Privacy Policy
Dear User,
with this document TPL FVG S.C.AR.L, wishes to provide you with some information regarding the processing of your personal data in the context of the use of this website, which allows you to access multiple services related to public transport. In the context of carrying out the purposes related to it, TPL FVG S.C.AR.L acts under a co-ownership regime, ex art. 26 GDPR, together with the entities indicated below.
| Contitolari del trattamento | Dati di contatto |
|---|---|
| TPL FVG Scarl, con sede legale in via Caduti di An Nasiriyah,6,34170 Gorizia, Codice Fiscale e Partita Iva n. 01024770313 |
Tel. 0481 519568 info@tplfvg.it protocollo@cert.tplfvg.it www.tplfvg.it |
| ATAP S.p.a., con sede legale in Via Vendramino Candiani, 26, 33170 Pordenone, Codice Fiscale e Partita Iva n. 00188590939 |
Tel. 0434 224411 Fax 0434 224410 atappn@atap.pn.it pec.atappn@legalmail.it www.atap.pn.it |
| APT Gorizia, con sede legale in via Caduti di An Nasiriyah, 6, 34170 Gorizia, Codice Fiscale e Partita Iva n. 00505830315 |
Tel. 0481 593511 Fax 0481 593555 segreteria@aptgorizia.it segreteria.aptgo@legalmail.it www.aptgorizia.it |
| Arriva Udine S.p.A., con sede legale in Via del Partidor 13, 33100 Udine, Codice Fiscale e Partita Iva n. 02172710309 |
Tel 0432 608111 Fax 0432 608807 info@arrivaudine.it arrivaudine@legalmail.it www.arrivaudine.it |
| Trieste Trasporti S.p.A. con sede legale in Via dei Lavoratori, 2, 34144 Trieste, Codice Fiscale e Partita Iva n. 00977240324 |
Tel. 040 7795111 Fax 040 7795257 mail@triestetrasporti.it mail@cert.triestetrasporti.it www.triestetrasporti.it |
Each account has appointed its own DPO; names and contact details can be found within the “Privacy and GDPR” section of this website.
You can freely contact the DPO of TPL FVG S.C.AR.L or the other contractors at any time for information and clarification regarding the processing of your personal data.
Personal data collected on this site, and any other information potentially associated with you, directly or indirectly, is processed and used in accordance with EU Regulation No. 679/2016 (GDPR) on personal data protection. Pursuant to and for the purposes of Article 13 of the GDPR, the joint controllers inform you that the data you provide is processed using electronic tools and procedures for the following purposes:
- Account creation and related personal area (see specific information during the registration process);
- Allow navigation through the different sections of the website and use the services offered;
- Use the services to plan travel, search for stops, schedules, and sales points, purchase subscriptions, tickets, and travel solutions, check the service status, send specific requests for assistance, etc.;
- Fulfill administrative and accounting purposes;
- Receive information and notices regarding strikes, suspended stops, alternative routes, etc.;
- Manage additional aspects of navigation (see also the “Cookies Policy” section);
- If subscribed, receive commercial communications about new services, events, news, information related to new schedules, new fares, etc. (see specific information during newsletter registration);
The legal basis for the treatments mentioned above is provided by Article 6, paragraph 1, letters A-B-C-F of the GDPR. The data you provide may only be known by employees or collaborators of the joint controllers and, if applicable, by companies that process data on their behalf, but exclusively for the purpose of completing the activities you requested.
Without prejudice to communications made in compliance with legal and contractual obligations (e.g., with public authorities, regional institutions, public administrations, etc.), the collected data may only be processed by the joint controllers for the achievement of the aforementioned purposes and related activities. For all other treatments, the entities act as “Independent Controllers.”
The data may also need to be processed by third-party entities, appointed as data processors under Article 28 GDPR with a specific contract or other legal act, as indicated below:
| Third Parties or Categories | Purposes | Note |
|---|---|---|
| IT companies | Management, maintenance, and updating of the systems and software used by the data controllers. | Appointment of external data processor (art. 28 GDPR). |
| Providers of networks, electronic/IT communication and telematics services for data storage, preservation, and management. |
Hosting, housing, Cloud, SaaS, and other remote IT services essential for the provision of the co-controllers’ activities; Storage and preservation services in compliance with electronic document regulations. |
|
| Consultants, professionals, law firms, arbitrators, insurance companies, experts. | Management of legal, tax, and welfare aspects. Judicial, extrajudicial, and insurance activities in case of accidents. | Titolari autonomi |
| Public authorities, judicial authorities, and supervisory and control bodies (where necessary) | Fulfillment of the public transport service contract, Fulfillment of legal provisions.” | Titolari autonomi |
We outline below the retention period for personal data or, if not possible, the criteria used to determine such period.
| Personal data and documents. | Retention period or criteria for determining it |
|---|---|
| Personal data and documents related to the creation of the account and the personal area within the website/APP |
Until account deletion and thereafter to fulfill legal retention obligations (to provide proof of the correct fulfillment of the services provided)) |
| Administrative and accounting documentation in compliance with legal obligations | 10 years from the end of the contractual relationship |
| Data used for commercial purposes (e.g., email for newsletter subscription) | For the duration of the subscription to the Service. Afterwards, the data is deleted or anonymized |
In any case, the data will NOT be transferred to non-EU countries.
The data controllers and the respective Data Protection Officers are listed in the tables above. If you wish, you can view an excerpt of the co-controllers’ agreement available on this website in the “Privacy and GDPR” section, or you can request it through the procedure indicated there.
We inform you about the existence of certain rights regarding the protection of personal data, listed below, and how to exercise them with respect to the data controllers:
- Right to withdraw consent (art. 13): You have the right to withdraw your consent at any time for all those treatments whose legal basis is your expression of consent. The withdrawal of consent does not affect the lawfulness of the processing based on the consent before its withdrawal.
- Right of access to data (art. 15): You can request: a) the purposes of the processing; b) the categories of personal data in question; c) the recipients or categories of recipients to whom the personal data have been or will be communicated, especially if recipients are in third countries or international organizations; d) when possible, the retention period of the personal data or, if not possible, the criteria used to determine such period; e) the existence of the right to request the correction or deletion of personal data or the limitation of their processing, or to object to their processing; f) the right to lodge a complaint with a supervisory authority; g) if the data were not collected from the data subject, all available information about their origin; h) the existence of automated decision-making, including profiling as referred to in Article 22, paragraphs 1 and 4, and at least in those cases, meaningful information about the logic involved, as well as the significance and the expected consequences of such processing for the data subject. You have the right to request a copy of the personal data being processed.
- Right to rectification (art. 16): You have the right to request the correction of inaccurate personal data concerning you and to obtain the completion of incomplete personal data.
- Right to erasure (art. 17): You have the right to request the deletion of personal data concerning you when the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, if you withdraw your consent, if there is no overriding legitimate reason to proceed with profiling, if the data have been processed unlawfully, if there is a legal obligation to delete them, or if the data relate to web services for minors without consent. Deletion may occur unless the right to freedom of expression and information prevails, the data are retained to comply with a legal obligation, or for the performance of a task carried out in the public interest or in the exercise of public authority, for public health interests, for archiving purposes in the public interest, for scientific or historical research, or statistical purposes, or for the establishment, exercise, or defense of a legal claim.
- Right to restrict processing (art. 18): You have the right to obtain from the data controllers the restriction of processing when you have contested the accuracy of personal data (for the period necessary for the controller to verify the accuracy of such data) or if the processing is unlawful, or if they are necessary for the establishment, exercise, or defense of a legal claim.
- Right to data portability (art. 20): You have the right to receive in a structured, commonly used, and machine-readable format the personal data concerning you that you have provided and the right to transmit them to another controller, provided the processing is based on consent, contract, and is carried out by automated means, unless processing is necessary for the performance of a task carried out in the public interest or in the exercise of public authority and such transmission does not adversely affect the rights of third parties.
- Right to file a complaint with the Data Protection Authority (art. 77): Without prejudice to any other administrative or judicial remedy, if you believe that the processing of your data violates the personal data protection regulation, you have the right to lodge a complaint with a supervisory authority, notably in the member state where you reside, work, or where the alleged violation occurred.
The exercise of the above-mentioned rights is subject to the limits, rules, and procedures provided by the European Regulation 679/16, which the data subject must be aware of and implement. As per Article 12, paragraph 3, the Controller will provide the data subject with the information related to the action taken without undue delay, and in any case, within 30 days of receiving the request. This period may be extended by 60 days, if necessary, considering the complexity and number of requests. The Data Controller will inform the data subject of such an extension and the reasons for the delay within 30 days of receiving the request.
If you want to exercise one or more of the above rights, you can contact one of the data controllers. If you wish, for the exercise of rights, you can use the model that the data controllers have prepared, which is available on this website in the “Privacy and GDPR” section.