Privacy Policy
Merano 2000 Funivie Spa
Address: Via Val di Nova, 3739012 Merano, South Tyrol - Italy
VAT no.: IT00124390212
E-mail: info@meran2000.com
Phone: + 39 0473 234821
Dear customer,
We collect your personal data because of the following reasons:
The ticket is personal and we have to be able to check if it is the correct person using the ticket. Tickets are different for different age groups.
In case of refunds or issue of new RFID cards, we will have to be able to identify the correct ticket holder. And we want you as a customer to have full control with your personal data.
As an online customer you may go to MY ACCOUNT and manage your personal data:
Payment data will be processed for purposes pursuant to directive 2015/2366 (EU) and subsequent changes to payment services in the European internal market (so-called PSD2).
Issue date 05.07.2021
PRIVACY POLICY - EXTENDED VERSION
Dear customer,
According to the Articles 13 and 14 of the EU General Data Protection Regulation 2016/679 ("GDPR" or "Regulation"), and in general in accordance with the principle of transparency foreseen in the same Regulation, Merano 2000 Funivie Spa provides the following information regarding the processing of personal data for the online purchase of the transport document for the access to the Merano 2000 Funivie Spa facilities.
1. DATA CONTROLLER
The Data Controller (i.e. the person who determines the purpose and means of processing of personal data) is Merano 2000 Funivie Spa, based in Merano, I-39012, via Val di Nova, 37, tax code IT00124390212, tel. +39 0473 234821.
For contacts specifically relating to the protection of personal data, including the exercise of the rights referred to in the following paragraph 8, we indicate the e-mail address privacy@meran2000.com to which you may address any requests.
2. PURPOSE OF THE PROCESSING
The processing of personal data may have the following purposes:
1. Conclusion of contracts and fulfilment of contractual obligations (borne by and in favour of the Controller), and therefore for purposes strictly related to the management of the contractual relationship with customers, including administrative and accounting formalities and fulfilments (for example: acquiring preliminary information at the conclusion of a contract; execution of operations based on the obligations deriving from the contract, which has been concluded; management of reduced fares; enabling of the agreed payment methods; operational and managerial needs; control requirements on payments and on the resulting actions; collection of the information necessary for the management of complaints and/or information requests relating to the services; handling of litigations – breach of contracts; warnings; transactions; debt collection; arbitration; legal disputes, etc. –) and orderly performance of the transport service (replacement and deactivation of the transport document in case of theft or loss);
2. Fulfilment of the regulatory obligations (both of national and European source) and of the provisions issued by authorities which are entitled by law and by supervisory and control authorities;
3. (In case the interested party does not express dissent) transmission, through the e-mail provided by you, of communications concerning the direct sale of products or services like those already provided, if you, adequately informed, do not refuse such use, either at first or in subsequent communications.
3. TYPES OF PROCESSED DATA
Your personal data and those of any under-age children you represent are normally collected at the time of sale of the nominative ticket through the online system. The following categories of data may be processed: surname, name and date of birth, residence; fiscal code and/or VAT registration number; telephone number/e-mail address; picture for the membership card.
This information can be later managed by you under MY ACCOUNT
4. LEGAL BASIS FOR THE PROCESSING AND TRANSFER OBLIGATION
As regards purpose 1), "conclusion of contracts and fulfilment of contractual obligations", there is no obligation to provide data in the pre-contractual phase, but non conferring them will give rise to the impossibility of providing the service; once the contract has been concluded, the conferral of further necessary data or the updating of those already provided is mandatory for all that is required by the legal and contractual obligations and, therefore, any refusal to supply them in whole or in part may give rise to the impossibility for the company to fulfil the contract and may still configure contractual failure or infringement of law by the customer.
As regards purpose 2), "fulfilment of regulatory obligations or provisions issued by the authorities", you will be asked to provide the data -if not already available as collected for purpose 1) - relevant to the fulfilment of such obligations by the Data Controller, and the non-conferral may configure an infringement of law by you.
The legitimation to the processing of the data for the purposes 1) and 2) derives from the fact that it is necessary for the implementation of the contract of which you are part (subscription), or to fulfil legal obligations related to the contract itself or to the provision of the service.
As regards the purpose 3) sending e-mails of information concerning the direct sale of products or services similar to those already provided - the legislation, paragraph 4 of art. 130 D.Lgs. 196/2003 (Privacy Code) and subsequent amendments, provides that you may be sent, through the e-mail address provided by you, communications concerning the direct sale of products or services similar to those already provided, provided that you, properly informed, do not refuse such use, initially or in subsequent communications. The processing has as its legal basis the legitimate interest of the Controller of e-mail communications to its Customers, concerning products or services similar to those already provided.
5. COLLECTION, PROCESSING METHODS AND STORAGE OF DATA
Data are collected from the interested party, that is the data that you will provide us, as well as those resulting from using of the service.
Processing will be carried out:
• With manual and automated systems;
• by entities or categories of authorized people in order to fulfil their duties,
• with the use of appropriate measures to ensure the confidentiality of data and to avoid access to them by unauthorised third parties.
With reference to the purposes 1) to 2) of paragraph 2 above (contractual and legal obligations), your data will be stored for the duration of the contractual relationship, and, after the end of it – limited to the data, which are necessary at that point – for the extinction of the contractual obligations and for the fulfilment of all possible legal requirements and for the need for protection - even contractual - related or resulting therefrom. As for the picture for the membership card, the processing will take place no later than 24 months from the realisation.
The Services contain integration with social networks and other platforms in which information is shared between us and such platforms. For example, if you create or log into your account through a third-party social media site, we will have access to certain information from that site, such as your name, email address, age, photo. The platform through which you access the Services may then collect information about your use of the Services. If you do not want a social network to collect the information about you as described above, or you do not want a social network to share it with us, please review the privacy policy, privacy settings and instructions of the social network before you log into our e-commerce platform.
6. DATA COMMUNICATION
Without prejudice to the communications carried out in fulfilment of statutory and contractual obligations, all data collected and processed may be communicated, exclusively for the purposes specified above, to:
• All entities to whom the faculty of access to such data is recognised under regulatory measures;
• employees, collaborators, suppliers of the Controller, within the relevant tasks and/or contractual obligations relating to the execution of the contractual relationship with the interested parties; banking and credit institutions, insurance companies, legal advisers, lawyers, tax consultants and accountants, debt collection companies, companies that detect financial risks and carry out fraud prevention activities, information systems management and support companies (in particular, the company Skiperformance AS, which manages the eCommerce platform for the online purchase of the transport document, appointed as Data Processor pursuant to Article 28 of the GDPR), rescue companies;
• Public Administrations and supervisory and control authorities
The subjects belonging to the categories to which the data may be communicated will use the data in their role as “Data Controllers” within the meaning of the law, in full autonomy, being unrelated to the original processing carried out at the Company or Data Processors under the control of the Data Controller. An up-to-date list of the data processors is available at the Company’s registered office.
7. LOCATION OF DATA PROCESSING
The activity is carried out on the territory of the European Union and there is no intention of transferring the data outside the territory of the European Union or to an international organisation.
8. RIGHTS OF THE INTERESTED PARTY
We remind you that the GDPR gives you the exercise of the following rights:
a) Access to personal data (you will therefore have the right to have free information about the personal data held by the controller and about the related processing, and to obtain a copy in an accessible format);
b) Rectification of data (we will provide, on your recommendation, the correction or integration of your data – which are not an expression of evaluative elements – incorrect or inaccurate, even if they have become so, because they have not been updated);
c) Withdrawal of consent (if processing takes place on the basis of your consent, you may withdraw the consent at any time, without affecting the lawfulness of processing provided before the withdrawal.
d) Erasure (right to be forgotten) (for example, data are no longer needed with regard to the purposes for which they were collected or processed; they have been illegally treated; they must be deleted in order to fulfil a legal obligation; you have withdrawn the consent and there is no other legal basis for processing them; you object to processing);
e) Right to restrict processing (in certain cases – objecting the accuracy of the data, during the time required for verification; objecting the lawfulness of processing with opposition to the erasure; need of use for your rights of defence, while they are no longer useful for processing; if there is objection to processing, while the necessary verifications are carried out- the data will be stored in such a way in order to be able to be restored, but, in the meantime, they are not available to the controller except in relation to the validity of your restriction request);
f) Right to object to processing in full or in part for legitimate reasons (in certain circumstances you may however object to processing of your data, in particular, if your personal data is processed for direct marketing purposes, you have the right to object to processing at any time, including profiling to the extent that it is connected to such direct marketing. If personal data are processed for the purposes of scientific or historical research or for statistical purposes, for reasons related to your particular situation, you have the right to object to processing, unless processing is necessary for the execution of a public interest task);
g) Data portability (if processing is based on consent or on a contract and is carried out by automated means, on request, you will receive your personal data in a structured format, in common use and readable by an automatic device, and you may transmit them to another controller, unimpeded by the controller which has provided them and, if technically feasible, you can obtain that such transmission is made directly by the latter).
h) Complaint to the supervisory authority (Garante per la protezione dei dati personali – Garante Privacy).
For contacts specifically relating to the protection of personal data, including the exercise of the rights referred to above, we indicate the e-mail address privacy@meran2000.com to which you may address any requests.
9. COOKIES
The website uses cookies for which you will find a specific cookie policy link.
10.SOCIAL MEDIA AND PLATFORM INTEGRATION
The Services contain integration with social networks and other platforms in which information is shared between us and such platforms. For example, if you create or log into your account through a third-party social media site, we will have access to certain information from that site, such as your name, email address, age, photo. If you don't want a social network to collect the information about you as described above, or you don't want a social network to share it with us, please review the privacy policy, privacy settings and instructions of the social network before you log into our e-commerce platform.
Issue date 05.07.2021