PRIVACY POLICY
ecompanyrent1. INFORMATION ON THE PROCESSING AND PROTECTION OF PERSONAL DATA OF CUSTOMERS (EX ART. 13 EU REGULATION NO. 679/2016)
This statement describes the processing of personal data collected in the context of contractual or pre-contractual relationships between our company and you or your company/company/organization and is made pursuant to Article 13 of EU Regulation 679/2016 (hereinafter “GDPR”) and applicable national privacy and data protection legislation.
2. IDENTITY AND CONTRACT DATA OF THE DATA CONTROLLER
3. WHAT TYPES OF PERSONAL DATA WE PROCESS
The types of personal data we collect depend on the purpose for which they are collected.
In general, we may collect the following types of personal data (“Personal Data“) directly from you:
a) common personal data (such as, but not limited to: first name, last name, date and place of birth, residential address, driver’s license data, e-mail address, telephone number);
b) personal data directly provided by you through communications or attachments to communications (such as, but not limited to: payment data, tax data for billing purposes, type of license plate and condition of vehicle.
4. WHY WE PROCESS YOUR PERSONAL DATA AND ON WHAT LEGAL BASIS
The processing of your Personal Data by the Controller takes place:
A) without your express consent (Art.
6 lett.
(b) – (f) GDPR) for the following purposes:
(i) to process the order and fulfill the concluded rental agreement, including related services (i.e. customer service) and any required ancillary services (i.e. winter equipment on board;
(ii) to exercise rights related to the concluded rental agreement (such as, but not limited to: the handling of contraventions or claims and allocation of related responsibilities);
(iii) To fulfill pre-contractual, contractual and tax obligations arising from existing relationships;
(iv) to fulfill obligations required by law from a regulation, EU legislation, an order from the Authority or Insurance Companies (i.e. tax and insurance matters);
(v) to pursue a legitimate interest of the Controller, provided that your interests or fundamental rights and freedoms requiring the protection of Personal Data do not prevail (i.e. the Controller’s right to defense in court).
In particular, to carry out surveys aimed at improving the quality of the services provided (i.e. customer satisfaction);
With reference to point ii), the Data Controller may also transfer the Customer’s Personal Data to third parties specifically appointed to carry out such activities, who will only and exclusively process the Personal Data for the aforementioned purpose.
B) Only with your specific and separate consent (art.
6 lett.
a) and art. 7 GDPR), for the following marketing purposes:
– to send via e-mail, mail and/or sms and/or telephone contacts, newsletters, commercial communications and/or advertising material about products or services offered by the Owner;
If you have denied consent, in relation to the purpose referred to in point B) above, it will not be possible for the Controller to carry out the aforementioned activity, and in any case if you have given consent in point B) above, you will have the right to revoke, at any time, the consent given.
5. HOW LONG WE KEEP AND PROCESS YOUR PERSONAL DATA.
6. HOW WE PROCESS YOUR PERSONAL DATA
Personal Data are subjected to both paper and electronic and/or automated processing for the time necessary to achieve the purposes for which they are collected by the Data Controller or by persons duly authorized and/or appointed to carry out these tasks, constantly identified and/or appointed, appropriately instructed and made aware of the constraints imposed by law, as well as through the use of security measures designed to ensure the protection of confidentiality and to avoid the risks of loss or destruction, unauthorized access, unauthorized processing or processing that does not comply with the above purposes.
Personal Data falling under the categories set forth in Art.
9 of the GDPR are processed using special procedures and security measures appropriate to the particular nature of those categories of data.
7. TO WHOM WE MAY DISCLOSE YOUR PERSONAL DATA
For the above purposes, your collected data may be made accessible or communicated to:
– employees and contractors of the Controller, in their capacity as authorized processors, within the scope of their respective duties and in accordance with their instructions.
Such individuals are, however, subject to the obligations of confidentiality and privacy;
– to third parties performing outsourced activities on behalf of the Controller whose activities are related, instrumental or supportive to those of the Controller (e.g., cloud-based management and/or marketing software);
– to all those public and/or private entities, individuals and/or legal entities (such as, by way of example, legal, administrative and tax consulting firms, funds or funds, including private welfare and assistance funds, Judicial Offices, Chambers of Commerce), if the communication is necessary or functional for the proper fulfillment of the contractual obligations undertaken, as well as the obligations arising from the law;
– to all those entities (including Public Authorities) that have access to personal data by virtue of regulatory or administrative measures;
In any case, your personal data collected will not be disseminated.
8. TRANSFER OF DATA OUTSIDE THE EU AREA
The management and storage of your Personal Data will take place in Europe.
It is understood in any case that the Data Controller, should it become necessary, will be entitled to have your Personal Data processed outside the EU Area (EEA).
In this case, the Data Controller assures you as of now that the transfer of the data outside the EU will take place in accordance with the applicable legal provisions by entering, if necessary, into agreements that guarantee an adequate level of protection and/or by adopting the standard contractual clauses provided by the European Commission.
9. HIS RIGHTS.
Pursuant to Articles 15 et seq. of the GDPR and applicable national privacy and data protection legislation, you have the right to:
1) To obtain confirmation from the Data Controller that personal data concerning you are being processed or not, and if so, to obtain access to the personal data and the following information:
– the purposes of processing;
– the categories of personal data concerned;
– the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients in third countries or international organizations;
– when possible, the expected retention period of the personal data or, if this is not possible, the criteria used to determine this period;
– if the data are not collected from the data subject, all available information on their origin;
– the existence of automated decision making, including profiling.
2) Obtain from the Data Controller the rectification of inaccurate personal data concerning you without undue delay.
Taking into account the purposes of the processing, you have the right to obtain the integration of incomplete personal data, including by providing a supplementary declaration.
3) Obtain from the Data Controller the deletion of personal data concerning you without undue delay, and the Data Controller is obliged to delete personal data without undue delay to the extent and in the cases provided for in current legislation.
4) Obtain limitation of processing from the Owner.
5) Receive in a structured, commonly used and machine-readable format the personal data concerning you that you have provided to the Data Controller, and you have the right to data portability and thus to transmit such data to another data controller without hindrance from the Data Controller to whom you have provided them if the processing is based on consent or a contract and the processing is carried out by automated means.
6) To object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you if the processing is necessary for the performance of a task carried out in the public interest or in connection with the exercise of official authority vested in the Controller or the processing is necessary for the pursuit of the legitimate interests of the Controller or third parties.
7) If you believe that your rights have been violated by the Data Controller, file a complaint with the Italian Data Protection Authority (Piazza Montecitorio 121, 00186 Rome (RM) – www.garanteprivacy.it) and/or other competent supervisory authority under the GDPR.
The Data Controller following the exercise of the rights referred to in points 2),
3) and 4) communicates to each of the recipients to whom the personal data have been transmitted any rectification or cancellation or limitation of processing within the limits and in the forms provided for by current legislation.
To exercise the rights listed above towards the owner, you must submit a written request by sending a registered letter a/r to ELITCAR S.R.L. Via Fratelli di Dio 11/13, 20013 – Magenta (MI), or by sending an e-mail to privacy@elitcar.it
10. WHAT HAPPENS IF THE PRIVACY POLICY IS CHANGED
This notice may be, at any time, modified and/or updated.
If the Data Controller intends to process your Personal Data for purposes other than those envisaged in Article 3 above, it undertakes to provide you, prior to such further processing, with adequate information regarding such different purposes and to carry out such further processing in compliance with the regulations in force by collecting, where necessary, your specific consent.