Winter Olympic Games: 6 February – 22 February 2026 | Winter Paralympic Games: 6 March – 15 March 2026

Privacy Policy

Information on the processing of personal data .

With this policy, pursuant to EU Regulation No. 679/2016 (hereinafter GDPR) and specific compatible national legislation, Servizi Ampezzo Unipersonale s.r.l., with registered office in Loc. Sacus, 4 – 32043 Cortina d’Ampezzo (BL), Tax Code/VAT No. 00806650255, in its capacity as “Data Controller” (hereinafter “Controller”), provides information on the methods and circumstances under which it will process the personal data and information provided by accessing the website cortina. dolomiti.org/cortinawelcometeam2026, owned by Servizi Ampezzo Unipersonale s.r.l.

Type of data subject to processing processing

  1. Personal data – The personal data processed by the Data Controller are as follows: name, surname, date of birth, gender, telephone number, residential address, postcode, telephone number, e-mail address. For full details, please refer to the specific section of this policy.
  2. Browsing data – This is information collected automatically by the Data Controller through the Website, newsletters or third-party applications. This includes: date and time, IP addresses, URI (Uniform Resource Identifier) addresses, time of request, method used to submit the request to the server, size of the response, status code in numerical form, as well as browser and operating system, language and country.
  3. Cookies are small text files sent by the website to the user’s terminal (usually to the browser), where they are stored before being re-transmitted to the website on the user’s next visit. A cookie cannot retrieve any other data from the user’s hard drive, transmit computer viruses or acquire email addresses. Each cookie is unique to the user’s web browser. Some of the functions of cookies can be delegated to other technologies. In this document, the term ‘cookies’ refers to both cookies themselves and all similar technologies. For more information on the use of cookies, please refer to the Cookie Privacy document on this website.

Forms active on the website
Contact form – request for information

The website contains an information request form that Users can use to request information from the Data Controller. The data provided will be used solely for the purpose of providing the service to the User.

Legal basis and purpose of the processing

  1. Data essential for contract execution – Subject to obtaining the User’s consent, data will be processed solely for purposes related to the provision of the specific service. For example, in the case of a request for information, the data will be used solely to respond to the User by providing the requested information. Such data is essential for the performance of the services requested under the contract.
  2. Promotional, commercial and marketing purposes – Subject to obtaining explicit consent from the User, data will be processed for the purposes of sending commercial communications, initiatives, discounts and offers from the Data Controller or third parties on a periodic basis. Data entered by the “Data Controller” on the Website may be processed if obtained directly from the “Data Controller” or from third parties in compliance with current legislation. In any case, the User’s data will not be communicated and/or transferred to third parties under any circumstances.

Data controller, data processors and persons in charge of processing

  1. Data controller – The data controller for the data provided by users is the Data Controller, as defined in the introduction, in the person of its pro tempore legal representative.
  2. Data processors – Persons appointed by the Data Controller may become aware of your data as they are responsible for carrying out certain processing operations connected with and instrumental to the provision of the service and/or for additional purposes permitted by the User.

Method of processing

Personal data will be processed using manual or electronic means, in a manner strictly related to the purposes indicated above and, in any case, in such a way as to guarantee the security, protection and confidentiality of the data. Furthermore, it should be noted that personal data is processed in such a way as to minimise the risk of destruction or loss, even accidental, of the data, unauthorised access or processing that is not permitted and does not comply with the purposes of collection. In particular, in processing the data, the Data Controller and the persons identified as data processors will use organisational, physical and logical measures to ensure the security and confidentiality of the data, using all appropriate measures to ensure the classification, storage and confidentiality of the data. Personal data may be processed by employees, collaborators and consultants of the Data Controller, specifically appointed as data processors, for the performance of specific operations necessary to pursue the aforementioned purposes, under the direct authority and responsibility of the Data Controller and in accordance with the instructions given by the same.

Recipients of the data

The data provided by the User will NOT be disclosed to third parties for purposes other than those for which they have been specifically authorised. This is without prejudice to cases (e.g. security requirements by law enforcement authorities, etc.) specifically indicated in EU Regulation 679/2016.

Period of retention of data

At any time, the User may object to the processing of personal data by sending an email to the address indicated in the “Contact Details of the Data Controller” section of this policy. In the case of newsletters, the User will also have the option to unsubscribe independently from the list in question by using the link at the bottom of any email message received from the aforementioned list. Even after cancellation, some data may be retained. For example, data related to consents, data that may be requested by the Authority for the prevention of illegal activities, billing data or invoices issued. If the sending of communications is established on the basis of the performance of a contract with the Data Controller, it will not be possible to delete the User’s data until the contract has been concluded and/or until the parties have exercised their right of withdrawal, in accordance with current legislation.

Transfer of data to non-EU countries

The Data Controller may use services offered by third-party companies, which will process your data as data processors and in accordance with the instructions given to them by the Data Controller. It is possible that some of the processing carried out by the data processors may take place outside the European Union, for example in the USA. In these cases, the Data Controller uses legal instruments to ensure adequate protection of your personal data (e.g. by requiring these counterparties to sign Standard Contractual Clauses or by complying with other specific protection standards proposed or suggested by the European Union and the Data Protection Authority).

User rights

As a data subject, you have the following rights regarding personal data collected and processed by the Data Controller in the context of the processing outlined above:

Right of access

Art. 15: You have the right to obtain confirmation from the Data Controller as to whether or not personal data concerning you are being processed and, if so, to obtain access to the personal data and the following information: (i) the purposes of the processing; (ii) the categories of personal data concerned; (iii) the recipients or categories of recipients to whom your personal data have been or will be disclosed, in particular if they are recipients in third countries or international organisations; (iv) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; (v) the right to lodge a complaint with a supervisory authority.

Right to rectification, objection and erasure

Art. 16: You have the right to obtain the rectification of inaccurate personal data concerning you and, taking into account the purposes of the processing, the right to have incomplete personal data completed, including by means of providing a supplementary statement. Furthermore, you have the right to obtain the erasure of personal data concerning you if one of the following reasons applies: (i) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (ii) the data are processed unlawfully; (iii) you have withdrawn your consent on the basis of which the Data Controller had the right to process your data and there is no other legal basis allowing the Data Controller to process the data; (iv) you have objected to the processing and there is no overriding legitimate reason; (v) the personal data must be erased in order to comply with a legal obligation. However, the Data Controller has the right to disregard the exercise of the above rights of erasure if the right to freedom of expression and information prevails, or for the exercise of a legal obligation or to defend its own rights in court. You may object to the processing at any time, even for only one of the above purposes of processing.

Right to erasure (‘right to be forgotten’)

Art. 17: the User has the right to obtain from the Data Controller the erasure of personal data concerning him/her without undue delay and the Data Controller has the obligation to erase personal data without undue delay if one of the grounds referred to in Art. 17, paragraph 1, letters a), b), c), d), e) and f), paragraph 2, and paragraph 3, letters a), b), c), d) and e) applies.

Right to restriction of processing

Art. 18: The User has the right to obtain from the Data Controller the restriction of processing: (i) for the period necessary for the Data Controller to verify the accuracy of the personal data concerning him/her which you have contested; (ii) in the event of unlawful processing of your personal data; (iii) when you need your data to be processed for the establishment, exercise or defence of legal claims; (iv) for the period necessary to verify whether the Controller’s legitimate grounds override your request to object to the processing.

Right to data portability

Art. 20: The User has the right to receive, in a structured, commonly used and readable format, their personal data provided to the Data Controller and processed by the latter on the basis of consent, as well as the right to transmit such data to another Data Controller indicated by the User without hindrance.

Right to object

Art. 21: The User has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her pursuant to Article 6, paragraph 1, letters e or f, including profiling based on those provisions. Where personal data are processed for direct marketing purposes, the User has the right to object at any time to the processing of personal data concerning him/her for such purposes, including profiling to the extent that it is related to such direct marketing. Where the User objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

Contact details of the Data Controller

The User may exercise their rights at any time by sending a request to the Data Controller as the data controller by e-mail to the address cortina2026@cortinamarketing.it.