far as internal management and operational activities (for example time of conservation of invoices, administration, and tax information), your personal data will be treated for a period of time in line with the legal requirements for the specific purpose.
- As far as the handling of disputes and litigations, your personal data will be stored for the whole time strictly necessary for pursuing such matters, and in any case not beyond the applicable prescription limits.
Should you decide to contact us using the contact form on our website, you will be asked to enter some personal data. This enables us to process your query. This is also the reason why the corresponding fields of the contact form are marked with an asterisk, or in any another way, as mandatory fields. The entering of personal or sensitive data other than those marked as mandatory will be at your discretion. Failure to enter, even in part, the mandatory information marked with an asterisk or similar character may result in the impossibility for us to answer your requests or deliver the requested services. The forwarding of requests using the contact form constitutes your implicit acceptance of the treatment of your personal data. The data that you transmit are treated and stored for a period of time strictly necessary for the processing of your request.
Profiling is any type of automated personal data processing activity that consists in using the information to assess, analyse and predict certain aspects of a natural person. For this type of marketing activities we signed agreements with third parties.
Collaboration with third parties
When we work with our suppliers and use third-party services, we make sure that they are contractually obliged to apply the same privacy/safety standards that we apply, and that such standards are also followed. Such third parties, who act as owners of the treatment of the personal data, guarantee that the data received are not stored and used for purposes other than the contractually agreed. Within the framework of these technical agreements, the mail addresses made available to them are encrypted using technologies such as “hashing”, so that any other parties are unable to obtain the original addresses.
It may happen that we need to transfer your data to third parties in Non-European Countries (EEC). The EEC (European Economic Area) consists of the countries of the European Union, plus Switzerland, Iceland, Lichtenstein and Norway. These countries guarantee the same safety standards for the treatment of personal data. This transfer of the data may be necessary if the servers (meaning the physical locations where the data are stored) or if the premises of our suppliers are in countries outside the EEC area. Should we be forced to transfer your data to a country outside the European Economic Area (EEC), it is our responsibility to ensure that they are treated with appropriate safety standards.
Disclosure of your data
In principle, the personal data are not forwarded. Only in some specific cases, personal data may be disclosed to the following suppliers:
- Subcontractors for technical checks and analysis, payments, identification and addressing services, suppliers of analysis services or credit insurance companies
- Public administration or authorities, should this be required by law
- Credit institutions with whom we undertake commercial relations for the handling of credits / debits, financial reasons
- Any physical or legal persons, public and/or private (legal, administrative and fiscal consultants, courts of laws, chambers of commerce, etc.), if the data transfer is necessary or relevant for providing our service activities.
The affected person’s rights may be exercised by the same, and/or by a named person, by sending a written request with acknowledgement of receipt or e-mail to the owner of the treatment, Mr. Marco Perathoner, at the operational address of the company GRAN BAITA SRL, Str. Nives 11, I – 39048 Selva Val Gardena. The affected person has the right to obtain a copy of the data in our possession, which will be made available in accordance with the terms of current regulations.
In specific cases, we do reserve the right to store some information for legal purposes (for example in case of suspected fraud, or breach of the general terms and conditions). Should you believe that your rights have been violated, you can contact the relevant data protection authorities or take legal action.
Below we are summarizing the rights of an affected person:
- Right to receive confirmation of the data treatment
Each affected person has the right to ask the owner of the personal data treatment if the data are being treated. Anyone wishing to exercise this right may contact us at any time.
- Right of information
Each affected person has the right to obtain at any time and free of charge information regarding the treatment of their own personal data. The notification must contain the following information:
- the purposes of the treatment
- the types of personal data being treated
- the recipients and/or the categories of recipients to which the treated personal data may have received, with particular reference and attention to any recipients outside the EEC, or international organizations. Moreover, as far as transfer of the data to countries outside the EEC area, the user also has the right to receive additional information regarding the safety guarantees in place during the treatment
- the period of conservation contemplated for the treatment and the storage of the personal data
- the possibility to issue a complaint with the data protection authorities
- in those cases when the personal data were not collected or treated by the company, the possibility of obtaining appropriate information on their source and origin
- the possibility of automated decisions, even when contemplated by art. 22, par. 1 and 4 of the GDPR on the profiling of personal data, and in this case obtain appropriate and supported information regarding the logics followed for such decisions and the possible consequences that this solution may bring for the the affected person.
- Right of correction of personal data
The affected person has the right to request the immediate correction of any errors in their own personal data.
- Right of cancellation
The affected person has the right to ask the owner of treatment to immediately delete their own personal data, if at least one of the following conditions is met and that the processing of the personal data is not required:
- The affected person have been collected and processed in a different way and are no longer necessary.
- The data subject withdraws the authorisation to the treatment, granted in accordance with art. 6, paragraph 1, letter a) of the GDPR, or art. 9, paragraph 2, letter a) of the GDPR, but also if the treatment is in violation of other data protection regulations.
- The affected person dissagrees the treatment according to art. 21, paragraph 1, of the GDPR, and demonstrates that there are no legitimate reasons for their processing.
- The personal data are not being treated in a compliant way.
- The cancellation of the personal data is required to fulfil a legal obligation contemplated by national or EU laws, to which the owner of treatment must abide.
- The personal data have been treated following the requests of services by a minor, in compliance with the provisions of art. 8, paragraph 1 of the GDPR.
- Right of limitation of the treatment
The affected person has the right to ask the owner of treatment to limit the processing if one of the following conditions persists:
- The correctness of the personal data is disputed by the affected person. The limitation shall apply for a period of time that will give the responsible person the possibility to verify the correctness of the personal data.
- The treatment is not in compliance with current laws; the affected person refuses the cancellation of the personal data, asking instead their limitation.
- The owner of the treatment no longer needs the personal data for the purpose of the treatment, but the data subject requires the same to assert, exercise or defend their rights for legal action.
- The affected person has disagreed to current treatment according to art. 21, paragraph 1 of the GDPR and it has not yet been clarified if the legitimate reasons of the owner of the treatment have priority on those of the affected person.
- Right of data transmission
The affected person has the right to receive, in a structured format, or in any case in a format readable by a data processing machine, the personal data originally delivered to the owner of treatment. The affected person has the right to transfer these data to another owner of treatment.
Moreover, based on the provisions of art. 20, paragraph 1 of the GDPR, the affected person has the right to request that data will be directly transferred from the original owner to the new owner if a technical solution for both parties is available.
- Right of disagreement
The affected person has the right to object at any time to the treatment of their own personal data due to reasons resulting from their specific situation. This also applies to profiling.
In case of objection to the treatment of personal data, we will interrupt the treatment, unless we can provide valid reasons to continue and such reasons do not affect the interests, the rights and the freedom of the affected person in a negative way and unless the treatment is necessary for affirmation, exercising and defence of legal affairs.
- Automated decisions, including profiling
The affected person has the right to disagree on automated data treatment, including profiling, that has legal consequences and a significant impact, unless the decision is taken to fulfil or abide to the terms of a contract between the affected person and the owner of the treatment.
If the terms of a contract between the affected person and the owner of treatment include processing a certain request, with the explicit consent of the same, we will implement reasonable measures to safeguard the rights and freedom of the affected person.
- Right to withdraw the consent to the data treatment
The affected person has the right to withdraw at any time the consent to the treatment of their own personal data previously granted to the owner of the treatment.
Place of the data treatment
The treatment of the personal data that you have transmitted is mainly happening within our working structures, in the departments where the individual responsible for such treatment is located. The agreed contractual activities will only take place in an EU or EEC country.
Any transfers, in part or in full, of the contracted services to a different country shall be subjected to the approval of the customer, and can only take place if the data guarantee and safety conditions do agree with art. 44 and subsequent of the GDPR.
For further information, please contact us at the addresses indicated in the “Copyright” section.
On our website you have the possibility to subscribe to our newsletter. For the subscription we need your email address and your consent to receive our newsletter.
To provide you with relevant information we also gather and process voluntary information concerning interests, name, date of birth and country/region of origin.
After signing up for our newsletter you will receive an email containing a link to confirm the subscription.
Your subscription can be cancelled any time by clicking on the cancellation link in the respective newsletter.
To process your subscriptions and to send our newsletters we use software provided by ADDITIVE s.n.c., 39011 Lana (BZ), Italy ("ADDITIVE"). Through the use of these services and systems your data will be processed and stored, at least in part, also outside of the EU or the EEC. The adequate level of data protection is based on an adequacy decision taken by the European Commission ("Privacy Shield") or on data processing agreements.
On our website you have the possibility to buy vouchers. To process your purchase and to save and store your data we use software provided by ADDITIVE s.n.c., 39011 Lana (BZ), Italy ("ADDITIVE"). Through the use of these services and systems your data will be processed and stored, at least in part, also outside of the EU or the EEC. The adequate level of data protection is based on an adequacy decision taken by the European Commission ("Privacy Shield") or on data processing agreements.
The data you provide is required to fulfil the contract or to carry out pre-contractual measures. Without this data we cannot conclude a contract with you. The data will not be transferred to an outside third party, except for your credit card data which will be transferred to the payment provider and to our tax accountant to fulfil our tax obligations.
The data processing takes place in accordance with the requirements of art. 6 para. 1 lit a (consent) and/or lit b (processing necessary for the performance of a contract) of the GDPR.
This website uses Google Analytics, a Google Inc. (“Google”) advertising efficiency analysis service. Google Analytics uses so-called “cookies”, small text files that are stored on the visitor’s computers and allow assessing the use of the website. The information (including the user’s IP address) is collected through cookies and sent to a server in the USA, where it is stored. Google then uses this information to analyse the navigation of our website, create reports of the activities on the website and provide different services. In some cases, Google may also transfer the information to third parties, for example if required by law or to other companies that process data on its behalf. Your IP address can under no circumstances be used by Google for purposes other than those indicated above. By visiting the website users agree to the treatment of their own personal data by Google for the above purposes. The installation of cookies on your computer may be prevented by adjusting your browser settings accordingly. However, in this case you need to be aware that the disabling of cookies could limit the quality of your navigation through the website, or your use of the same. To prevent Google from collecting and processing data as explained above, you need to download and install the fllowing plugin: https://tools.google.com/dlpage/gaoptout?hl=gb. Further information on the conditions of use and the Google Analytics data protection policy is available at the following link: https://www.google.com/analytics/terms/gb.html or https://support.google.com/analytics/answer/6004245?hl=gb. The website uses Google Analytics in IP-Masking mode, to ensure that IP addresses are collected in an anonymous format. It is important to point out that we use Google Analytics to evaluate and analyse AdWords data for statistical purposes, and also Double-Click-Cookie. Should you not be happy with this activity, you can disable it by visiting https://adssettings.google.com/?hl=gb.
Use of Google AdWords, Google Tag Manager and Remarketing
- This Web page utilizes the features of Google Maps, which you can use to display the interactive maps directly on the site, making the maps function especially useful.
- When you visit our site, Google will be informed that you have accessed the corresponding subpage. In addition, the data collected during the course of your visit will be transferred to Google, whether or not Google has provided you with a user account where you have registered. If you are registered with Google, your data will be linked automatically to your account. If you do not wish to be registered with Google, you should log out before clicking the button. Google stores your data in order to process your user profile and uses it for the purposes of promotional activities, market research and/or to configure its web page to best suit the needs of the users. The main purpose of this processing (which also applies to non-registered users) is to optimize the promotional activities and also to inform other users of the social network of your activities on our web page. The user enjoys the right to object to the processing of these user profiles by contacting Google directly.
- Further information concerning the purposes and the scope of the collection of the data and its processing by the subject proposing the plug-in may be found in the privacy policies of the subject, which will also provide you with information concerning your rights and the possibility of taking action to protect your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your data in the USA, and adheres to the EU-US Privacy Shield norms: https://www.privacyshield.gov/EU-US-Framework.
Anyone visiting our website should be aware that the Facebook Remarketing Tag has been reintroduced. With this type of tag, when visiting this website, the user is automatically resent to the Facebook servers. In specific, the Facebook servers receive information on the website navigation and will use it for managing your profile. Further information on the data collection and policy is available at the following link: https://www.facebook.com/about/privacy/. As an alternative, it is also possible to disable Remarketing by Facebook by visiting the following link: https://www.facebook.com/settings/.
This website uses the product S-MTS run by the company MTS online for the presentation of offers, rooms and the transmission of enquiries. With S-MTS, the first page and the reference page will be saved locally in a cookie stored in the visitor's browser. When a request is made to the hotel, this information will be sent along with the anonymous browser (user agent) and the address of the page from which the request was made. In the event of errors that may occur, it is easier for MTS online to determine under which circumstances a transmission error or a possible problem with the S-MTS software has occurred. Once the enquiry has been submitted, the hotel receives information on how the guest found the site. Google campaign information (utm parameters) is broken down and sent to the hotel to measure the success of the ad campaigns being served. The enquiries are stored on MTS online servers so that they can be imported by hotel management programs (PMS) and are not lost, even after connection problems.
For online booking this website uses Kognitiv. Kognitiv is liable for the data privacy provisions for this product. They can be viewed here: https://seekda.com/en/data-privacy-statement/
We treat personal data collected on the website using computerised processes. Personal data are protected by Secure Socket Layer (SSL) encryption. This technology protects the user from the risk of unintentional disclosure of personal data when using an unprotected connection.
The user is notified when accessing a protected connection by a padlock icon. By clicking the padlock icon, the user can then make sure that the SSL certificate is valid and up to date.