PRIVACY POLICY SELLER

PERSONAL DATA PROCESSING

The Company accepts and agrees with the following

• Policy ex art. 13 of GDPR

Autoservizi Salemi srl, as Data Controller, and in accordance with the provisions of art. 13 of EU Regulation 2016/679 and Legislative Decree no. 196/03 – Privacy Code (as amended by Legislative Decree no. 101/18), provides you with this information in the context of the activity of concluding the contract services with our Society. The personal data collected by Autoservizi Salemi srl relating of the contract of services in question are used exclusively to allow the activity of reselling tickets in the interest of the company itself. The legal basis of the processing is constituted by the contractual and pre-contractual measures of which you are a party. Your personal data will never be disclosed. For the purpose of the conclusion of the contract, by Autoservizi Salemi srl, the data may also be communicated to third-party companies or other subjects who carry out outsourcing activities on behalf of the Data Controller (selection firms, professional employment consultancy firms).The list of external persons appointed as responsible may be requested via email to privacy@autoservizisalemi.it. The data will be processed by electronic and paper means, but will never be subject to automated processes. Requests that will be considered interesting will be kept for a period necessary for the pursuit of the purpose for which the personal data are collected. They will not be kept and, therefore, will be destroyed requests that will not be judged of business interest. At any time you can exercise your rights against the Data Controller, through the private email address privacy@autoservizisalemi.it
(right to request access to and rectification or erasure of personal data from the controller or restriction of processing concerning the controller or to object to their processing, right to data portability, right to lodge a complaint with the Data Protection Authority) specifically provided for in Chapter III of Reg. EU 2016/679. If you wish to contact our Data Protection Officer – DPO, you can do so easily by writing a PEC email to ergon.serviziodpo@pec.it

• Data Protection

The Dealer, in the person of his Legal Representative Pro tempore, duly authorized for the purposes of this act is responsible for the processing of Personal Data, as defined in art. 4, com 1, letter g), of EU Regulation n. 2016/679 GDPR, with reference to the processing of personal data strictly relevant to the execution of the activities entrusted through this contract. This appointment has the same duration and effect as this contract and therefore will cease at the time of the complete fulfilment or termination for any reason of the contract.

In particular, the data processed on behalf of Autoservizi Salemi srl, by the Retailer will be the personal data necessary for the issue of Tickets (tickets, cards, subscriptions) and reporting, invoicing and remittance fees sale tickets: identification data, photo card, travel itineraries, etc…

Autoservizi Salemi srl imposes, from now on, the prohibition to perform different treatments and for periods exceeding those necessary for the pursuit of the purposes outlined above.

The processing of personal data must be carried out strictly in accordance with the instructions given from time to time by the Data Controller and operations must not be carried out in contrast with what the latter established.

The Data Processor undertakes to comply with the following instructions and rules of conduct in the execution of the processing operations entrusted to it:

(a) perform only the processing operations necessary for the carrying out and organization of the activities and exclusively for the purposes listed above;

(b) define the procedures for the processing of personal data, in compliance with GDPR;

(c) the logical and physical organisation of the personal data processed and the sequence of the processing operations to be carried out, and in particular to ensure the storage and management of personal data with the implementation of any measures that may prevent any damage, including non financial damage, arising from the processing;

(d) satisfy any requests for improvement submitted by the Owner in order to make effective security measures;

(e) take security measures in compliance with art. 32 of the GDPR, in order to safeguard the confidentiality, integrity, completeness and availability of the data processed, all rules that the Data Controller declares to be well known;

(f) identify, within the framework of its organisational structure, the persons authorised to process and provide for the written assignment of the relevant assignment, accompanied by the appropriate instructions, with particular regard to the security measures referred to in the previous point (e), by monitoring their actions and the correct application of the instructions given, in accordance with art. 29 of the GDPR;

(g) cooperate with the Data Controller in responding to requests from the Guarantor for the Protection of Personal Data, in case of checks and inspections by the Authority;

(h) inform the Data Controller of any data breach, in compliance with the provisions of Art. 33 of the GDPR;

(i) observe the prohibition of communication and dissemination of personal data processed. In particular, this prohibition should be imposed on appointed persons authorised to process;