Transport and general regulations
valid for the Pila ski area and for the skiing facilities run by “Pila S.p.A.”
valid for the Pila ski area and for the skiing facilities run by “Pila S.p.A.”
The mountain environment and its changing natural or artificial conditions, and also the sports pursued there (skiing, mountain biking, trekking, mountaineering, etc.) all carry a risk intrinsic to the very nature of the activity. By purchasing a ticket and using the facilities it is understood that the buyer is aware of such eventualities and is also able to apply common sense. The company is not responsible for accidents that may occur on off-piste trails even if these can be reached by the lifts. Specifically, no skier can make a claim against the operators of the ski resort for injuries deriving from any of the risks inherent to sport i.e. from those conditions which form an integral part of skiing which can include the following:
Rules of behaviour to be complied with by users of ski runs, also in order to avoid civil and criminal consequences:
This document, prepared pursuant to Articles 13 and 14 of the GDPR 2016/679, applies to all types of tickets, as specified below. “Resort tickets” refer to all the travel tickets/passes that are only valid in the ski areas managed by the Company. “Resort tickets with VDA extension” refer to all the travel tickets/passes that are also valid in the other ski areas of Valle d’Aosta, on the cableways of Mont Blanc and the ski resorts of La Rosière, Alagna and Alpe di Mera, for a limited and predefined number of days. “Regional tickets” refer to all the travel tickets/passes valid in the ski areas of Valle d’Aosta, on the cableways of Mont Blanc and the ski resorts of La Rosière, Alagna and Alpe di Mera. “Resort” refers to the ski areas managed by Pila S.p.A.
Data Controller. The Data Controller is Pila S.p.A. with headquarters in Gressan (Aosta) Frazione Pila n. 16, represented by the Chairman of the Board of Directors and acting Legal Representative.
Data Protection Officer. The Company has appointed a Data Protection Officer. The contact details are shown in the Privacy section on the website of Pila S.p.A., www.pila.it
Type of data processed. In order to purchase tickets/passes, it is necessary to provide personal and contact details. A photograph is only required for certain types of tickets/passes (solely for the purpose of verifying that access is being made by the person entitled to do so). Any bank data necessary for completing the payment may also be processed. For marketing purposes, with specific consent, contact data may be processed. As part of the video surveillance system, user images are processed. Monitoring the passages through turnstiles involves the processing of location or position data by reading the identifier tags using RFID technology. In order to apply any tariff reductions, the Company may process – with the consent of the person concerned (the Data Subject) – data that Article 9 GDPR 2016/679 defines as “special” as they can reveal information on a person’s health. The processing of such data is limited solely to assessing eligibility for the reduction. Health-related data may be used in case of first aid being administered.
Source of personal data. The data can be collected directly from the data subject or through the Joint Data Controllers or otherwise subjects, natural or legal persons, appointed as external data processors. Monitoring the passages through turnstiles is carried out electronically. A video surveillance system is operational in the areas managed by the Company: the images are collected electronically (see the specific section on video surveillance)
Type of data processed. In order to purchase tickets/passes, it is necessary to provide personal details (name, surname, date of birth and tax code – if applicable) and contact details (residential address). A photograph is only required for certain types of tickets/passes (to ensure that access is being made by the person entitled to do so). Any bank data necessary to complete the payment may also be processed. For marketing purposes, with specific consent, contact data such as phone number and email address may be processed. As part of the video surveillance system, user images are processed. Monitoring the passages through turnstiles involves the processing of location or position data by reading the identifier tags using RFID technology. In order to apply any tariff reductions, the Company may process – with the consent of the person concerned (the Data Subject) – data that Article 9 GDPR 2016/679 defines as “special” as they can reveal information on a person’s health. The processing of such data is limited solely to assessing eligibility for the reduction.
Monitoring passages through turnstiles. To prevent dishonest use of travel tickets/passes and to facilitate the search for missing persons, the Company has a system for detecting people passing through turnstiles based on RFID technology. The reader device on the turnstile remotely checks the validity of tickets, allowing users to pass through “hands-free”. This instrument does not read biometric data and does not memorise the user’s movements on the ski slopes or hiking trails. If the Company intends to use the data for the purpose of profiling customer preferences, it will ask for specific consent from the persons concerned
Purpose and legal basis of the processing. Data processing is carried out for the following purposes: 1. Requests for the purchase of tickets/passes and issuing them; 2. Dealing with payment; 3. Fulfilment of civil, fiscal and accounting obligations connected with the issue of transport tickets/passes and the provision of any first aid in cases where payment of a fee is required; 4. Provision of transport services and guarantee of use of the same by the buyer; 5. Protection of company assets through the use of video surveillance systems; 6. Protection of company assets by verifying the legitimate use of the travel document by requesting a photo be applied to the travel document; 7. Protection of company assets by verifying the legitimate use of the travel document (by affixing a photo to it); 8. Protection of company assets by monitoring the passages though turnstiles; 9. Evaluation of the eligibility for tariff discounts or reductions; 10. Marketing and promotion of commercial initiatives, products and/or services; 11. Possible defence of a right in court and whenever it is necessary to ascertain, exercise or defend a right of the Data Controller; 12. Possible first aid actions in the event of an accident; 13. Statistical processing of data in order to develop and improve the services offered.
Regarding the purposes referred to in points 1, 2 and 4, the processing is carried out pursuant to Article 6(1b) GDPR 2016/679 (processing necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into the contract); processing as regards point 3 is pursuant to Article 6(1c) GDPR 2016/679 (processing necessary for compliance with a legal obligation); with reference to the purposes under 5, 6, 7, 8 and 11, processing is pursuant to Article 6(1f) GDPR 2016/679 (processing necessary for the purposes of the legitimate interest pursued by the Controller or by a third party); to those referred to in point 12, processing is on the basis of Articles 6(1d) and 9(2c) GDPR 2016/679 (processing necessary to protect the vital interests of the data subject) while for the processing referred to in points 9 and 10 is on the basis of the specific consent of the data subject (Articles 6(1a) and Article 9(2a) GDPR 2016/679). The data processed for statistical purposes are anonymous.
Methods of processing and retention period. The data will be processed manually or electronically on paper or digital media in compliance with the provisions of Article 32 of GDPR 2016/679 regarding security measures. The data collected for the purposes referred to in points 1, 2, 4 and 9 are kept for the entire duration of the contractual relationship and, thereafter, for a period of 3 years. Once this term has elapsed, they are made anonymous and retained for statistical purposes, with the sole exception of those for which, in fulfilment of the purposes referred to in point 3, there is a storage obligation for tax purposes or for compliance with regulatory obligations (period of storage: 10 years). The images collected in video surveillance systems are deleted 72 hours later; the data collected for marketing purposes are kept until you object or revoke your consent given. The data collected for the purposes referred to in points 7 and 8 are kept for 3 years and subsequently anonymized and stored purely for statistical purposes. The data collected for the purposes referred to in point 12 are kept for 10 years if the action taken incurs a fee and the consequent invoicing; in other cases, for 3 years. In all cases where it is necessary to go to court for the evaluation, exercise or defence of a right of the Data Controller, the retention period continues until the completion of the judicial process.
Nature of data collecting. It is obligatory to provide certain data for activating and performing the contractual relationship: refusal to provide such data will make it impossible to proceed. Providing data for promotion and marketing purposes is optional and will not impede the concluding of the contract.
Disclosure of data. In fulfilment of the purposes for which they are collected or in fulfilment of legal obligations, the data may be disclosed to departments in the Company as well as to Legal Persons or Public Bodies such as the Joint Data Controllers (within the limits of the agreements signed with them); Banks; Insurance companies; subjects who carry out rescue services on the slopes, legal consultants in the event of a dispute, to the judicial authority if for a justified measure or for the need to protect a right of the Data Controller. Data may only be disclosed to third parties for marketing purposes when consent has been explicitly provided. Such data may also be communicated to subjects who carry out processing activities on behalf of the Data Controller named, appointed as external processors pursuant to Art. 28 GDPR 2016/679, and to authorised employees pursuant to Art. 29 GDPR 2016/679.
Rights of Data Subjects. The Company guarantees that Data Subjects have right of access pursuant to Art. 15 GDPR 2016/679 and, where applicable, the rights of rectification, erasure, restriction of processing, data portability, objection to processing (Articles 16, 17, 18, 20 and 21 GDPR 2016/679) and revocation of the consent. Without prejudice to any other administrative or judicial appeal, should Data Subjects believe that the data processing is carried out in violation of the relevant legislation, each of them has the right to lodge a complaint with the Guarantor for the protection of personal data by following the instructions published on the website www.garanteprivacy.it. Requests to exercise the aforementioned rights must be sent in writing, by registered letter, to the Company’s headquarters or by communication to the Data Protection Officer.