ABOUT US
Azienda Veneziana della Mobilità S.p.A. (hereinafter AVM or the Company) manages and provides the urban public transport service of the municipalities of Venice and Chioggia, the extra-urban transport service of the southern-central area of the metropolitan city of Venice, as well as the private and integrated mobility services of the municipality of Venice (car parks in structure, exchange car parks, parking on blue
stripes, bike sharing, docks, etc.).
AVM is, therefore, the data controller of the personal data collected.
HOW WE COLLECT YOUR PERSONAL DATA
AVM collects and processes your personal data in the following circumstances:
- if you purchase any of the services provided, by entering into a contract with AVM;
- if you use our booking services (also by e-mail);
- if you make a billing request for the services provided;
- if you provide us with your data by filling in the damage declaration form.
WHAT TYPE OF PERSONAL DATA DO WE COLLECT
The following categories of personal data concerning your person may be collected:
- Personal and contact details - name, place and date of birth, fiscal code, address, telephone number, place of work, email address.
- Economic data - information about payment methods, billing data, etc.
- Special categories of data - when booking or using the services, you may spontaneously provide us with personal data that may be classified as special categories of data, in particular, health data.
In this case, the Company may only deal with them if it has given its explicit consent, which we invite it to express at the end of this informative report.
USE OF YOUR PERSONAL DATA
The processing of personal data by European data protection legislation must be subject to one of the various legal requirements, and we are
obliged to indicate these requirements for each processing operation described, as you can read below:
a) Establishment and execution of contractual relations and consequent obligations, including communication regarding services
AVM may process your personal data within the framework of contractual relations, in the event that you provide us with your data for the
purpose of issuing the invoice or request compensation for any damages or request the use of online booking services.
Please note that, in the latter case, you may provide us with personal data belonging to particular categories of data, in particular, data related
to health, if it represents needs for, e.g. related to a possible state of disability. In this case, we require your explicit consent, to be expressed
by signing the appropriate form at the end of this document.
The provision of data is required to manage the legal relationship.
Prerequisite for treatment: fulfilment of contractual obligations
b) Customer Satisfaction Surveys
AVM may use your contact data to conduct surveys of an institutional nature to measure the level of customer satisfaction with the service
provided.
A precondition for processing: legitimate interest
With this activity, the owner complies with the contractual obligations assumed under the service contract in force with the awarding body and
carries out all useful activities to improve, implement and make more efficient the service itself.
c) Compliance with legally binding requirements to comply with legal obligations, regulations or orders of a judicial authority
AVM may collect your personal data also to comply with the law.
Prerequisites for treatment: legal obligations.
HOW WE KEEP YOUR PERSONAL DATA SAFE
AVM uses a wide range of security measures to improve the protection and maintain the security, integrity and accessibility of your personal
data.
Although at present, as you know, no one can guarantee the security of data transmission intrusions that occur on the Internet and websites,
we, our suppliers and business partners are committed to ensuring physical, electronic and procedural safeguards to protect your personal
data by the law and with the utmost responsibility.
All your personal data is stored on our secure servers (or secure hard copies), or those of our suppliers or our business partners, and are
accessible and usable according to our standards and security policies (or equivalent standards for our suppliers or business partners).
Among other measures, we adopt measures such as:
- the strict restriction of access to your personal data, on a need-to-know basis and for the sole purpose communicated;
- perimeter security systems to prohibit unauthorised access from the outside;
- the permanent monitoring of access to information systems to detect and stop the abuse of personal data;
- six-monthly penetration tests aimed at highlighting any leaks in perimeter security;
- tracking of access to your personal data by internal staff and verification of the purpose;
- to be entered are encrypted using Secure Socket Layer (SSL) technology.
STORAGE OF YOUR DATA
We store your personal data only for the time necessary to achieve the purposes for which it was collected.
Your personal data, which is no longer needed or for which there is no longer a legal basis for its storage, is anonymised irreversibly (and in
this way can be stored) or securely destroyed.
Below are the storage times for the different purposes listed above:
Fulfilment of contractual obligations: the data processing to fulfil any contractual obligation may be kept for the entire duration of the contract
as well as for the next 10 years, to verify any outstanding matter or for compliance with legal obligations (e.g. accounting documentation).
Purpose of customer satisfaction surveys: the data processed for this purpose may be kept for three years from the date of the survey.
If it is necessary to defend ourselves or to act or also to make claims against you or any third party, we may retain personal data that we
reasonably deem necessary to process for such purposes, for as long as such claim can be pursued.
In the event of a dispute, in which it is necessary to defend ourselves or to act or even make claims against you or any third party, we may
retain personal data that we reasonably deem necessary to process for such purposes, for as long as such claim can be pursued.
SHARING YOUR PERSONAL DATA
Your personal data may be accessed by duly authorized employees of AVM, as well as by suppliers and collaborators, duly identified as data
controllers, who provide support for the provision of services, and by public entities that may access them by virtue of legal provisions (e.g.
judicial authorities, public security authorities).
YOUR DATA PROTECTION RIGHTS AND YOUR RIGHT TO LODGE COMPLAINTS WITH THE SUPERVISORY AUTHORITY
You have the right to ask us under the legal conditions:
- to access your personal data
- the portability of personal data that you have provided us with
- to correct the data in our possession
- to cancel any data for which we no longer have any legal grounds to process,
- the limitation of the way in which we process your personal data, in the cases provided for by the legislation.
Also, you may exercise your right to object in the case of data processed for legitimate interest, in particular in the case of customer
satisfaction.
The exercise of all these rights is subject to certain exceptions aimed at safeguarding the public interest (e.g. prevention or identification of
crimes) and our interests (i.e. legitimate and compelling reasons). Should you exercise any of the rights above, it will be our responsibility to
verify that you are entitled to exercise it, and we will give you feedback as a rule within a month.
If you are not satisfied with the way in which we process your personal data or our feedback, you have the right to submit a complaint to the
supervisory authority whose contacts can be found on the website
www.garanteprivacy.it
CONTACTS
If you have any questions regarding the processing of your personal data, please use the "privacy" web form in the "contacts" section of the
www.avmspa.it website, or call +39 0412722111, asking for the secretary’s office of legal and corporate affairs management.
We would also like to inform you that the Company has appointed an external data protection officer (DPO), whose contact details are
dpogruppoavm@avmspa.it, to whom you may apply in general for matters relating to the protection of personal data and related rights.