Privacy Information Data Processing
Article 13 Reg. EU 2016 / 679- GDPR
Information regarding the processing of personal data collected from the interested party In compliance with the provisions of EU Reg. 2016/679 (European Regulation for the protection of personal data) we provide you with the necessary information regarding the processing of personal data provided. This is an information that is provided pursuant to art. 13 of the EU Reg. 2016/679 (European Regulation for the protection of personal data) and is also inspired by the provisions of Directive 2002/58 / EC, as updated by Directive 2009/136 / EC, concerning Cookies as well as to what provided for by the Provision of the Authority for the protection of personal data of 08.05.2014 regarding cookies.
1.SUBJECTS OF THE TREATMENT
The OWNER OF THE TREATMENT, pursuant to articles 4 and 24 of the EU Reg. 2016/679 is T.A.M. Srl
- TYPE OF DATA
For the purposes of this information we mean: Personal data: any information concerning a data subject, with particular reference to an identifier such as the name, an identification number, location data, an online identifier or one or more characteristic elements of his physical, physiological, genetic, psychic, economic, cultural or social identity – see art. 4, c. 1, n. 1 GDPR. We inform you, pursuant to EU Regulation 2016/679, general regulation on data protection, that the personal data you provide or otherwise acquired by it in compliance with the laws in force, may be processed, in compliance with the aforementioned law and confidentiality obligations.
The processing of personal data means: “any operation or set of operations, carried out with or without the aid of automated processes and applied to personal data or set of personal data, such as collection, registration, organization, structuring , conservation, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of provision, comparison or interconnection, limitation, cancellation or the destruction”. The interested party must be understood as: “identified or identifiable natural person”.
- PERSONAL DATA IDENTIFICATION COLLECTED
T.A.M. Srl may collect its “Personal Data”, ie information that identifies the User as a natural person or through which the User can be identified, such as those listed below:
- contact details such as namepostal address, e- mail and phone number;
- credit card number or other payment account number, billing address and other payment and billing information (“Payment Data”).
Please note that if you request information, reports and complaints it could be you, by filling out the web form, to spontaneously provide us with your personal data that can be classified as particular categories of data. In this regard, we invite you not to provide us with such data unless strictly related to the presentation of the facts. If, on the other hand, you believe that the data is essential for the display of requested information, reports and complaints and therefore wants to provide them to us, T.A.M. Srl will only be able to process them in the presence of your explicit consent. In this case, we therefore ask you to confirm this by checking the box “I accept the information on Privac y”. We inform you that, in the absence of consent, we will not be able to process the complaint, notification or request for information.
- PURPOSE AND LAWFULNESS OF THE PROCESSING
The personal data provided will be processed in compliance with the lawfulness conditions of art. 6 lett. b Reg. EU 2016/679 for the following purposes:
– navigation on this website;
– to allow the response to requests for information, estimates, reports and complaints;
– to verify the degree of customer satisfaction;
– drafting of the inspection report, disputing administrative violations for travel irregularities, imposing the related sanction and subsequent communications and / or notifications by law;
– provision of travel documents;
– internal consulting activities in the insurance sector, aimed at the education and settlement of claims;
– to comply with current administrative, accounting and tax obligations, as well as to comply with laws and regulations;
– defense by the Data Controller in court or in the stages leading to possible legal action, against abuse deriving from an unlawful use of the website or related services by the User;
– evaluate any CVs received in the “Work with us” section provided voluntarily, compatibly with any internal needs;
– statistical purposes in anonymous form (to evaluate the number of accesses, etc.);
Your personal data will also be processed for the following purposes:
– fulfill obligations in the field of fraud prevention in the electronic ticketing system, customer satisfaction surveys;
– to comply with legal obligations of an administrative, accounting, civil, fiscal, regulations, EU and / or non-EU legislation, to manage any dispute.
With your consent, your data may also be processed for purposes of commercial communications concerning public transport services and the related tariff via newsletter, sent to your e-mail address. The processing is necessary for the execution of the contract signed by you and to fulfill the obligations provided by the law. Except in the case of a possible Newsletter on our services where your consent is required, the legal basis of the processing is the need for the pursuit of the aforementioned purposes.
For the purposes of the application of the provisions on the protection of personal data, the processing carried out for administrative and accounting purposes is that connected with the performance of the organizational, administrative, financial and accounting activities necessary for the provision of the service.
- RECIPIENTS OR CATEGORIES OF DATA ADDRESSEES
Personal data provided may be communicated to recipients, appointed pursuant to art. 28 of the EU Reg. 2016/679, which will process the data as managers and / or as natural persons acting under the authority of the owner and manager, in order to comply with contracts or related purposes. Specifically, the data may be communicated to recipients belonging to the following categories:
– Subjects that provide services for the management of the IT system and of the T.A.M. Srl (including e-mail);
– Studies or companies in the context of assistance and consultancy relationships;
– Competent authorities for the fulfillment of legal obligations and / or provisions of public bodies, upon request.
The subjects belonging to the aforementioned categories act as Data Processing Manager, or operate in total autonomy as separate Data Controllers. The list of designated Data Processors is constantly updated and available at the T.A.M. Srl.
- TRANSFER OF DATA TO A THIRD COUNTRY AND / OR AN INTERNATIONAL ORGANIZATION
The personal data provided may be transferred abroad within or outside the European Union, within the limits and under the conditions of the articles 44 et seq. of the EU Regulation 2016/679, in order to comply with purposes related to the transfer itself. The interested party may obtain a copy of the conditions underlying the transfer by writing an email to the address email@example.com
- CONSERVATION PERIOD OR CRITERIA
The processing will be carried out in an automated and / or manual way, with methods and tools aimed at guaranteeing maximum security and confidentiality, by persons specifically appointed for this purpose. In compliance with the provisions of art. 5 paragraph 1 letter. e) of the EU Regulation 2016/679 the personal data collected will be stored in a form that allows the identification of data subjects for a period of time not exceeding the achievement of the purposes for which the personal data are processed.
The data collected for requests for information, reports and complaints can be kept for 10 years after the request is received. Your personal data will be stored even after the termination of the contract for 5 years for the fulfillment of any obligations connected or deriving from the contract for the period of duration prescribed by the laws in force and according to the limitation period of the rights arising from the contract itself . To know the criteria at the base of the data retention period write to firstname.lastname@example.org.
- NATURE OF THE PROVISION AND REFUSAL OF THE DATA
Apart from that specified for navigation data, the user is free to provide personal data in dedicated areas on the site. The provision of personal data for the purposes referred to in point 4) of this information document is necessary to improve the specific functions and use the services offered to the Data Controller, for example to receive feedback on the request for information submitted. Failure to provide personal data may make it impossible to obtain the requested service or use the services offered by the site.
- RIGHTS OF THE INTERESTED PARTIES
You may assert your rights as expressed in articles 15, 16, 17, 18, 19, 20, 21, 22 of the EU Regulation 2016/679, by contacting the Owner, writing to the address email@example.com by filling in the specific form Mod.04 Request for access to data. You have the right, at any time, to ask the Data Controller for access to your personal data, rectification, cancellation of the same, limitation of processing. Furthermore, you have the right to object, at any time, to the processing of your data (including automated processing, eg profiling) as well as to the portability of your data.
Without prejudice to any other administrative and judicial appeal, if you believe that the processing of data concerning you violates the provisions of EU Reg. 2016/679, pursuant to art. 15 letter f) of the aforementioned EU Reg. 2016/679, you have the right to complain to the Guarantor for the protection of personal data and, with reference to art. 6 paragraph 1, letter a) and art. 9, paragraph 2, letter a), has the right to revoke the consent given at any time. In the case of request for data portability, the Data Controller will provide you with a structured format, commonly used and readable, by automatic device, the personal data concerning you, without prejudice to paragraphs 3 and 4 of the art. 20 of the EU Reg. 2016/679.
- CHANGES TO THESE PRIVACY POLICIES
The Data Controller periodically verifies its privacy and security policy and, if necessary, revises it in relation to regulatory, organizational or technological changes. In the event of a change in policies, the new version will be published on this page of the site.