You are here
Privacy Regulations
Information on the protection of personal data GDPR 2016/679
Interested parties: clients and third parties
The updated version of this policy is also available at all times on the following website: https://www.privacylab.it/informativa.php?21287470351 [IT version]
ABOUT US
The company Ve.La. S.p.A - (from this point forward referred to as Vela), with its registered office in Venice, Isola Nova del Tronchetto 21, is the Data Controller of the personal data collected; Vela is subject to the management and coordination of AVM S.p.A. and performs several activities, which include: (i) distribution, marketing and sale of transport tickets and tickets granting access to public and private services, such as museums, cultural institutions, shows, sporting events and other similar activities; (ii) activities for the coordination, development and distribution of services and products, aimed at improving the quality of visits and the management of tourist flows in the Municipality of Venice; (iii) programming artistic and entertainment events, including the great traditional Venetian festivals, and adding value to marketing activities linked to the brand of the City of Venice; (iv) promotion and management of the spaces under the ownership of the Municipality of Venice in the premises of the Arsenale.
THE PERSONAL DATA THAT MAY BE COLLECTED FROM YOU
In the framework of the activities, we may collect and then process various categories of standard personal data, specifically: personal and contact data (information relating to name, place and date of birth, fiscal code, address, telephone number, e-mail, PEC-certified e-mail), mobile device data (operating system and browser), geolocation data (Your location information is only processed if you have voluntarily activated the geolocation functionality on Your mobile device and use the specific services of the app to geolocate Your position), credit card payment data (name and surname of the credit card holder and only the first four and last four digits of the card number, excluding CVC, PIN expiry date or other information relating to the actual card), economic data (information relating to the payment method, billing data), data collected through Radio Frequency Identification (RFID) technology (information related to ticketing and the validation of tickets, and therefore localisation, if you have subscribed to the Venezia Unica card and the local public transport service), data relating to Your education and/or career and/or profession and/or employment history, data on the use of services operated by the company and related purchases that you have completed, the photographic image on the card or uploaded to the AVM official App profile, the serial number of the Venezia Unica card, information regarding the method with which corporate apps are used, video recordings of events, meetings, and congresses.
In addition, as a result of the information you provide us with, we may eventually come into possession of special categories of personal data and, in detail, data relating to Your health for the purpose of granting rate subsidies and/or refunds.
The processing of these special categories of data is executed in compliance with Article 9 of the GDPR. In such cases, Your explicit consent is mandatory, in the absence of which we are unable to process the file. If necessary, therefore, this consent is going to be specifically requested from you.
PURPOSES FOR WHICH YOUR DATA MAY BE USED
Specifically, Your data is processed for the following purposes, which are in relation to the implementation of statutory requirements:
- compliance with legally binding fiscal and accounting requirements.
Your data will also be used for the following purposes relating to the performance of measures connected with contractual or pre-contractual obligations:
- management of online booking services;
- customer management (establishment and execution of contractual relations and the resulting obligations, including communication relating to services);
- processing of claims for compensation for the eventuality of damages.
Your personal and contact data will also be used for the following purposes necessary for the fulfilment of the holder's legitimate interest:
- the processing and management of any litigation and dispute procedures;
- the execution of institutional surveys aimed at measuring the level of satisfaction (so-called customer satisfaction) of the provided service.
HOW WE KEEP YOUR PERSONAL DATA SECURE
All of Your personal data is stored in our records or the records of our suppliers or business partners. It is accessible and used in compliance with our security standards and policies (or the equivalent standards applied by our suppliers or business partners).
Your personal data may be processed using the following methods:
- processing using computers and IT systems;
- manual processing in the form of paper records.
AVM uses a wide range of security measures to improve the protection and maintenance of the security, integrity and accessibility of Your personal data.
The measures we implement include, and are not limited to, the following:
- strict restriction of access to Your personal data on a need-to-know basis and only for the specified purposes;
- perimeter security systems to prohibit unauthorised access from external sources;
- permanent monitoring of access to information systems in order to detect and stop the misuse of personal data;
- vulnerability tests aimed at highlighting any gaps in perimeter security;
- tracking of access to Your personal data by our staff and the control of the purpose it serves;
- double-factor authentication;
- encryption using Secure Socket Layer (SSL) technology in the case of transactions on our websites that require You to submit Your personal data.
If we have provided You with (or You have chosen) a password that allows You to access certain areas of our website or other portals, applications or services provided to You by our company, please remember to keep this password secret and also to follow any other security procedures that are provided to You.
WHO WE CAN SHARE YOUR PERSONAL DATA WITH
Your data is only processed by our specifically instructed and authorised staff and, more specifically, by the following categories of staff:
- VELA employees in the specific relevant departments.
In order to execute some of the processing activities, we may communicate Your personal data to the following categories of external parties, who will process them either as independent data controllers or as data processors duly appointed in compliance with the applicable legislation:
- banks and credit institutions;
- insurance companies;
- subsidiary and associated companies;
- consulting and IT services companies;
- the law firm in charge of any litigation.
Your personal data will not be otherwise disclosed.
HOW LONG WE RETAIN YOUR INFORMATION
In compliance with the principles of lawfulness, purpose limitation and data minimisation, under Article 5 of the GDPR, we retain Your personal data only for the time necessary to achieve the purpose for which it was collected or for any other legitimate related purpose. Therefore, if personal data is processed for two separate purposes, we retain that data until the purpose with the more extended retention period expires, but we do not continue to process personal data for the purpose for which the retention period has expired. We restrict access to Your personal data only to the subjects who require them to fulfil their tasks.
The personal data that are no longer required, or for which there is no longer a legal requirement for the retention thereof, is irreversibly anonymised (and as such can be safely stored) or destroyed.
Below are the retention times in relation to the different purposes listed above:
- 1 year after the expiry of the Venezia Unica card, unless the card has been renewed;
- 10 years after the termination of the contract, in compliance with legal obligations, with regard to the storage of accounting records under Article 2220 of the Italian Civil Code (contract, correspondence, invoices);
- 3 years after receiving a customer satisfaction survey;
- for the time necessary to undertake a legal defence procedure.
YOUR DATA PROTECTION RIGHTS AND YOUR RIGHT TO LODGE COMPLAINTS WITH THE SUPERVISORY AUTHORITY
You are entitled to obtain, if the conditions provided for by law are met, confirmation as to whether or not personal data concerning You exist, to have them communicated to You in an understandable form and to lodge a complaint with the supervisory authority.
More specifically, You are entitled to be provided with:
- access to Your personal data and all related information (Article 15 of the GDPR);
- the correction of inaccurate personal data and the integration of incomplete personal data (Article 16 of the GDPR);
- the erasure of personal data if any of the cases specified in Article 17 of the GDPR exist;
- the restriction of the processing of Your personal data if any of the conditions specified in Article 18 of the GDPR exist;
- the portability of personal data (Article 20 of the GDPR)
You are entitled to object, in whole or in part, to the processing of personal data relating to You:
- for legitimate reasons against processing personal data concerning the Data Subject, even if it is relevant to collection purposes.
CONTACT DETAILS
Please be informed that the Data Controller is Ve.La. S.p.A (Isola Nova del Tronchetto 21, 30135 Venice (VE), VAT number 03069670275. Contact details: e-mail vela@velaspa.com, telephone + 39 041 27 22 661).
We also inform You that we have appointed an external Data Protection Officer (DPO), whom You are entitled to contact as a general contact on issues relating to the protection of Your personal data and associated rights.
- DPO Data Protection Officer e-mail contact details: dpogruppoavm@avmspa.it
If You have any complaints or concerns about how we process Your personal data, we will make every effort to respond to Your concerns. In any case, and if You prefer, You may forward Your complaints or remarks to the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) using the contact details listed at the following website: www.garanteprivacy.it
The updated version of this policy is also available at all times on the following website: https://www.privacylab.it/informativa.php?21287470351 [IT version]