Privacy Policy

1 Premise

When you visit our site or use our services, we collect your information and personal data. For this reason, in compliance with the provisions of Legislative Decree no. 196/2003 and of the EU Regulation no. 679/2016 (together, "Privacy Law"), we have created this document (hereinafter "Privacy Policy") with the purpose of describing what kind of personal data we collect, the purposes and methods of treatment of the data and the security measures that we adopt to protect them.

This Privacy Policy constitutes the information to data subjects issued according to the applicable legislation on personal data protection and has been drafted in compliance with the Recommendation no. 2/2001, adopted on May 17, 2001 by the Working Group for the Protection of Personal Data - Article 29 in relation to the minimum requirements for online data collection in the European Union. Furthermore, we inform you that this Privacy Policy applies only to  www myautogrill.it website (hereinafter, the "Website") and to our services (hereinafter, the "Services") and does not apply to third-party websites that may be recalled via links or banners on the Website.

 

2 Data source and purpose of data processing

2.1  Navigation data

The computer systems used to operate the Services acquire, during their normal operation, some of your personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected for the purpose of identifying you, but could lead to your identification if, for example, were combined with data held by third parties. This category of data includes the IP address and the domain name of your computer, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the file size obtained in response, the numeric code indicating the status of the response given by the server and other parameters related to your operating system. We use this data for the sole purpose of obtaining anonymous statistical information concerning the use of the Services and to check its correct functioning. We delete the data so collected immediately after processing. The data could be used to ascertain responsibility in the case of computer crimes committed against the Services.

2.2  Registration information and further information

The navigation on our Site does not require the creation of a personal account.

If you should collect, process and communicate information related to third parties, you must respect the provisions of the Privacy Policy and, therefore, you provide them  a preliminary information on data treatment and, if necessary, you must collect the free and express consent before starting the data treatment. 

2.3  Data treatment purpose

The navigation data are necessary in order to use the Site. Any refusal to supply such data would prevent your browsing on our Site and would prevent you from using our Services.

Providing additional information is optional. Your refusal to provide them would still allow you to use our services but would prevent you from discovering and exploring their full potential.

2.4  Further data treatment purposes

With your express consent, we will use the information you provide for other purposes other than those listed above. These include processing for marketing purposes by creating a personal account for access to pages reserved for registered users. 

Providing information for the aforementioned additional purposes is optional. Any refusal to provide it would still allow you to use our Services but would prevent us from pursuing the purposes listed above. In any case, you can always revoke your consent to your personal data  collection and processing, refuse the receipt of promotional communications.

2.5 Information collected through cookies and other technologies

Cookies are small files sent by the websites visited by users and stored on the device used to access these sites. When users visit the same site again, the browser reads the cookies stored on the device and retransmits the information to the site that originally created the cookies. Our site also uses different types of cookies and other technologies for reading and storing information on the user's device in order, for example, to perform statistical analysis, customize and facilitate the browsing experience of users and, with the prior consent of user, offer you advertising based on your interests. We do not use cookies that have the ability to run programs on your devices or send viruses on them, or that still allow you to establish a control on your devices. 

In accordance with the provision of Guarantor for the protection of personal data on May 8, 2014, we inform you that this statement also represents the extension of the short banner already displayed at the time of connection to the Site. In particular, our Services take:

•    technical cookies, which are necessary for the functioning of the Site, including the provision of the Services offered by them. This category of cookies includes analytics, session cookies and functionality, used by the owner for, for example, collect information, in aggregate form, on the number of users and how they visit the site, to save your preferences navigation, such as language, or to recognize the user who returns to the site.

The cookies above can be:

• temporary, when they are automatically deleted at the end of the connection;

• permanent, when they remain stored on the user's hard disk, unless the user cancels them;

The cookies used by the present Website are exclusively first-party cookies, as set up and managed directly by the site operator. No third-party cookies are used on the Website. 

The Website does not use profiling cookies. . 

You can manage and disable cookies directly from your browser settings:

Or through the portal:  www.youronlinechoices.com/it 

Here below the table with the cookies used by our Services. 

Session cookies 

Name

Type

Pages appearance

cookiebanner- accepted

technical

all

csrftoken

technical

all

sessionid

technical

all 


Services may contain applications and materials ("API") that use data taken from your accounts opened on social networks such as Facebook, Linkedin, etc. For example, an API can be created that allows you to post comments directly on the social network you are subscribed to. When you use an API of this type, your personal data is transmitted to the social network site. These data are governed by the privacy notice of this social network. You can also create an API that allows you to get information and content related to you, your friends, your user ID and other types of content taken from the social network used. This information and content will not be acquired, unless you have given your consent to the social network site. If such consent is given, the aforementioned information will be used in accordance with this Privacy Policy and the rules on APIs of this social network.

3 Data processing methods and data retention

We process your personal data using  electronic tools and always in compliance with the security requirements required by applicable law. Our security measures include contractual instruments with any contractor (eg service provider) or agent in order to ensure the protection of the security and confidentiality of your personal data in accordance with the provisions of the applicable legislation on personal data protection. 

We conserve your personal information until your account is active. Even after the closure of the account, we will retain the data to the extent that this will be necessary to comply with the obligations imposed by laws or regulations, to protect our rights, to prevent fraud or to apply this Privacy Policy. With particular reference to the judicial protection of our rights, we specify that we adopt a retention period of personal data equal to 24 months starting from the closure of the account. 

4 Communication scope

4.1  Personal data internal and external communication

Your personal data will be processed only by persons previously appointed as data processors or responsible. In particular, your data may be communicated to external subjects such as suppliers of professional and / or technical services, and / or legitimate recipients according to the law and, subject to your consent as specified above, to third party companies that effect marketing activities. The recipients of the data act in theri capacity of  data controllers, data processors or agents according to the applicable legislation. In the case we are involved in a reorganization, acquisition or sale of our company or parts of it, we will disclose your information to the third parties involved in the procedure.

Any third party that, as part of this procedure, will be the recipient of your data may use them within the limits established by this Privacy Policy. To receive the updated list of data prcessors, as well as the list of recipients of your personal data, contact us by sending an email to the following address: DPO@autogrill.net.

4.2  Data transfer abroad

Your personal data may be transferred outside Italy to third parties established within the European Union. This transfer is free to each country in the European Union that guarantees an adequate level of data protection. However, we may also transfer your data to third countries, not belonging to the European Union, which do not guarantee the same data protection level. However, we inform you that this transfer to third countries will always be made in accordance with the provisions of the Privacy Law, that is by collecting your consent, when necessary, or through the adoption of any other measures necessary to ensure the security of the data object of transfer (eg the use of Standard Contractual Clauses based on the model developed by the European Commission).

5 Interested partyrights.

At any time you can exercise the rights recognized by the Privacy Law, as follows:

  • Request for access to your personal data: you have the right to obtain the confirmation that it is or is not undergoing treatment of your personal data and, in this case, the right to access to the data. The Access involves the availability of certain information, including the purposes of the processing, the categories of personal data processed and the recipients to whom the data are communicated. However, there is no absolute right of access and the interest of other interested persons may limit your right of access. You also have the right to obtain a copy of the personal data being processed. For additional copies, an expense contribution may be applied.
  • Correction of your personal data: you have the right to obtain the correction of inaccurate personal data concerning yourself, as well as to obtain the integration of any incomplete personal data, also by providing an additional declaration. 
  • Cancellation of your personal data: you have the right to obtain from the data controller the deletion of your personal data without delay and the data controller is obliged to cancel the personal data without undue delay if there are certain circumstances, including the elimination of the need for data with respect to the purposes for which they were collected or the withdrawal of consent.
  • Limitation of the processing of your personal data: in limited circumstances - including the case of disputing the accuracy of data - you have the right to request the limitation of the processing of your personal data. 
  • Data portability: you have the right to receive your personal data provided to a data controller in a structured, commonly used and readable form by automatic device and you have the right to transmit this data to another data controller without impediment by the data controller to whom you have provided them in the case the processing has been based on consent and is carried out by automatic tools.
  • Opposition to personal data processing: you have the right to object to the processing of your personal data at any time, for reasons related to your particular situation.

Furthermore you have the the right to file a complaint to the competent authority.

To exercise your rights, please contact us using the contact details below. 

6 Data Controller and Data Processing Officer.

The website and the services are provided by Autogrill S.p.A., with with its registered office in Novara, Via Greppi 2, and secondary office in Rozzano (MI) Centro Direzionale Milanofiori, Strada 5 – Palazzo Z., email: DPO@autogrill.net, acting as Data Controller.