Privacy Blueticketing


For Blueticketing service users

(Articles 12, 13, and 14 of Regulation (EU) April 27, 2016, No. 679)




What is Blueticketing?

Blueticketing is an application that allows you to access ski slopes simply using your smartphone. The data entered within the application are processed by Blueticketing Srl, VAT number 10145920962, headquartered at Corso Giuseppe Garibaldi, 12 - 20121 - Milan (MI), by the company managing the ski resort you are accessing, and by the company managing the service for sending confirmation SMS of your authentication (Aruba Spa) (hereinafter "Data Controllers"). Regarding the processing of data carried out by Blueticketing Srl, you can refer to the privacy policy you are reading. Regarding the processing of data by the ski resort company, you can refer to the privacy policy of the ski resort providing you the service. Regarding the processing of data by the company managing the SMS sending service, you can refer to the privacy policy of Aruba Spa. For any questions or clarification regarding the privacy of the App, contact Blueticketing at the email address info@blueticketing.com.


Why use Blueticketing?

The ski resort has chosen to equip itself with the application to make the authentication process much smarter and to allow you to access all slopes simply using your smartphone. Our goal is to explain how authentication works and what personal data will be processed.


How does authentication work and what personal data is processed?

Once you have downloaded the application, you will be asked to enter your mobile number. Therefore, the only personal data requested is your mobile number.


But who actually processes my mobile number and how?

Your mobile number is transformed into a sort of special password, called Blueticketing ID. However, this identifier, although generated from your mobile number, does not allow retrieving your mobile number in any way (the Blueticketing ID is therefore irreversible and it is not possible, using the Blueticketing ID, to trace back to your mobile number that generated it). The Blueticketing ID will be transmitted to the App and to the ski resort access control system to allow you access to the slopes. Once the identification code is generated, Blueticketing deletes the phone number information, which is not saved in any way in the database. Only for the purpose of allowing us to send an SMS to verify your identity during authentication, your mobile number will be sent to the company managing the SMS sending service. Your mobile number will then be saved and stored for a certain period (for the period established by the Aruba policies) in the archives of the SMS sending provider (Aruba Spa). For any information on how the data is processed, you can refer to the privacy policy of Aruba Spa.


How are my location data treated?

For the proper functioning of the system, the Blueticketing app will require access to the location of your smartphone in "always" mode, even when the app is in the background. Blueticketing does not save the user's location data in any way but simply uses GPS within the Bluetooth-based communication protocol.


How are the phone numbers in my smartphone's address book treated?

In its normal operation, the app does not access the contacts in your phone's address book. When you want to purchase a subscription not for yourself, but for someone else, the app asks you to specify the beneficiary of the subscription. To facilitate data entry, the app asks for permission to access your address book, so you can choose one of your contacts as the subscription beneficiary. The address book is consulted in read-only mode, and no part of it is copied or transferred to our servers. Once you have chosen the subscription beneficiary from your contacts, just as is done for a purchase made for yourself, the selected phone number is immediately transformed into Blueticketing ID so that it is never saved within the Blueticketing infrastructure, thus excluding any type of treatment and storage of the number in clear. It is important to remember that the Blueticketing ID is irreversible, and therefore it is not possible, using the Blueticketing ID, to trace back to the mobile number that generated it.


What are my rights?

At any time and in any case, you can exercise, pursuant to Articles 15-22 of EU Regulation No. 2016/679, the right to:

  • request confirmation of the existence or otherwise of your personal data;
  • ask the data controller for access to your personal data;
  • request information on: the purposes of the processing, the categories of personal data processed, the recipients or categories of recipients to whom your personal data have been or will be communicated, and, where possible, the retention period;
  • obtain the rectification or erasure of your data;
  • obtain the restriction of processing of your personal data;
  • obtain data portability, i.e., receive them from the data controller in a structured, commonly used, and machine-readable format and transmit them to another data controller without hindrance;
  • object to the processing at any time;
  • lodge a complaint with a supervisory authority.
PLEASE NOTE: Blueticketing does not store your data in any way, so we may not be able to fulfill some of your requests because we do not store any data at any time (for example: we cannot modify or delete the data, precisely because we do not save it anywhere), but we are still available to help or provide information: info@blueticketing.com You can still contact the other data controllers to exercise your rights, according to the methods and instructions provided by each data controller.


How can I exercise my rights?

You can exercise your rights by sending a written request to the data controller at the postal address of the registered office by registered letter with return receipt or by email to the email address info@blueticketing.com.


How long and how will we keep your data?

Blueticketing does not store your data in any way, but only the Blueticketing ID, which does not allow tracing back to your mobile number, the only personal data processed but not retained.



Versione Italiana