INFORMATION NOTICE ABOUT THE PROCESSING OF PERSONAL DATA
(article 13 of Regulation (EU) 679/2016 - General Data Protection Regulation - GDPR)
DATA CONTROLLER
BRT S.p.A. with registered office in Italy, Milan, Via Tiziano 32, postcode 20145, and administrative office in Italy, Bologna, Via Enrico Mattei 42, postcode 40138, with tax code and VAT number 04507990150, registered with the Milan Register of Companies, R.E.A. 1734257 (hereinafter also the "Company" or “Data Controller”).
BRT's services are supported by the parent company of which the Data Controller is part and by subsidiaries of BRT. Data Controller has entered into joint data controllers’ agreements with these companies, for further information please visit www.brt.it.
DATA PROTECTION OFFICER (DPO)
The Company's Data Protection Officer could be contacted at
[email protected].
1. PURPOSES OF DATA PROCESSING
1.1 - Contractual and pre-contractual purposes: the personal data (“Data”) that you supply will be processed for use of the services supplied by the Company, for contractual, management, accounting and tax purposes.
1.2 - Legal obligations: Data will be processed in order to comply with the obligations of applicable domestic and supranational regulations, even relating to accounting and tax, including national and international regulations relating to controls on restrictive measures, embargoes, anti-terrorism and money laundering.
1.3 - Controller’s rights: if necessary, the Data will be processed in order to establish, exercise or defend Company legal claims.
1.4 - Out-of-court debt collection: if necessary, the Data will processed in order to allow the Company to collect debts owed to it without recourse to the courts.
1.5 - Direct Marketing: the Data may be processed for generic, non-profiled marketing activities, such as:
- sending - with automated methods (such as SMS and e-mail) and traditional methods (such as telephone calls with operator and e-mail) - of promotional and commercial communications relating to services/products offered by the Company, or reporting of events organized and promoted by the Company;
- requests to participate in research, market studies and customer satisfaction questionnaires, including the preparation of statistical analyzes for marketing purposes;
You can revoke your consent to processing (i.e. opt-out) and in this case there will be no negative consequences for you. You may object to this purpose at any time by clicking on the opt-out link at the bottom of the communications received via e-mail.
2. LEGAL GROUNDS FOR PROCESSING
2.1 - Contractual and pre-contractual purposes: execution of a contract of which you are a part, or of pre-contractual measures adopted by the Company.
2.2 - Legal obligations: the need to meet legal obligations.
2.3 - Controller’s rights, Out-of-court debt collection: legitimate interest
2.4 - Direct Marketing: Consent
3. RETENTION OF PERSONAL DATA
3.1 - Contractual purposes, Legal obligations: for the entire term of the contract and, after the contract has ended, for 10 years.
3.2 - Controller’s rights and Out-of-court debt collection: in the event of out-of-court disputes, for the term of such disputes, until the expiry of enforceability deadlines of the appeal action.
3.3 - direct Marketing: until you revoke your consent for this purpose.
Once the storage periods indicated above have expired, the Data will be destroyed, erased or anonymised, in line with erasure and backup technical procedures.
4. CATEGORIES OF PERSONAL DATA PROCESSED FOR CONTRACTUAL PURPOSES - LEGAL OBLIGATIONS - CONTROLLER’S RIGHTS - DEBT COLLECTION - DIRECT MARKETING
Personal details, contact data, administrative - accounting data, identification data.
5. COMPULSORY PROVISION OF DATA
The provision of the Data referred to in point 4 for the purposes indicated in points 1.1, 1.2 and 1.3 is compulsory. Therefore, anyone refusing to supply the above-mentioned personal data will not be able to use the Company services.
The provision of the Data referred for the purposes indicated in point 1.4 is optional.
6. DATA RECIPIENTS
The data may be processed by external subjects operating in the capacity of independent controllers, for example, authorities and supervisory bodies and in general subjects, whether public or private, who may legitimately request the data. The data may also be processed, on behalf of the Company, by external subjects appointed as data processors, who are issued with suitable operating instructions. Such subjects basically fall within the following categories:
a) businesses which supply transportation services;
b) businesses and professionals supplying banking, administrative, accounting, Company credit protection and rights protection services;
c) businesses and professionals supplying insurance services;
d) businesses supplying services for the management, maintenance and development of the Company computer systems
e) businesses providing support for market research.
7. SUBJECTS AUTHORISED TO CARRY OUT PROCESSING
The Data may be processed by employees of the departments of the Company and the data processors appointed, who are assigned for the purposes indicated above, who have been expressly authorised to carry out the processing and have received suitable training.
A complete, up-to-date list of the data Processors appointed by the Company can be obtained by e-mailing
[email protected] .
8. YOUR RIGHTS AS THE DATA SUBJECT - COMPLAINT TO THE SUPERVISORY AUTHORITY
By contacting the Company, you can request:
1) access to the Data concerning you,
2) erasure of the data,
3) rectification and completion of Data that is inaccurate or incomplete,
4) restriction of processing in those cases envisaged by art. 18 of the GDPR,
5) the right to object to processing in the legitimate interest of the Company,
6) if the processing is based on consent or on the contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format, and, if technically feasible, to transmit it to another controller without impediment.
7) in cases envisaged in art. 22 of the GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
To exercise the rights indicated in points 1) and 3) you can contact your reference branch. The references of the Company’s branches are available in the “Find a branch” section of the Website.
To exercise the rights indicated in points 2), 4), 5), 6) and 7) you can contact the Company by e-mail at the address
[email protected] .
You also have the right to complain to the competent Supervisory authority in the member state in which you habitually reside or work, or of the State in which the alleged breach occurred.
9. STORAGE OF PERSONAL DATA AND TRANSFER TO NON-EU COUNTRIES
Your personal data will be stored and processed within the European Union. The details of the EU countries, divided by application, may be requested from the Company at
[email protected].
If, in order to pursue the purposes of the processing, your personal data are transferred to countries outside the EU, the Company will set up appropriate safeguards for the transfer as provided by law.