Privacy policy - TN Torello

Privacy policy

A. Who are we and why are we providing this document?

Torello Trasporti Srl (hereinafter “Torello”) has for years considered it to be crucial for the protection of the personal data of its own clients and/or users, and potential users, that all processing of personal data carried out in any way, whether manual or automated, fully respects the protections and rights recognised by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the “Regulations”), and other applicable rules regarding the protection of personal data. The term “policy” refers to the definition in Article 4, point 1) of the Regulations that “any information relating to an identifed or identifiable natural person. This means any individual who can be identified directly or indirectly by reference to an identifier such as a name, identification number, location data, online identifiers (for example, IP addresses) or to one or more factors specific to the physical, physiological, genetic, mental, psychological, economic, cultural or social identity of that natural person” (hereinafter “Personal Data”).

The Regulation establishes that before proceeding with the processing of Personal Data, this term is understood to be, in accordance with the relevant definition contained in Article 4, point 2) of the Regulations: “any operation or set of operations carried out with or without the help of automated processes and applied to personal data or sets of personal data, such as collection, recording, organisation, structure, storage, adaptation or modification, removal, consultation, use, communication by transmission, dissemination or any other form of disposal, comparison or interconnection, limitation, cancellation or destruction” (hereinafter the “Processing”). It is necessary that the person to whom said Personal Data belongs is informed of the reasons why such data is requested and how it will be used. Accordingly, this document aims to provide you with the most useful and necessary information in a simple and intuitive way so that you can provide your personal data in a conscious and informed manner, and at any moment request and obtain clarifications and/or adjustments. This information note, therefore, has been prepared on the basis of the principle of transparency and all of the elements required by Article 13 of the Regulations. It is divided in individual sections (hereinafter “Sections” and “Section” individually), each of which deals with a specific matter so that it is both quicker and easier to read, as well as easier to understand (hereinafter the “Information”). If necessary, this Notification can be accompanied by a consent form in accordance with Article 7 of the Regulations on the basis of the type of additional use we intend to make of your Personal Data.

B. Who will process your personal data?

Torello Trasporti Srl registered on Via G. Marconi, 381, 83025, Montoro, and in the Mercantile Registry of Avelino with tax code and IVA No. 01897330641 (hereinafter the “Data Controller”) will process your data for the main purpose that is referred to in Section D of this information notice. Torello Trasporti Srl, will therefore, perform the role of Data Controller in accordance with the related definition provided in Article 4, point 7) of the Regulations: “a natural or legal person, public authority, agency or other body that, alone or in concert with others, decides on the purposes and means of processing personal data.”

C. Who can you consult?

To facilitate relations between you as the data subject, that means to say as the “natural, idenfied or identifiable person” to whom the personal data refers and referred to in Article 4, point 1) of the Regulations (hereinafter the “Data Subject”) and the Data Controller and /or the joint Data Controllers, the Regulations have foreseen for some specific cases, recommended the naming of a handling and support figure, that among the various tasks entrusted to him, acts as a point of contact with the Data Subject. TORELLO have implemented the figure of “Data Protection Officer,” (hereinafter, “DPO”). The DPO, in accordance with and for the purposes of Article 39 of the Regulations, is called upon to carry out, amongst others, the following activities:

  • informing and advising the person responsible for the Processing, the Data Controllers, the Data Controller and the employees that process the data with regard to the obligations arising from the Regulations and other EU or member-state regulations concerning the protection of Personal Data;
  • monitoring for compliance with the Regulations, applicable regulations concerning protection of Personal Data; as well as the policies and procedures adopted by the Data Controller and the Controllers of the Data Processing;
  • provide support and feedback to the Data Subject;
  • cooperate with the relevant data protection authority.

As laid out in Article 38 of the Regulations, the DPO can be contracted freely for all matters related to the processing of your personal data and /or if you wish to exercise your rights as established in Section I of this information notice by sending a written communication to the e-mail address: dpo@tntorello.com and /or writing to the Data Protection Officer of TORELLO at Torello Trasporti Srl, G. Marconi, 381 – 83025 – Montoro (AV). The DPO can also be contacted by calling the following telephone number: +39 0825 1889001. The “Privacy” section on our website can be consulted at any time, in which you will find all the information related to the use and Processing of your Personal Data; detailed references of Torello, updated information about contacts and channels, and information made available by the Data Controller to all interested parties.

D. What is the main purpose of processing your personal data?

On the websites of the Data Controller, you are able to register; request information through the contact forms, fill in the application forms in the “Work for us” section, and subscribe to the newsletter service. In order to execute these functions, we need to collect some of your personal information, as is required in registration forms for all websites. The websites of the Data Controller on which this policy is outlined are those indicated in the Privacy Policy of Torello, which is available at http://www.tntorello.com/privacy-policy (hereinafter the “Websites”). The Processing of your Personal Data will be carried out by the Data Controller to allow you to access your profile; participate in initiatives promoted through the Websites, receive newsletters, request information and take advantage of all the other services offered by each one of the websites to which you have registered and/or in those in which you are browsing. The Processing of your Personal Data is legally based on the contractual relationship that will be created between you and the Data Controller after you accept the conditions of participation in the Websites. To allow the Data Controller to carry out the Data Processing activities for the aforementioned purposes, it will be necessary to provide the Personal Data marked with the symbol *. Without the marked data, it will not be possible to process your Personal Data, and consequently, you will not be able to complete your registration on the Websites and/or benefit from the services provided for which the provision of Personal Data is a requirement. The Personal Data that is required to carry out the aforementioned activities will be those indicated in the registration form and/or contact form; namely and in non-exhaustive terms: first name, surname, username, date of birth, address, e-mail address, telephone number of user (home or mobile), tax code and gender. If you decide to access the websites through your social media profile (for example, Facebook profile and/or other related social media platform), when it is provided, the collection of data will be carried out by the Data Controller of the third party. In this case, this information can be accessed in the Privacy section of each one of these websites (for example, the privacy section of www.facebook.com, www.instagram.com, etc.).

E. Ulteriori finalità

The Data Controller, subject to the express; free and unambiguous consent in conformity with Article 6, paragraph 1, point a) of the Regulations, can request additional Personal Data such as, data about tastes; preferences, habits, consumer needs and opinions amongst others for the following purposes:

  • Direct marketing purposes: this term means aiming promotional activities and/or marketing activities at you. This category includes all activities carried out to promote the products and services sold, and/or delivered by Torello on the basis of legitímate interest concerning its objectives.
  • Indirect marketing purposes: this term means the willingness of the Data Controller to carry out promotional activities and/or marketing on behalf of third parties. This category includes all activities carried out to promote the products and services sold and/or provided by third parties with whom Torello does not maintain any legal relationship and where there is transmission of data.
  • Use of profiling: this term refers to the willingness of the Data Controller to evaluate your tastes, preferences and eating habits based on research and statistical analysis of market data. Included in this category is any type of automated processing of Personal Data to evaluate particular personal aspects of users such as, for example: profesional performance; economic situation, personal preferences, interests, loyalty, behaviour, location and travel habits.

The processing of your Personal Data for the aims mentioned in points (ii) and (iii) is subject to receipt of your prior consent in compliance with the conditions established in Article 7 of the Regulations, therby establishing the legality of the processing of your Personal Data. With regards to the objectives of the direct marketing which point (i) refers to, it must be observed that, in accordance with Article 6, subsection 1, letter f) of the Regulation, those responsible for the data processing can carry out this activity in accordance with its legitímate interest. Ignorance of consent, and in any case, objection to this Processing, which is better explained in Recital 47 of the Regulation, in which, “the processing of personal data with the purposes of direct marketing is considered to be legitímate”. This will also be possible after the evaluations carried out by the Data Controllers with regard to the possible preponderance of your interests, fundamental rights and liberties that require the protection of the Personal data over their legitímate interest in sending direct marketing communications. The forms of contact directed at the activities of direct marketing, indirect marketing and profile marketing like in the previous points (i), (ii) y (iii) can be automated (e-mail, SMS, MMS, fax, telephone calls without an operator) or traditional (telephone calls with an operator, mail). In any case, and as described below in Section H, consent can be withdrawn, including partially, by for example, consenting to traditional contact methods. With regards to the methods that require the use of telephone contacts, we remind you that marketing activities will take place after verification of your possible registration in the register established in conformity with and for the effects of the D.P.R. (September 7 2010, n.178) and subsequent modifications.

F. What kind of personal data will be disclosed?

Your Personal Data can be disclosed to specific subjects who are considered to be recipients of the Personal Data. In Article 4, point 9) of the Regulations, the recipient is defined as “a natural or legal person, public authority, agency or any other body to whom data is disclosed whether a third party or not” (hereinafter the “Recipients”). With this in mind, to carry out correctly all the processing activities that are necessary to fulfill the purposes established in this notice, the following Recipients may be in a position to process your Personal Data:

  • Third parties that carry out part of the processing and/or connected and instrumental activities for them on behalf of the owner. These persons have been named data processors and should identify as such, in accordance with Article 4, point 8) of the Regulations, “the natural or legal person, public authority, agency or body that processes Personal Data on behalf of the Data Controller” (hereinafter, the “Data Processor).
  • Persons, employees and/or collaborators of the Data Controller who have been entrusted with specific processing activities and/or more with regards to your Personal Data. These persons have been given specific instructions about the security and the correct use of the Personal Data and are defined in accordance with Article 4, paragraph 10) of the Regulations, “authorised persons to process Personal Data under the direct authority of the Data Controller or the Data Processor” (hereinafter the “Authorised Persons”).
  • If It is required by law, or to avoid the commision of an offence, your Personal Data may be divulged to public organisms or judicial authorities without these entities being defined as Recipients. In accordance with Article 4, subsection 9, of the Regulations, “the authorities may receive personal data in the framework of a particular inquiry in conformity with the legislation of the European Union or a member state without being regarded as Recipients”.

G. How long will your personal data be processed for?

One of the principles applied to the Processing of Personal Data refers to the limitations on the period of retention, governed by Article 5, paragraph 1, letter e) of the Regulations that establishes that the Personal Data must be, “kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Paragraph 1, Article 89, subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject”. With this principle in mind, the processing of your personal data by the Data Controller will be limited to only what is necessary for the fulfillment of the purposes mentioned in Section D of this notice. More specifically, your Personal Data will be processed for a period of time equal to the mínimum required, as indicated in consideration 39 of the Regulations; that is to say, until the termination of contractual relations between you and the Data Controller under condition of an additional retention period that may be imposed by the law, as also established by consideration 65 of the Regulations.

H. Is it possible to withdraw your consent and how?

As required by the Regulations, if you have given your consent for the Processing of your Personal Data for one or more requested purposes, you may, at any moment, withdraw it fully and/or partially without prejudice of the lawfullness of the Processing regarding the consent given before the withdrawal. The means by which you can withdraw consent are very simple and intuitive; simply contact the Data Controller or the DPO using the contact channels provided in this notice and, respectively, in Sections C and I. In addition to the aforementioned means, and to simplify this process, if you find that you are receiving advertising by e-mail from the Data Controller that is no longer of interest to you, simply click on the “cancel subscription” button at the bottom of the e-mail to stop receiving any communication through other contact channels for which you have given your consent (SMS, MMS, mail, fax, telephone calls).

I. What are your rights?

As indicated in Article 15 of the Regulations, you can access your Personal Data: request its correction and for it to be updated if it is incomplete or erroneous, request for it to be erased if its collection was carried out in violation of a law or regulation; as well as oppose the processing for legitímate and specific reasons. To specify, we have listed below all the rights that you may exercise, at any moment, against the Data Controller:

  • Right of access: You shall have the right to obtain from the Data Controller confirmation as to whether or not Personal Data concerning you are being processed, and, where that is the case, access to the Personal Data and the following information: a) The purposes of the processing; b) the categories of Personal data concerned; C) the recipients or categorires of recipient to whom the Personal Data have been or will be disclosed, in particular recipients in third countries of international organisastions; d) where possible, the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to to determine that period; e) the existence of the right to request from the controller rectification or erasure of Personal data or restriction of Processing of Personal Data that concerns you or to object to such Processing; f) the right to lodge a complaint with a supervisory authority; g) where the Personal Data are not collected from the Data Subject, any available information as to their source; h) the existence of automated decision-making, including profiling, referred to in Article 22, Paragraphs 1 and 4 of the Regulations, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such process for you. All this information can be found in this notice that will always be available for you in the Privacy section of each one of the Websites.
  • Right to rectification: You may obtain, in conformity with Article 16 of the Regulations, the correction of your Personal Data which is inaccurate. Furthermore, taking into account the purposes of the processing, you may have incomplete Personal Data about you completed, including by means of providing a supplementary statement.
  • Right to erasure (“right to be forgotten”): you can obtain, in conformity with Article 17, paragraph 1 of the Regulations, the erasure of your Personal Data, without undue delay and the Data Controller will have the obligation to delete your Personal Data where one of the following grounds applies:
    a) the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) you have withdrawn consent on which the Processing is based and there is no other legal ground for the Processing; c) you object to the Processing in accordance with Article 21, paragraphs 1 or 2 of the Regulations and there is no longer a legitímate reason to proceed with the processing of your Personal Data; d) your Personal Data has been processed illegally; e) your Personal Data have to be erased for compliance with a legal obligation in Union or Member State law. In some cases, as indicated in Article 17, subsection 3, of the Regulations, the Data Controller has the right not to erase your Personal Data if its Processing is necessary , for example, for exercising the right of freedom of expression or information; for the compliance of a legal obligation, for reasons of public interest; for archiving purposes in the public interest, for scientific or historical research or statistical purposes, for the establishment, exercise or defence of legal claims.
  • Right to restriction of processing: you may obtain restriction of Processing where one of the following applies: a) the accuracy of the Personal Data is contested (the restriction will apply during the period of time necessary for the Data Controller to verify the accuracy of the Personal Data); b) the Processing is unlawful and you oppose the erasure of your Personal Data and request restriction of its use instead; c) the Data Controller no longer needs the Personal Data for the purposes of Processing, but they are required by you for the establishment, exercise or defence of legal claims; d) you object to the Processing in conformity with Article 21, paragraph 1, of the Regulations and you are awaiting verification of whether the legitímate grounds of the Data Controller override yours. Where Processing has been restricted, your Personal Data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of rights of another natural or legal person or for reasons of important public interest. You will be informed, in any case, before the restriction is withdrawn.
  • The right to data portability: you may at any moment, request and receive, in accordance with Article 20, paragraph 1 of the Regulations, the Personal Data that concerns you and which you have provided to a Data controller, in a structured, commonly used and machine-readable format. You also have the right to transmit the data to another Data Controller without hindrance. In this case, it shall be your responsibility to provide all the details about the new Data Controller to which you wish to transfer your Personal Data by way of a written authorisation.
  • Right to object: In conformity with article 21, paragraph 2 of the Regulations, and as confirmed in consideration 70, you shall have the right to object at any time to the Processing of your Personal Data if they are processed for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing.
  • The right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, if you consider that the processing of your Personal Data carried out by the Data Controller is in violation of the Regulations and/or applicable legislation, you may lodge a complaint with the competent supervisory authority for the control of data protection.

To exercise all your rights, as previously indicated, simply get in contact with the Data Controller in the following ways:

  • by writing to the Privacy Office of Torello – Torello Trasporti Srl, Via G. Marconi 381, 83025 – Montoro (Avellino);
  • by sending an email to privacy@tntorello.com – for the attention of the Privacy Office of Torello;
  • by calling the telephone number +39 0825 1889001 and asking for the Privacy Office of Torello.

We remind you that, at any moment, you can also get in touch with the DPO of Torello in the way indicated in Section C of this notice.

J. Where will your personal data be processed?

Your Personal Data will be processed by the Data Controller within the territory of the European Union. If for technical and/or operative reasons, it is necessary to make use of subjects located outside of the European Union, we will inform you from the time these subjects are designated as Data Processors in accordance with, and for the purposes of article 28 of the Regulations. The transfer of your data to these subjects, limited to the execution of specific processing activities, will be regulated in accordance with the provisions of Chapter V of the Regulations. Therefore, all necessary precautions will be taken to guarantee the maximum protection of your Personal Data in basing this transfer: (a) on the decisions of the European Commision concerning the adequacy of the recipients of third countries; (b) with the appropriate guarantees from the third country recipient in conformity with Article 46 of the Regulations; (c) with the adoption of binding corporate rules in accordance with Article 47 of the Regulations. In any case, you may request more details from the Data Controller if your Personal Data have been processed outside of the European Union and you have requested proof of the specific guarantees that have been adopted.