As provided for by the art. 13 of the General Data Protection Regulation (hereinafter referred to as GDPR), Port Mobility Spa - in the person of its legal representative pro tempore (hereinafter also "Company") - provides users visiting the website civitavecchia.portmobility.it (hereinafter also "site") with all information concerning the processing of their data.
Who is the data controller and how to contact him
The Data Controller is Port Mobility S.p.a., with registered office at Loc. prato del Turco snc, 00053 Civitavecchia (RM), P.IVA 08280881007. You can contact him by email at firstname.lastname@example.org
How to contact the Data Protection Officer
The Data Protection Officer is appointed by the Data Controller. You can contact him by email at email@example.com
Type of Data processed
There are different type of data: web browsing data and data provided voluntarily by the user.
Data provided voluntarily by the user
This category includes all personal data provided voluntarily by the user (e.g. when requesting information through phone calls or e-mails indicated on the website; when using the Messenger chat; when sending a request through the "work with us" section; when filling in the forms on the site).
If the user wants to send requests through the forms or through the "work with us" section, he/she can find all the information on the processing of his/her personal data on the dedicated section of the site.
Browsing data and information obtained through cookies and similar tools
The computer systems and software procedures that operate this website obtain, during their normal exercise, some personal data whose transmission is implicit in the use of the Internet communication protocols. These are informations that are not collected to be associated with identified data subjects, but which by their very nature could, through elaborations and associations with data held by third parties, allow to identify users.
This type of data include the IP addresses or domain names of the computers used by the users who connect to the site, the addresses in the Uniform resource Identifier (URI) notation of the requested resources, the time of the request, the method used when submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (good end, error, etc.) and other parameters related to the operating system and the user’s IT environment.
Purpose and Legal Basis for Data Processing
Data provided voluntarily by the user: purpose and legal basis
The data provided voluntarily by the user is used by the Company to provide the services offered.
The legal basis for processing the data is the execution of pre-contractual measures taken at the request of the data subject.
If necessary, the data may also be used in the legitimate interest of the data controller to verify the security and proper functioning of the IT systems and for the exercise or defence of legal claims.
Browsing data and information obtained through cookies and similar tools: purpose and legal basis
This data are used only for the purpose of deriving anonymous statistical information on the use of the site and for checking its correct functioning and is deleted immediately after processing. The data could be used for the assessment of liability in case of hypothetical cyber crimes against the site.
The legal basis for data processing is legitimate interest and, in the case of a request by an Authority, it is a legal obligation.
How Data are Processed
Personal data are processed using automated instruments for the period of time strictly necessary to achieve the purpose for which they were collected. Specific security measures have been adopted to prevent the loss of data, illegal or incorrect use and unauthorised access.
Transfer of Data
Web hosting does not involve the transfer of data to countries outside the EU.
Some of the services used by the controller to manage e-mails are provided by US companies and involve a transfer of data outside the EU. This transfer is done with the safeguards provided by European standard contractual clauses.
Browsing data are stored only for the time necessary for the purposes pursued.
Data provided voluntarily by the user are retained for the time strictly necessary to respond to the requests made and then are deleted, except in cases where they can be used for defensive needs.
With regard to the storage of data acquired through the forms and through the "work with us" section, please consult the specific area of the website.
What happens if Data are not provided
With the exception of the browsing data, which are necessary to carry out the computer and telematic protocols, the provision of data by the user is optional.
However, if data are not provided, will not be possible to provide all the requested service.
Who can access the Data
The data will be processed by the data controller, also through authorised personnel.
The data will be communicated to companies that the data controller uses for the provision of hosting services and the management of e-mail related to the website; to companies that provide assistance and maintenance of the computer systems; to consultants for conflicts management and for legal assistance in case of necessity. The data may also be communicated to the competent authorities in the event of specific requests that the data controller is required to comply with by law.
Other third parties involved in the processing of data obtained through cookies and similar tools are indicated in the specific report.
It should be noted that some of the subjects indicated operate as data processors and such communication of data is carried out because it is prescribed by law. It may also be necessary in order to comply with the obligations arising from the contractual relationship or the legitimate interest of the processor, consisting in maintaining the security of the IT systems and in carrying out defensive activities through legal consultants.
The communication is in any case limited to the categories of data whose transmission is necessary for the performance of the activities and purposes pursued.
The data subject may request from the data controller the list of external parties who carry out their activity as data processors.
Data Subject Rights
The law grants the data subject the right to request from the data controller access to and rectification or erasure of personal data or restriction of processing concerning him or her, as well as the right to data portability.
The data subject may exercise his or her rights at any time, without any formalities, by contacting the controller or the data protection officer through the contact details indicated in this report. The data controller will respond within 30 days, as provided for in the legislation in force.
The rights recognised by current legislation on the protection of personal data are detailed below.
Right of access. The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: a) the purposes of the processing; b) the categories of personal data concerned; c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; f) the right to lodge a complaint with a supervisory authority; g) where the personal data are not collected from the data subject, any available information as to their source; h) the existence of automated decision-making, including profiling and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant relating to the transfer.
Right to rectification. The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies: a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) the data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing; c) the data subject objects to the processing and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing; d) the personal data have been unlawfully processed; e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject; f) the personal data have been collected in relation to the offer of information society service. The request for erasure cannot be applied if the processing is necessary: a) for exercising the right of freedom of expression and information; b) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; c) for reasons of public interest in the area of public health; d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in so far as the right referred to is likely to render impossible or seriously impair the achievement of the objectives of that processing; or e) for the establishment, exercise or defence of legal claims.
Right to restriction. The personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies: a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; d) the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.
Right to data portability. The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where: the processing is based on consent or on a contract and the processing is carried out by automated means.
Right to object. The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
The data subject is also informed that, should he or she consider that his or her personal data are being processed in breach of the provisions of the GDPR, he or she has the right to lodge a complaint with the Garante, as provided for in Article 77 of the Regulation itself, or to take legal action (Article 79 of the Regulation).