Information on the processing of personal data under Articles 13-14 of Regulation (EU) 2016/679

Data Subjects: Website visitors

By virtue of the principles of fairness, lawfulness, transparency, protection of confidentiality and of data subjects’ rights with concern to the processing of personal data under Article 13 of Regulation (EU) 2016/679 (hereinafter, “GDPR”), this page provides information on the methods used for processing the personal data of the users accessing the website of AZIENDA PER IL TURISMO DELLA VAL DI FASSA SOCIETÀ COOPERATIVA (hereinafter also “Data Controller” or "APT VAL DI FASSA") accessible on the Internet at:

The information provided herein does not concern any other website, page, or on-line services reachable through any of the hypertext links featured on the website relating to external resources.


The Data Controller is:
Streda Roma, 36 - 38032 Canazei (TN)
(Email:, Certified E-mail (PEC):, telephone +39 0462 609502).


The Data Protection Officer designated under Article 37 of Regulation (EU) 2016/679, is Mr. Giovanni Poletto who can be contacted at the following e-mail address:


Your personal data shall be processed:

A) Without your express consent, for the following Service purposes:

  • Enable website registration;
  • Manage and maintain the website;
  • Enable users to subscribe to the newsletter services provided by the Data Controller and to have access to any additional services you may request;
  • Comply with the pre-contractual, contractual, and fiscal obligations arising out of any agreement in place with you;
  • Comply with obligations of law and regulation, with EU legislation or with orders issued by an Authority;
  • Prevent or discover fraudulent practices or actions damaging the website;
  • Exercise the Data Controller's rights, such as its right of defence in legal proceedings.


The personal data indicated in this page are processed for the sole purpose of providing the service requested.

B) Exclusively with your specific and prior consent, for the following Marketing Purposes:

  • sending you newsletters, commercial messages and/or advertisement material on the products or services offered by the Data Controller, to your e-mail address. Please note that if you are already a client, we may send you commercial messages concerning Data Controller’s services and products that are similar to those you have already used, unless you disagree.
  • The optional, express, and voluntary sending of messages to APT VAL DI FASSA’s addresses, and the filling out and forwarding of the forms featured on the website entail the acquisition of the sender’s contact details, required to send a reply, and all the personal data included in said communications.
    Specific privacy notices will be published in the website’s pages dedicated to providing specific services.


Navigation data

The computer systems and software procedures used for the running of this website acquire, over the course of their normal operation, certain data which transmission is implicit to the use of Internet communication protocols.
This category of data include IP addresses or domain names of the computers used by the users connecting to the Website, the URI (Uniform Resource Identifiers) of the queries made, the time of queries, the method used to submit a query to a web server, the size of the file obtained in reply, the numeric code indicating the status of the reply from the server (successful, error, etc.) and other parameters regarding the operating system and computer environment of the user. These data are used for the exclusive purpose of checking that the Website is running properly.

Said data, required for the utilisation of web services, are also processed for the purpose of:

  • obtaining statistical information on the use of the services (web pages visited, number of visitors per time interval or day, geographical area of origin, etc.);
  • check that the services offered run properly.

Navigation data are stored for no longer than seven days and are deleted immediately after they are aggregated (except where the data is required for the judicial Authority to conduct investigations on criminal offences).


APT VAL DI FASSA uses computer technology to directly acquire the users’ personal identification data. To know more on the type of cookies used, please read our “Cookies policy”, available at the following link.


In order to follow up on your requests, your data may be communicated to third parties (for instance, when checking on availability and/or booking accommodation). The data shall be stored for the time strictly necessary to provide data subjects the services they requested, and in any case for no longer than 10 years. The data shall be deleted upon your request, without prejudice to the storage obligations provided by law. Your data shall not be disclosed. The optional, express, and voluntary sending of e-mails to the addresses indicated in the Website or in the forms featured therein entails the acquisition of the sender’s address, required to reply to requests, and of any other additional data entered in the communication. Specific summary privacy notices may be featured or visualised in the Website’s sections dedicated to special services, on request, and may be submitted to the approval of data subjects.

The processing of data functional to performing said obligations is required to properly manage the agreement in place and their provision is mandatory to attain the above purposes. The Data Controller further informs you that any failure to provide mandatory data, or incorrect data being entered in one of the mandatory categories may make it impossible for the data controller to guarantee processing consistency.


The recipients of the data collected as a result of accessing the above websites shall be the following parties, designated by the Data Controller, under Article 28 of the Regulation, as Processors.
Maurizio Bonani for the websites, in the capacity as provider of platform development and maintenance services and operating management of the technological platforms used.

The personal data collected are also processed by the members of staff of APT DELLA VAL DI FASSA, who acts based on specific instructions provided with respect to the purposes and methods of processing.


Your personal data shall not be disclosed in any manner whatsoever.
The computer files onto which the data are processed as detailed above are located within the European Union. The personal data shall not be transferred outside the European Union.
In case of necessity, however, the Data Controller shall have the right to move the location of its computer files in Countries outside the European Union. In this case, the Data Controller guarantees henceforth that the transfer of data to non-EU countries shall be in compliance with the applicable provisions of law, stipulating, where necessary, agreements aimed at guaranteeing an appropriate level of protection and/or adopting the standard contractual clauses provided by the European Commission.


This website and the Data Controller’s services are not intended to be used by persons under the age of 18, and the Data Controller does not intentionally collect personal information regarding minors. Should such information regarding minors be accidentally recorded, the Data Controller shall delete such information without delay on request by the users.


Pursuant to Articles 15, 16, 17, 18, 19, 20, 21, and 77 of Regulation EU 2016/679, we wish to remind Data Subjects that:

  • they have the right to request access to their personal data, to have their personal data rectified or deleted, to restrict or object to the processing of the personal data, and to have their personal data transferred to a different data controller when the conditions apply;
  • the rectification or deletion of personal data or the restriction of the processing thereof in compliance with the data subjects' request shall be communicated by the Data Controller to each of the Processors to whom the personal data are transmitted - unless it is impossible or where it entails a disproportionate effort.
  • have the right to lodge a complaint with the Privacy Supervisory Authority, following the procedures and instructions published on the Supervisory Authority’s website at

The above rights are not subject to any formal restrictions and can exercised free of charge.

Privacy information updated as of 21/12/2018. The Information is updated as part of a policy of constant policy information review.


The legal basis for sending commercial communications and newsletters is your express consent, which the Data Controller asks you to provide on every page of the website where you can subscribe to said services, in compliance with Article 6, paragraph 1, letter a), of the general Regulation on personal data protection.


The provision of data is optional; however a refusal to provide data will prevent the Data Controller to comply with newsletter subscription requests.


Services enabling to visualise content hosted on platforms external to the pages of this website and enabling interaction with them. In case this kind of service is installed, it may be possible, even when users do not make any use thereof, for such platforms to collect traffic data relating to the pages on which the service is installed.


The websites we redirect users to, including (but not only) secondary websites and providers of third-party services, might have different privacy policies to the one featured here. We take no responsibility whatsoever for the privacy policies adopted by linked websites, and we encourage you to learn more about said policies.

Privacy notice updated as of 21/01/2019. The Information is updated as part of a policy of constant policy information review.