Privacy & Cookies

INFORMATION ABOUT THE PROCESSING OF DATA OF WEBSITE USERS IN ACCORDANCE WITH ARTICLES 12 AND 13 OF EUROPEAN REGULATION NO. 2016/679 (GENERAL DATA PROTECTION REGULATION - GDPR)

In compliance with the European legislation on the processing of personal data (GDPR 2016/679), Francesca Mai, as the owner of the domain WWW.HIKINGCOMOLAKE.COM, hereby states that she processes data in accordance with the provisions of Article 5 of the GDPR, i.e. in compliance with the fundamental principles of lawfulness, transparency and fairness.

This information is provided in accordance with Articles 12 and 13 of the GDPR and is meant for users of the website www.hikigcomolake.com, owned by Francesca Mai.

The information provided only applies to the abovementioned website and not any other websites that users may reach through links on www.hikingcomolake.com.

Now therefore, in accordance with Article 13 of EU Regulation 2016/679, Francesca Mai, as the owner of the domain www.hikingcomolake.com and as the Data Controller, provides you with the following information:

1. DATA CONTROLLER

1.1 In accordance with privacy regulations, the Data Controller is Francesca Mai, Tax Code MAIFNC80P68C933O, VAT No. 03558120139, with registered office in CERNOBBIO (Italy), Via Piave 29, and e-mail address info@hikingcomolake.com.

1.2. The complete and up-to-date list of the Data Supervisors will be provided upon request to Francesca Mai at the following e-mail address: info@hikingcomolake.com; or at the following certified e-mail address (PEC): maifrancesca@pec.it.

2. LEGAL BASIS AND OPTIONAL NATURE OF PROVIDING DATA

2.1. Except for the cases specified below regarding navigation data, users are free to provide their personal data which are necessary to request the services made available on the website. The Data Controller processes freely provided user data on the basis of the users’ consent, i.e. based on the users’ explicit approval of this privacy statement and of the specific methods and purposes described herein. Failure to provide the data requested and marked with an asterisk may make it impossible to provide the services and/or information requested.

3. PURPOSE OF DATA PROCESSING

3.1. Personal data of users are processed by the Data Controller only with the users’ explicit consent for the following purposes:

a. requests for information about taking part in tours promoted on the portal HIKINGCOMOLAKE.COM submitted by sending text messages by filling in specific forms in the relevant section of the website.

The optional, explicit and voluntary sending of such messages implies the subsequent acquisition of the message sender’s personal data that are only necessary to respond to requests, as well as of any additional personal data included in the messages. Such data are collected, recorded, organized, stored and managed on paper and through appropriate computer and telematic procedures for no longer than the duration of the service provision and the time necessary for operational and administrative processing requirements.

More precisely, the personal data listed above are used by the Data Controller to respond to contact requests and are processed for providing the information requested in the appropriate area;

b. requests for information about taking part in tours promoted on the portal HIKINGCOMOLAKE.COM submitted by e-mail messages.

The optional, explicit and voluntary sending of e-mail messages to the addresses shown on this website implies the subsequent acquisition of the sender's address and all personal data included in such messages which are necessary to process requests. Such data are collected, recorded, organized, stored and managed on paper and through appropriate computer and telematic procedures for no longer than the duration of the service provision and the time necessary for operational and administrative processing requirements;

c. requests for information about taking part in tours promoted on the portal HIKINGCOMOLAKE.COM submitted by telephone and/or telephone apps (Whatsapp) and social platforms (Facebook).

The optional, explicit and voluntary making of voice calls or sending of text messages (SMS) to the addresses available on this website, including through applications (Whatsapp) and social platforms (Facebook), implies the subsequent acquisition of the sender's address and all personal data included in such messages which are necessary to process requests. Such data are collected, recorded, organized, stored and managed on paper and through appropriate computer and telematic procedures for no longer than the duration of the service provision and the time necessary for operational and administrative processing requirements.

The Data Controller hereby informs you that the processing referred to in points a) and b) is carried out while guaranteeing, in any case, security and confidentiality, by previously adopting appropriate measures to prevent any modification, deletion, destruction, unauthorised access, or any processing that is not permitted or that is not carried out for the purposes for which the data were collected.

Depending on the case, the personal data provided may be processed to manage any pre-contractual negotiations in relation to any subsequent relationship with the professionals who work with the Data Controller through the portal HIKINGCOMOLAKE.COM.com, or merely to exchange information (e.g. at the user’s request, to send information about courses, fairs or events which the Data Controller takes part in) only about the activities and services provided by the Data Controller.

Specific summary information is progressively reported or displayed on the website pages set up for particular services requested.

4. PROCESSED DATA

4.1. Cookies

Definition and function of cookies

A cookie is a file that is downloaded to your computer, tablet, smartphone or other device when you access our webpage.

Cookies allow to store and retrieve anonymous information about your browsing habits or the device from which you generally access our website.

The information we collect includes the number of pages you visit, the language, the place from which you access our website, the number of new users, the frequency and repetition of visits, the duration of visits, the browser or the device through which you connect to our website or on which you run an application.

What kind of cookies does this webpage use?

The website www.hikingcomolake.com only uses technical cookies, which, according to Article 122 of the Privacy Code and the Provision issued by the Italian Data Protection Authority on 8 May 2014, do not require any consent from the person concerned.

· Third-party cookies: social buttons

These cookies are cookies that are sent to your device by a device or domain that is not managed on our behalf, but on behalf of another party that processes the collected data through cookies.

Therefore, by using these buttons no third-party cookies are installed on the website.

At the following link, you can find the Facebook data protection statement: https://www.facebook.com/help/cookies

· Session cookies:

session cookies are cookies that are deleted when you leave our webpage or close the application.

· Analysis cookies:

analysis cookies are cookies that are processed on our behalf or on behalf of another party and that allow us to count the number of visits, with the aim of making a statistical measurement and analysis of the use of our website, in order to correct any problems that we detect, and to facilitate the use of our website.

Authorizing, blocking and deleting cookies

If you wish, you can allow, block or delete the cookies installed on your device by changing the options of the browser installed on your PC or the privacy options of the device from which you visit our website.

If you do not allow cookies in your browser, you may not be able to access any of the sections of our website.

For example, you can find information on how to change cookie settings in these browsers:

• Firefox: https://support.mozilla.org/it/kb/Attivare%20e%20deactivate%20i%20cookie

• Chrome: https://support.google.com/chrome/answer/95647?hl=it

• Explorer: http://windows.microsoft.com/it-it/windows7/how-to-manage-cookies-in-internet-explorer-9

• Safari: http://support.apple.com/kb/ph5042

• Opera: http://help.opera.com/Windows/10.00/it/cookies.html

Navigation data: purpose

During their normal operation, the computer systems and software procedures used to operate this website acquire some personal data, the transmission of which is implicit in the use of Internet communication protocols.

This information is not collected in order to associate it with identified interested parties, but by its very nature and by processing and associating it with data held by third parties, it could allow users to be identified.

This category of data includes IP addresses or domain names of computers used by users who connect to the website, URI (Uniform Resource Identifier) addresses of requested resources, the time of such requests, the method used to submit such requests to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (success, error, etc.), and other parameters relating to the operating system and computer environment.

These data are only used to obtain anonymous statistical information about the use of the website and to check that it is operating correctly, and they are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the website: except for this case, web contact data are not currently stored for more than seven days.

4.2. DATA VOLUNTARILY PROVIDED BY USERS

The Data Controller is entitled to process the following information:

- personal identification information (name, surname, e-mail address, residence address);

- data for detecting the user’s health conditions, which are necessary to assess the medical fitness of users intending to purchase a specific tour (depending on the degree of difficulty);

- any further information that the user may provide voluntarily.

5. METHOD OF TREATMENT

5.1. Personal data are processed exclusively by appointed personnel with automated tools for the time strictly necessary to achieve the purposes for which they were collected.

5.2. The above information is stored in an electronic database until the request has been processed by the Data Controller and any connected activities have been completed.

5.3. Specific security measures are used to prevent any data loss, illicit or incorrect use and unauthorised access.

5.4. Please note that no data transmission over the Internet can be carried out with absolute security. Therefore, it is the user's responsibility to verify if the personal data they have provided are correct and, if necessary, to correct, update or, in any case, modify such data during processing. It is also the user’s responsibility to take appropriate security measures in order to avoid the risk of any e-mail messages being intercepted, lost, changed or deleted.

6. COMMUNICATION OF DATA

6.1. The data collected and processed by the Data Controller are communicated to parties appointed as external Data Supervisors according to Article 28 of the GDPR. Such parties have been appointed and authorised to carry out specific data processing operations. The list of their names is available at the registered office of the Data Controller and is provided upon written request.

6.2. The data are not communicated to any parties other than the aforementioned parties, except in such cases where the law or regulations provide for the data to be communicated to certain other parties.

7. DISSEMINATION OF DATA

7.1. The personal data processed through this website within the stated limits are not disseminated.

8. REVOCATION OF CONSENT

8.1. If you would like to revoke your consent for the use of one of the services made available on the website that you gave at the time you requested the service, you can send a message to Francesca Mai in the same manner as provided for exercising your rights referred to in the following point.

9. RIGHTS OF DATA SUBJECTS

9.1. As data subjects, users can exercise the rights provided for by Articles from 15 to 22 of the GDPR 2016/679; more precisely, users can:

a) obtain confirmation as to whether any personal data concerning them have been collected, even if they have not yet been stored, in a concise, transparent, intelligible and easily accessible form, and in simple and clear language;

b) obtain information about: a. the origin of their personal data; b. the purpose and method of processing; c. the legitimate interest pursued by the Data Controller or by third parties; d. any persons or category of persons to which their personal data can be communicated; e. whether the Data Controller intends to transfer their personal data to a foreign country or an international organization; f. the period of time for which their data are stored; g. the logic applied, as well as the importance and the expected consequences of such processing for the person concerned, if their data are processed with the aid of electronic instruments within an automatic collection and/or profiling process; h. the identification data of the Data Controller and the Data Supervisors; i. persons or category of persons that have been appointed as persons in charge of the processing or representatives in the territory of the State and to whom such personal data can be communicated or disclosed;

c) update, amend or, if they are interested in doing so, integrate their data;

d) have any unlawfully processed data deleted, anonymized or blocked, including any such data the storage of which is not necessary for the purposes for which the data were collected or subsequently processed;

e) have the data processing limited;

f) request the portability of their personal data to another data controller;

g) revoke their consent to the processing;

h) object, in whole or in part, for legitimate reasons, to the processing of their personal data, even if such data are processed for the purpose for which they were collected.

9.2. To exercise the above rights, the user, as an interested party, can contact Francesca Mai at any time, by sending an email message to the following address: maifrancesca@pec.it (please write “PRIVACY” in the subject line); or by post, by sending a letter at the registered office in __Cernobbio___, Via Piave, 29, Italy, (please write “PRIVACY” on the envelope).

10. RIGHT TO COMPLAIN

Users who believe that the processing performed on the website violates the GDPR have the right to lodge a complaint with the Control Authority in accordance with Article 77 of the GDPR, or to apply to the competent courts according to Article 78 of the GDPR.

11. STORAGE OF DATA

Personal data are kept no longer than necessary to achieve the purposes for which they were collected and, in any case, no longer than required by applicable law, in accordance with the principles of lawfulness, necessity and proportionality.

For simple requests for information, the data are kept until the information is provided; for the purchase of tours, the data are kept for legal and tax purposes for no longer than ten years after the purchase agreement has been finalized (including by e-mail).

12. AUTOMATED DECISION-MAKING PROCESSES

The Data Controller does not carry out any data processing operations involving automated decision-making.

13. CHANGES TO THIS INFORMATION NOTICE

This information notice may be subject to changes, including due to any new sector regulations entering into force, to the updating or provision of new services by the Data Controller, or to technological innovations.

In all these cases, the user is encouraged to read the privacy policy available on the website.

Last updated: March 2019