Privacy policy for site visitors

PRIVACY POLICY FOR SITE VISITORS, IN ACCORDANCE WITH ART. 13 OF EU REG. N. 679/2016

Società di Progetto Brebemi S.p.A., with the address located at 25126 Brescia, via Somalia 2/4, tax code and VAT No. 02508160989, through its legal representative p.t. [interim] as the owner of the treatment (hereinafter “Owner”) of the personal data of the users/visitors that consult the website “www.brebemi.it”, requests that you read this notice related to Art. 13 of the General Regulations for Data Protection in the EU No. 679/2016 (hereinafter “GDPR”), which makes reference to the treatment of your personal data, in compliance with the standard in force and based on the specifications indicated below.

This notice is issued exclusively for the website “www.brebemi.it” (hereinafter, the “Site”) and excludes other websites that may come to be viewed by the user through the links provided thereon.

1. Purposes of treatment and categories of data treated

The Owner shall treat the personal identification data (for example, including but not limited to: name, last name, address, phone number, email, payment data, etc., as well as any information provided when filling out the forms found for this purpose on the Site–and which hereinafter may also be referred to as “Data”–) that you freely provide in order to make use of the specific services offered by the Site, which must necessarily be obtained in order to follow-up on the purposes for which you have provided such data.

In addition, the Owner shall treat all of the Data that can be accessed through the IT systems and software procedures designed for functioning of the Site itself (browsing data) and, in any case, all information that must be gathered in order to oversee the functioning and use of the Site, for security reasons, maintenance and for relations with the supervising authorities, and in order to comply with all other applicable legal and contractual obligations.

Purpose, legal grounds for treatment and consequences of omissions in the delivery of data

Your data shall be treated legally and correctly for the purposes described below.

1. Browsing data

a) Allow the Owner to gather anonymous statistical information related to the use of the site “www.brebemi.it” and supervise the correct functioning thereof.

b) Stop, for security reasons (antispam filters, firewalls and virus detection), attempts to harm the site itself and to harm users, and to avoid harmful activities or activities that are considered crimes.

c) Perform all of the other functions necessary for or instrumental to the operation of the site, including the installation of technical cookies that improve the functioning of the site. Please consult the Cookies Policy for specific provisions in this regard. We can hereby clarify that cookies shall not be used to transmit personal data, and cookies of no kind shall be used for follow-up on users. The use of the session cookies (which are not stored permanently on the user’s computer and disappear when the browser is closed) is strictly limited to the transmission of the identification data for the session (comprised of random numbers generated by the server) required to allow for safe and efficient exploration of the site. The session cookies used by our site do not implement other IT techniques that may be potentially harmful to the confidentiality of our users, and they do not allow for collection of the user’s personal identification information.

d) Allow the Owner to comply with the legal, accounting, tax-administrative and contractual obligations related to management of the site and the granting of the requested services, as well as the correct handling of the relationships with the authorities, supervisory bodies and third-party public entities for the purposes related to specific requests, in compliance with the applicable legal obligations or other procedures.

This information shall be gathered by the Owner in accordance with Art. 6, section 1, letter “b)” of the EU GDPR, in order to allow you to navigate correctly on the site, for the reasons indicated above.

1. Data provided voluntarily by the user

This category includes the information (name, last name, email address, CV information, content obtained through the online forms completed, etc.) voluntarily provided by the user through the sections offered for this purposes through the site, which includes the pages “Work with us”, “Contact us”, “Claims”, “Complaints”, “Attention and reports”, “Volunteer associations”, “Special transport”, “Tolls”, “Toll discounts and assistance”. In the same way, this information shall be obtained by the Owner in accordance with Art. 6, section 1, letter “b)” of the GDPR, in order to follow up on your request.

Particularly with respect to the submission of a resumé on your own behalf–performed either through an online form or through the contacts found on the site–it is hereby clarified that the personal data included therein shall be used by the Owner to initiate a potential selection process.

With respect specifically to entry to the “Tolls” section, in particular the form to be completed for online toll payments, the data provided shall be treated by the Owner solely for the purpose of allowing you to make the deposit in question, redirecting you to the site of the Credit Institution responsible for online payments, as well as for the subsequent administrative-accounting closing of the pending toll payment.

With respect to the personal data provided by the user (at the Customer Service Centers, namely, via email, regular mail or registered mail, fax, toll free number and/or through online contacts) by completing the forms found on the www.brebemi.it website, this information shall also be treated by the Owner solely for the purpose of following up on your request.

1 Marketing and commercial communications

Commercial promotion, sales and the improvement of products and services, as well as market research.

These activities, which shall be carried out exclusively after obtaining your separate specific consent (ex Art. 7 GDRP), which you may grant or not grant, have the following objectives:

C.1. Allow the Owner to perform market research and analyses in order to determine the level of satisfaction of its clientele with the quality and nature of the services provided and the initiatives related to improvement in the services provided. The objective is also to send you promotional material and/or notices and direct commercial and marketing information on new products for sale and the new services offered by the Owner, or third parties (also including the Companies related to any way with Brebemi: controlling companies, controlled companies and/or associated companies), as well as the corresponding offers, discounts and all other promotional and loyalty initiatives offered to you, through traditional contact methods (physical mail or operator phone calls).

C.2. Allow the Owner to perform market research and analyses in order to determine the level of satisfaction of its clientele with the quality and nature of the services provided and the initiatives related to improvement in the services provided, as well as to send you promotional material and/or notices and direct commercial and marketing information on new products for sale and the new services offered by the Owner, or third parties (also including the Companies related to any way with Brebemi: controlling companies, controlled companies and/or associated companies), as well as the corresponding offers, discounts and all other promotional and loyalty initiatives offered to you through the use of automated call or communication systems not involving operators, namely, via email and/or SMS messages or other similar methods.

The treatment of the data for the aforementioned purposes (both “C.1” and “C.2”) is permitted with respect to the free circulation of the data, as established in the GDPR, and may be realized in the form of activities aimed at complying with the Owner’s legitimate commercial interests, which include the commercial development activities that it performs. The delivery of this data for these purposes is optional, so you can decide not to provide any information, or subsequently refuse the potential treatment of the data previously provided; in this case, you will be unable to receive commercial communications and materials provided as part of the services offered by the Owner.

3. Methods of treatment

The treatment of your data is carried out through the operations indicated in Art. 4, point 2) of the GDPR, and includes the collection, registration, organization, structuring, retention, adaptation or modification, extraction, consultation, use, communication through transmission, diffusion or any other method available, comparison or interconnection, limitation, elimination or destruction of Data.

The data that you provide shall be treated both in paper form and electronically. The data obtained shall be subject to treatment in full respect of the standards in force, as well as the principles of legality, correction, transparency, no excess and confidentiality protection and respect of your rights.

Treatment for the data of minors is not included.

4. Data retention period

The owner shall retain the data, respecting the local laws and policies and the company’s internal procedures, for the time necessary to complete the aforementioned purposes, and to comply with its legitimate commercial interests and legal obligations, or to establish, exercise or defend its legal rights. When the need to retain the data for such purposes expires, it shall be eliminated securely. For more information on the terms for retention of the documentation, see the extract of the Personal Data Retention Policy of Società di Progetto Brebemi S.p.A.

5. Communication, diffusion and access to your data

The data that you provide may be made available for the purposes described above to:

Dependents and workers of the Owner, both in Italy and abroad, as, namely, the parties responsible and/or sub-parties responsible, persons authorized for treatment in accordance with the GDPR, and/or subjects that perform specific functions and tasks under ex Art. 2-14 of D.Lgs. n. 196/2003.
Other companies (among others, the concession owner Argentea Gestioni S.c.p.A) that in any way are linked to Brebemi (controlling companies, controlled companies and/or associated companies) in Italy or abroad, and the dependents and workers thereof (for example, for administrative or accounting purposes).
Other third party companies or other subjects (including but not limited to, credit institutions–including potential online payments by users–, financial intermediaries, loan insurance companies, professional firms, advisors, etc.) that perform outsourcing activities on the Owner’s behalf, as parties with external responsibility for the treatment thereof, including suppliers and the subjects responsible for execution of auxiliary services or services instrumental to the purposes described above, with which the Owner has entered into agreements establishing the pertinent terms.

The Owner also reserves the right to grant third-party access to personal data, including: IT providers for systems development purposes and technical assistance; reviewers and advisors to verify compliance with the external and internal requirements; legal entities, agencies responsible for application of the law and parties involved, in accordance with the legal obligations for communication and request; potential successors or commercial associates of the Owner or a company with ties thereto (controlling companies, controlled companies and/or associates) in the case of sale, assignment or other extraordinary transactions; public safety authorities, police forces, armed forces and other public administration entities, for compliance with the obligations established by the law, regulations or standards of the European Community.

Should such subjects be located in countries outside the EU, the Owner guarantees that the transfer of data to outside the EU shall be performed in accordance with the applicable laws, with prior stipulation of the standard contractual clauses indicated by the European Commission.

6. Data transfer

The data shall be retained on servers located within the European Union. Should it be necessary for the Owner to transfer date to locations outside the EU, such transfer shall be performed in accordance with the applicable laws, with prior stipulation of the standard contractual clauses indicated by the European Commission.

The Owner shall apply all protections necessary to such transfer in accordance with the privacy standards.

7. Rights of the interested party

As the interested party, you enjoy the rights set forth in Art. 13, section 2, letters b), c) and d), and Art. 15, 16, 17, 18, 19 and 21 of the GDPR, and more specifically the rights to:

Obtain confirmation of whether or not data related to you exists, even if it has not yet been registered, with communication in an understandable fashion.
Obtain a statement of: a) the origin of the data (when not obtained from the interested parties themselves; b) the purposes and methods of treatment, as well as the related legal grounds; c) the logic applied in the case of treatment performed with the assistance of electronic instruments; d) the identification data of the Owner, the Party responsible for protection of the data (when one was appointed) and the representative that may have been appointed in accordance with Art. 13, section 1 of the GDPR; e) the subjects or categories of subjects to which such data may be communicated or who which may informed of such, as the representatives designated in the territory of the State and as individuals responsible.
Obtain a) updates and corrections; that is, when you so desire, of the data compiled; b) elimination, transformation to anonymous or the blocking of personal data treated in violation of the law, including information that need not be subsequently retained for the purposes for which it was collected or treated; c) proof that the operations mentioned in letters a) and b) were carried out with the knowledge of the individuals to which such data was communicated or diffused, as well as with respect to the content thereof, except in the case that such compliance is impossible or implies the use of clearly excessive means with respect to the right being protected.
Oppose in full or in part, a) for legitimate reasons, to the treatment of the data in question, although it may also be related to the purposes of the collection; b) to the treatment of the data in question for the purpose of sending promotional or direct sales materials, or for the performance of market research or commercial communications through the use of automated calling systems [telephone] without the use of operators, through email and/or through traditional methods of telephone or mail marketing. Please note that the right to opposition by the interested party indicated in point b) above, for purposes of direct marketing through such automated means also extends to traditional methods, and that, in any case, the interested party retains the right to decide whether to receive communications solely through traditional methods, namely, solely automated communications, or also neither of the two communication methods.
When this applies, they shall also enjoy the rights established in Art. 16-21 of the GDPR (right to rectification, right to elimination, right to limitation of treatment, right to data portability, right of opposition), as well as the right to complain before the competent Authority.
Revoke at any time the consent that may have been granted at any time.

With respect to the right to data portability, the interested party may request the receipt or transfer of their personal data in possession of the Owner, in a structured format that is legible and of common use, for an ulterior personal use; that is, to provide it to other similar owners for treatment. With respect to the contractual relationship, in general terms, the data that can be subjected to portability is the identification [name, last name, date and place of birth] and contact information.

8. Forms of exercise of the rights

You may, at any time, exercise your rights or submit a request by sending registered mail to: Società di Progetto Brebemi S.p.A.–P.I.: 02508160989–, with the legal address located at 25126 Brescia en vía Somalia 2/4; or also via email to privacy@brebemi.it. The response period is one month. This may be extended to two months in particularly complex cases; should this occur, within a maximum term of one month, the Owner shall send a communication indicating the reasons for the extension.

The Owner has the right to request the information required to identify the requestor. In general terms, this exercise of rights is free, except in the case of requests that are clearly excessive or lacking grounds.

9. Owner, Party responsible for data protection and Categories of individuals responsible for treatment

The Owner responsible for treatment is the company Società di Progetto Brebemi S.p.A.–P.I.: 02508160989, with the legal address located at 25126 Brescia en vía Somalia 2/4, through its Legal Representative p. t. [interim]. The party responsible for data protection can be contacted at the following email address: privacy@brebemi.it.

The list of Categories of individuals responsible for treatment is kept at the Owner’s legal address.