Privacy Policy

This policy describes how the personal data of users visiting https://turismoincanavese.com are managed in accordance with the EU Regulation 2016/679 (GDPR) and the Italian legislation on personal data protection.

1. Data controller

Consorzio Operatori Turistici Valli del Canavese
Registered office: Grand Hotel – Borgata Prese snc, 10080 Ceresole Reale (TO)
Infopoint: Piazza Ottinetti 3, 10015 Ivrea (TO)
C.F. and P.IVA 10732200018
Represented by the President pro tempore
Email dedicated to privacy: privacy@turismoincanavese.it
Website: turismoincanavese.com

2. Types of data processed

  • Data provided voluntarily: first name, last name, e-mail address, and content of the message sent through the contact form.
  • Browsing data: IP address, browser type, operating system, and other technical data automatically collected by the server.
  • Cookies and tracking tools: used for technical, functional and statistical purposes, as described in the Cookie Policy.

3. Purpose of processing.

  1. Respond to inquiries sent via the contact form.
  2. Ensure the proper technical operation and security of the site.
  3. To statistically analyze site usage in aggregate and anonymous form.
  4. Manage consent to cookies and third-party services through Usercentrics CMP.

4. Legal basis for processing

  • Art. 6(1)(a) GDPR – consent of the data subject.
  • Art. 6(1)(b) – execution of pre-contractual measures.
  • Art. 6(1)(c) – legal obligation to comply with the GDPR.
  • Art. 6(1)(f) – legitimate interest of the Owner in site security.

5. Methods of processing

Data are processed by computer and telematic tools, in accordance with the principles of lawfulness, correctness, transparency and minimization. Access to the data is permitted only to authorized personnel and individuals designated as Data Processors.

6. Recipients and categories of third parties

  • Hosting provider: Aruba Business S.r.l. – External data processor.
  • Third-party services:
    Usercentrics GmbH (Germany),
    Google Ireland Ltd. / Google LLC (GA4, Tag Manager, Maps, Fonts),Outdooractive AG (Germany),Automattic Inc. (USA – Gravatar),
    unpkg (CDN).

Any data transfers to non-EU countries will take place in compliance with Chapter V of the GDPR and the Standard Contractual Clauses.

7. Retention period

  • Data submitted through contact forms: up to 12 months.
  • Server technical logs: 7-30 days.
  • Cookies: as stated in the Cookie Policy.

8. Provision of data

Providing data is optional but necessary to receive response via contact form. Refusal to provide the data will result in the inability to obtain the requested service.

9. Rights of the data subject

Data subjects can exercise their rights under Articles 15-22 of the GDPR: access, rectification, deletion, restriction, opposition, withdrawal of consent, and data portability.
Requests should be sent to privacy@turismoincanavese.it.

It is also possible to file a complaint with the Data Protection Authority.

10. Data security

The Owner takes appropriate technical and organizational measures to prevent loss, misuse, unauthorized access, disclosure or modification of processed data.

11. Updates

This policy may be updated as a result of regulatory or technical changes. The latest version is always available on this page.

Last update: October 10, 2025