Logo BRT
dpd Group
/
 

INFORMATION NOTICE ABOUT THE PROCESSING OF PERSONAL DATA

(articles 13 and 14 of Regulation (EU) 679/2016 – General Data Protection Regulation – GDPR)

 

CONTROLLER

BRT S.p.A., with registered office Italy, Foro Buonaparte 67-20121 Milan, and administrative headquarters in Italy, Bologna, Via Enrico Mattei 42, 40138, with tax code and VAT number 04507990150, registered in the Milan Business Register and Economic and Administrative Directory at No. 1734257 (hereinafter also referred as the “Company”).

 

DATA PROTECTION OFFICER (DPO)

The Company’s Data Protection Officer can be contacted at the e-mail address dpo@brt.it

 

SOURCE OF THE PERSONAL DATA

Your personal data, indicated in article 4.1 below, has been supplied to the Company by you or has been supplied by the sender of the shipment if not by you.

 

1 - PURPOSE OF THE PROCESSING

1.1 - Contractual purposes: the personal data (“Data”) will be processed for use of the services supplied by the Company, even via the www.brt.it website (“Website”), for contractual, management, accounting and tax purposes.
1.2 - Legal obligations: the Data will be processed in order to comply with the obligations of applicable domestic and supranational regulations, even relating to accounting and tax.
1.3 - Controller’s rights: if necessary, the Data will be processed in order to establish, exercise or defend Company legal claims.
1.4 - Out-of-court debt collection: if necessary, the Data will processed in order to allow the Company to collect debts owed to it without recourse to the courts.
1.5 - Website Operation: the Data will be processed by the computer systems and the software procedures for controlling operation of the Website which, during their normal operation, acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This is data that is not collected in order to be associated with identified data subjects, but which, by its very nature, could, by being processed and associated with data held by the Company or by third parties, allow Website users to be identified.

 

2 - LEGAL GROUNDS FOR PROCESSING

2.1 - Contractual purposes and Website operation: performance of a contract to which you are a party, or in order to use the Website and use the services supplied by the Company, even via the Website.
2.2 - Legal obligations: the need to meet legal obligations.
2.3 - Controller’s rights and Out-of-court debt collection: legitimate interest.

 

3 - PERIOD FOR WHICH THE PERSONAL DATA WILL BE STORED

3.1 - Contractual purposes, Legal obligations: for the entire term of the contract and, after the contract has ended, for 10 years.
3.2 - Controller’s rights and Out-of-court debt collection: in the event of out-of-court disputes, for the term of such disputes, until the expiry of enforceability deadlines of the appeal action.
3.3 - Website Operation: for the duration of the navigation session on the Website. Once the storage periods indicated above have expired, the Data will be destroyed, erased or anonymised, in line with erasure and backup technical procedures.

 

4.1 – CATEGORIES OF PERSONAL DATA PROCESSED FOR CONTRACTUAL PURPOSES - LEGAL OBLIGATIONS - CONTROLLER’S RIGHTS - DEBT COLLECTION

Personal details, contact data, administrative - accounting data.

 

4.2 – CATEGORIES OF PERSONAL DATA PROCESSED FOR WEBSITE OPERATION

The IP addresses or domain names of computers used by users who connect to the Website, URI (Uniform Resource Identifier) addresses of resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the state of the data response from the server (successful, error, etc.), other parameters relating to the operating system and to the user’s computer environment, information about user behaviour on the Website, the pages visited or searched for, in order to select and render specific announcements to the Website user and the data about navigation behaviour retained on the Website, for example, using cookies.

 

5 - COMPULSORY PROVISION OF DATA

The provision of the Data referred to in point 4.1 for the purposes indicated in point 1.1 is compulsory. Therefore, anyone refusing to supply the above-mentioned personal data will not be able to use the Company services, even via the Website. Some of the personal data indicated in point 4.2 is strictly necessary for Website operation, others are only used to obtain anonymous statistical information about use of the Website and to check its correct operation, and are erased immediately after processing. During processing of personal data which may, directly or indirectly, identify you, we apply a strictly necessary principle. For this reason, we have configured the Website in such a way that the use of personal data is minimised and so as to limit the processing of personal data which allows you to be identified only if necessary or at the request of authorities and the police (e.g.: data relating to traffic and your time spent on the Website or your IP address) or for investigating responsibility in the event of theoretical cybercrimes.

 

6 - DATA RECIPIENTS

The data may be processed by external subjects operating in the capacity of independent controllers, for example, authorities and supervisory bodies and in general subjects, whether public or private, who may legitimately request the data.
The data may also be processed, on behalf of the Company, by external subjects appointed as data processors, who are issued with suitable operating instructions. Such subjects basically fall within the following categories:

a. businesses which supply transportation services;
b. businesses and professionals supplying banking, administrative, accounting, Company credit protection and rights protection services;
c. businesses and professionals supplying insurance services;
d. businesses supplying services for the management, maintenance and development of the Company computer systems and the Website;
e. businesses providing support for market research.

 

7 - SUBJECTS AUTHORISED TO CARRY OUT PROCESSING

The Data may be processed by employees of the departments of the Company and the data processors appointed, who are assigned for the purposes indicated above, who have been expressly authorised to carry out the processing and have received suitable training.
The Data referred to in point 4.2, gathered during Website navigation will be processed by employees and collaborators of the Company or external subjects, in their capacity as persons in charge of processing and processors, who perform Website technical and organisational tasks on behalf of the Company.
A complete, up-to-date list of the data Processors appointed by the Company can be obtained by e-mailing privacy@brt.it

 

8 – YOUR RIGHTS AS THE DATA SUBJECT - COMPLAINT TO THE SUPERVISORY AUTHORITY

By contacting the Company you can request:
1) access to the Data concerning you,
2) erasure of the data,
3) rectification and completion of Data that is inaccurate or incomplete,
4) restriction of processing in those cases envisaged by art. 18 of the GDPR,
5) the right to object to processing in the legitimate interest of the Company,
6) if the processing is based on consent or on the contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly-used, machine-readable format, and, if technically feasible, to transmit it to another controller without impediment.
7) in cases envisaged in art. 22 of the GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
To exercise the rights indicated in the preceding list, you can contact the Company by e-mail at the address privacy@brt.it You also have the right to complain to the competent Supervisory authority in the member state in which you habitually reside or work, or of the State in which the alleged breach occurred.

 

9 – STORAGE OF PERSONAL DATA AND TRANSFER TO NON-EU COUNTRIES

Your personal data will be stored and processed within the European Union. The details of the EU countries, divided by application, may be requested from the Company at privacy@brt.it If, in order to pursue the purposes of the processing, your personal data are transferred to countries outside the EU, the Company will set up appropriate safeguards for the transfer as provided by law.

 

10 – DATA SECURITY

Your personal data will be processed by automated means for the time strictly necessary to fulfil the aims for which it was gathered and in compliance with the principle of necessity and proportionality, avoiding processing personal data if the operations may be performed using anonymous data or in other ways.
We have adopted specific security measures to prevent the loss of personal data, unlawful or incorrect use and unauthorised access, but please remember that it is essential to the security of your data that your device has tools such as constantly updated antivirus software and that the Internet service provider guarantees secure data transmission via firewalls, antispam filters and similar protection.