Privacy Policy



Privacy Policy for the Website
In this page, we shall describe the methods to manage the website in terms of processing personal data of the users consulting and using the same. The policy, pursuant to Regulation (EU) 2016/679 and Recommendation n. 2/2001 by WP 29, provides guidelines for the collection of personal data online and, in particular, the methods, time and nature of the information that the Data Controllers must provide to the users when they navigate the web pages, regardless of the purposes of navigation.

Data Controller

The Data Controller is SESTRIERES S.p.A., with headquarters at 4 Piazza Agnelli, 10058 Sestriere (Turin). Sestrieres has named Spaziottantotto S.r.l. its Data Protection Officer (DPO), represented by Massimiliano Bonsignori.

Place of data processing and personnel in charge of processing
Processing related to this website’s services takes place at the Sestrieres SpA premises and the premises of the Internet service providers (hosting service providers) providing services used to create and make the website available, and at the premises of the Data Controller. Data is processed by appointed personnel alone, even in the event of maintenance and management of the processing systems.

Types of data processed

Navigation data and technically essential data. The IT systems and the software procedures designed for website operation acquire, throughout their regular operation, personal data whose transmission is implicit to the use of Internet communication protocols. These data are not collected to be associated to specific data subjects, but by their nature may – through processing and association to data owned by third parties – allow an identification of the users. This data category includes IP addresses, domain names of the computers used by the users to browse the website, URI (Uniform Resource Identifier) addresses of the resources requested, the time of requests, the method used to present requests to the server, the sizes of files received in response, the numeric code identifying the status of the server reply (successful, error, etc.) and other parameters related to the operating system and the user’s IT environment. These data are used for the sole purpose of retrieving anonymous statistical information related to the use of the website and to check its suitable operation. The data are deleted immediately after they are processed. The data may be used to verify liability in case of eventual cybercrimes committed against the website. Data voluntarily provided by the user. Data related to identified or identifiable persons may also be processed based on additional information communicated by the data subject, for instance, through the filling of forms for data collection or through the discretional, explicit and voluntary sending of e-mails to the addresses specified on this website, which implies a subsequent acquisition of the sender’s address to respond to his/her requests as well as other personal data shared in the e-mails.  E-commerce data. Data processed to manage the shop’s orders include personal information, addresses, proofs of payment, recommendations and notes.  Proflilng data. Data related to the habits or consumption choices of the data subject are not directly acquired.

This website uses cookies to transfer personal information. More specifically, it uses the so-called session cookies, which are not memorized persistently in the user’s computer and disappear upon closing the browser. Their use is strictly limited to the transfer of session IDs (random numbers generated by the server) required to guarantee safe and efficient navigation of the website and avoiding the use of other IT technology that may potentially harm the privacy of the users’ navigation. Session cookies do not allow the acquisition of personal user data. The name of this type of cookies is: USERNAME_CHANGED_RequestVerificationToken dnn_IsMobile language

Certain other types of cookies are stored for a maximum of 7 weeks to memorize navigation preferences, but strictly in the anonymous form. The name of this type of cookies is: ASPXANONYMOUS LandingPage OriginalReferrer At the end of the session

Moreover, the website uses (autonomous) third-party cookies that perform technical functions (e.g. videos, weather forecast, photo galleries, analytics activity) and, at times, commercial profiling functions. See the related sites for the respective cookie management methods.

For a detailed list of cookies used by the website vialattea.it, consult the specific page www.vialattea.it/cookie


Personal data are only used for the purposes of performing the requested services and are only communicated to third parties in case of need for such purposes. Services include: consultation and mere access to the website and its content; registration and login to the private area; payments; subscription and receipt of the newsletter; reporting; contact requests; etc. For certain services, no additional information or guidelines are provided. In any case, no data deriving from web services is shared or published without prior consent of the data subject. Finally, in certain cases (not pertaining to ordinary management), a Public Authority may request news and information, even personal, which the Data Controller must compulsorily provide.

Legal basis for processing – Management of Consent to processing
Personal data shall be processed when necessary if not prescribed by pre-contractual or contractual obligations or for legitimate interest through a consent request made to the data subject. The latter shall be informed of the purposes and reasons for processing as well as the storage time. Should this procedure not be followed, the Data Controller will not be able to perform the requested services and/or provide the goods requested by the data subject.

Voluntary nature of the data provided
In addition to the information provided concerning navigation data and technically essential data, it is specified that the user is free to choose whether or not to provide personal data for specific requests of goods and/or services. Failure to provide certain data considered essential may imply the inability to obtain the goods/services requested.



Private area
The data supplied by users in the registration phase are protected through encryption and authentication systems and is only accessible to authorized users, namely the subjects concerned and/or the third parties involved. Such data is subject to dissemination operations. Processing of personal data entered in the private area is pursuant to the law and may require an explicit authorization by the data subject to process the data, upon having read and understood a duly supplied notice.

Contact form and Newsletters
E-mail addresses used to send recurring newsletters derive from voluntary subscription by the recipients – who are always asked for approval of the same – as well as information acquired in the context of sale of goods or services by the Data Controller or similar contexts. The newsletter includes information and messages and material, even of a commercial or promotional nature. It is specified that the contact information is not taken from public lists of subscribers. Should the recipients not be interested in the messages, they may interrupt any further contact by clicking the specific link present in every message or by writing to the contacts at the bottom of the webpage, exercising their right to unsubscribe from the newsletter.

An e-commerce section is planned for registered users. It shall comply with the general terms of sale described in the specific section, including information related to shopping carts, orders, shipping, invoicing, etc. Collection and processing of personal data is strictly performed to comply with the obligations related to the performance of our organization’s business activity including, in particular: pre-contractual requirements; compliance with contractual obligations towards the data subject in the performance of an action, a set of actions or a set of operations required to fulfil the said obligations; fulfilment of obligations with public or private bodies related to or instrumental in the contract; performance and fulfilment of legal obligations. In relation to the said purposes, personal data processing may occur through manual, IT or telecom systems with methods closely correlated to their purposes and, in any case, to guarantee the safety and privacy of the data in accordance with the said legislation. In the stipulation and performance of the contractual relationship, the collection of certain personal data is, in certain cases, compulsory for legal and tax purposes; refusal to provide such data may prevent the existence of a relationship with the company. The related data processing does not require consent by the data subject. Personal data and the related processing will be communicated to companies for the performance of business activities (commercial, organizational or related to management of IT systems, insurance, banking or non-banking mediation, factoring, shipping management, packaging and sending of correspondence, credit management and protection) or to comply with the law (accountants, lawyers). The data will not be disseminated. Moreover, the following categories of subjects in charge of processing may acknowledge your data: marketing/business office, sales office, administration office.

Lift passes
Personal and identification data shall be collected for the purposes of issue of lift passes used at the lift facilities, which include a geolocation and surveillance system based on RFID technology. This system was introduced to verify that only the rightful lift pass holders enter the facilities. Data shall be collected through manual, IT or telecom systems with methods strictly related to their purposes. In particular, people counting at the turnstiles shall be recorded automatically by the system embedded in the Key card (RFID chip) and the turnstiles themselves (RFID antenna); this form of recording will allow a geolocation of the users through an electronic communication network. Moreover, the information found in the Regulations for the Use of Facilities and Slopes remains applicable.

Data processing method
Personal data processing, namely data collection, recording, management, storage, development, modification, cancellation and disposal or the combination of two or more such operations, shall occur through manual, IT and telecom systems, even automatically, with methods strictly related to the stated purposes and, in any case, guaranteeing safety and privacy and strictly for the time required to achieve the purposes for which the data were collected. Data shall be processed lawfully and correctly, and collected and stored for specific, explicit and legitimate purposes. They shall be updated when required and be relevant, complete and not further processed in a manner that is incompatible with the initial purposes of processing. Data processing shall comply with minimum safety standards and with the fundamental rights, freedom and dignity of the data subjects, especially in relation to privacy and personal identity. Specific safety measures are taken to prevent data loss, unlawful/incorrect use and unauthorized access.

Rights of the data subjects
The data subjects have the right, at any time, to: ask for confirmation of the existence of the data and know their content and origin; verify the correctness of the data and request integrations, updates or corrections of the same. Moreover, data subjects may request deletion, transformation in the anonymous form, or blocking of data processed unlawfully. They may also oppose, for legitimate reasons, data processing in general. Rights (access, correction, deletion, limitation, portability, opposition, etc.), where applicable and pursuant to articles 15-22 of the GDPR, may be protected through a complaint to the Garante per la Protezione dei Dati Personali (Italian Data Protection Authority, www.garanteprivacy.it). Should processing be based on consent, data subjects have the right to withdraw such consent, considering that the withdrawal of consent does not affect the lawfulness of processing based on consent before the withdrawal.


The applicable law for data processing related to this website is Regulation (EU) 2016/679.


The Data Processor is SESTRIERES S.p.A., with headquarters at 4 Piazza Agnelli, 10058 Sestrieres (Turin), tax code and VAT number 00941880015.

Sestrieres has named Spaziottantotto S.r.l. its Data Protection Officer (DPO), represented by Massimiliano Bonsignori. Requests must be made through the e-mail address privacy@vialattea.it, by calling +39 0122.799.411 or by sending a fax to +39 0122.799.460.