Policy pursuant to Art. 13 of EU Regulation 679/2016
We wish to inform you that EU regulation 679/2016 (GDPR) on the protection of Personal Data provides for the protection of persons and other parties regarding the processing of Personal Data. On the basis of the said law, such processing will be based on the principles of correctness, lawfulness, transparency and the protection of your confidentiality and your rights. Pursuant to current legislation, therefore, we provide the following information:
The Policy refers only to the sites http://www.sitbus.com and www.sitbusshuttle.com and not to other websites that may be consulted by the User through links.
Purposes of the processing
The collection and processing of Data can be performed for:
Lawfulness of the processing
Contractual relations – service purposes
The Personal Data provided by Users who make purchases on the sites indicated are used, based on the contractual obligations assumed, for the sole purpose of carrying out the order placed and are communicated for the exclusive purposes of fulfilment of the order, to third parties responsible for the delivery or similar ancillary services.
Data provided voluntarily by the User – marketing and various purposes
The optional, explicit and voluntary sending of e-mails to addresses listed on this site involves the subsequent acquisition of the sender’s address, necessary to respond to the requests, and any other Personal Data inserted in the message.
Specific summary information is also listed or displayed in the pages of the website prepared for particular services on request, for which therefore the legal bases of the processing rests on the consent of the Data Subject.
Optional nature of Data provision
Apart from that specified for browsing data, the User is free to provide Personal Data contained in registration forms, in those confirming the purchase procedure or otherwise required to request the sending of informative material or other communications.
Failure to provide it, however, could make it impossible to obtain what was requested where the processing of Personal Data requested was essential for the conclusion and execution of the contract and in its absence the orders placed may not be executed.
Mode and duration of treatment
The Personal Data is processed both in paper and electronic and/or automated form. Specific security measures are observed in order to prevent data loss, illicit or incorrect use, and unauthorised access.
Subject to the requirements referred to in Art. 17 para. 3 and the needs of the Data Controller to deal with the same for probatory purposes to be used in case of inspections of the supervisory bodies and/or in litigation, the Data is processed, stored and guarded until the purpose for which it has been collected has been completed.
Access, communication, dissemination and transfer of Data
Employees and collaborators of the Data Controller, in their capacity as persons appointed and/or internal Data Processors of the processing and/or system administrators, can access the Data;
The Data processed may be communicated to:
The Data is not subject to dissemination.
In consideration of the existence of electronic, computer or correspondence links, Data can also be transferred abroad, within the European Union. In cases of transfer to countries outside the EU, the Data Controller hereby guarantees that the transfer outside the EU will take place in accordance with the applicable legal provisions by stipulating, if necessary, agreements which guarantee an adequate level of protection and/or by adopting the standard contractual clauses expected by the European Commission.
Rights of Data Subjects (Art. 15-21 GDPR)
The Data Subjects have the right at any time to:
Where applicable, they also have the rights set forth in Art. 16-21 GDPR (Right of correction, right to be forgotten, right of limitation of processing, right to Data portability, right of opposition, right of revocation of consent), as well as the right of complaint to the Data Protection Authority.
The Data Controller is
SIT Srl – Via Ostiense, 256 – 00144 Roma (RM), Italy
It is possible to exercise the rights referred to in Art. 12 and/or for any clarifications regarding the protection of Personal Data by contacting:
This Website and the Data Controller’s Services are not intended for children under the age of 18 and the Data Controller does not knowingly collect personal information about minors. In the event that information relating to minors is unintentionally recorded, the Data Controller shall promptly delete it, at the User’s request.
Changes to this Policy
This Policy may be subject to change. We therefore recommend that you regularly check this Policy and refer to the latest version.