Pursuant to Article 13 of Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and the recommendation on certain minimum requirements for the online collection of personal data in the EU (hereinafter ‘GDPR’), we provide the following information.
Data Protection Officer (DPO)
The Data Protection Officer (DPO) is the operator of this website:
Schloss Churburg GmbH
Churburg 1, I-39020 Schluderns (South Tyrol), Italy
VAT No. IT03275450215 · Tax Code 03275450215
General principles
Scope
Personal data are processed only within the framework established by the GDPR and only to the extent necessary to fulfil a specific request voluntarily communicated to us. Data collected typically include name, address, e-mail address and/or telephone number. Where required by accounting regulations, tax identification numbers and/or payment information may also be processed. Personal data are used solely to handle enquiries and requests — ordinarily for the performance of a contract or pre-contractual measures (e.g. information requests regarding our services, booking and use of our services) and, where legally required, for accounting documentation. Processing is carried out electronically and/or in paper form.
Legal bases for processing
Art. 6(1)(a) GDPR
… where the data subject has given consent to the processing of personal data for one or more specific purposes
Art. 6(1)(b) GDPR
… where processing is necessary for the performance of a contract or for pre-contractual measures
Art. 6(1)(c) GDPR
… where processing is necessary for compliance with a legal obligation
Art. 6(1)(d) GDPR
… where processing is necessary to protect vital interests of the data subject or of another natural person
Art. 6(1)(f) GDPR
… where processing is necessary for the purposes of the legitimate interests of the data controller or a third party, provided that the interests or fundamental rights of the data subject do not override those interests
Retention and deletion
Data are retained only for as long as necessary to fulfil contractual or legal obligations, or to protect against claims.
Location of processing
Unless otherwise specified (see Online Ticketing below), data are stored at the registered office of the company. Personal data are protected by appropriate organisational and technical measures. We note that data transmission over the internet cannot be guaranteed to be completely secure, and we accept no liability for errors during transmission or for unauthorised access by third parties. Personal data are transferred to third parties only where necessary for the performance of a contract (for example to the payment institution handling a transaction, or to our accounting and tax advisory partner where required by law). No further transfer takes place unless you have given explicit consent. Your data will not be passed on to third parties for advertising purposes without your express consent.
Categories of data collected
Navigation data
The computer systems and procedures underlying this website collect, in the normal course of their operation, certain technical data whose transmission is inherent to the use of internet communication protocols. This includes IP addresses or domain names of connecting computers, URI (Uniform Resource Identifier) addresses of requested resources, the time of requests, and other parameters relating to the user’s operating system and browser. These data are collected automatically by our hosting provider in server log files. They are used solely for the collection of anonymised statistical information on website usage and for checking correct functioning of the service. Data may be used to establish liability in the event of offences committed against the website.
Data provided voluntarily
We process personal data that are voluntarily communicated to us in writing, by e-mail or by telephone. Sending an e-mail to the addresses published on this website results in the collection of the sender’s address (necessary to respond to the enquiry) and any other personal data contained in the message.
Cookies
In its current version, our website uses only technical cookies to ensure the service is provided without error. These cookies are set to manage and apply the user’s privacy settings. The storage of these cookies is necessary and justified for the purpose of carrying out the electronic communication process and for the correct provision of this website’s functionalities. Statistical cookies, used for the anonymised statistical analysis of user behaviour on the website, and profiling cookies, used to link user behaviour to a personal profile, are not currently used. Any future use of such types of cookies on this website will, in any case, only take place with the user’s express consent via the cookie settings on this website.
Online Ticketing (External service: bookingkit GmbH)
To improve our service continuously, this website provides the possibility to book and pay for visits online. This service is provided via an integrated external booking system. When you click on an ‘Online Ticket’ button or link, you are redirected to the external provider’s server. Basic navigation data (see above) are transmitted to that server. bookingkit also sets technical (essential) cookies — e.g. BkOpSession — which are required for the correct functioning of the service. Your explicit consent is required before the connection to the external provider is established; this can be given in the cookie settings of this website or when opening the Online Ticket page.
Data entered during the booking process are processed and stored by the external provider.
Responsible data processor for the online booking system: bookingkit GmbH, Sonnenallee 223, D-12059 Berlin — www.bookingkit.com bookingkit’s Privacy Policy is accessible via a link within the Online Ticket widget once activated. Your consent to bookingkit’s Privacy Policy is requested before the booking is completed.
Legal basis: Art. 6(1)(b) GDPR — performance of a contract or pre-contractual measures.
The following personal data are mandatory for an online booking: name and valid e-mail address of the person making the booking and payment. Additional data may be provided voluntarily (e.g. address, telephone number). A valid credit card is required for payment.
You are under no statutory or contractual obligation to provide personal data. If you object to processing or decline to provide the mandatory data, the Online Ticket service cannot be used and no online booking can be made.
Data entered via the Online Ticket service are used by us to track and record ticket sales, send a valid ticket by e-mail, and ensure proper redemption on site. We reserve the right to use the data provided (name and e-mail address) to communicate necessary organisational updates relating to a booked event that were not known at the time of booking, where this is in the interest of our contractual partners.
Your rights under Articles 15–21 and 77 GDPR
Right of access — Art. 15 GDPR
You have the right to obtain free information about the origin, recipients and purposes of your stored personal data.
Right to rectification — Art. 16 GDPR
You have the right to request the correction of inaccurate personal data.
Right to erasure — Art. 17 GDPR
You have the right to request the deletion of your personal data.
Right to restriction of processing — Art. 18 GDPR
You have the right to request restriction of the processing of your personal data.
Right to data portability — Art. 20 GDPR
You have the right to receive your personal data — processed by automated means on the basis of your consent or for the performance of a contract — in a structured, commonly used, machine-readable format, and to have those data transmitted to another controller where technically feasible.
Right to withdraw consent — Art. 7(3) GDPR
You have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.
Right to object — Art. 21 GDPR
You have the right to object to the processing of your personal data.
Right to lodge a complaint — Art. 77 GDPR
You have the right to lodge a complaint with the competent supervisory authority, the Italian Data Protection Authority (Garante per la protezione dei dati personali): www.garanteprivacy.it
You may exercise the listed rights at any time by contacting us at the e-mail address in the Imprint/Legal Notice.
Right of amendment
As communication technology evolves and legal requirements change, we reserve the right to update this Privacy Policy at any time. We recommend reading this policy periodically to stay informed of any changes.
