This information (pursuant to Article 13 of EU Regulation 2016/679) is directed at those who use the web services of the Aosta Valley region accessible from the URL balteus.lovevda.it, corresponding to the homepage of the official website for the Cammino Balteo walking route in Aosta Valley region (Italy). The information is provided only for the balteus.lovevda.it website and not for other external websites that can be accessed by the user through links.
1. Data controller
The Autonomous Region of Aosta Valley , with head office in Aosta, Piazza Deffeyes 1 and the Office Régional du Tourisme - Regional Tourist Office of Aosta Valley, with head office in Aosta, via Federico Chabod 15, are joint controllers of the personal data relating to users who visit this site.
2. Type of data processed
2.1. Browsing data - Log file
The computer systems and applications dedicated to the functioning of this website detect, during their normal operation, some data - the transmission of which is implicit in the use of Internet communication protocols - not associated with directly identifiable users.
Among the data collected there are the IP addresses and the domain names of the devices (computers, tablets, smartphones ...) used to connect to the site, the addresses in Uniform Resource Identifier (URI) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error ...) and other parameters concerning the operating system and the IT environment of the user. These data are processed, for the time strictly necessary, only to obtain anonymous statistical information on the use of the website and to check its regular functioning.
2.2. Data provided voluntarily by the user
During the provision and execution of the services offered by the website, the user voluntarily provides some personal data (name, surname, email, etc.) for the fulfilment of the purposes set out in point 3 of this statement. These data are collected by filling specific fields, present in the different services, or as a consequence of sending e-mails to the e-mail addresses indicated on this website; some data are essential to offer appropriate feedback to the users requests. Particular categories of data or data relating to criminal convictions and crimes are not processed in any case and, if provided voluntarily by the user, will be duly deleted.
3. Purposes of data processing
The Aosta Valley region processes personal data within the strictly necessary limits to perform its institutional functions, excluding all processing when the objectives pursued can be achieved with anonymous data or by identifying users only when necessary.
Specific processing purposes, related to particular operations, might be described within the various access channels. Within them the user will find additional information on the processing of personal data.
4. Optional providing of data
Except as specified for navigation data, the user is free to provide personal data when filling the specifically set online forms. Failure to provide the requested data may, however, make it impossible to obtain the service.
5. Processing, communication and / or dissemination of data
The collected data will be processed exclusively by personnel and collaborators of the Autonomous Region of Aosta Valley and the Office Régional du Tourisme - Regional Tourist Office of Aosta Valley. These data are treated, in the role of Data Processor, pursuant to art. 28 of the Regulation, by the regional investee company IN.VA. S.p.A., which performs management and maintenance of information systems on behalf of the Region.
Some processing operations could also be carried out by third parties, to whom the Region entrusts certain activities, or part of them, functional to the provision of services.
On such additional subjects, designated as Data Processors, proper obligations regarding the protection of personal data are imposed by the Region, by contract or other legal act under EU or Member State law, through operating instructions, with particular reference to the adoption of adequate technical and organizational measures in order to guarantee the confidentiality and security of personal data pursuant to art. 32 of the Regulation. Apart from these cases, the data will not be divulged to third parties or disseminated, except in cases specifically provided for by national or European Union law.
6. Transfer of data to countries outside the European Union
The data collected and processed are not transferred to companies or other entities outside the EU territory.
7. Rights of the users
Users may exercise at any time the rights provided for in art. 15 and following of the EU Regulation 2016/679 where applicable. These include, in accordance with the provisions of article 13, paragraph 2, letters b) and d): the right to request the rectification or erasure of personal data or restriction of processing of registered data concerning them, in the foreseen cases; the right to lodge a complaint with the Italian Data Protection Authority, following the procedures and indications published on the official website https://www.garanteprivacy.it/home_en