Privacy policy

Policy pursuant to Art. 13 of EU Regulation 679/2016

Dear User,

We wish to inform you that EU regulation 679/2016 (GDPR) on the protection of Personal Data provides for the protection of persons and other parties regarding the processing of Personal Data. On the basis of the said law, such processing will be based on the principles of correctness, lawfulness, transparency and the protection of your confidentiality and your rights. Pursuant to current legislation, therefore, we provide the following information:

The Policy refers only to the sites http://www.sitbus.com and www.sitbusshuttle.com and not to other websites that may be consulted by the User through links.

Purposes of the processing

The collection and processing of Data can be performed for:

  • Service purposes:
  1. fulfilment of pre-contractual, contractual and tax obligations arising from existing relationships, including for the purposes of credit protection;
  2. before- and after-sales warranty and technical assistance;
  • Marketing purposes (newsletter):
  1. invitations to informative or promotional events;
  2. sending of informative and promotional material;
  • Various purposes:
  1. assessing requests for work or collaboration (recruiting – selection and recruitment of personnel);
  2. fulfilment of specific applications and requests.

Lawfulness of the processing

Contractual relations – service purposes

The Personal Data provided by Users who make purchases on the sites indicated are used, based on the contractual obligations assumed, for the sole purpose of carrying out the order placed and are communicated for the exclusive purposes of fulfilment of the order, to third parties responsible for the delivery or similar ancillary services.

Data provided voluntarily by the User – marketing and various purposes

The optional, explicit and voluntary sending of e-mails to addresses listed on this site involves the subsequent acquisition of the sender’s address, necessary to respond to the requests, and any other Personal Data inserted in the message.

Specific summary information is also listed or displayed in the pages of the website prepared for particular services on request, for which therefore the legal bases of the processing rests on the consent of the Data Subject.

Optional nature of Data provision

Apart from that specified for browsing data, the User is free to provide Personal Data contained in registration forms, in those confirming the purchase procedure or otherwise required to request the sending of informative material or other communications.

Failure to provide it, however, could make it impossible to obtain what was requested where the processing of Personal Data requested was essential for the conclusion and execution of the contract and in its absence the orders placed may not be executed.

Mode and duration of treatment

The Personal Data is processed both in paper and electronic and/or automated form. Specific security measures are observed in order to prevent data loss, illicit or incorrect use, and unauthorised access.

Subject to the requirements referred to in Art. 17 para. 3 and the needs of the Data Controller to deal with the same for probatory purposes to be used in case of inspections of the supervisory bodies and/or in litigation, the Data is processed, stored and guarded until the purpose for which it has been collected has been completed.

Access, communication, dissemination and transfer of Data

Employees and collaborators of the Data Controller, in their capacity as persons appointed and/or internal Data Processors of the processing and/or system administrators, can access the Data;

The Data processed may be communicated to:

  1. suppliers of services for the management of the corporate IT system and the telecommunications networks (including e-mail);
  2. service companies for the acquisition, registration and processing of Data from documents, or media provided and originating from the same customers and having as their object mass operations related to payments, bills, cheques and other securities;
  3. parties carrying out transmission, enveloping, transport and sorting of communications with customers;
  4. parties engaged in customer service (e.g. call centres, help desks, etc.);
  5. firms or companies providing assistance and advice;
  6. credit collection and credit insurance companies;
  7. parties that carry out checks, audits and certification of the activities carried out by the Company including in the interests of customers.

The Data is not subject to dissemination.

In consideration of the existence of electronic, computer or correspondence links, Data can also be transferred abroad, within the European Union. In cases of transfer to countries outside the EU, the Data Controller hereby guarantees that the transfer outside the EU will take place in accordance with the applicable legal provisions by stipulating, if necessary, agreements which guarantee an adequate level of protection and/or by adopting the standard contractual clauses expected by the European Commission.

Rights of Data Subjects (Art. 15-21 GDPR)

The Data Subjects have the right at any time to:

  1. obtain confirmation of the existence, or otherwise, of Personal Data that concerns them, even if not yet registered, and its communication in intelligible form;
  2. obtain the indication: a) of the origin of the Personal Data; b) of the purposes and mode of processing; c) of the logic applied to processing carried out with the help of electronic equipment; d) of the identifying details of the Data Controller, Data Processors and the representative designated pursuant to Art. 3 para. 1 GDPR; e) of the parties or categories of parties to which the Personal Data may be communicated or which may come to know it as the designated representative in Italy, of Data Processors or staff appointed for processing:
  3. obtain: a) the updating, correction or, when appropriate, the addition of Data; b) the deletion, transformation into anonymous form or blocking of Data processed unlawfully, including that for which there is no need for storage for the purposes for which the Data was collected or subsequently processed; c) the certification that the preceding operations of letters a) and b) were made known, including their contents, to those to whom the Data was communicated or disclosed, except where this is discovered to be impossible or involves a commitment of resources clearly disproportionate to the protected right;
  4. oppose, in whole or in part: a) for legitimate reasons, the processing of Personal Data concerning them, even if pertinent to the purpose of collection; b) the processing of Personal Data concerning them for the purpose of sending advertising or direct selling materials or for carrying out market research or commercial communications, through the use of automated calling systems without the intervention of an operator by email and/or by traditional marketing methods by telephone and/or paper mail. Please note that, with regard to direct marketing through automated methods, the Data Subject’s right to object, as set out in point b) above, is extended to traditional methods, and that the Data Subject is able to exercise their right to object, even partially. Therefore, the Data Subject may choose to receive only communications by traditional means or only automated communications or neither.

Where applicable, they also have the rights set forth in Art. 16-21 GDPR (Right of correction, right to be forgotten, right of limitation of processing, right to Data portability, right of opposition, right of revocation of consent), as well as the right of complaint to the Data Protection Authority.

The Data Controller is

SIT Srl – Via Ostiense, 256 – 00144 Roma (RM), Italy

It is possible to exercise the rights referred to in Art. 12 and/or for any clarifications regarding the protection of Personal Data by contacting:

sit@sitbus.com

Minors

This Website and the Data Controller’s Services are not intended for children under the age of 18 and the Data Controller does not knowingly collect personal information about minors. In the event that information relating to minors is unintentionally recorded, the Data Controller shall promptly delete it, at the User’s request.

Changes to this Policy

This Policy may be subject to change. We therefore recommend that you regularly check this Policy and refer to the latest version.