INFORMATION ON THE PROTECTION OF PERSONAL DATA UNDER ARTICLE 13 OF THE EUROPEAN REGULATION 2016/679
WHO WE ARE
The company Ve.La S.p.A. (hereinafter Vela), subject to the direction and coordination of Azienda Veneziana della Mobilità s.p.a., is therefore part of the AVM Group, together with the parent company and ACTV s.p.a.
Vela is the controller of the personal data collected on this website (hereinafter "the Site").
HOW WE COLLECT YOUR PERSONAL DATA
Vela collects your personal data, also through the Audes Group s.r.l. company in charge of managing the Site, as a consequence of the purchase of one or more goods offered for sale on the Site.
- if he/she buys one of the services provided by stipulating a contract;
- if you register with the Website in order to use its features;
- if you contact us in order to request information, make a complaint or a report, request a refund on the services provided;
- if you agree to be contacted for marketing purposes or for market research, surveys and statistical processing;
WHAT PERSONAL DATA CONCERNING YOU MAY BE COLLECTED
The following categories of personal data concerning you may be collected:
- Personal and contact data - information regarding your name, tax code, address, telephone number, email address.
- Economic data - information about payment methods, billing data, etc.
FOR WHAT PURPOSES YOUR PERSONAL DATA CAN BE USED
The processing of personal data in compliance with European data protection regulations must be legitimized by one of several legal prerequisites, and we are required to indicate these prerequisites for each processing described, as you can read below:
- Establishment and execution of the contractual relationship and consequent obligations.
Your personal data will be processed for the purposes of establishing and executing the contractual relationship, i.e. the distance selling and home delivery of goods purchased, including any registration to the site (optional operation that allows the person concerned not to fill out the form again in case of subsequent purchases).
Your contact details may also be processed in relation to logistics and customer care services.
Prerequisite for processing: fulfillment of contractual obligations.
The conferment of data is required to manage the contractual relationship.
Upon payment of the amount due, your personal data will be processed for tax purposes (the invoice will be issued by Audes Group s.r.l.).
Prerequisite for processing: legal obligations.
- Commercial communications
In accordance with the provisions of art. 130 of Legislative Decree 196/03, the e-mail address provided by the interested party when purchasing products from the Site may be used for direct sales of other similar products. The data subject may object to such use at any time, easily and free of charge.
Prerequisite for processing: legitimate interest.
- Customer Satisfaction Surveys
Vela may use your contact data to conduct institutional surveys aimed at measuring the level of satisfaction (so-called customer) of the service provided.
Prerequisite for processing: legitimate interest
- Marketing to meet your needs and provide you with promotional offers
Vela collects your contact details for marketing and advertising purposes, aimed at informing you about promotional sales initiatives, carried out using automated methods of contact (e-mail, text messages and other bulk messaging tools, etc.) and traditional methods of contact (for example, telephone calls with operators).
Prerequisite for processing: your consent is required.
The consent can be revoked at any time through the privacy form on the website.
- Compliance with legally binding requests to fulfill legal obligations, regulations or orders of judicial authorities
Vela collects your personal data to comply with legal requirements.
Prerequisite for processing: legal obligations.
HOW WE KEEP YOUR PERSONAL DATA SECURE
Vela uses a wide range of security measures to enhance the protection and maintenance of the security, integrity and accessibility of your personal data.
Although at present, as you know, it is not possible for anyone to guarantee security from intrusions into the transmission of data that takes place on the Internet and websites, we, our suppliers and business partners are committed to ensuring physical, electronic and procedural safeguards to protect your personal data in accordance with the law and with the utmost responsibility.
All of your personal data is stored on secure servers (or secure hard copies) and is accessible and usable in accordance with our standards and security policies (or equivalent standards for our suppliers or business partners).
We take measures such as, among others:
- strict restriction of access to your personal data, on an as-needed basis and only for the purposes disclosed;
- perimeter security systems to prohibit unauthorized access from outside the company
- permanent monitoring of access to information systems to detect and stop misuse of personal data.
- tracking of access to your personal data by internal staff and verification of the relative purpose
- Transactions on our websites that require you to enter your personal data are encrypted using Secure Socket Layer (SSL) technology.
HOW LONG WE KEEP YOUR INFORMATION
We only retain your personal information for as long as is necessary for the purposes for which it was collected or for any other related legitimate purpose. Therefore, if personal data is processed for two different purposes, we will retain that data until the purpose with the longer retention period expires, but we will no longer process personal data for that purpose whose retention period has expired. We restrict access to your personal data only to those who need to use it to perform their duties.
If your personal data is no longer required, or if there is no longer a legal basis for storing it, it will be irreversibly anonymized (and thus stored) or securely destroyed.
The following table shows the retention periods for the various purposes listed above:
Fulfillment of contractual obligations: data processed to fulfill contractual obligations may be retained until the statute of limitations established by applicable law.
Fulfilment of legal obligations: the data processed for this purpose (e.g. invoicing) may be kept until the limitation period established by the regulations in force or until the expiry of the obligations established by law.
Purposes of commercial communications: personal data used for commercial communications in accordance with art. 130 of Legislative Decree 196/03 may be processed until the legitimate interest of the owner ceases, subject to the right of opt-out of the person concerned.
Marketing purposes: personal data used for marketing purposes may be processed until consent is revoked.
Disputes: in the event that we need to defend ourselves or take action or even make claims against you or any third party, we may retain personal data that we deem reasonably necessary to process for such purposes, for as long as such claim may be pursued.
WITH WHOM WE MAY SHARE YOUR PERSONAL DATA
Your personal data may be accessed by authorized employees of Vela and the suppliers and collaborators, duly appointed as data processors, who provide support for the provision of services, as well as the companies of the AVM group (including the parent company Azienda Veneziana della Mobilità S.p.A. to which the local public transport service is entrusted and Actv S.p.A. which carries it out operationally).
In particular, we would like to inform you that the product sales services and the related logistics, customer care and fiscal reporting services are carried out by Audes Group s.r.l., duly appointed as data processor.
For the purpose of home delivery of the products purchased by the interested party, some data (name and address of the recipient) will be communicated to the forwarding agent.
If you have any questions regarding the processing of your personal data by us, please use the "privacy" web form in the "contacts" section of the website www.avmspa.it or contact the telephone number 0412722111, asking for the secretary of the legal and corporate affairs department.
We would also like to inform you that the Company has appointed an external data protection officer (DPO), whose contact details are email@example.com, who you can contact in general for matters relating to data protection and your rights in this respect.
YOUR DATA PROTECTION RIGHTS AND YOUR RIGHT TO LODGE COMPLAINTS WITH THE SUPERVISORY AUTHORITY
Under the conditions of the law, you have the right to ask us for:
- access to your personal data
- the portability of the personal data you have provided us with
- the rectification of the data in our possession
- the deletion of any data for which we no longer have any legal basis for processing
- the revocation of your consent, where the processing is based on consent and relates to direct marketing activities
- the limitation of the way in which we process your personal data, in the cases provided for by the legislation.
In addition, you may exercise your right to object in the case of data processed for legitimate interest, specifically then in the case of customer satisfaction and commercial communications.
The exercise of all these rights is subject to certain exceptions aimed at safeguarding the public interest (for example, the prevention or identification of crimes) and our interests (understood as legitimate and compelling reasons). Should you exercise any of the above rights, we will check whether you are entitled to exercise them and will normally reply to you within one month.
If you are dissatisfied with the way we process your personal data or with our response, you have the right to lodge a complaint with the supervisory authority whose contact details can be found at www.garanteprivacy.it.