The data controller is:

Alexander Pedron
Altenburg 9
39052 Kaltern (BZ)
South Tyrol – Italy
Web: www.weitblick-kaltern.it
Email: info@weitblick-kaltern.it

Privacy notice and consent pursuant to EU Regulation 679/2016 (General Data Protection Regulation – GDPR) – Guests

Dear Guest,

In accordance with Art. 13 GDPR, we hereby inform you how your personal data will be processed.

Controller of the data processing:

Alexander Pedron

Purpose and subject of the data processing:

We process your personal data and that of any fellow travelers (to whom this notice must also be presented) in compliance with applicable data protection laws in order to provide our services, including the issuing and delivery of the South Tyrol Guest Pass and/or to accommodate you. The following data may be processed, among others:

  • Personal data, e.g. name, address, contact details, date of birth, nationality

  • Identity card and travel document

  • Payment data

  • Length of stay

  • Personal preferences & additional services (e.g. type of room)

  • Your tax code (only for Italian guests), for electronic invoices

  • Relevant health data such as allergies (if voluntarily provided)

The provision of this data is voluntary. However, if you do not provide the necessary information, we will be unable to fulfill our pre-contractual or contractual obligations and therefore cannot accommodate you.

Recipients of personal data:

Where necessary for the provision of our services and/or required by law, your personal data may be disclosed to third parties such as LTS. Due to legal reporting obligations, your personal data will be transmitted to public authorities (e.g. ASTAT or the police headquarters). In connection with the issuance of the South Tyrol Guest Pass, your data will be transmitted to the Mobility Consortium, which, as the card issuer and coordinating body, acts as the independent data controller of the transmitted data. For more information on data processing, you can send an email to privacy@moko.bz.it. The complete privacy notice can be found at https://www.moko.bz.it/datenverarbeitung-guest-pass.

Your data will not be transferred outside the EU. Automated decision-making, including profiling, does not take place.

External suppliers, such as IT service providers or software providers, may also have access to personal data. Data processors have been contractually appointed in writing in accordance with Art. 28 GDPR.

Legal bases of data processing:

  • Fulfillment of pre-contractual/contractual obligations (Art. 6 para. 1 b GDPR)

  • Fulfillment of legal obligations (Art. 6 para. 1 c GDPR), e.g. reporting requirements

  • Consent voluntarily given (Art. 6 para. 1 a GDPR), e.g. newsletter

  • Legitimate interests of the controller (Art. 6 para. 1 f GDPR), e.g. internal processing

  • Consent voluntarily given (Art. 9 para. 2 a GDPR), e.g. processing relevant health data such as allergies or intolerances to safeguard health

Retention period of personal data:

The storage period of your personal data depends on statutory obligations and the duration of our business relationship. Fiscally relevant data are stored for 10 years.

Your rights:

You may exercise the following rights at any time free of charge: right of access (Art. 15 GDPR), right to rectification (Art. 16 GDPR), right to erasure (Art. 17 GDPR), right to restriction of processing (Art. 18 GDPR), right to data portability (Art. 20 GDPR), right to object (Art. 21 GDPR). You may also withdraw your consent at any time.

To exercise your rights, please contact the controller mentioned above.

You also have the right to lodge a complaint with the Italian Data Protection Authority “Garante per la protezione dei dati personali”.

Privacy notice of the business regarding the Touristmanager system

1.1 The business and the Touristmanager

The business Alexander Pedron, Altenburg 9 – 39052 Kaltern, +39 340 428 0557 – info@weitblick-kaltern.it(“Business”), is the data controller with regard to the processing of personal data in the Touristmanager system, which it uses for guest management.

The business respects and protects the right to privacy and data protection and takes all legally required measures to safeguard the personal data of its guests.

This privacy information provides you with a quick and simple overview of which personal data of yours, as an interested party and/or guest, is processed for which purposes and on which legal basis. You are also informed of your rights as a data subject.

1.2 Data processing in the Touristmanager

With the Touristmanager system, the business manages and processes, in particular, the data of its (potential) guests: name, address, services used, related documents and correspondence, date of birth, gender, nationality, country of birth, document details, accounting and payment data, disclosed interests, disclosed intolerances, disabilities or other health data, vehicle license plate (if applicable), registration and stay data.

The business may also handle the collection of the local tax, the mandatory registration of accommodated persons (police registration), and the required statistics. If the relevant data is not provided, the services of the business generally cannot be rendered.

The legal basis of processing is, on the one hand, the necessity to fulfill the contract between the business and the guest or to carry out pre-contractual measures at the request of the guest (Art. 6 para. 1 b GDPR) and – particularly regarding health data – the respective (explicit) consent (Art. 6 para. 1 a GDPR and Art. 9 para. 2 a GDPR). Consent may be withdrawn at any time in accordance with the process specified at the time of consent. Withdrawal may also be communicated to LTS via email at gdpr@LTS.it, which will promptly forward the withdrawal to the business.

Processing based on contractual purposes continues until the contractual purposes cease or statutory retention obligations (in particular under tax and/or corporate law) expire. Processing based on consent continues until withdrawal.

For the technical operation of the Touristmanager, the business makes use of the IT services of LTS – Landesverband der Tourismusorganisationen Südtirols, Gerbergasse 60, 39100 Bolzano, Tel. +39 0471 978060, Fax +39 0471 977661, Email: info@LTS.it, Web: www.LTS.it (“LTS”), which may have access to the above-mentioned data. The business has concluded the legally required agreements with LTS to ensure that the data is processed lawfully and securely.

2. Information about your rights as a data subject

2.1 Notes on the rights of the data subject

The data subject has the right to obtain confirmation from the controller as to whether or not personal data concerning them is being processed; if so, they have the right to access this personal data and the information listed in Art. 15 GDPR.

The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning them and, where appropriate, the completion of incomplete personal data (Art. 16 GDPR).

The data subject has the right to obtain from the controller the erasure of personal data concerning them without undue delay, where one of the grounds in Art. 17 GDPR applies, e.g. if the data is no longer necessary for the purposes for which it was collected (right to erasure).

The data subject has the right to obtain from the controller restriction of processing where one of the conditions listed in Art. 18 GDPR applies, e.g. if the data subject has objected to processing.

The data subject has the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used, and machine-readable format, and they have the right to transmit those data to another controller without hindrance, under certain circumstances, e.g. where processing is based on consent and carried out by automated means (right to data portability, Art. 20 GDPR).

The data subject has the right to object, on grounds relating to their particular situation, at any time to the processing of personal data concerning them. The controller shall then no longer process the personal data unless compelling legitimate grounds for the processing can be demonstrated which override the interests, rights, and freedoms of the data subject, or the processing is necessary for the establishment, exercise, or defense of legal claims (Art. 21 GDPR).

Every data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or the place of the alleged infringement, if they consider that the processing of personal data relating to them infringes the GDPR (Art. 77 GDPR). In Italy, the competent authority is the Garante per la protezione dei dati personali.

2.2 Rights of the data subject

Pursuant to Art. 7 of Legislative Decree 196/2003 and Articles 15 to 22 of EU Regulation 679/2016, you may exercise your rights at any time:

a) To request confirmation of the existence or non-existence of personal data concerning you.
b) To obtain information about the purpose of processing, the categories of personal data, the recipients or categories of recipients to whom the personal data has been or will be communicated, and, where possible, the retention period.
c) To obtain the rectification and erasure of data.
d) To obtain restriction of processing.
e) Where applicable, to request data portability, i.e. to receive the data from a controller in a structured format commonly used and readable by an automated device, and to transmit those data to another controller without hindrance.
f) To object to processing at any time, including in the case of processing for direct marketing purposes.
g) To object to automated decision-making in relation to natural persons, including profiling.
h) To request from the controller access to your personal data, their rectification, erasure, or restriction of processing, or to object to their processing, in addition to the right to data portability.
i) To withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
j) To lodge a complaint with the Data Protection Authority in Rome, Piazza Venezia 11. Official website of the authority: www.garanteprivacy.it.

The exercise of rights requires no particular form and is free of charge.