Information on the protection of personal data
Ve.La S.p.A. (hereinafter Vela), a company managed and coordinated by Azienda Veneziana della Mobilità S.p.A., is, therefore, part of the AVM Group, together with the parent company and ACTV S.p.A., and carries out several activities, including:
1. the distribution, commercial intermediation and sale of travel tickets in general, tickets and electronic cards giving access to public and private services, such as museums, cultural institutions, shows, sporting events and similar events
2. activities of coordination, integration, commercial intermediation, development, marketing and distribution of multi-service packages and other services and products, aimed at improving the quality of the visit and the management of tourist flow in the Municipality of Venice
3. programming of artistic and spectacular events, including the great traditional festivals that take place in Venice, enhancing the marketing activities linked to the Venice Brand
4. promotion and management of the spaces owned by the Municipality of Venice in the Arsenale compendium.
For the services referred to in points 1 and 2, Vela issues the Venezia Unica card to the client and, in general, to offer all its services also makes use of the websites www.velaspa.com, www.veneziaunica.it and events.veneziaunica.it tripplanner.veneziaunica.it, www.carnevale.venezia.it, www.regatastoricavenezia.it trade.veneziaunica.it www.salonenautico.venezia.it, www.repubblichemarinare.org
Vela is, therefore, the owner of the processing of personal data collected.
HOW WE COLLECT YOUR PERSONAL DATA
Vela collects and processes your personal data in the following circumstances:
• if you purchase one of the services provided by entering into a contract;
• if you register on the website to use its features;
• if you contact us to request information, make a complaint or report, request a refund regarding the services provided;
• if you agree to be contacted for marketing purposes or for market research, surveys and statistical purposes;
• if other companies of the AVM Group or business partners lawfully disclose their personal data to Vela.
Please help us keep your personal information up to date by informing us of any changes. Any changes in the personal residence data must be promptly communicated to Vela to avoid problems regarding the use of the services provided.
WHAT PERSONAL DATA CONCERNING YOU MAY BE COLLECTED
The following categories of personal data concerning your person may be collected:
• Personal and contact information - information about your name, place and date of birth, tax code, address, telephone number, place of work, email address and, if you connect to our sites or app, through social login (i.e. a social account you have registered with), also information that is visible in that social according to the privacy settings you have set.
• Use of the Website - Information about how you use the Website, open or forward our communications, including information collected through cookies (you can find our Cookies Policy [here])
FOR WHAT PURPOSES YOUR PERSONAL DATA MAY BE USED
The processing of personal data in compliance with European data protection legislation must be subject to one of the various legal requirements, and we are obliged to indicate these requirements for each processing operation described, as you can read below:
a) Establishment and execution of contractual relations and consequent obligations, including communication regarding services
Vela may process your personal data to establish and executing contractual relationships, providing the services requested and responding to reports and complaints.
Vela may also use your contact details, and in particular your email address, to provide you with information regarding the services offered.
Prerequisite for treatment: fulfilment of contractual obligations.
The provision of data is required to manage the contractual relationship.
b) Operational management and purposes strictly connected to it for access to the Site
Vela collects your personal data in order to allow you to access the site and provide you with the services available there, also by accessing your Personal Area in order to: (i) download from your Personal Area documents relating to the services you have purchased; (ii) process other requests made through the website.
Prerequisite for treatment: fulfilment of contractual obligations.
The provision of data is required to respond to your requests.
c) Customer Satisfaction Surveys
Vela may use its contact data to conduct institutional surveys aimed at measuring the level of customer satisfaction with the service provided.
A precondition for processing: legitimate interest
With this activity, the owner complies with the contractual obligations assumed under the service contract in force with the awarding body and carries out all useful activities to improve, implement and make more efficient the service itself.
d) Marketing to meet your needs and to provide you with promotional offers
Vela collects your contact data for marketing and advertising purposes, aimed at informing you about promotional sales initiatives, carried out through automated means of contact (e-mail, text messages and other massive messaging tools, etc.) and traditional methods of contact (such as telephone calls with operators).
Prerequisite for treatment: consent is required.
Consent may be revoked at any time through the privacy form on the website.
e) Compliance with legally binding requirements to comply with legal obligations, regulations or orders of a judicial authority
Vela collects your personal data to comply with the law.
Prerequisites for treatment: legal obligations.
HOW WE KEEP YOUR PERSONAL DATA SAFE
Vela uses a wide range of security measures to improve the protection and maintenance of the security, integrity and accessibility of your personal data.
Although at present, as you know, no one can guarantee the security of data transmission intrusions that occur on the Internet and on websites, we, our suppliers and business partners are committed to ensuring physical, electronic and procedural safeguards to protect your personal data by the law and with the utmost responsibility.
All of your personal data is stored in secure servers (or secure paper copies) and is accessible and usable by our security standards and policies (or equivalent standards for our suppliers or business partners).
Among other measures, we adopt measures such as:
• the strict restriction of access to your personal data, on a need-to-know basis and for the sole purpose communicated; perimeter security systems to prohibit unauthorised access from the outside
• the permanent monitoring of access to information systems to detect and stop the abuse of personal data.
• six-monthly penetration tests aimed at highlighting any leaks in perimeter security
• tracking of access to your personal data by internal staff and verification of the purpose
• transactions on our websites that require your personal data to be entered are encrypted using Secure Socket Layer (SSL) technology.
Where we have provided you (or you have chosen) with a password that enables you to access certain parts of our website or other portals, applications or services provided by us, you shall be responsible for the confidentiality of such password and for compliance with any other security procedures that we have notified you of.
Please do not share your password with anyone.
HOW LONG WE RETAIN YOUR INFORMATION
We store your personal data only for the time necessary to achieve the purposes for which it was collected or for any other legitimate purpose related to it. Therefore, if personal data are processed for two different purposes, we will retain those data until the purpose expires with the longer term, but we will no longer process personal data for that purpose for which the retention period has expired. We restrict access to your personal data only to those who need to use it to perform their duties.
Your personal data, which is no longer needed or for which there is no longer a legal basis for its storage, is anonymised irreversibly (and in this way can be stored) or securely destroyed.
Below are the storage times for the different purposes listed above:
Fulfilment of contractual obligations: the data processed to fulfil any contractual obligation may be kept for the entire duration of the contract as well as for the next 10 years (in the case of the Venezia Unica card, for 1 year after expiry of the card), in order to verify any outstanding matter or for compliance with legal obligations (e.g. accounting documentation).
Operational management and purposes strictly connected to this for access to the website: the data processed for this purpose may be stored for one year following the duration of the underlying contract for which access was made.
Purpose of customer satisfaction surveys: the data processed for this purpose may be kept for three years from the date of the survey.
Marketing Purposes: Personal data processed for marketing purposes may be retained for two years from the date on which we obtained your last consent for such purposes (except for the opposition to receive further communications).
Disputes: If it is necessary to defend ourselves or to act or also to make claims against you or any third party, we may retain personal data that we reasonably deem necessary to process for such purposes, for as long as such claim can be pursued.
WITH WHOM WE MAY SHARE YOUR PERSONAL INFORMATION
Your personal data may be accessed by the employees of Vela, as well as by the suppliers and collaborators, duly appointed as data controllers, who provide support for the provision of services, and by the companies of the AVM group (including the parent company Azienda Veneziana della Mobilità S.p.A., which is responsible for the local public transport service, and Actv S.p.A., which carries out this service operationally).
If you have any questions regarding the processing of your personal data by us, please use the web form "privacy" in the "contacts" section of the site ww.avmspa.it or contact the telephone number 0412722111, asking the secretariat of the Legal and Corporate Affairs. We would also like to inform you that the Company has appointed an external data protection officer (DPO), whose contact details are email@example.com, to whom you may apply in general for matters relating to the protection of personal data and related rights.
YOUR DATA PROTECTION RIGHTS AND YOUR RIGHT TO LODGE COMPLAINTS WITH THE SUPERVISORY AUTHORITY
You have the right to ask us under the legal conditions:
• access to your personal data
• the portability of the personal data you have provided us with
• rectification of the data in our possession
• the deletion of any data for which we no longer have any legal basis for processing
• the revocation of your consent, where the processing is based on consent and is related to direct marketing activities
• the limitation of the way in which we process your personal data, in the cases provided for by the legislation.
Also, you may exercise your right to object in the case of data processed for legitimate interest, in particular in the case of customer satisfaction.
The exercise of all these rights is subject to certain exceptions aimed at safeguarding the public interest (e.g. prevention or identification of crimes) and our interests (i.e. legitimate and compelling reasons). If you exercise any of the above rights, it is our responsibility to ensure that you are entitled to exercise them, and we will normally provide you with feedback within one month.
If you are not satisfied with the way in which we process your personal data or with our feedback, you have the right to lodge a complaint with the supervisory authority, the contact details of which can be found on the website www.garanteprivacy.it