INFORMATION
ON THE PROCESSING OF PERSONAL DATA
Pursuant to Regulation (EU)
2016/679 ("GDPR"), BUGS ("Bugs Technologies di Lagattolla Dario" or the "Data Controller")
provides below the information regarding the processing of your personal data
("Information") - provided by you and/or acquired by the Owner from
third parties to allow you to access the Service and/or during the Rental
and/or the Service - implemented by BUGS when you use our services, as better
described in the Rental Agreement. Furthermore, we inform you that your
personal data will also be processed for the creation of access credentials
suitable for accessing any ancillary services that could integrate the rental
service.
1.
Identity and contact details of the Data Controller
The Data Controller is
“Bugs Technologies di Lagattolla Dario”, with
registered office in Ancona, Via Togliatti 61 C.F. n. LGTDRA79B02A271A and VAT
no. 02958420420 Any requests regarding the processing of personal data can be
transmitted by sending an email to info@bugsconero.com.
2.
Purpose of the processing and legal basis of the processing
a) Legal purposes –
processing necessary to fulfill a legal obligation to which the data controller
is subject
Your personal data may be
processed, without the need for your consent, in cases where this is necessary
to fulfill obligations deriving from legal provisions in both civil and fiscal
matters, community legislation, as well as approved standards, codes or
procedures. by Authorities and other competent institutions.
Furthermore, your personal data may be
processed to follow up requests from the competent administrative or judicial
authority and, more generally, from public entities, in execution of legal
formalities, as well as to manage relationships with said authorities (e.g. : re-notification to the actual violator of the
notification of violations of the Highway Code).
The provision of personal
data for this purpose is mandatory; in case of failure to provide personal
data, it will not be possible to provide the Service.
The legal basis of this
processing consists in the need to fulfill legal obligations (art. 6, paragraph
1, letter c) GDPR).
b) Purpose of registration
and creation of a user suitable for accessing the BUGS app
Your personal data will be
processed for the purposes relating to and/or connected to registration and/or
access to the Service when you register as a new customer.
Specifically, your data
will be processed:
- to allow you to register for the first
time on the BUGS Service
c) Necessary contractual
purposes - processing necessary to fulfill a contractual obligation to which
the data controller is subject or to execute a specific request of the
interested party
Furthermore, your personal
data will be processed for the purposes relating to and/or connected to the
provision of services by BUGS, such as specifically:
- for the execution of the
General Conditions, the Regulations and/or for the provision of the Service, as
well as ancillary, accessory and/or connected services, as described in the
same documents (including the application of tariffs and penalties
);
- for the provision of the
Service requested by the customer with registration on the BUGS App, as
described above, including the storage and processing of data for the purposes
of establishing and subsequent operational, technical and administrative management
of the relationship (and account and profile created by the customer) connected
to the provision of the Service and the carrying out of communications relating
to the performance of the Service;
- for the registration of
the point of collection and the point of release of the vehicle by the customer
for the purposes of correct invoicing of the service;
- for the management of
payments for the requested Service and any additional economic charges, based
on the provisions of the Rental Agreement and/or other specific contractual
conditions published on the website or otherwise made available to the customer.
Please note that BUGS will not process in any way as data controller the
payment card data you have registered in the app;
- for the preparation of
measures aimed at protecting against credit risk, including activities aimed at
identifying the customer and his economic reliability/solvency, also during the
contractual relationship.
Such data - the provision
of which is necessary for the operational, economic
and administrative execution of the service - will also be processed with
electronic tools, recorded in specific databases, and used strictly and
exclusively within the scope of the existing contractual relationship.
Since the communication of
your data for the aforementioned purposes is necessary
for maintenance and the provision of all services connected to the contract,
failure to communicate will make it impossible to provide the specific services
in question.
In such cases, the
acquisition of your consent is not required because the legal basis of such
processing consists in the need to execute a contract to which the interested
party is a party and/or pre-contractual measures adopted at the request of the
same (art. 6, par. 1, letter b) GDPR).
d) Electronic
verification of identification documents – consent
Your personal data will be
processed, subject to your consent, by BUGS in order to
allow easier management and verification of your national or foreign
identification documents and driving licence, to
prevent fraud and identity theft.
To validate your national
or foreign identity document and the Italian driving license or the
international driving permit or the sworn translation of the foreign driving
license, the photographs (which you will have taken yourself) and/or images of
your identity document, of the your national or
foreign driving license and your face which must be clearly recognisable.
In order to proceed with this comparison, your express
consent is required when registering for the service so that you can uniquely
identify yourself as a user of the rental service.
The legal basis of the
processing described above consists in consent (art. 6, paragraph 1, letter a)
GDPR). Giving consent is always optional, for any doubts write to BUGS Customer
Service.
e) Commercial and marketing
purposes - consent
Your personal data may also
be processed, subject to the granting of your free, specific, informed and unequivocal consent, for the preparation of
promotional initiatives of a commercial nature and the carrying out of analyzes
and market research relating to the Data Controller's own services and
activities or of third parties. These activities may concern products and
services of the Owner, as well as commercial partners and may be carried out
via email, including electronic mail, and messages (e.g. SMS) and push
notifications.
Consent to the processing
of data and communication to the subjects indicated below for the
aforementioned purposes is optional and may be directly revoked by the
customer, at any time, by writing to the contact details indicated in this
information and/or by following the instructions contained in the commercial communications , without prejudice to the lawfulness of the
processing based on consent before the revocation. Failure to consent or its
revocation will have no consequence on the contractual relationship established
and/or to be established with BUGS.
The legal basis of the
processing described above consists in consent (art. 6, paragraph 1, letter a)
GDPR).
f) Legitimate interest of
the Data Controller
The Data Controller may
process, without your consent, your personal data in the following cases:
- in the case of
extraordinary operations of merger, assignment, rental
or transfer of a business branch, in order to allow the implementation of the
operations necessary for the due diligence activity and preparatory to the
transfer. It is understood that the exclusively necessary data will be
processed for the aforementioned purposes, in the most aggregated/anonymous
form possible;
- analysis of the use of
the rental services used, to identify consumption habits and propensities, to
improve the services provided and to satisfy specific customer needs, or
preparation of initiatives linked to the contractual relationship and aimed at
improving the services provided, such as for example the possible carrying out
of surveys to obtain suggestions from customers;
- preparation of a
geolocation system for company vehicles/assets and any possible measures to
protect them against any acts carried out by customers/users that are illicit
or fraudulent;
- to ascertain, exercise or
defend a right of the Owner or of other companies within the scope of control
of the Owner in judicial proceedings and/or out of court.
- The provision of personal
data for this purpose is necessary for the pursuit of the legitimate interest
of the Data Controller or third parties (art. 6, paragraph 1, letter f) GDPR).
You have the right to object to processing based on legitimate interest, in
accordance with the provisions of point 9 of this information; in the event of
opposition to the use of such information for the purposes indicated, however,
it may not be possible for the Data Controller to continue to execute the
contractual relationship.
If these activities are not
based on the need to execute a contract to which the interested party is a
party and/or pre-contractual measures adopted at the request of the same (art.
6, par. 1, letter b) GDPR - see point 4, letter. b)) and/or to fulfill a legal
obligation (art. 6, par. 1, letter c) GDPR – see point 4, letter. a)), will be
based on the need to pursue the legitimate interest of the Data Controller or
third parties (art. 6, paragraph 1, letter f) GDPR).
3.
Recipients of personal data
For the pursuit of the
purposes indicated in point 2, the Data Controller may communicate your
personal data to third parties, such as, for example, those belonging to the
following subjects or categories of subjects:
- police forces, armed
forces and other public authorities and administrations, for the fulfillment of
obligations established by law, regulations or
community legislation. In such cases, based on the applicable legislation on
data protection, the obligation to acquire the prior consent of the interested
party for such communications is generally excluded;
- Companies, bodies or
associations, or parent companies, subsidiaries or affiliates pursuant to
Article 2359 of the Civil Code, or between these and BUGS subject to common
control, as well as between consortia, business networks and groupings and
temporary associations of businesses and with the subjects belonging to them,
also in the context of extraordinary operations involving the Data Controller
(including mergers, acquisitions, sales, corporate reorganisations,
corporate restructuring), in particular for communications carried out for
administrative and/or accounting purposes;
- insurance companies
competent for the settlement of claims;
- Companies specialized in
debt collection;
- Companies specialized in
the management of commercial or credit-related information, or advertising promotion;
- other companies that
carry out rental activities and/or ancillary services with which the Owner has
various types of agreements;
- other companies
contractually linked to the Data Controller that carry out claims management
activities.
The Data Controller
guarantees the utmost care so that the communication of your personal data to
the aforementioned recipients concerns exclusively the
data necessary to achieve the specific purposes for which they are intended.
These subjects will act,
depending on the case, as independent data controllers (in which case the
communication of the data will be limited to what is necessary to achieve the
purposes of the processing referred to in point 2, and will take place under the
same legal bases referred to in point 2) or as data controllers, in the latter
case by virtue of a specific written agreement on the processing of personal
data and following the instructions given to them by the Data Controller.
Your personal data is
stored in the Data Controller's databases and will be processed exclusively by
authorized personnel. The latter will be provided with specific instructions on
the methods and purposes of the processing. Furthermore, such data will not be
communicated to third parties, except as provided above and, in any case,
within the limits indicated therein. Finally, we remind you that your personal
data will not be disclosed.
4.
Processing of payment data
To make payments in the app
we rely on third-party financial infrastructures, specifically:
- PayPal
- Stripe
Stripe integrates Apple Pay
for the iOS version of the Bugs app, and Google Pay for the Android version as
well as allowing payment directly with payment cards.
Sensitive payment data is
not collected in any way by Bugs Technologies, but is
transmitted directly to the payment platforms in encrypted format, without Bugs
Technologies having access to it.
For more information on the
data processing applied by the PayPal and Stripe payment platforms, we invite
you to visit their privacy policy:
https://stripe.com/privacy
https://www.paypal.com/us/legalhub/privacy-full
5.
Transfer of personal data outside the European Economic Area
For some of the purposes
indicated in point 2, your personal data may be transferred outside the
European Economic Area ("EEA"), including through inclusion in
databases shared and/or managed by third-party companies whether
or not part of the control perimeter of the Owner. The management of the
database and the processing of such data are bound to the purposes for which
they were collected and take place with the utmost respect for the standards of
confidentiality and security set out in the applicable personal data protection
laws.
Whenever your personal data
is subject to international transfer outside the territory of the EEA and, in
particular, to States that do not benefit from an adequacy decision of the
European Commission, the transfer will take place exclusively (i) following signature of the standard contractual clauses
adopted by the European Commission and adoption of any further technical and
organizational measures suitable to guarantee an adequate level of protection
of personal data and, in any case, at least equal to that guaranteed within the
EEA, or (ii) in the presence of one of conditions referred to in the art. 49
GDPR.
6. Data
retention period
The data will be retained
for a period of time not exceeding that necessary for
the purposes for which they were collected or subsequently processed, and for
any longer period necessary to fulfill legal obligations and/or for judicial
protection purposes, in compliance with the ordinary limitation periods.
In particular, for the
contractual purposes indicated
- in point 2 letter a), the
data will be stored according to the criteria established by the laws and
regulations referred to therein;
- in point 2 letter b) the
necessary information will be kept for the duration of the registration and
then deleted, except as necessary for the purposes referred to in point c);
- the data entered in the
pre-registration phase (i.e. before acceptance of the General Conditions and
the Regulations) will be kept for 30 days from the date of entry;
- point 3, letter c), your
data will be kept for a maximum period of ten years from the end of the
contractual relationship, in order to allow BUGS to
defend itself from possible claims made in relation to the contract itself.
- Finally, the data
necessary to pursue the commercial promotion purposes will be kept for 24
months from the date of termination of the contractual relationship, unless
consent is revoked.
At the end of these
periods, the data will be deleted or otherwise irreversibly anonymized, unless
further retention of some or all of the data is
required and/or otherwise permitted by law.
7.
Rights of interested parties
7.1 As an interested party,
you are granted the following rights regarding the personal data collected and
processed by the Data Controller for the purposes indicated in point 2.
a) Right of access
You have the right to
obtain confirmation from the Data Controller as to whether or not personal data
concerning you is being processed and, if so, to obtain access to the personal
data and the following information: (i) the purposes
of the processing ; (ii) the categories of personal data in question; (iii) the
recipients or categories of recipients to whom the personal data have been or
will be communicated, in particular if recipients are from third countries or
international organizations; (iv) when possible, the expected retention period
of personal data or, if this is not possible, the criteria used to determine
this period; (v) the right to lodge a complaint with a supervisory authority.
b) Right of rectification
You are granted the right
to obtain the rectification of inaccurate personal data concerning you, without
unjustified delay, as well as, taking into account the
purposes of the processing, the right to obtain the integration of incomplete
personal data, also by providing a supplementary declaration. Also for this purpose, we ask you to communicate to the Data
Controller, using the contact details indicated in this information, any
possible modification and/or update of your personal data processed in accordance
with this information.
c) Right of cancellation
You also have the right to
obtain the deletion of personal data concerning you, without unjustified delay,
if one of the following reasons exists: (i) the
personal data are no longer necessary in relation to the purposes for which
they were collected or otherwise processed; (ii) the data is processed
unlawfully; (iii) you have revoked the consent on the basis of which the Data
Controller had the right to process your data and there is no other legal basis
that allows the Data Controller to carry out the processing activity; (iv) you
have objected to the processing activity and there is no overriding legitimate
reason; (v) the personal data must be erased to comply with a legal obligation.
BUGS, however, has the
right to disregard the exercise of the aforementioned
cancellation rights if the right to freedom of expression and
information prevails or for the fulfillment of a legal obligation or to defend
its rights in court.
d) Right to limitation of
processing
You have the right to
obtain from BUGS the limitation of processing when one of the following
hypotheses occurs: (i) for the period necessary for
the Data Controller to verify the accuracy of such personal data concerning you
whose accuracy he has contested; (ii) in case of unlawful processing of your
personal data; (iii) even if your personal data are not necessary for the
purposes of the processing, if the need arises for them to be processed for the
establishment, exercise or defense of a right in court; (iv) for the period
necessary to verify the possible prevalence of the legitimate reasons of the
Data Controller with respect to your request to object to the processing.
e) Right to data
portability
You have the right to
receive your personal data provided to BUGS in a structured, commonly used and machine-readable format and processed by it on the
basis of consent or in the context of the execution of the contract, as well as
the right to transmit and/or have such data transmitted to another data
controller without impediments.
f) Right of opposition
You have the right to
object at any time, for reasons related to your particular
situation, to the processing of personal data concerning you for
marketing purposes or for the legitimate interest of the Owner. This remains
without prejudice to the possibility for the Data Controller to continue the
processing by demonstrating the existence of compelling legitimate reasons that
prevail over your interests, rights and freedoms.
g) Right to withdraw
consent
You have the right to
revoke consent, if given, at any time, without any prejudice to the lawfulness
of the processing carried out before the revocation.
h) Right to lodge a
complaint before the Guarantor for the protection of personal data and/or an
appeal to the judicial authority.
You have the right to lodge
a complaint with the Guarantor for the protection of personal data or an appeal
to the judicial authority, in particular if you
believe that you have suffered illegitimate processing of your personal data.
You can exercise the rights
listed above at any time by sending an email to the email address
info@bugsconero.com.
8.
Updates and changes to the information
This Privacy Policy may be
subsequently updated and/or modified. Any updates will be promptly published on
the BUGS website.