The official website of Pila S.p.A. provides information regarding the company’s activities, the initiatives it organizes or promotes, the services offered, the slopes and lifts managed, and more.
In addition to informational sections, the website includes, among others, an area dedicated to purchasing skipasses, an area for subscribing to the newsletter to stay updated on the company’s initiatives and events (activities for which specific privacy notices are provided), and a specific section called “Transparent Company” where all documents and information required by administrative transparency regulations (Legislative Decree of March 14, 2013, No. 33, as amended by Legislative Decree of May 25, 2016, No. 97) are published.
The website complies with the provisions of the “Guidelines on cookies and other tracking tools” issued by the Italian Data Protection Authority on June 10, 2021.
The Data Controller for the data collected through the institutional website is Pila S.p.A., headquartered in Gressan (AO), Frazione Pila No. 16, represented by the President of the Board of Directors and Legal Representative pro tempore.
The company has appointed a Data Protection Officer (DPO). The DPO’s contact details are published on the company’s official websites at www.pila.it, in the “Privacy” – “DPO Contacts” section.
The IT systems and software procedures used to operate the website acquire, during their normal operation, certain data whose transmission is implicit in the use of internet communication protocols. These include IP addresses, domain names of the computers used by visitors, URI (Uniform Resource Identifier) notation addresses of requested resources, request times, methods used to submit requests to the server, the size of the response file, numerical codes indicating the response status (successful, error, etc.), and other parameters related to the user’s operating system and IT environment (so-called technical logs). These data are processed anonymously but, by their nature, could, through processing and association with data held by third parties, enable user identification. No additional data beyond the technical logs are acquired during the connection to the website.
Only with the specific consent of the visitor, given through the cookie banner on the website, the company may perform profiling activities using third-party cookies. In particular, it may monitor user activities on the website and show them targeted advertisements based on their interactions (for promotional purposes).
The company may instead conduct monitoring on how users interact with the website in real-time, track their searches, and extract information useful for improving website functionality through tools that do not collect personal data, acting exclusively on anonymous information, even without the users’ consent. The legal basis for this processing is the legitimate interest in acquiring this information in anonymous form.
Data Provided by Users. The voluntary, explicit, and optional sending of messages to contact addresses, private messages sent by users to the company’s institutional profiles/pages on social media (where applicable), and the submission of forms available on the company’s website (such as contact forms, surveys, etc.) result in the acquisition of the sender’s contact data, necessary to respond, as well as all personal data included in the communications. Specific privacy notices, where necessary, are published on the pages dedicated to these services and on the page https://pila.it/en/privacy/privacy-policy/.
The website uses cookies, text files that are sent to the terminal device of the visiting user. This device (computer, mobile device, smartphone, etc.) stores the file to retransmit it to the website during subsequent visits. The company’s website uses technical cookies and, only with the user’s consent, profiling cookies; for details, please refer to the specific information notice.
The company processes data transmitted implicitly through internet communication protocols solely to collect anonymous statistical information about website access and to ensure its proper functioning.
Additionally, the company uses a tool called Usermaven, which allows real-time monitoring of how users interact with the website, tracking searches, and extracting information useful for improving website functionalities through specific reports. This tool does not use tracking cookies and does not store personal data. The information is processed exclusively in an anonymous form. Therefore, the legal basis for using this tool is the legitimate interest of the Data Controller (Article 6, paragraph 1, letter f of GDPR 2016/679).
Upon the user’s specific consent, Pila S.p.A. may conduct profiling activities using third-party cookies (as detailed in the dedicated cookie policy). Specifically, the company may track users’ activities on the website and show them targeted advertisements based on their interactions (for promotional purposes).
The website contains links to external sites such as institutional partners of the company, and businesses operating within the resort (e.g., hotels, restaurants, ski schools, snowparks, ski rental shops, etc.). The inclusion of references to third-party products/services or links to external sites does not imply any form of advertisement or sponsorship by the company but merely aims to represent the activities available within the resort. By accessing these links, users leave the company’s website and connect to third-party websites. Pila S.p.A. has no control over the content of these external sites or their data protection policies; users are therefore encouraged to read the privacy policies of these sites before browsing.
The software of the website pila.it, its database, and all of its contents—including design, text, layout, drawings, photos, videos, graphics, and all other elements—are the exclusive property of Pila S.p.A. Any use, reproduction, modification, adaptation, translation, distribution, or publication without prior written authorization from the company is prohibited.
The processing of personal data is based on the legal grounds specified for each purpose in the table below:
| Purpose | Legal Basis |
|---|---|
| Collection of anonymous statistical information about website access and monitoring proper website functioning | Article 6(1)(f) GDPR 2016/679: processing necessary for the legitimate interest of the data controller or third parties |
| Profiling for promotional purposes | Article 6(1)(a) GDPR 2016/679: consent of the data subjects |
| Anonymous monitoring of user interactions with the website in real time and extraction of useful information for improving website functionality | Article 6(1)(f) GDPR 2016/679: processing necessary for the legitimate interest of the data controller or third parties |
| Collection and processing of skipass purchase requests | Article 6(1)(b) GDPR 2016/679: processing necessary for the performance of a contract to which the data subject is a party or to take pre-contractual measures at the request of the data subject |
| Collection and processing of newsletter subscription requests | Article 6(1)(a) GDPR 2016/679: consent of the data subjects |
| Collection of complaints | Article 6(1)(f) GDPR 2016/679: processing necessary for the legitimate interest of the data controller or third parties |
| Possible legal defense and whenever it is necessary to ascertain, exercise, or defend the rights of the data controller | Article 6(1)(f) GDPR 2016/679: processing necessary for the legitimate interest of the data controller or third parties |
Pila S.p.A. maintains a Record of Processing Activities pursuant to Article 30 of the GDPR.
Pila S.p.A. has established the Record of Processing Activities in accordance with Article 30 of GDPR 2016/679 (maintained in electronic format). This document, available to the Data Protection Authority, contains the name and contact details of the Data Controller and the Data Protection Officer, the purposes of the various processing activities carried out, a description of the categories of data subjects and personal data held, the categories of recipients to whom the data may be communicated, any data transfers to third countries, the maximum retention periods for the different categories of data processed, and a general description of the technical/organizational measures adopted to protect data confidentiality.
RIGHTS EXERCISABLE BY DATA SUBJECTS
Pila S.p.A. guarantees data subjects the exercise of their right of access under Article 15 of GDPR 2016/679 and, where applicable, their rights to rectification (Article 16 GDPR 2016/679), erasure (Article 17 GDPR 2016/679), restriction of processing (Article 18 GDPR 2016/679), data portability (Article 20 GDPR 2016/679), objection to processing (Article 21 GDPR 2016/679), and withdrawal of consent.
Without prejudice to any other administrative or judicial remedy, if the data subject believes that the processing of their personal data is in violation of GDPR 2016/679 or Legislative Decree June 30, 2006, No. 196, as amended by Legislative Decree August 10, 2018, No. 101, they have the right to lodge a complaint with the Italian Data Protection Authority by following the procedures and instructions published on the official website www.garanteprivacy.it.
Requests concerning the exercise of the above rights must be sent in writing, either by registered mail to the company’s registered office or by contacting the Data Protection Officer at the address listed on www.pila.it, under the “info and contacts” – “privacy” section.
The response time for requests related to the exercise of rights listed from I to IV is 30 (thirty) days, extendable up to 3 (three) months in cases of particular complexity (evaluated by the Data Controller).