Request information


PROVINCIA DI BELLUNO, (Tax ID: 93005430256 – VAT No.: 00847010253) (hereinafter “PROVINCE”), in the person of its legal representative in office, with registered office in Belluno, Via S. Andrea, 5, and Consorzio DMO Dolomiti (Tax ID and VAT No.: 01178460257) (hereinafter “CONSORTIUM”), in the person of its legal representative in office, with registered office in Belluno (BL), Via Sant’Andrea, 5 – 32100, in their capacity as Joint Controllers pursuant to Articles 4, No. 7 and 26 of EU Regulation No. 2016/679 (GDPR), explain, below, the cookie policy (“Policy”) of this website (“Site”).
PROVINCE and CONSORTIUM will, hereinafter, be jointly referred to only as “Joint Controllers”: in this regard, they specify that the essential content of the relevant Joint Controllership agreement for processing pursuant to Article 26, paragraph 2 of the GDPR can be easily viewed by sending a specific request to any of the contact addresses provided in Article 6 below.

1. Legal framework.

1.1. The Policy is inspired by the following (first and/or second level) EU and/or national regulatory measures: (i) Directive 2002/58/EC of 12.07.2012 (so-called ePrivacy Directive), as amended by Directive 2009/136/EC; (ii) Art. 122 of the revised Legislative Decree No. 196/2003 (Privacy Code), which implemented the ePrivacy Directive into the national legal system; (iii) GDPR Art. 4, numbers 11), 7, 12, 13, 25 and 95 (as well as, especially, Recitals 30, 32 and 173); (iv) Guidelines 5/2020 adopted on 04.05.2020 by the EDPB, replacing the Guidelines of 10.04.2018 called Art. 29 WP; (v) Measure No. 231 of 10.06.2021 [web Doc. No. 9677876] signed by the Italian Data Protection Supervisor; (vi) Recommendation No. 2/2001 of Art. 29 WP; (vii) Opinion No. 2/2010 of Art. 29 WP; (viii) Opinion No. 4/2012 of Art. 29 WP; (ix) Guideline 8/2020 of the EDPB; (x) Measures No. 224 of 09.06.2022 [web Doc. No. 9782890], No. 243 of 07.07.2022 [web Doc. No. 9806053] and No. 254 of 21.7.2022 [web Doc. No. 9808698] signed by the Data Protection Supervisor.

2. Cookies and other tracking tools: definition and classification.

2.1. Cookies (1) are, as a rule, strings of text that a website (“publisher” or “first-party”) you visited or another website (“third-party”) places and stores on a terminal device you are using, either directly (in the case of the first-party website) or indirectly (through the latter, in the case of a third-party website). In this regard, the Data Protection Supervisor has specified the fact that the information, encoded in cookies, can include both personal data referred to in Art. 4, No. 1) of the GDPR (e.g., IP address, user name, e-mail address, unique identifiers) as well as non-personal data referred to in Art. 3, No. 1) of EU Regulation No. 1807/2018 (e.g., language; type of device used).
Alongside (or beyond) them, “other tracking tools” may exist (and, therefore, be used), which can be divided into “active” (which possess almost the same characteristics as cookies) and “passive” (e.g., finger printing).

2.2. Beyond their described intrinsic characteristics, cookies (and other tracking tools) can record different peculiarities in terms of time (and, therefore, be considered “session” or (2) “persistent” (3) , depending on their duration), from the subjective standpoint (depending on whether the publisher is acting independently or on behalf of a “third party”) as well as, finally (but especially), according to the purpose of processing, so they can be divided into two different (macro) categories:

  1. Strictly necessary”, used for the sole purpose of transmission of a communication over an electronic communications network, or as strictly necessary to the service provider of a company of the information explicitly requested by the contracting party or you to provide the service” (Art. 122, 1 of the Privacy Code).
    In this regard, the Data Protection Supervisor pointed out, in Measure No. 231 of 10.06.2021 (in continuation of the previous Measure of 2014 on the subject), that “analytical cookies” (4) may well be included within the hive of cookies (or other tracking tools) of a “strictly necessary” nature (and, therefore, may be used without the prior consent of the data subject), if certain conditions are met, and which preclude that the possibility of direct identification of the data subject (singled out) is achieved through their use (5).
  2. profiling”/“marketing” (not strictly necessary), used to trace back to specific, identified or identifiable subjects specific actions or repeated behavioural patterns in the use of the offered features in order to group the different profiles within homogeneous clusters of different breadths, so that it is possible for the Controller, among other things, to also modulate the provision of the service in an increasingly personalised manner beyond what is strictly necessary for the provision of the service, as well as to send targeted advertising messages (i.e., in line with the preferences expressed by you while browsing the web).

3. Cookies installed by our site.

3.1. When visiting our Site, the following types of cookies will be installed (or may be installed, subject to providing your consent):

4. Browser settings.

4.1. The Joint Controllers highlight the possibility for you to delete and block the cookies described in Art. 3 above at any time by using the appropriate browser settings: in this regard, the Joint Controllers add that, if you decide to disable the strictly necessary cookies referred to in Art. 2.2. point i), the quality and speed of the services and features offered and made available on the Site may deteriorate.

You can find information on how to manage cookies on some of the most popular browsers by visiting the following web pages: link link link link link link

5. Rights of the data subject.

5.1. In relation to the user’s personal data, the Joint Controllers inform you that pursuant to Art. 4, No. 1 of the GDPR, the relevant data subject has the right to exercise the following rights, possibly subject to the restrictions provided for in article 2 undecies and 2 duodecies of the Privacy Code: right of access pursuant to Art. 15 of the GDPR: right to obtain confirmation as to whether or not your personal data are being processed, as well as the information referred to in Art. 15 of the GDPR (e.g., purpose of processing, storage period); right to rectification pursuant to Art. 16 of the GDPR: right to correct, update or complete incomplete personal data; right to erasure pursuant to Art. 17 of the GDPR: right to obtain the erasure or destruction or anonymisation of personal data, where, however, the conditions listed in the same article are met; right to restriction of processing pursuant to Art. 18 of the GDPR: right with a markedly precautionary connotation, aimed at obtaining the restriction of processing where the assumptions governed by the same Art. 18 exist; right to data portability pursuant to Art. 20 of the GDPR: right to obtain personal data, provided to the Joint Controllers, in a structured, commonly used and machine-readable format (and, where required, to transmit them directly to another Controller), where the specific conditions indicated by the same article are met (e.g., legal basis of consent and/or performance of a contract; personal data provided by the data subject); right to object pursuant to Art. 21 of the GDPR: right to obtain the termination, on a permanent basis, of a specific processing of personal data; right to lodge a complaint with the Supervisory Authority (i.e., Italian Data Protection Supervisor) pursuant to Art. 77 of the GDPR: right to lodge a complaint when it is believed that the processing in question violates national and EU personal data protection legislation.

5.2. In addition to the rights described in Art. 5.1. above, the Joint Controllers specify that, in relation to the personal data of the data subject, there exists, where possible, the right to exercise, on the one hand, the (sub)right provided for in Art. 19 of the GDPR (“The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17[1] and Article 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.”), to be considered connected and related to the exercise of one or more rights regulated in Articles 16, 17 and 18 of the GDPR; on the other hand, the Joint Controllers specify that, in relation to the personal data of the data subject, there exists, where possible, the right to exercise the right provided by Art. 22(1) of the GDPR (“The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her”), subject to the exceptions provided for in paragraph 2 below.

5.3. In compliance with Article 12, paragraph 1 of the GDPR, the Joint Controllers undertake to provide you with the communications referred to in Articles 15 to 22 and 34 of the GDPR in a concise, transparent, intelligible, easily accessible form and in simple and clear language: this information will be provided in writing or by other means, possibly electronic, or, at your request, will be provided orally provided that your identity is proven by other means.

5.4. In compliance with Art. 12 paragraph 3 of the GDPR, the Joint Controllers undertake to provide the data subject with information regarding the action taken regarding any request made under Art. 15 to 22 of the GDPR without undue delay and, in any case, no later than one month after receipt of the request; this period may be extended by 2 months if necessary, taking into account the complexity and number of requests (in such case, the Controller undertakes to inform the user of such extension and the reasons for the delay, within one month of receipt of the request).

5.5. The user may, at any time, exercise the rights set out above (with the exception of the right provided by Article 77 of the GDPR) by using the contact details explained in Article 6.

6. Contact details.

6.1. PROVINCE may be contacted at the following address:; CONSORTIUM may be contacted at the following address:

6.2.The Data Protection Officer (DPO) referred to in Art. 37 of the GDPR, appointed by PROVINCE, may be contacted at the following address:; the Data Protection Officer (DPO) referred to in Art. 37 of the GDPR, appointed by CONSORTIUM, may be contacted at the following address:

7. Social plug-ins.

7.1. In compliance with the EDPB’s Guideline No. 8/2020, the Joint Controllers also specify that they hold the status of Joint Controller of the processing pursuant to Articles 4, No. 7 and 26 of the GDPR with some social media providers (e.g., Facebook and Instagram), by reason of the installation, on the Site, of their social plug-ins, which can be easily viewed and used on our Site.

Belluno, dated April 23, 2024 (date of most recent update)..


Consorzio DMO (Destination Management Organization) Dolomiti

(in the person of their respective legal representatives in office)

1  See Recital 30 of the GDPR (“Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.”), and Article 122 paragraphs 1 and 2 of the Privacy Code (“1. The storage of information on the terminal equipment of a contracting party or user or access to information that has already been stored is permitted only on condition that the contracting party or user has given consent after being informed in a simplified way. This does not prohibit any technical storage of, or access to, information already stored if it is solely for the purpose of transmission of a communication over an electronic communications network, or as strictly necessary to the service provider of a company of the information explicitly requested by the contracting party or user to provide that service. For the purposes of determining the simplified way referred to in the first sentence, the Data Protection Supervisor shall also take into account the proposals made by the most representative national consumer associations and economic categories involved, including for the purpose of ensuring the use of methodologies that ensure the effective awareness of the contracting party or user. 2. For the purpose of giving the consent referred to in paragraph 1, specific configurations of computer programs or devices may be used that are easy and clear for the contracting party or you to use.”); see, also, page 15 of Measure No. 231 of 10.06.2021 issued by the Data Protection Supervisor: “ date, there is not yet a universally accepted system of semantic coding of cookies and other tracking tools that would make it possible to objectively distinguish, for example, strictly necessary cookies from analytic or profiling ones, except by relying on the indications provided by the Controller in the privacy policy [...] it is hoped that a coding of a general nature will be reached quickly.” 

2  Cookies designed to collect and store data while you are on a website, and to disappear once you close the relevant browsing session.

3  Cookies that can last for a predetermined period of time (e.g., minutes, months, years).

4  Analytical cookies are, typically, used by a publisher to evaluate the effectiveness of information provided by an information company, for the design of a website or, finally, to help measure its traffic (i.e., the number of visitors, including possibly broken down by geographic area, time slot of connection).

5 See Measure No. 231 of 10.06.2021 issued by the Data Protection Supervisor, page 13/14: “The structure of the analytical cookie will then have to provide for the possibility that it can be referable not just to one, but to multiple devices, so as to create reasonable uncertainty about the computer identity of the person receiving it. As a rule, this effect is achieved by masking appropriate portions of the IP address within the cookie. Taking into account the 32-bit presentation of IP version 4 (IPv4) addresses, which are usually presented and used as a sequence of four decimal numbers between 0 and 255 separated by a dot, one of the measures that can be implemented in order to benefit from the exemption is to mask at least the fourth component of the address, an option that makes the attribution of the cookie to a specific data subject equal to 1/256 (about 0.4 percent) uncertain. Similar procedures should be followed with reference to IP version 6 (IPv6) addresses, which have a different structure and an enormously larger address space (being made up of binary numbers presented with 128 bits). The Data Protection Supervisor also stresses the need for the use of analytical cookies to be limited solely to the production of aggregate statistics, and for them to be used in relation to a single site or mobile application, so that they do not allow for tracking anyone who browses by using different applications or browses different websites. It is therefore understood that the third parties, who provide the publisher with the web measurement service, shall not, in any case, combine the data, even thus minimised, with other processing (customer files or statistics of visits to other sites, for example) or transmit them in turn to other third parties, under penalty of unacceptably increasing the risks of identification of users; except in the case where their production of statistics with minimised data affects several domains, websites or apps that can be traced back to the same publisher or group of companies. However, it is possible to deem the use of statistical analyses relating to several domains, websites or apps that can be traced back to the same data controller lawful, even without taking the required minimisation measures, as long as the latter carries out the statistical processing on his own, and such analyses result in an activity that, going beyond the boundaries of a mere statistical count, actually takes on the characteristics of processing aimed at making decisions of a commercial nature.”

Thank you

Grazie: ti abbiamo inviato una mail per attivare la tua iscrizione e selezionare le tue preferenze se previsto.

Something went wrong



Subscribe to the newsletter


Thank you

Your request has been sent successfully and we will reply as soon as possible. A copy of the data you have provided us with has been sent to your email address.


Request information

You are sending the request to: Belluno Dolomites