Information on the processing of personal data under Articles 13 and 14 of the European General Data Protection Regulation 2016/679 (GDPR)

 

THE COMPANY

Azienda Veneziana della Mobilità S.p.A (hereinafter referred to as AVM), with its registered office in Venice, Isola Nova del Tronchetto 33, is the Data Controller of the personal data that it collects; it manages and provides the urban public transport service of the municipalities of Venice and Chioggia, the suburban transport service of the central-southern area of the metropolitan city of Venice, as well as the private and integrated mobility services of the municipality of Venice (parking facilities, exchange car parks, docks, BiciPark, etc.).

It is the parent company of the AVM Group and controls ACTV S.p.A. and Ve.La. S.p.A.

THE PERSONAL DATA THAT MAY BE COLLECTED FROM YOU

In the framework of the activity, we may collect and then process various categories of common personal data. Specifically, personal and contact data (information relating to name, place and date of birth, fiscal code, address, telephone number, and e-mail), financial data (information relating to payment methods, invoicing details), data relating to education and/or career and/or profession and/or career path.

In addition, in the scope of the contractual or pre-contractual relationship, we may be required to become informed of personal data relating to criminal convictions or offences as defined in Article 10 of the GDPR and, specifically, data relating to convictions, pending charges, restricting orders and police record certificates.

THE PURPOSES FOR WHICH PERSONAL DATA MAY BE USED

Specifically, your data is processed for the following purposes, which are in relation to the implementation of statutory or contractual requirements:

• management and archiving of all correspondence.

Your data is processed for the following purposes, which are in relation to the implementation of statutory requirements:

• management of the procedure and activities connected with and instrumental to access to documents;
• management of tax obligations;
• management of the supplier directory;
• management of judicial proceedings;
• management of the phase of the selection of suppliers;
• management of legal electronic archiving.

Your data will also be used for the following purposes relating to the performance of measures connected with contractual or pre-contractual obligations:

• management of the contractual relationship with the supplier;
• management of payments.

 

HOW WE PROCESS YOUR PERSONAL DATA

All of your personal data is stored in our records or the records of our suppliers or business partners and it is accessible and used in compliance with our security standards and policies (or the equivalent standards applied by our suppliers or business partners).

Your personal data may be processed using the following methods:

• processing by means of computers and computer systems;
• manual processing by means of paper files.

We use a wide range of security measures to improve the protection and maintenance of the security, integrity and accessibility of your personal data.

The measures we implement include, and are not limited to, the following:

- strict restriction of access to your personal data, on a need-to-know basis and only for the purposes communicated; - perimeter security systems to prohibit unauthorised access from external sources;

- permanent monitoring of access to information systems in order to detect and stop the misuse of personal data;

- vulnerability tests, aimed at highlighting any gaps in perimeter security;

- tracking of access to your personal data by internal staff and verification of its purpose;

- two-factor authentication;

- encryption using Secure Socket Layer (SSL) technology for transactions on our websites that require you to enter your personal information.

If we have provided you with (or you have chosen) a password that allows you to access certain areas of our website or other portals, applications or services provided to you by our company, please remember to keep this password secret and to also follow any other security procedures that are provided to you.

 

WHO WE CAN SHARE YOUR PERSONAL DATA WITH

Your data is only processed by our specifically instructed and authorised staff and, more specifically, by the following categories of staff:

• AVM employees in the specific relevant departments.

In order to execute some of the processing activities, we may communicate your personal data to the following categories of external parties, who will process them either as independent data controllers or as data processors, duly appointed in compliance with the applicable legislation:

• banks and credit institutions;
• consultants and independent professionals;
• subsidiaries and associated companies;
• consulting and IT services companies;
• auditing companies;
• software houses;
• the law firm in charge of any litigation.

 

HOW LONG WE RETAIN YOUR INFORMATION

In compliance with the principles of lawfulness, purpose limitation and data minimisation, in compliance with Article 5 of the GDPR, we retain your personal data only for the time necessary to achieve the purpose for which it was collected or for any other legitimate related purpose.

Therefore, if personal data is processed for two separate purposes, we retain that data until the purpose with the longer retention period expires, but we do not continue to process personal data for the purpose for which the retention period has expired.

We restrict access to your personal data only to the subjects who require them to fulfil their tasks.

The personal data that are no longer required, or for which there is no longer a legal requirement for the retention thereof, is irreversibly anonymised (and as such can be safely stored) or destroyed.

Below are the retention times in relation to the purposes listed above:

10 years after termination of the contract, in compliance with legal obligations, limited to any documents required for tax and accounting purposes (contract, invoices); 5 years from the end of the effective term of being registered in the supplier directory or from the final award of the contract; 5 years from the filing of a whistleblowing report or, if it constitutes a criminal offence, until the conclusion of any related criminal proceedings; for the time necessary to be able to conduct legal defence proceedings and to pursue an action against you or against third parties.

 

YOUR DATA PROTECTION RIGHTS AND YOUR RIGHT TO FILE COMPLAINTS WITH THE SUPERVISORY AUTHORITY

You are entitled to obtain, if the conditions provided for by law are met, confirmation as to whether or not personal data concerning you exist, to have them communicated to you in an understandable form and to lodge a complaint with the supervisory authority.

More specifically, you are entitled to be provided with:

a. access to your personal data and all related information (Article 15 of the GDPR);

b. the correction of inaccurate personal data and the integration of incomplete personal data (Article 16 of the GDPR);

c. deletion of personal data if one of the cases provided for in Article 17 of the GDPR is applicable;

d. the limitation of processing when one of the hypotheses established by Article 18 GDPR is applicable

e. data portability (Article 20 of the GDPR)

You are entitled to object, in whole or in part, to the processing of personal data relating to you:

a. for legitimate reasons associated with your particular situation, even if they are relevant to the purpose of the data collection.

 

CONTACT DETAILS:

Please be informed that the Data Controller is Azienda Veneziana della Mobilità S.p.A (Isola Nova del Tronchetto 33, 30135 Venice (VE), VAT No. 03096680271, contact details: e-mail avm@avmspa.it, telephone + 39 041 27 22 111) in the person of its legal representative in office for the time being.

We also inform you of the fact that we have appointed an external data protection officer (DPO), whom you are entitled to contact as a general contact on issues relating to the protection of your personal data and associated rights.

If you have any complaints or concerns about how we process your personal data, we will make every effort to respond to your concerns. In any case, and if you prefer, you may forward your complaints or remarks to the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali), using the contact details listed at the following website www.garanteprivacy.it

DPO - (available at the following e-mail address: dpogruppoavm@avmspa.it).

The updated version of this policy is also available at all times on the following website https://www.privacylab.it/informativa.php?21285458349