The Protection of Personal Data
On the 27th April 2016, the European Union approved a major reform of the legal framework relating to the protection of personal data by adopting the "General Data Protection Regulation" (GDPR or Regulation), directly applicable in all Member States. The Regulation replaces Directive 95/46 / EC ("Data Protection Directive") and its application becomes mandatory beginning on the 25th May 2018, two years after its entry into force.
The new Regulation reinforces the protection of the rights to protection of personal data (Data Protection), in line with the recognition of the protection of personal data as a fundamental right of the EU. The Regulation also represents a necessary and urgent response to the challenges posed by technological developments that allow the collection and processing of large amounts of personal data in real time, allowing the development of automated decisions that go beyond human intervention. The Regulation meets the need to protect the private sphere increasingly felt by European citizens.
The Mercitalia Rail Srl believes that the protection of its Customers, Employees, and Suppliers personal data is an obligation independent of simple regulatory compliance. For this reason, it has its own Data Protection Framework understood as a set of roles and responsibilities, internal rules, and methodologies, aimed at guaranteeing the management and mitigation of risks of the rights and freedoms of natural persons linked to the handling of personal data.
EU Regulation 2016/679 (articles 15 to 23) gives interested parties the right to exercise specific rights. In particular, in relation to the processing of personal data, subjects have the right to ask Mercitalia Rail Srl.: access to personal data; the rectification, deletion, and portability of personal data; limitation of data handling; and opposition to handling. In particular:
Furthermore, you can lodge a complaint against the Supervisory Authority, which in Italy is the Guarantor for the Protection of Personal Data.
At any time, you can ask to exercise your rights to Mercitalia Rail Srl by emailing firstname.lastname@example.org or by contacting the Data Protection Officer at email@example.com.
Information on the Protection of Personal Data
Personal data processing for users who visit the www.mercitaliarail.it website
This information (together with other documents mentioned within) describes the personal data that we collect from users and how we process it. This information only concerns the processing of personal data of users who visit the mercitaliarail.it website, for the purposes specified below, and does not concern any information collected through other means, methods, sources, or any other sites accessible by the user through links present on mercitaliarail.it, unless explicitly specified.
Below are references for Mercitalia Rail Srl:
The personal data collected/processed by the site is detailed below, within the limit of the purposes defined in this statement:
Personal data will be processed with automated tools only for the time strictly necessary to achieve the purposes for which it was provided and any related IT support will be protected through the adoption of appropriate technical and organizational measures pursuant to art. 32 of the GDPR.