Dear User, in accordance with Article 12 and subsequent articles of the EU Regulation 2016/679 of the European Parliament and Council of the 27th April 2016 (General Data Protection Regulation, “Regulation” or “GDPR”), and in general in accordance with the principle of transparency foreseen in the same Regulation, we are to provide the following information on the processing of personal data (that is, any information concerning an identified or identifiable natural person: “interested party”) made in connection with the browsing on the website "www.adler-resorts.com" website ("WebSite") and related interaction of the User.

It should be noted that this information does not apply to other websites that may be consulted by the user through links on the website.

1. DATA CONTROLLER 

The Data Controller (i.e. the person who determines the purposes and means of the processing of personal data, the "Data Controller" or "Data Controller") is ADLER Hotels srl, with registered office in Rezia-Strasse 7 - 39046 - Ortisei (Bz), PEC: adler-hotels@legalmail.it. 

For contacts specifically relating to the protection of personal data, please indicate in particular the e-mail address privacy(at)adler-resorts.com to which you would like to address any enquiries you may have.

2. USER BROWSING DATA

The computer systems and computer programs used for the operation of the website collect some personal data whose transmission is implicit in the use of Internet communication protocols (e.g. IP addresses or domain names of the computers used by users who connect to the Website, the URI addresses - Uniform Resource Identifier - of the resources requested, time of the request,  method used to submit the request to the server, size of the file obtained in response, numerical code about the status of the response rendered by the server - successful, error, etc. - and other parameters related to the operating system and the user's computer environment). Although this information is not collected to be associated with identified data subjects, by its nature, it could, through processing and association with data held by third parties, allow users to be identified.

These data are used for the sole purpose of obtaining statistical information not associated with any user identification data on the use of the Website and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the Website.

The legal basis for the processing is therefore the legitimate interest in the operation and security of the website.

3. COOKIES

The website uses cookies for which please refer to the specific information link.

4. DATA PROVIDED VOLUNTARILY BY THE USER THROUGH THE WEBSITE, AS PART OF CONTACTS WITH THE DATA CONTROLLER

No provision of personal data by the user is required to consult the website. However, any contact with the Data Controller, or the optional, explicit and spontaneous sending of messages, by e-mail or traditional mail, to the Data Controller's contact details indicated on the website, including in the "CONTACTS" section, involve the subsequent acquisition of the sender's address, including e-mail, necessary to respond to requests, as well as any other personal data included in the relevant communications. These data will be used for the sole purpose of following up on the user's request and may be communicated to third parties only if this is necessary for this purpose.

The processing of data for these purposes does not require the consent of the Data Subject, since the processing is necessary for the performance of a contract to which the Data Subject is a party or for the execution of pre-contractual measures adopted at the request of the Data Subject (Article 6, paragraph 1, letter b) of the Regulation), as well as, where applicable, to comply with a legal obligation (Article 6, paragraph 1, letter c) of the Regulation).

The processing of personal data will be carried out by personnel trained and authorized by the Data Controller with procedures, technical and IT tools suitable for protecting the confidentiality and security of the same.

Such personal data are stored for the time strictly necessary to provide the Data Subject with answers to the requests made, without prejudice to further retention obligations provided for by law.

Personal data will not be disseminated.

5. NEWSLETTER

The user, if desired, may subscribe to our newsletter, through the appropriate section of the webite, indicating their e-mail address to receive periodic information regarding the company's products and services; in this case, the processing of personal data for this purpose will take place on the basis of the consent of the Data Subject, which may in any case be revoked at any time. Please note that consent (with the relative right to revoke it) is also a necessary legal basis in relation to legal persons. The data will be processed for this purpose until the revocation of consent (cancellation from the newsletter) and in any case no later than 10 years from the expression of consent or its renewal.

6. AREA Adler Friends

Registration in the Adler Friends Area allows the recognition and attribution of points for obtaining benefits offered by the Holder as well as allowing the Holder to be able to keep the interested party updated on current promotions. To this end, the data subject to processing belong to the category of common data and in particular personal data, contact data and date of birth. 

In relation to the purpose of "retention" of the customer, the processing will take place on the basis of the legitimate interest of the data controller and the need to execute contractual measures to which the data subject is a party; while for marketing purposes the processing will take place on the basis of the explicit consent of the data subject. 

The data will be processed for this purpose until the withdrawal of consent or in any case no later than 10 years from the expression of consent or its renewal. The deletion of data or withdrawal of consent does not affect the possibility for the data subject to request registration in the loyalty program in the future. 

7. AREA Adler Shop

The user, if desired, can access the Adler Shop area after registering the required personal data and signing the contract; in this way it will be possible to make the purchase of our products. 

The following data are processed, all belonging to the category of common data:

- surname, first name, residence;

- tax code and/or VAT number;

- telephone number/e-mail address;

- destination address;

- description of the order and product purchased.

The data subject to processing are provided by the customer.

The data are processed for purposes strictly related to the management of the pre-contractual and contractual relationship, including administrative, accounting and tax formalities and obligations (for example: acquisition of preliminary information at the conclusion of the contract; execution of activities on the basis of the obligations derived from the contract concluded) and the management of litigation (contractual purposes).

There is no obligation to provide data in the pre-contractual phase, but failure to provide it will make it impossible to formulate a quote or conclude the contract; once the contract has been stipulated, the provision of further necessary data, or the updating of those already provided, is mandatory for all that is required by legal and contractual obligations and, therefore, any refusal to provide them in whole or in part may make it impossible for the Data Controller to execute the contract and could in any case constitute a breach of contract or violation of the law (if such data are necessary for the fulfilment of obligations regulatory or regulatory provisions) by the supplier. 

The legal basis for the processing in question is that it is necessary for the performance of the contract to which the Data Subject is a party or of the pre-contractual measures adopted at the request of the same, as well as for the fulfilment of a legal obligation to which the Data Controller is subject.

The data, under the conditions indicated below, may also be processed for marketing purposes: the Data Controller may send, through the e-mail coordinates provided in the context of a previous purchase, communications relating to the direct sale of products or services similar to those already purchased on that occasion, which is permitted unless the recipient,  adequately informed, does not refuse such use, initially or on the occasion of subsequent communications; in the latter case, the legal basis of the processing is the legitimate interest of the Data Controller in marketing activities.

As regards the contractual purpose, the data will be stored for the entire duration of the contractual relationship, and, after the termination of the relationship – limited to the data necessary at that point – for the extinction of the contractual obligations assumed and for the fulfilment of all possible legal obligations and for the protection needs, including contractual ones, connected or deriving from it. As regards marketing purposes, the processing may last until the recipient objects, but in any case no longer than 10 years from the last purchase.

The processing of personal data will be carried out by personnel trained and authorised by the Data Controller with procedures, technical and IT tools suitable for protecting the confidentiality and security of the same.

8. Purchase of gift vouchers

The user, if he wishes, can purchase Vouchers through the website. For this purpose, data relating to the Sender of the gift will be processed such as personal data, contact data, residence, telephone number, email and/or certified email, payment data and the data that the sender will voluntarily provide in the optional field dedicated to the personalized dedication for the recipient. The Recipient's data such as name/surname and the data that the sender voluntarily wishes to provide in the optional field dedicated to the personalized dedication for the recipient will also be processed.

All data are voluntarily provided by the interested party Sender of the gift voucher and any message.

The legal basis for the processing in question is that it is necessary for the performance of the contract to which the Data Subject is a party or of the pre-contractual measures adopted at the request of the same, as well as for the fulfilment of a legal obligation to which the Data Controller is subject.

9. AREA Request and Book

The Request and Book of the website allows the interested party to proceed with the booking of the services offered by the Data Controller and/or request their availability.

The following data are processed, all belonging to the category of common data:

- surname, first name, residence;

- tax code and/or VAT number;

- telephone number/e-mail address;

- description of the order and product purchased and/or requested;

- any additional information, personalized requests;

- Payment data.

The data subject to processing are provided by the customer.

The data are processed for purposes strictly related to the management of the pre-contractual and contractual relationship, including administrative, accounting and tax formalities and obligations (for example: acquisition of preliminary information at the conclusion of the contract; execution of activities on the basis of the obligations derived from the contract concluded) and the management of litigation (contractual purposes).

There is no obligation to provide data in the pre-contractual phase, but failure to provide it will make it impossible to formulate a quote or conclude the contract; once the contract has been stipulated, the provision of further necessary data, or the updating of those already provided, is mandatory for all that is required by legal and contractual obligations and, therefore, any refusal to provide them in whole or in part may make it impossible for the Data Controller to execute the contract and could in any case constitute a breach of contract or violation of the law (if such data are necessary for the fulfilment of obligations regulatory or regulatory provisions) by the supplier. 

The legal basis for the processing in question is that it is necessary for the performance of the contract to which the Data Subject is a party or of the pre-contractual measures adopted at the request of the same, as well as for the fulfilment of a legal obligation to which the Data Controller is subject.

The data, under the conditions indicated below, may also be processed for marketing purposes: the Data Controller may send, through the e-mail coordinates provided in the context of a previous purchase, communications relating to the direct sale of products or services similar to those already purchased on that occasion, which is permitted unless the recipient,  adequately informed, does not refuse such use, initially or on the occasion of subsequent communications; in the latter case, the legal basis of the processing is the legitimate interest of the Data Controller in marketing activities.

As regards the contractual purpose, the data will be stored for the entire duration of the contractual relationship, and, after the termination of the relationship – limited to the data necessary at that point – for the extinction of the contractual obligations assumed and for the fulfilment of all possible legal obligations and for the protection needs, including contractual ones, connected or deriving from it. As regards marketing purposes, the processing may last until the recipient objects, but in any case no longer than 10 years from the last purchase.

The processing of personal data will be carried out by personnel trained and authorised by the Data Controller with procedures, technical and IT tools suitable for protecting the confidentiality and security of the same.

10. CAREER AREA

The career area of the website allows interested parties to apply for possible job positions. The processing of personal data takes place as part of the application management process aimed at identifying the people to be included in the company's staff and assessing that they are in line with the company's needs, to then proceed with any contact for the purpose of a selection interview. 

For the needs of the application management process through the form of the dedicated website, the following categories of data may be processed: 

Name, surname, residential address, e-mail, telephone, Curriculum Vitae, free information left by the candidate in the message space.

The provision of the requested data is optional, however failure to provide the data will make it impossible for the Data Subject to participate in the personnel selection process carried out by the Data Controller. 

Please refer to the information attached to the offers on the website, or, at the first useful contact, the interested party will be provided with specific information regarding the processing of data relating to the selection of personnel.

11. METHODS OF PROCESSING AND COMMUNICATION OF DATA TO THIRD PARTIES

The data are not subject to dissemination and may be communicated to collaborators, suppliers of the Data Controller, within the scope of the related tasks and/or contractual obligations relating to the execution of the contractual relationship with the Data Subjects; among the suppliers of the Data Controller are indicated, by way of example, banking and credit institutions, insurance companies, legal consultants; suppliers of software and related assistance,  subjects who carry out shipments and deliveries; as well as the tax authorities and other bodies for which mandatory communications are required. The processing will be carried out:

- through the use of manual and automated systems;

- by persons or categories of persons authorised to carry out the relevant tasks;

- with the use of appropriate measures to guarantee the confidentiality of the data and avoid access to them by unauthorized third parties.

Without prejudice to the provisions of the specific sections above, within the scope of its activity and for the purposes indicated above, the Data Controller may make use of services provided by third parties who operate either as independent data controllers or on behalf of and according to the instructions of the same, as data processors pursuant to Article 28 of the Regulation. These are subjects who provide the Data Controller with processing or instrumental services.

In general, the Data Subject may request a complete and updated list of the subjects appointed as data processors by contacting one of the Data Controller's contacts.

All subjects who have the right to access such data by virtue of regulatory provisions will then be able to access the data.

12. TRANSFER OF DATA OUTSIDE EU

There is no intention to transfer personal data to countries outside the European Union or to International Organizations. If, for specific technical reasons, the controller transfers data to third countries in order to ensure an adequate level of data protection, this is done under the following conditions: transfer on the basis of an adequacy decision, transfer subject to appropriate safeguards, binding corporate rules or application of derogations provided for specific situations.

13. RIGHTS OF THE DATA SUBJECT

The GDPR gives the Data Subject the exercise of the following rights with reference to personal data concerning him/her (the brief description is indicative, for the complete statement of the rights, including the limitations of the same, please refer to the Regulation, and in particular to articles 15-22):

- Access to personal data (the Data Subject has the right to have free information regarding the personal data concerning him or her held by the Data Controller and its processing, as well as to obtain a copy in accessible format);

- Rectification of personal data (upon notification by the Data Subject, correction or integration of personal data – not the expression of evaluative elements – incorrect or inaccurate, even if they have become such because they are not updated);

- Erasure of personal data (right to be forgotten) (e.g. the data is no longer necessary in relation to the purposes for which it was collected or processed; it has been unlawfully processed; it must be erased to comply with a legal obligation; the Data Subject has withdrawn consent and there is no other legal basis for the processing; the Data Subject objects, if the conditions are met,  processing); 

- Limitation of processing (in certain cases – contestation of the accuracy of the data, in the time necessary for verification; objection to the lawfulness of the processing with opposition to cancellation; necessity of use for the rights of defense of the Data Subject, while these are no longer useful for the purposes of the processing; if there is opposition to the processing, while the necessary checks are carried out – the data will be stored in such a way that it can be possibly restored, but, in the meantime, cannot be consulted by the Data Controller except in relation to the verification of the validity of the request for limitation by the Data Subject, or with the consent of the Data Subject or for the establishment, exercise or defence in court of a right in court or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State);

- Object, in whole or in part, on grounds relating to the particular situation of the Data Subject, to the processing carried out on the basis of legitimate interest (and the Data Subject may in any case object to the processing of his or her personal data for direct marketing purposes, including profiling to the extent that it is related to such direct marketing);

- Data portability (if the processing is based on consent or on a contract and is carried out by automated means, at the request of the Data Subject, the Data Subject will receive the personal data concerning him or her in a structured, commonly used and machine-readable format and may transmit them to another Data Controller, without hindrance from the Data Controller to whom he or she has provided them and,  if technically feasible, he may obtain that such transmission be carried out directly by the latter);

- Withdrawal of consent (if the processing takes place on the basis of consent given by the Data Subject, the Data Subject may withdraw consent at any time, without prejudice to the lawfulness of the processing provided before the withdrawal);

- Complaint to the supervisory authority (Guarantor for the protection of personal data – Privacy Guarantor). The Guarantor for the protection of personal data can be contacted through the contact details indicated on the Authority's website "www.garanteprivacy.it"). 

14. EXERCISE OF RIGHTS

The Guarantor for the protection of personal data can be contacted through the contact details indicated on the Authority's website "www.garanteprivacy.it"). The other rights of the Data Subject can be exercised by sending a request to the following e-mail address: privacy(at)adler-resorts.com or to the other contacts of the Data Controller indicated above.

The Data Controller may modify or update its content in whole or in part, also taking into account any changes in the legislation on the protection of personal data. Data subjects are therefore invited to consult this page regularly, in order to be aware of what concerns the processing processes.