Information on personal data for suppliers and third parties
The Company Azienda Veneziana della Mobilità S.p.A. (hereinafter AVM), with registered office at Isola Nova del Tronchetto 33, Venice manages and provides the urban public transport service of the municipalities of Venice and Chioggia, the suburban transport service of the central-southern area of the Metropolitan City of Venice, as well as the private and integrated mobility services of the municipality of Venice (parking garages, peripheral car parks, bike sharing, dockyards, etc.).
It is the parent company of the AVM Group and controls ACTV S.p.A. and Ve.La. S.p.A.
AVM is the processing controller of the personal data collected.
HOW WE COLLECT YOUR PERSONAL DATA
AVM processes your data by virtue of the legal relationship with you. Please help us keep your personal information up-to-date by informing us of any changes.
WHAT PERSONAL DATA CONCERNING YOU MAY BE COLLECTED
The following categories of personal data concerning you may be collected:
- - Personal and contact details - information on the name, place and date of birth, social security number, address, telephone number, email address, etc.
- - Economic data - information on how to pay any monies due (e.g. IBAN), billing data, income etc.
- - Data relating to criminal convictions and offenses - criminal certificates, where necessary to comply with legal obligations (e.g. public procurement code).
FOR WHAT PURPOSES YOUR PERSONAL DATA MAY BE USED
The processing of personal data by European data protection legislation must be subject to one of the various legal requirements, and we are obliged to indicate these requirements for each processing operation described, as you can read below:
a) Establishment and execution of contractual relations and consequent obligations,
AVM may process your personal data to establish and execute contractual relationships.
Prerequisite for treatment: fulfilment of contractual obligations.
The provision of data is required to manage the contractual relationship.
b) Compliance with legally binding requirements to comply with legal obligations, regulations or orders of a judicial authority.
AVM may process your personal data in order to comply with the provisions of law and/or to defend its own rights in judicial matters.
Prerequisite for processing: legal obligations.
HOW WE KEEP YOUR PERSONAL DATA SAFE
AVM uses a wide range of security measures to improve the protection and maintenance of the security, integrity and accessibility of your personal data.
Although at present, as you know, no one can guarantee the security of data transmission intrusions that occur on the Internet and websites, we, our suppliers and business partners are committed to ensuring physical, electronic and procedural safeguards to protect your personal data by the law and with the utmost responsibility.
All of your personal data is stored in secure servers (or secure paper copies) and is accessible and usable by our security standards and policies (or equivalent standards for our suppliers or business partners).
We adopt, among other measures, measures such as:
- the strict restriction of access to your personal data, on a need-to-know basis and for the sole purpose communicated;
- perimeter security systems to prohibit unauthorised access from the outside
- the permanent monitoring of access to information systems to detect and stop the abuse of personal data.
- six-monthly penetration tests aimed at highlighting any leaks in perimeter security
- tracking of access to your personal data by internal staff and verification of the purpose
- Transactions on our websites that require your personal data to be entered are encrypted using Secure Socket Layer (SSL) technology.
Where we have provided you (or you have chosen) with a password that enables you to access certain parts of our website or other portals, applications or services provided by us, you shall be responsible for the confidentiality of such password and for compliance with any other security procedures that we have notified you of.
Please do not share your password with anyone.
HOW LONG WE RETAIN YOUR INFORMATION
We store your personal data only for the time necessary to achieve the purposes for which it was collected or for any other legitimate purpose related to it. Therefore, if personal data are processed for two different purposes, we will retain those data until the purpose expires with the longer term, but we will no longer process personal data for that purpose for which the retention period has expired. We restrict access to your personal data only to those who need to use it to perform their duties.
Your personal data, which is no longer needed or for which there is no longer a legal basis for its storage, is anonymised irreversibly (and in this way can be stored) or securely destroyed.
Below are the storage times for the different purposes listed above:
Fulfilment of contractual obligations: the data processed to fulfil any contractual obligation may be kept for the entire duration of the contract as well as for the next 10 years, to verify any outstanding matter or for compliance with legal obligations (e.g. accounting documentation).
Data relating to the management of the list of approved suppliers and insolvency procedures are kept for 5 years from the end of validity of the list or final award of the contract.
Disputes: If it is necessary to defend ourselves or to act or also to make claims against you or any third party, we may retain personal data that we reasonably deem necessary to process for such purposes, for as long as such claim can be pursued.
WITH WHOM WE MAY SHARE YOUR PERSONAL INFORMATION
Your personal data may be accessed by employees of AVM, as well as by suppliers and collaborators, duly appointed data processors, who provide support for the provision of services, and by public entities that can access them by law (e.g. judicial authority and public security authority).
If you have any questions regarding our processing of your personal data, please use the web form "privacy" in the "contacts" section of the site ww.avmspa.it or contact the telephone number 0412722111, asking the secretariat of the Legal and Corporate Affairs.
We would also like to inform you that the Company has appointed an external data protection officer (DPO), whose contact details are firstname.lastname@example.org, to whom you may apply in general for matters relating to the protection of personal data and related rights.
YOUR DATA PROTECTION RIGHTS AND YOUR RIGHT TO LODGE COMPLAINTS WITH THE SUPERVISORY AUTHORITY
You have the right to ask us under the legal conditions:
- access to your personal data
- the portability of the personal data you have provided us with
- rectification of the data in our possession
- the deletion of any data for which we no longer have any legal basis for processing
- the limitation of the way in which we process your personal data, in the cases provided for by the legislation.
The exercise of all these rights is subject to certain exceptions aimed at safeguarding the public interest (e.g. prevention or identification of crimes) and our interests (i.e. legitimate and compelling reasons). If you exercise any of the above rights, it is our responsibility to ensure that you are entitled to exercise them, and we will normally provide you with feedback within one month.
If you are not satisfied with the way in which we process your personal data or with our feedback, you have the right to lodge a complaint with the supervisory authority, the contact details of which can be found on the website www.garanteprivacy.it