EDIALOG PROTECTS THE PRIVACY OF ITS USERS: ALWAYS!
METHOD OF COLLECTION AND TYPE OF DATA USED BY EDIALOG S.R.L.
(artt. 13-22 Regolamento UE 679/2016)
EU Regulation 679/2016 (hereinafter “GDPR”) has, among others, the purpose of ensuring that the processing of personal data is carried out in compliance with the rights, fundamental freedoms and dignity of persons, with particular reference to confidentiality and personal identity, being therefore the express duty of EDIALOG Srl give full information to its Users and Partners on its privacy policy. The data provided to EDIALOG S.r.l on the pages of the website www.edialog.it at the time of registration by the Edialog User and affiliation by the Edialog Partner and subsequently when using the services provided by EDIALOG S.r.l. will be processed in compliance with the provisions of the aforementioned GDPR. Pursuant to art. 13 and ss. of the GDPR, we inform you of the following.
METHOD OF COLLECTION AND TYPE OF DATA USED BY EDIALOG S.R.L.
In order to use the services provided by EDIALOG S.r.l. Registration on the website www.edialog.it is required by the Edialog User, and affiliation by the Edialog Partner. At the time of registration on the site (or at the time of the conclusion of the rental agreement, also with the Partner Edialog, responsible for the treatment) the name, address, telephone number, e-mail address are provided by Edialog Users , fiscal data for billing, copy of driving license and identity card, while data for payment in secure mode (or details of authorized credit cards) are provided directly to the third party provider of the related service on behalf of EDIALOG Srl; as well as, at the time of affiliation or on the occasion of the subsequent use of the portal services, the Edialog Partners are provided with the name or company name, address, telephone number, e-mail address or e-mail address certified, copy of the legal representative’s identity card, number plates, photographs copy of vehicle registration documents and insurance documentation relating to rental cars and the company’s bank references (iban code). Access to the website edialog.it even without registration, may involve the collection, by EDIALOG Srl, of certain information such as the user’s IP address, browser and data relating to the operating system of the computer used, application version, language settings and pages visited. If a mobile device is used, EDIALOG S.r.l. it may also collect data on the device, its settings and characteristics and on latitude / longitude. EDIALOG S.r.l. may also collect personal data on Edialog Users and Edialog Partners when they use some social media services, or from third parties (including advertisers and partners) with whom EDIALOG S.r.l. works to provide its service. In such cases EDIALOG S.r.l. will use this data only if the user has consented to the sharing of data by third parties or by EDIALOG S.r.l. or if EDIALOG S.r.l. has a legitimate interest in using them in order to provide the user with their services.
PURPOSE AND LEGAL BASIS OF THE PROCESSING OF THE TREATMENT
2a. The data of Edialog Users and Edialog Partners are collected, processed and used primarily for purposes directly connected and instrumental to the activation and operation of the services provided by EDIALOG S.r.l .; in this case the legal basis of the processing is the execution of contractual and pre-contractual measures adopted at the express request of the User and / or Partner (these types of processing include, by way of example and not exhaustive, the account registration data user, creation of the affiliate profile, use of the service, payment and billing, communications with Customer Care for purposes related to the service). 2b. The data of Edialog Users and Edialog Partners may also be collected, processed and used for advertising, marketing, promotional purposes, participation in research and surveys; in such cases, the legal basis of the processing is the prior consent of the User and / or Partner, but also the legitimate interest of EDIALOG S.r.l. to make known its activities and initiatives (these types of processing include, by way of example, the forwarding of newsletters, commercial proposals, etc.). 2c. Finally, the data of Edialog Users and Edialog Partners may be collected, processed and used to fulfill legal obligations (for example, tax, accounting, administrative checks, investigations by the Judicial Authority, User identification obligations in the event of a claim or violations of the highway code); in such cases, the legal basis of the processing is the execution of a legal obligation to which the Data Controller is required.
CONSEQUENCES OF FAILURE TO COMMUNICATE PERSONAL DATA
The communication of personal data is to be understood as a mere faculty and not an obligation, however it is necessary for the purposes of carrying out the activities and the fulfillment of the obligations referred to in point 2 above (letters a., B. And c.); in the absence of providing the aforementioned data, the contractual relationships with Users and Partners cannot be considered completed and the related services cannot be provided by EDIALOG S.r.l.
COMMUNICATION OF DATA
The personal data of the User and the Partner may be disclosed to specific subjects appointed by the Owner for the provision of services that are instrumental or necessary for the execution of the obligations connected with the use of the website edialog.it. In particular, the data may be disclosed to: 1) people, companies or professional firms, who provide assistance, consultancy or collaboration to EDIALOG S.r.l. in accounting, administrative, legal, tax and financial matters; 2). subjects delegated and / or appointed by EDIALOG S.r.l. to carry out the activities or part of the activities related to the provision of services; 3) Public Administrations for the performance of institutional functions within the limits established by law or regulations. The data of Users and Partners are not subject to disclosure or to any fully automated decision-making process, including profiling.
TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY
Personal data may be transferred to European Union countries and non-EU countries exclusively for the purposes referred to in point 2, letter a above. – or if it is strictly necessary for the execution of the services offered – and letter b. – or for example, where, for the management of external services of which EDIALOG S.r.l. makes use (as in the case of the management of the website or the e-mail box), the third party suppliers of the same – as external managers – use servers located in third countries. In such cases, the transfer to third countries will take place in compliance with the GDPR and therefore on the basis of a decision of the European Commission on the adequacy of the level of protection of personal data guaranteed by the third country (for example on the basis of the adequacy decision with reference to the transfer to the USA-Privacy Shield), not requiring any specific authorization in the aforementioned hypotheses; gradually the transfer in question may take place on the basis of adequate guarantees or, failing that, on the basis of consent.
METHOD OF TREATMENT
The data is collected electronically and processed through registration, consultation, communication, storage, cancellation operations, carried out mainly with the aid of electronic tools, ensuring the use of suitable measures for the security of the data processed and guaranteeing confidentiality. of the same. The data of Users and Partners stored electronically are kept and archived on a server used by Edialog S.r.l .. The data recorded on the server is protected against the risk of intrusion and unauthorized access. The security measures adopted by Edialog S.r.l. are suitable for ensuring the integrity and availability of data as well as the protection of areas and premises relevant for the purposes of their custody and accessibility. Personal data will be processed by collaborators and / or employees of the Data Controller as managers or processors, within the scope of their respective functions and in accordance with the instructions given by the Data Controller. In order to guarantee the security in the management of the data of the Users and Partners and in particular the information relating to the Edialog S.r.l. credit cards. uses the PayPal payment system which adheres to the international PCI-DSS compliance standards (Payment Card Industry Data Security Standard). Confidential information relating to credit cards will be treated by intermediaries and card issuers in compliance with the Privacy Code.
STORAGE OF PERSONAL DATA
The processing of personal data for the purposes referred to in point 2, letters a. and c. will last for the time necessary to provide the EDIALOG Srl services, or as long as the User and / or the Partner maintain their registration on the website edialog.it and will be stored, in storage, beyond the execution of the services EDIALOG Srl required, for a period of ten years, subsequent – with regard to the data relating to the single service – to the filing of the relative practice (i.e. when, for example, the single rental is concluded, the fees of EDIALOG Srl have been paid or once the relative law has been prescribed, the collateral events relating to any penalties to the highway code, to any accidents, technical stops, etc.) or – as regards general data – following the deletion of the profile from the site have been exhausted; at the end of this ten-year period, personal data and documents may be respectively eliminated and destroyed. The processing of data for the purposes referred to in point 2 letter b. will last indefinitely until consent is revoked, if previously given, or until notice of opposition to further processing for the aforementioned purposes.
RIGHTS
The User and the Partner, in accordance with the GDPR, have the right to: 1) ask EDIALOG S.r.l. access to their personal data and information relating to them; the correction of inaccurate data or the integration of incomplete ones; the cancellation of personal data concerning him (upon the occurrence of one of the conditions indicated in Article 17, paragraph 1 of the GDPR and in compliance with the exceptions provided for in paragraph 3 of the same article); the limitation of the processing of their personal data (in the event of one of the hypotheses indicated in art. 18, paragraph 1 of the GDPR); 2) request and obtain from EDIALOG S.r.l. – in the hypothesis in which the legal basis of the processing is the contract and the same is carried out by automated means – their personal data in a structured and readable format by automatic device, also in order to communicate such data to another data controller ( cd right to the portability of personal data); 3) object at any time to the processing of their personal data in the event of particular situations concerning them; 4) withdraw consent at any time, limited to cases in which the processing is based on consent for one or more specific purposes and concerns common personal data (for example date and place of birth or place of residence). The treatment based on consent and carried out prior to the revocation of the same retains, however, its lawfulness; 5) lodge a complaint with a supervisory authority (Authority for the protection of personal data – www.garanteprivacy.it).
METHOD OF TREATMENT
The data is collected electronically and processed through registration, consultation, communication, storage, cancellation operations, carried out mainly with the aid of electronic tools, ensuring the use of suitable measures for the security of the data processed and guaranteeing confidentiality. of the same. The data of Users and Partners stored electronically are kept and archived on a server used by EDIALOG S.r.l .. The data recorded on the server is protected against the risk of intrusion and unauthorized access. The security measures adopted by EDIALOG S.r.l. are suitable for ensuring the integrity and availability of data as well as the protection of areas and premises relevant for the purposes of their custody and accessibility. Personal data will be processed by collaborators and / or employees of the Data Controller as managers or processors, within the scope of their respective functions and in accordance with the instructions given by the Data Controller. In order to guarantee the security in the management of the data of Users and Partners and in particular the information relating to credit cards, EDIALOG S.r.l. uses the STRIPE payment system (www.stripe.com/it/privacy) which adheres to international compliance and security standards. The confidential information relating to credit cards and in general to the payment methods of Edialog Users will be handled directly and exclusively by the aforementioned intermediary without ever entering the availability of EDIALOG S.r.l ..
LEARN MORE ABOUT COOKIES, SEARCH ENGINES AND LOCATION DATA
EDIALOG S.r.l. uses cookies from text files that are exchanged with the browser that visits edialog.it. The cookie is a small text file that is recorded by the browser and allows you to store data from web pages and browser sessions that could be used later on the site. The data allows the site to keep the user’s information between pages and also to analyze the way in which it interacts with the site. The Data Controller EDIALOG S.r.l. uses some “first party cookies” – generated and used by the website – and also “third party cookies” – generated on the website edialog.it. Cookies allow EDIALOG S.r.l. to memorize every element of the Edialog User’s reservation and support the service activity provided by EDIALOG S.r.l. making browsing by Users more efficient. Cookies are able to store only text content, always anonymous and usually encrypted. They cannot be transformed into codes and cannot be used by EDIALOG S.r.l. to access the Users ‘and Partners’ computers. The Data Controller will never store any personal information in a cookie. There are two different types of cookies: Session and Persistent. They are used for different reasons and contain different information. Session Cookies contain information that is used in the current browser session. These cookies are automatically deleted when the browser is closed. Nothing is stored on the computer beyond the time of use of the site. Persistent Cookies are used to maintain the information that is used in the period between one access and another to the website. This data allows sites to recognize who already known users or visitors and adapts accordingly. “Persistent” cookies have a duration that is set by the website and that can vary from a few minutes to several years. All web browsers allow you to limit the activity of cookies or disable cookies through the browser options. The actions to be taken are different for each browser. Through their browser, each User can also view the cookies located on their computer, delete some or delete them all. Following the deactivation of cookies, some of the functions of edialog.it may not be usable.
HOLDER OF THE TREATMENT
The owner of the processing of personal data is the company Edialog S.r.l. with registered office in via della Lodesana, 649sx, 43036 Fidenza (PR), Italy, P.I. 02962450348 registered at the Parma Chamber of Commerce under no. REA PR 280688 (hereinafter also referred to as the “Owner”). The Data Controller can be contacted at the e-mail address info@edialog.it, also for any need relating to access to data. The Data Controller has not appointed a Personal Data Protection Officer.