Homepage
Go to the footer

Privacy notice pursuant to Articles 13 and 14 of EU Regulation 679/2016

This page represents the “Privacy Policy” of this website and is intended to provide information on how the personal data of users interacting with this website are processed, including users making use of the services provided through it, as well as to provide the information required under Articles 13 and 14 of EU Regulation 2016/679.

This notice applies only to this website and not to any other websites that may be consulted by the user through links available on the pages of this website.

Regulation (EU) 2016/679 concerning the protection of personal data (hereinafter, the “Regulation”) lays down rules relating to the protection of natural persons with regard to the processing of personal data, as well as rules relating to the free movement of such data, and protects the fundamental rights and freedoms of natural persons, with particular reference to the right to the protection of personal data.

Article 4(1) of the Regulation states that “Personal Data” means any information relating to an identified or identifiable natural person (hereinafter, the “Data Subject”).

“Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (Art. 4(2) of the Regulation).

Pursuant to Articles 12 et seq. of the Regulation, the Data Subject must also be informed about the appropriate information relating to the Processing activities carried out by the Data Controller and about the rights of the Data Subjects.

Data Controller:

SOCIETÀ MULTISERVIZI ALTA VALLE S.p.A. – Via Breno, 10 – 23030 Valdisotto (SO), Italy
E-mail: multiservizialtavalle@gmail.com
Tel.: (+39) 0342-902666
Certified E-mail (PEC): multiservizialtavalle@pec.it

Data Protection Officer (DPO):

Centro Studi Enti Locali S.p.A., represented by lawyer Giuseppina Tofalo, who can be contacted at the following e-mail address: giuseppina.tofalo@centrostudientilocali.it

Purposes of processing and legal bases for processing

The user’s personal data will be processed for the following purposes and on the following legal bases:

  1. for the conclusion and proper performance of a contract to which the data subject is party or in order to take pre-contractual measures at the request of the data subject, as well as for the provision of requested information and/or services/products, including subscription to newsletters; the legal basis for the processing activities listed above is Article 6(1)(b) of EU Regulation 2016/679;

  2. to respond to requests sent by the user via e-mail and/or forms available on the website; the legal basis for the processing activities listed above is Article 6(1)(b) of EU Regulation 2016/679;

  3. subject to the data subject’s consent, to periodically send commercial communications regarding services, products and activities offered by the Data Controller through remote communication technologies (e-mail, telephone, SMS, WhatsApp); the legal basis is consent pursuant to Article 6(1)(a) of EU Regulation 2016/679;

  4. to carry out retargeting activities and/or use e-mail addresses to identify social media profiles (Facebook, Instagram) for personalised marketing campaigns; the legal basis is consent pursuant to Article 6(1)(a) of EU Regulation 2016/679. For these processing activities, tools provided by third-party platforms (e.g. Meta, Google Ads) are used; further information is available in the relevant privacy policies accessible through the links provided in the cookie policy;

  5. to send e-mails containing commercial and promotional information regarding the sale of our products/services similar to those previously purchased by the data subject, unless the latter objects to such processing at any time; the legal basis for this type of processing is the legitimate interest of the Data Controller pursuant to Article 6(1)(f);

  6. to ensure that marketing communications relating to products and services offered by the Data Controller, as well as those of its business partners and sponsors, including online advertising, are relevant to the interests of the data subject; for this purpose, personal data may be used to better understand the data subject’s interests and preferences in order to predict which other products, services and information may be of interest, allowing us to personalise communications and make them more relevant and engaging; the legal basis is consent pursuant to Article 6(1)(a) of EU Regulation 2016/679. Consent will be requested separately and specifically for each marketing purpose (e.g. newsletter, profiling, retargeting);

  7. to conduct market research in order to develop and improve our range of products, services and activities offered by the Data Controller and its partners; the legal basis is consent pursuant to Article 6(1)(a) of EU Regulation 2016/679;

  8. to enable and ensure the proper functioning of the website, as well as to guarantee an adequate level of security, integrity and availability; the legal basis for this type of processing is the legitimate interest of the Data Controller pursuant to Article 6(1)(f);

  9. to analyse statistical data in aggregated or anonymous form for the purpose of monitoring the proper functioning of the website, traffic, usability and user interest; the legal basis for this type of processing is the legitimate interest of the Data Controller pursuant to Article 6(1)(f);

  10. to establish, exercise or defend legal claims; the legal basis for this type of processing is the legitimate interest of the Data Controller pursuant to Article 6(1)(f);

  11. to comply with obligations established by law, regulations, EU legislation or orders issued by public authorities; the legal basis for this type of processing is Article 6(1)(c) of EU Regulation 2016/679.

Types of data

The data necessary for the purposes described above will be collected and processed, including:

  • identification data

  • contact data

  • data relating to the contractual relationship

  • data relating to the data subject’s preferences and interests

  • Browsing data and cookies: this website uses cookies and other tracking tools (including third-party tools) for technical, statistical and marketing purposes. For further details, please refer to the Cookie Policy.

Browsing data

The IT systems and software procedures used to operate this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected in order to be associated with identified data subjects; however, by its very nature, it could, through processing and association with data held by third parties, allow users to be identified.

This category of data includes IP addresses or domain names of the computers used by users connecting to the website, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server response (successful, error, etc.), and other parameters relating to the user’s operating system and IT environment.

These data are used solely for the purpose of obtaining anonymous statistical information on the use of the website and to ensure its proper functioning, and are deleted immediately after processing.

The data may also be used to ascertain liability in the event of hypothetical cybercrimes against the website.

Refusal to provide data

Apart from what is specified for browsing data, users/visitors are free to provide their personal data. In some cases, the provision of data is necessary, since failure to provide such data may result in the impossibility of concluding or properly performing the contract to which the Data Subject is party and/or failure to comply with legal obligations to which the Data Controller is subject.

The provision of data for processing activities requiring consent is optional; failure to provide such data will not prevent the user from benefiting from the products/services offered by the Data Controller. Even where consent has been given, the Data Subject shall in any case have the right to subsequently object, in whole or in part, to the processing of their personal data for the purposes described above, by simply contacting the Data Controller using the contact details provided above.

Source of the data

The Data will be provided directly by the Data Subject or collected from third parties.

Methods of processing

In accordance with Article 5 of the Regulation, the Personal Data subject to processing shall be:

  1. processed lawfully, fairly and transparently in relation to the Data Subject;

  2. collected and recorded for specified, explicit and legitimate purposes and subsequently processed in a manner compatible with those purposes;

  3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

  4. accurate and, where necessary, kept up to date;

  5. processed in a manner that ensures an adequate level of security;

  6. stored in a form that permits identification of the Data Subject for no longer than is necessary to achieve the purposes for which the data are processed.

The processing will be carried out using both manual and/or electronic and telematic tools, with organisational and processing methods strictly related to the purposes themselves and, in any case, in such a way as to guarantee the security, integrity and confidentiality of the data in compliance with the organisational, physical and logical measures required by applicable law.

Disclosure of data

Personal data may be disclosed to persons authorised to process the data, as well as to external data processors appointed by the Data Controller (the complete list of external data processors is available from the Data Controller), who are responsible for managing the purposes described above.

Subject to your consent, the Data may also be disclosed to third-party sponsors and/or business partners of the Data Controller, who may use them for the purposes referred to in point no. 3 of the section “Purposes of Processing” above.

Within the scope of the purposes described above, the data may also be disclosed to other parties acting as independent data controllers.

Dissemination of data

Personal data will not be subject to dissemination.

Transfer of data abroad

For the purposes described above, Personal Data will be processed within the European Economic Area (EEA). Should the data be transferred to Third Countries, in the absence of an adequacy decision by the European Commission, the safeguards required by the applicable legislation concerning the transfer of Personal Data to Third Countries will in any case be respected, such as the Standard Contractual Clauses provided by the European Commission.

Data retention

In general, Personal Data will be retained for the period strictly necessary to achieve the purposes for which they were collected and processed, including any retention period required by applicable law and, in any case, for a maximum period of 10 years from the termination of the relationship with the Data Controller, and for a maximum period of 2 years for purposes requiring consent, unless the Data Controller needs to defend a right in court.

Data processed for marketing and profiling purposes are retained for a maximum period of 24 months from the last interaction with the user or until consent is withdrawn.

Rights of the Data Subject

Pursuant to Articles 15 et seq. of EU Regulation 2016/679 and the applicable national legislation, the Data Subject may, under the conditions and within the limits established by current legislation, exercise the following rights:

  • Art. 15 – Right of access by the data subject

  • Art. 16 – Right to rectification

  • Art. 17 – Right to erasure (“right to be forgotten”)

  • Art. 18 – Right to restriction of processing

  • Art. 19 – Notification obligation regarding rectification or erasure of personal data or restriction of processing

  • Art. 20 – Right to data portability

  • Art. 21 – Right to object

In general, to exercise these rights, the Data Subject may contact the Data Controller using the contact details provided above.

Before providing a response, the Data Controller may need to verify the identity of the Data Subject by requesting a copy of an identity document.

A written response will be provided without undue delay and, in any case, no later than one month from receipt of the request.

Version 4.1
Last updated: 19 May 2026

Request information

Thank you

We’ve sent you an email. To activate the newsletter, click on the link you will find in the message. Thank you!

Something went wrong

Try again

Link copied

Close

Your request has been sent.

We have received your request. We will reply soon. A copy of the data you have provided us with has been sent to your email address.

Close

Your request has been sent.

We have received your request. Accommodations will answer soon. You will receive a copy of the data at the e-mail address you provided.

Close

Newsletter subscription title

Close