Privacy Policy
INFORMATION FOR THE PROCESSING OF PERSONAL DATA PURSUANT TO ART. 13 OF THE GDPR 2016/679
SAIS AUTOLINEE SPA with headquarters in Via Principe di Paternò, 74/B - 90144 Palermo (PA), as data controller (hereinafter “Data Controller”), informs you, pursuant to art. 13 EU Regulation 679/2016 (“GDPR”), that your data will be processed in the manner and for the purposes described below:
1. Subject of the treatment
The Data Controller processes the personal identification data (hereinafter “Data”) you provide when you purchase or subscribe to services or in general the existing contractual relationship with the Data Controller
2. Cookies and site tracking
This site uses only technical cookies to allow us to improve our service and offer the user the necessary useful features.
3. Purposes and legal basis of the processing - additional purposes of the processing
Your personal data are processed, without your prior consent (art. 6 letter b), c) GDPR), for the sole purpose of:
• management and execution of pre-contractual and contractual relationships;
• obligations related to administrative and accounting management;
• obligations established by laws, regulations or community legislation or imposed by the Authorities;
• for the protection of the rights of the Data Controller in court and management of any disputes;
• for the prevention and suppression of illegal acts.
The data collected with your free and explicit consent (art. 6 letter a) GDPR) may also be used for the additional purposes indicated below the terms and conditions specified therein:
(a) Marketing: to send you promotional material and commercial communications, through both automated (e.g. e-mail, SMS) and traditional (paper mail) contact methods;
(b) to send you newsletters to the contacts indicated by you;
(c) card issuance for access to other services and purchases;
4. Processing methods and storage
The processing will be carried out by means of the operations indicated in art. 4 GDPR and may take place both through computer systems (cloud, internet, intranet, computer and mobile devices) and automated processes, and in paper mode (archives). Your data will be kept in the Data Controller's databases for only the time strictly necessary to achieve the purposes for which they were collected and processed, in accordance with the law and as specified above, with the exception of cases where current legislation does not require the storage of your data for longer periods.
If you decide to close your account, the Data Controller will keep the personal data provided only for administrative purposes from the termination of the contractual relationship (10 years), except for any additional requirements for which their further maintenance is granted and/or required by specific legal provisions.
5. Nature of the provision of data and consequences of the refusal
The provision of personal identification data is optional but mandatory for the execution of the contractual relationship and the obligations deriving from the fulfilment of laws, regulations or community legislation. Any refusal could make it impossible to provide the total or partial services or services requested. It is understood that, if you do not want to give your consent to the processing of your data for the purposes mentioned above, this will not prevent you from accessing the site and using the available features linked to your personal account.
6. Access to Data
Your Data will be processed for the above purposes by employees and/or collaborators of the Data Controller in their capacity as authorized data processors and/or internal data processors and/or system administrators; by third parties (for example, suppliers, professionals, banks, affiliates) who carry out outsourced activities on behalf of the Data Controller, in their capacity as external data processors.
7. Communication of Data
Without your express consent (ex art. 6 letter b), c) GDPR), the Data Controller may communicate your Data to public bodies to comply with the obligations established by laws, regulations or community legislation or imposed by the Authorities, who will process them in their capacity as autonomous data controllers. They may also be communicated to Third Parties (for example, suppliers, partners and group companies), who will process the data for carrying out activities instrumental to the services requested and for the purposes mentioned above. The chosen service providers operate through data centers located on the territory of the European Union.
If your data are subject to transfer to non-EU countries, also for the purpose of technical management of the data collected, this will take place exclusively to companies that adhere to the provisions of the European Regulation (GDPR) 679/2016 or for which there are adequate guarantees of protection of the transfer or specific contractual clauses for the protection of personal data have been signed and extensive and detailed communication will be given through this same website.
8. Rights of the interested party
At any time you can exercise your rights against the Data Controller, as established in articles 11 and 12 of Reg. EU 679/2016, and in accordance with articles from 15 to 22 of Reg. EU n. 2016/679, has the right to:
a) ask for confirmation of the existence or not of your personal data;
b) request access to your personal data and related information, obtain information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and, when possible, the storage period (art. 15 GDPR);
c) ask the data controller for access to personal data and the correction or cancellation of the same or the limitation of the processing concerning him or to oppose their processing (articles 16-17-18 GDPR); d) obtain data portability, i.e. receive them from a data controller, in a structured format, commonly used and readable by an automatic device, and transmit them to another data controller without impediments, if possible (art. 20 GDPR); e) oppose the processing, at any time, even in the case of treatment for direct marketing purposes (art. 21 GDPR);
f) object to an automated decision-making process, including profiling (art. 22 GDPR); g) revoke consent at any time without affecting the lawfulness of the processing based on the consent given before the revocation (art. 7 GDPR);
h) lodge a complaint with the competent Supervisory Authority (art. 77 GDPR), referring to the Guarantor for the protection of personal data (garante@gpdp.it — protocollo@pec.gpdp.it); in exercising their rights, the interested party may grant, in writing, a proxy or power of attorney to individuals, bodies, associations or organizations.
You can also contact the Data Controller or the Personal Data Protection Officer - DPO, in the manner indicated below:
• by sending a registered letter with return receipt to the address of the Data Controller;
• sending an email to: servizioclienti@saisautolinee.it;
• or by sending an email to the DPO: dpo@saisautolinee.it
To ensure the effective exercise of the rights of the interested party, the Company adopts appropriate measures to facilitate access to personal data by the interested party and to simplify the method in order to reduce the time required to reply to the same.
The deadline for a written response - including a refusal - is one month and can be extended by another thirty days in the event of particularly complex requests.
In the case of manifestly unfounded or excessive requests, the data controller may refuse to satisfy the interested party's request or charge a reasonable fee taking into account the administrative costs incurred to provide the information or communication or take the requested action (art. 12 paragraph 5 GDPR).
9. Data Controller and Personal Data Protection Officer (DPO)
The Data Controller is: SAIS AUTOLINEE SPA with headquarters in Via Principe di Paternò, 74/B - 90144 Palermo (PA).
The appointed Personal Data Protection Officer (DPO) is Dr. Davide Candia, who can be contacted at dpo@saisautolinee.it