CUSTOMER PRIVACY POLICY

INTRODUCTION AND LEGISLATIVE REFERENCES

The following Customer Privacy Policy (“Privacy Policy”) describes and outlines our principles in collecting, using and safeguarding the personal information of customers and our services’ users.

The Privacy Policy describes how the personal data of those who interact with our web services, (accessible at the following address: https://www.sustainable-bus.com/) are protected.

This policy complies with Article 13 of EU Regulation 2016/679 (hereinafter: the “Regulation”) of the European Parliament and Council. It was approved on 27th April 2016 (General Regulation on Data Protection ublished on 4 May 2016 in the Official Journal of the European Union, in force since 24 May 2016).

This information is provided only to user of Vado e Torno Edizioni Srl (the Data Controller).

THE DATA CONTROLLER

The Data Controller is Vado e Torno Edizioni Srl, based in Via Brembo, 27 – 20139 Milano.
A list of External and internal Responsible of data processing is available upon request.

GENERAL PRINCIPLES OF PERSONAL DATA PROCESSING

Your personal data will be collected, stored, treated and sent complying with Controller’s criteria, laws and regulations in force.

Data treatment is based on following principles:

  • lawfulness, fairness and transparency
  • personal data will only be obtained for “specified, explicit and legitimate purposes” and subsequently processed in a manner compatible with those purposes;

  • data collected on a subject should be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

  • data must be accurate and where necessary kept up to date

  • personal data will be protected against unauthorized access and processing by commercially and technically reasonable security measures and controls;

  • the personal information of the user will be retained as personal data no longer than the necessary to achieve the purposes for which the personal information was collected.

TYPE AND NATURE OF DATA COLLECTED

When a user access to our website, different information may be collected.

‘Personal Information’ means any information that directly identifies a specific user or any information otherwise defined as “personally identifiable” under applicable law. This includes, but is not limited to, information such as name and surname, telephone number, e-mail address; billing and shipping address, activity, payment information, company name, activity.

The Data Controller will not treat nor process sensitive data, as described by art. 9 GDPR 679/2016, such as a personal data requiring special precautions on account of its nature. A sensitive data is any data that can disclose a person´s racial origin or ethnicity, religious or other beliefs, political opinions, membership of parties, trade unions and/or associations, health, sex life or crime sentences (art. 10 GDPR 679/2016).

Unless specifically requested, we kindly ask users not to submit us, nor to broadcast personal sensitive data, on or through our website. If we ever ask such data from users, we will firstly obtain their explicit consent.

Our systems may automatically record Additional Information related to the use of the website. For example, our systems may record information you enter on the Website, the areas of the Website being visited, activities performed on the Website, user’s IP address, or information about the computer or software used to visit the Website.

Similar information, such as type and identifier of the device, may be collected if the user visit the Website from a mobile device.

These data are used for the sole purpose of obtaining anonymous and aggregated statistical information on the performances of the website and in order to monitor its proper functioning. They are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the website.

DATA PROCESSING PURPOSES

We collect, store and process your personal data in order to provide you services through our website, in compliance with law prescriptions.

Data will be collected exclusively for the following purposes:

  • comply with the legal obligations deriving from the regulations in force;

  • perform an effective management of the commercial services offered through our websites;

  • verify that the information provided for the transactions are valid, complete and not fraudulent;

  • provide customer support services;
  • contact the customer for any problems relating to order processing or subsequent requests relating to the order;

  • provide users with requested offers
  • process orders and payments
  • send commercial communications related to existing or requested services

DATA CONFERRAL

Beside what is already described above, referring to web surfing data, you are free to provide your personal data in case they are required to obtain our services. Lack of data conferral will make impossible to answer to your enquiries or to comply with contractual or fiscal obligations.

PROCESSING PROCEDURES AND DATA SAFETY

Your personal data will be collected and processed, electronically or with support of paper or telematic tools, exclusively for the purposes described herein, and record retention will last no longer than required or, up to when the Controller will receive your request of cancellation for treatment related to optional consent.

Your personal data will be stored in our cloud server or our entrusted server providers (who act as Data Controller), and will be processed mainly automatically.
Your personal data are processed according to confidentiality principles listed in the measures issued by the Italian DPA. Collected data are processed by authorized personnel. All the personnel accessing to you data has been previously authorized through official designation, as foreseen by law. Collected data could be periodically updated with information provided later.

We use controls, technical and managerial measures in order to protect user’s personal data from unauthorized access, loss or abuses.

Unfortunately, data on the Internet can’t be 100% safe. Therefore, even protecting all the personal information, we can’t be sure or guarantee that this information will be completely protected by hackers or other criminal acts, or in case of fail/damages to software, hardware or web. The Data Controller will inform users whenever acknowledges security violation related to users’ personal data under his control. If the users is willing to communicate us his/her personal e-mail address, he/she gives express consent to receive electronical warnings in case of security violation.

PERSONAL DATA COMMUNICATION

Without prejudice to communications made in compliance with a law obligation, a regulation or Community legislation, your data may be communicated to:

  • third parties which we rely on for services provision and related activities;
  • delegates in charge for technical maintenance (included web maintenance)

Anyhow, just strictly needed data, related to tasks they are in charge for, will be communicated to the above mentioned. Personal data will not be spread.

The Data Controller cooperate with Law Enforcement and Authorities to make users respect rules, other users and third parties rights, included intellectual property rights. Therefore your personal data might be communicated to Authorities whenever needed in case of (by way of example): defense, prevention, checks or repression of crimes in compliance with related laws and regulations.

Authorities will have the right to ask and obtain your personal information also in relation to checks or investigation on swindle, web frauds, rights or intellectual property violation, hacking or other illicit actions which might involve us or our users in legal issues entailing civil or criminal responsibility.

DATA SUBJECTS’ RIGHTS AND THEIR EXERCISE

Complying with law in force, at any time you might:

  • Be informed regarding your data presence

  • Know origin, content, goals and process pattern.

  • Be informed about the logic underlying electronic treatment

  • Details of Controller, Processor, Parties whom your data have been communicated to

Moreover you have the right to:

  • Obtain the update, integration, correction of your data and the right of portability

  • Obtain cancellation, anonymization, block of your data processed against law

  • Oppose to data processing, for legitimate reasons, pertinent to processing

  • Oppose to data processing for marketing puroposes

According to the regulations, you have the rights to complain to Authority.

In order to exercise your rights you can contact the Data Controller:

Vado e Torno Edizioni Srl
Via Brembo, 27 – 20139 Milano
Tel. +39 02 55230950
Fax: +39 02 55230949
Email: segreteria@vadoetornoedizioni.it

In case the user will ask to access to his/her personal information or cancel them from our system and registers, we will proceed to any possible extent, within timing foreseen.

We inform our users that, due to technical limits and to the backup system, their information might be retained in our system for a certain length of time following cancellation.

All rights are due to the Data Controller to refuse personal data access or cancellation request, if access or cancellation are not foreseen by law. In order to safeguard from illicit requests, all rights are due for collecting sufficient information aimed to verify the identity of the applicant, before correcting or granting access.

ADDITIONAL INSTRUCTION

Data transfer: your personal data will be stored in our cloud server or our entrusted server providers, in the Netherlands, or in EU Countries or in Switzerland, where clauses for a safe transfer of data are in force.

The information collected may be stored on servers in the United States or other countries.

UPDATE OF THE PRIVACY POLICY

All rights are due to the Data Controller for changing this Privacy Policy at any time.
Users must always refer to the online policy or request an updated copy to the Data Controller.