pursuant to section 13 D.Lgs. 30.06.2003 n. 196 and section 13 UE Regulation n. 2016/679
Last update August 2018
TIBURTINA BUS S.R.L. (in acronym TI.BUS S.R.L.), registered office in Largo Guido Mazzoni, snc – Rome tel. 06 442595, company as the data controller which collects and processes personal data in accordance with section 13 D.Lgs. 30.06.2003 n. 196 (Privacy Code) and section 13 UE Regulation 13 n. 2016/679 (“GDPR”) in which your data will be processed in the manner and for the purposes described in this document.
This policy is divided in 11 sections:
- Owner and Manager
- Subject matter of process
- Purpose of process
- Process method
- Access to data
- Data Communication
- Right of the interested party
- Security Measures|
- Modifications to this Information
For TIBUS S.R.L., privacy and security of personal data are very important, for this reason they are collected and treated with the utmost attention, adopting at the same time specific technical and structural measures to guarantee full security of the treatment.
With regard to the rules and regulations valid for all treatments contained in Code 196/2003, section 11 establishes first that the personal data being processed are:
- treated in a lawful and correct manner:
- collected and registered for specific, explicit and legitimate purposes, and used in other processing operations that are compatible with those purposes:
- exact and, if necessary, updated:
- relevant, complete and not exceeding the purposes for which they are collected or subsequently processed:
- stored in a form that allows identification of the interested party for a period of time not exceeding that necessary purposes for which they were collected or subsequently processed.
Therefore, customers are informed in accordance with section 13 of the 2016/679 (“GDPR”) European Regulation, that the processing of personal data takes place in a manner suitable to guarantee security and confidentiality, and is carried out using paper, computerized and telematic means, as detailed herein information
Personal Data: is intended per any information concerning an identified or identifiable physical person (“pertaining”); the physical person who can be identified, is considered identifiable, directly or indirectly, with particular reference to identification such as the name, an identification number, data related to its location, an online identification or one or more characteristics of its physical, psychological, cultural, social and psychological identity.
Process: intended as any process or set of processes, performed with or without the aid of automated systems and applied to personal data or a series of data, such as the collection, registration, organization, structuring, conservation, adaption or modification, extraction, consultation, use, communication by transmission, disclosure or any other form of provision, comparison or interconnection, limitation, cancellation or destruction.
Particular categories of personal data: intended as revealing racial or ethnic origin, politic views, religious or philosophical beliefs, or union membership, as well as processing genetic data, biometric data intended to uniquely identify a physical person, data relating health or sexual life and orientation of the individual.
Holder of the Process: intended as the physical individual o juridical, public authority, the service or other organization that singularly or along with others, determines the purposes and means of processing personal data.
Process liability: intended as the physical person or judicial, public authority, service or other organization that processes personal data on behalf of the process holder.
Pertaining: intended as the physical person to whom the personal data refers to.
03. Owner and Manager
The data controller is la TIBUS S.R.L., with registered office in in Largo Guido Mazzoni, snc – Rome tel. 06 442595, PEC firstname.lastname@example.org.
The person in charge of the processing has been appointed as the Privacy Manager, whose name, as well as an updated list of the other managers, is available upon request.
You can contact the Privacy Manager at: email@example.com.
04. Subject matter of process
Personal data are the subject of the processing, personal data is information that identifies directly or indirectly, a physical or legal person that can provide information on its characteristics, its habits, its lifestyle, its personal relationships, its state of health, and economic situation.
In particular importance are:
- data that allows direct identification such as personal data (for example name and surname), images etc., and data that allow indirect information, such as identification number (for example social security, IP address, car license plate).
- Data included in particular categories: the so- called “sensitive data”, such as those which reveal racial or ethnic origin, religious beliefs, philosophical, political views, union membership, health related, life or sexual orientation.
- EU Regulation 2016/679 (section 9), also includes genetic data and bio-metric data in the concept:
- Data relating criminal convictions and felonies: pertaining “judicial” data that can reveal the existence of certain judicial measures subject to registration in the judicial register (for
example final conviction penalties, probation or parole, or alternative actions to detention), and/or in quality of defendant or suspect.
Thanks to technological evolution, other personal data have assumed a significant role, such as those related to electronic communications (via the internet or phone) and those which allow location, providing information on places frequented and movements.
05. Purpose of Process
Personal data are processed:
A – for Contractual Purposes without prior consent and precisely for:
- allow execution and manage the contract relationship
- aid in assistance activities
- perform aggregated statistical analysis on an anonymous basis to improve our services and assistance
- management and administration of the contractual relationship (such as billing service, management of bus stall service area, dispatch of service communications, debt recovery)
- comply to obligations established by the law, regulations, community regulations
The provision of data for contractual purposes is mandatory. The eventual refusal to provide such data implies the impossibility of establishing the contractual relationship.
B – for other non-contractual purposes only, prior consent. This purpose is reserved exclusively for transportation companies that carry out the service in the auto-station, and precisely for:
- Insertion and display on our website tibusroma.it and on our app “MyTibus” of data and information related to site activity.
- Information sent by email, phone or newsletter of Tibus initiatives.
Consent of processing data for other purposes is optional. With possible refusal of consent, the data will not be displayed on the website www.tibusroma.it and on the app “MyTibus”; the refusal of consent will not have any consequence on the use of general services and the data in these cases will be treated only for contractual purposes.
C – for other purposes (reserved to users) connected to website consultation activities tibusroma.it, the app “MyTibus”, the Facebook page and free wi-fi in auto-station:
- Navigation data detected, IP address, URL of the requested resources, operating system and more are solely used for anonymous statistical information.
- The collected data will be kept until the end of the consultation.
- Tibus does not use the data for commercial purposes nor user profiling activities.
- The explicit and voluntary option of sending email or chat to the addresses indicated on the site, involves the acquisition of sender’s data in order to respond requests as well as any other personal data entered. Data will be deleted at the end of consultation activity.
06. Process Method
Personal data are subject to paper, electronic and automated processing.
The processing of personal data is carried out by means of collection, registration, organization, storage, consultation, processing, modification, extraction, use, cancellation and destruction of data.
Tibus processes personal data for the time necessary to fulfill the aforementioned purposes.
The fiscal data, connected to the contractual purposes, are kept for at least 10 years, time required by current legislation. Once exceeded this legal term at any time the person concerned may request the deletion of data.
07. Access to data
The data may be made accessible for the purposes mentioned above:
- To employees and associates of Tibus in their capacity as person in charge and/or internal managers of the processing and/or system administrators.
- To third parties (such as credit recovery companies, data processing services for billing companies, filing of documentation relating to relationships with customers, etc.) who carry outsourcing activities on behalf of Tibus in their capacity as managers in charge of external processing.
07. Data Communication
Tibus may communicate the data without expressed consent for the contractual purposes to the judicial authorities, where requested by them, as well as to all other subjects to whom the communication is necessary by law or by contract to allow the accomplishment of said purposes.
These subjects will treat the data in their capacity as independent data controllers. The data will not be disclosed.
08. Rights of the Interested Party
By communication to be sent the privacy Manager – TIBUS S.R.L. Largo Guido Mazzoni snc (Roma), tel. 06 442595, firstname.lastname@example.org, the customer may at any time exercise the rights referred in section 7 D. Lgs. 196/2003, among which:
1 – Obtain without delay, the confirmation of the existence or not of personal data;
2 – Obtain:
- Indication of the origin of personal data, of the purposes and methods of processing, of the logic of processing carried out with the aid of electronic instruments, of the indicative personal data of the holder or of the responsible, of the subject r categories of subjects to which the data can be communicated or that can acknowledge it as responsible or entrusted, updating, rectification or, if interested, integration of data;
- Cancellation, transformation into anonymous form or blocking of data processed in violation of the law;
3 – Object, in whole or in part, to the processing of personal data concerning him, provided for the purposes of commercial information or sending advertising material or for carrying out market research or commercial communication.
Based on the established provisions guaranteed by the UE Regulation n. 2016/679, relating to the personal data subject of this information, the interested party has the right to exercise the following rights:
- Right of access and rectification (Sec. 15 and 16 of Regulation): the interested party has the right to access personal data and request correction, modification or integration. If desired, a copy in our possession will be provided.
- Right to delete data (Sec. 17 of Regulation): in cases provided by law in force, the person concerned may request the deletion of personal data. Received and analyzed the request, we will cease and delete personal data, if deemed legitimate.
- Right to limit the processing (Sec. 18 of Regulation): the interested party has the right to request the limitation of personal data in case of unlawful processing or contestation of the accuracy of data.
- Right to the portability of data (Sec. 20 of Regulation): the interested party has the right to request and obtain, by the data controller, personal data in order to forward them to another holder, in cases provided for in the section referred to.
- Right to oppose (Sec. 21 of Regulation): the interested party has the right to oppose at any time the processing of personal data carried out on the basis of our legitimate interest, explaining the reasons justifying the request, before accepting, the controller will evaluate the reasons for the request.
- Right to submit a complaint (Sec. 77 of Regulation): the interested party has the right to submit a complaint with the competent authority for the protection of personal data if he/she considers that an infringement of the rights in relation to the processing of personal data has taken place (garanteprivacy.it).
09. Security Measures
TIBUS undertakes to protect personal data with specific technological and organizational security measures, aimed to prevent from being used unlawfully or deceitfully.
TIBUS will test regularly, verify and evaluate the effectiveness of security measures, in order to guarantee continuous improvement in the safety of processing.
10. Modifications to this Information
The constant evolution of services, may involve changes in the characteristics of the processing of personal data described at any time. This privacy statement may therefore undergo changes and additions over time, which are necessary for new regulatory measures regarding the protection ofpersonal data. We therefore encourage our customers to check periodically the contents of the information on our website www.tibusroma.it in the dedicated section.
DATA PROCESSING HOLDER
TIBURTINA BUS S.R.L.