1. This section contains information regarding DRIVALIA's data handling practices in reference to the processing of data from the drivalia.it website’s users.
2. The information is also valid for the purposes of art. 13 of Legislative Decree no. 196/2003, Code for the protection of personal data, and for the purposes of Article 13 of the EU Regulation no. 2016/679 (GDPR), concerning the protection of individuals with regard to the processing of personal data and the free circulation of such data, for those who interact with the home page: www.drivalia.it
3. The information is provided only for the DRIVALIA websites, and not for other websites that may be consulted by the user through links contained therein.
4. The purpose of this document is to provide information on the methods, timing and nature of the information, that the data controllers must provide to users when connecting to DRIVALIA’s web pages, regardless of the purpose of the connection, according to Italian and European legislations.
5. The information may undergo changes due to the introduction of new rules in this regard, therefore the user is invited to periodically check this page.
II – DATA PROCESSING
1 – Data Controller
1. The data controller is the natural or legal person, public authority, service or other body that, alone or jointly with others, determines the purposes and means of the processing personal data. He also deals with security profiling.
2. With regards to this website, the data controller is: DRIVALIA S.p.A., and for any clarification or to exercise the rights of the user, the following email address is available for the user: firstname.lastname@example.org.
2 – Data Processor
1. The data processor is the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller.
2. Pursuant to Article 28 of EU Regulation no. 2016/679, upon the appointment by the data controller, the data processor of the DRIVALIA website is: IM*MEDIA S.r.l. with registered office in Palermo, via Generale Magliocco, 27.
3 – Where the data is processed
III – COOKIES
1 – Types of Cookies
2. A cookie consists of a reduced set of data transferred to the user's browser from a web server and can only be read by the server that made the transfer. This is not executable code and does not transmit viruses.
3. Cookies do not record any personal information and any identifiable information will not be stored. If the user wishes to, the user can prevent the saving of some or all cookies. However, in this case the use of the website and the offered services could be compromised. To proceed without changing the options related to cookies, the user can simply continue browsing.
IV – PROCESSED DATA
1 – How the data is processed
Personal Data may be provided voluntarily by the User, or collected automatically during the use of this website.
2. Like all websites, this website also makes use of log files in which information collected in an automated manner during user’s visits is recorded. The information collected could be the following:
- internet protocol (IP) address;
- type of browser and parameters of the device used to connect to the website;
- name of the Internet service provider (ISP);
- date and time of visit;
- web page of origin of the visitor (referral) and of exit;
- possibly the number of clicks.
3. The above information is processed in an automated form and collected in an exclusively aggregated form in order to verify the correct functioning of the website and for security reasons. This information will be processed according to the legitimate interests of the holder.
4. For security purposes (spam filters, firewalls, virus detection), the automatically recorded data may possibly also include personal data such as IP address, which could be used, in accordance with applicable laws, in order to block attempts of damage to the website itself or to cause damage to other users, or in any case harmful activities or activities constituting a crime. Such data is never used for the identification or profiling of the user, but only for the protection of the website and its users, such information will be treated according to the legitimate interests of the owner.
6. The information that users of the website decide to make public by using the services and tools made available to them, is provided by the user knowingly and willingly, exempting this website from any liability regarding any violation of the laws. It is up to the user to verify that they have permission to enter personal data of third parties or contents protected by national and international regulations.
2 – Purposes of data processing
1. The data collected by the website during its operation is used for the purposes indicated above and for the following purposes:
▪ for the purpose of protecting its assets or its commercial activity
▪ to implement the necessary solutions or to limit damage deriving from the customer’s failure to comply with the provisions of the rental agreement
▪ to implement the recovery of due credits
▪ for the resolution of unlawful acts of any kind before competent judicial and administrative bodies (eg misappropriation and theft)
▪ for communications connected to acquisitions and / or transfer of holdings; as part of possible corporate actions including investments in other companies or in the event that other companies acquire financial interests in DRIVALIA S.p.A., the latter could include personal data as commercial assets to be transferred. These transfers of data will take place in any case in compliance with the Privacy Law and regulations.
▪ Personal data may be disclosed to third parties (eg law enforcement agencies or debt collection companies) without notice
Once the consent has been given by the user, in regards to the use of personal data for commercial and marketing purposes, the customer is informed that the collection and use of the data for the aforementioned purposes involves the analysis of the same data, aimed at the development of programs and commercial offers or personalized services of both our company and third parties. The customer's consent can therefore determine the commercial contact for:
▪ communications of various kinds from our company (commercial programs, offers, promotions, etc.)
▪ communications of various kinds from our partners (commercial programs, offers, promotions, etc.)
▪ communications of various kinds jointly offered by our company and / or agents and / or business partners.
For the use of the data referred to above, DRIVALIA S.p.A. may communicate the data collected to third parties such as: Affiliates, agents, business partners, etc.
2. The Data will be retained: for the period strictly necessary to achieve the aforementioned purpose and in any case not exceeding 2 years for marketing purposes and any profiling, and for a maximum duration of 10 years for purposes related to legal obligations regarding document preservation for tax purposes. After this period, in the absence of a new prior consent, the data will be automatically deleted or will be made anonymous for statistical purposes.
3. The data used for security purposes (to block attempts to damage the website) is kept for the time strictly necessary to achieve the previously indicated purpose.
N.B.: In any case, the user’s rights will always be respected and guaranteed as described in paragraph V.
3 – Data provided by the user
1. As indicated above, the optional, explicit and voluntary sending of e-mails to any of the addresses indicated on this website entails the subsequent acquisition of the sender's e-mail address, necessary to respond to requests, as well as any other personal data included in the message.
4 – Support for browser configuration
1. The user can manage cookies through the settings of his browser. However, deleting cookies from your browser may remove the preferences you have set for this website.
2. For further information and support it is also possible to visit the specific help page of the web browser you are using:
5 – Social Network Plugins
2. The collection and use of the information obtained by means of the plugin are governed by the respective privacy policies of the social networks. For further details please refer directly to their policies:
▪ Facebook: https://www.facebook.com/help/cookies
▪ Google+: http://www.google.com/policies/technologies/cookies
▪ Pinterest: https://about.pinterest.com/it/privacy-policy
▪ Linkedin: https://www.linkedin.com/legal/cookie-policy
V. USER’S RIGHTS
1. Article. 13, c. 2 of EU Regulation 2016/679 lists the user's rights.
2. The DRIVALIA website therefore wants to inform the user about the existence of:
– the user's right to ask to the holder for access to his or her personal data (Article 15 of the EU Regulation), to request the data is updated (Article 7, paragraph 3, letter a) of Legislative Decree 196/2003), its rectification (Article 16 of the EU Regulation), its integration (Article 7, paragraph 3, letter a) of the Legislative Decree 196/2003) or that the processing that concerns it is limited (Article 18 of the EU Regulation), or to refuse, for legitimate reasons, that the data may be processed (Article 21 EU Regulation), in addition to the right to data portability (Article 20 EU Regulation);
- the right to request the cancellation (Article 17 of the EU Regulation), the transformation into anonymous form or the blocking of data processed in violation of the law, including that which does not need to be kept in relation to the purposes for which the data was collected or subsequently processed (Article 7, paragraph 3, letter b) of Legislative Decree 196/2003);
– the right to obtain confirmation that the operations of updating, rectification, integration of data, cancellation, blocking of data, transformation have been brought to the attention, also in terms of their content, of those to whom the data was communicated to or diffused, except in the case in which this fulfilment proves impossible or involves a use of means manifestly disproportionate to the protected right (Article 7, paragraph 3, letter C) Legislative Decree 196/2003);
3. Requests can be sent to the data controller, without formalities or, alternatively, using the template provided by the The Italian Data Protection Authority (Garante per la protezione dei dati personali), or by sending an email to: email@example.com
4. If the data processing is based on art. 6, paragraph 1, lett. a) - express consent to the use - the user has the right to withdraw the consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
5. Likewise, in the event of violation of the law, the user has the right to lodge a complaint with the The Italian Data Protection Authority (Garante per la protezione dei dati personali), the authority responsible for monitoring data processing in Italy.
6. For a more in-depth examination of the user’s rights, please refer to articles 15 et seq. of the 2016/67 EU Regulation and the art. 7 of Legislative Decree no. 196/2003.
7. The user is informed in case there is an obligation to provide personal data as well as the possible consequences of not communicating such data (example: requests from law enforcement).
VI – TRANSFERS OF DATA TO EXTRA EU COUNTRIES
1. This website may share some of the data collected with services located outside the European Union. In particular with Google, Facebook and Microsoft (LinkedIn) through social plugins and the Google Analytics service. The transfer is authorized and strictly regulated by Article 45, paragraph 1 of EU Regulation 2016/679, for which no further consent is required. The companies mentioned above guarantee their adherence to the Privacy Shield.
2. Data will never be transferred to third countries that do not comply with the conditions set out in Article 45 et seq. of the EU Regulation.
VII. SECURITY OF THE PROVIDED DATA
1. This website treats users' data in a lawful and correct manner, adopting the appropriate security measures to prevent unauthorized access, disclosure, modification or unauthorized destruction of data. Data Processing is carried out using IT and / or telematics tools, with organizational methods and with logics strictly related to the indicated purposes.
2. In addition to the Data Controller, in some cases, categories of employees involved in the organization of the website (staff from administrative, commercial, marketing, legal departments and system administrators), or external subjects (as suppliers of third party technical services, mail carriers, hosting providers, IT companies, communication agencies) could have access to the data.
VIII. AMENDMENTS TO THE PRESENT DOCUMENT
The user will find information regarding the processing of personal data with specific reference to the rental service at:https://www.drivalia.it/it/customer-service/privacyservizio/
These may be subject to changes or updates. Users are invited to periodically consult these pages to keep up-to-date with the latest legislative updates.
2. The document was updated on 21/05/2018 to comply with the relevant regulations, and in particular in compliance with EU Regulation 2016/679 (GDPR).