1. Types of data processed and purposes of processing
Data of Users
The access to the Comac Fleet Care platform may involve the subsequent acquisition of personal data, such as email addresses, place of residence, tax/VAT code, names, qualifications and any other information relating to an identified or identifiable natural person, sent for the following purposes:
- to allow User to register to the Comac Fleet Care in accordance with the related terms and conditions of use, and to provide the services offered on the Comac Fleet Care from time to time (article 6, par. 1 letter b of the Regulation);
- to respond to the Users’ requests regarding the Comac Fleet Care and/or the services (article 6, par. 1, letter b of the Regulation);
- where required, to comply with legal obligations, including taxes, in accordance with terms and conditions of Comac Fleet Care use (article 6, par. 1, letter c of the Regulation);
- if necessary to allow Comac to pursue its legitimate interest to ensure the security and integrity of the Comac Fleet Care (art. 6, par. 1, letter f of the Regulation);
Failure to provide personal data may make it impossible to be registered to the Comac Fleet Care and to obtain the services and/or information requested.
The processing of Users’ personal data will be carried out by means of manual and computerized instruments in such a way as to guarantee the security and confidentiality of data.
The optional, explicit and voluntary dispatch of electronic mails to the addresses indicated on the Comac Fleet Care or the use of the forms on the Comac Fleet Care, which Users do on the basis of free, explicit and voluntary choice, entails the subsequent acquisition of the sender’s address, as necessary to reply to requests, as well as of any other personal data included in the message.
The computer systems and software procedures used to operate the Comac Fleet Care, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not
collected in order to be associated with identified interested parties, but by
its very nature it could allow Users to be identified, through processing and
association with data held by third parties. This category of data includes IP
addresses or domain names of computers used by Users connecting to the Comac
Fleet Care, URI (Uniform Resource Identifier) addresses of requested resources,
the time of the request, the method used to submit the request to the server,
the size of the file obtained in response, the numerical code indicating the
status of the response from the server (successful, error, etc..) and other
parameters relating to the operating system and computer environment.
This data is used only to obtain anonymous statistical information on the use of the Comac Fleet Care and to check its proper functioning and it is deleted immediately after processing. Data could be used to ascertain liability in the event of computer crimes against the Comac Fleet Care.
2. Processing modalities
The processing of personal data mainly takes place with the help of electronic or automated instruments, according to methods and means suitable to ensure the security and confidentiality of the data, in accordance with the provisions of the Regulation. In particular, Comac uses technical, IT, organizational, logistical and procedural security measures in order to guarantee the minimum level of data protection required by law, allowing access only to those appointed.
3. Scope of data dissemination
The personal data may be communicated to the following entities:
i. Comac employees and/or collaborators, for the performance of administration, accounting, IT and service support activities;
ii. entities carrying out User assistance activities and providing services also for the benefit of Comac;
iii. companies or consultants responsible for the installation, maintenance and management of Comac hardware and software (including the Comac Fleet Care platform);
iv. external companies or consultants providing banking, financial, insurance, legal services;
v. company of the group controlled by Comac S.p.A. to which Comac belongs;
vi. supervisory and control authorities and bodies and, in general, public or private persons acting as public officials or persons in charge of public service.
With reference to personal data communicated to them, the parties that belong to the above-mentioned categories can operate, depending on the case, as processors or persons in charge of processing, or as separate data controllers.
Personal data shall not be in any way disseminated or communicated to other external entities, except where disclosure is required by law or necessary.
4. Data Retention
Registered Users’ personal data will be collected and stored as long as their account is active. Personal data collected in relation to services purchased will be retained for the time required by tax law.
Navigation data will be delated immediately after being processed for operational or statistical purposes; in any case, such data may be used to verify any liability in the event of computer crimes against the Comac Fleet Care. Beyond this case, navigation data will be retained for the least required period, without prejudice to any further period of data retention set out in the law.
5. Users’ Rights
This section lists the rights of the Users that can be exercised at any time by writing to [email protected].
The User shall have the right to:
- obtain from Comac confirmation as to whether or not his/her personal data are being processed and, if so, access to the information referred to in article 15 of the Regulation;
- obtain the rectification of the collected personal data, or taking into account the purposes of processing, the integration of incomplete personal data;
- obtain the erasure of his/her personal data if one of the reasons referred to in article 17 of the Regulation applies;
- obtain the limitation of the processing of his/her personal data in cases provided for by the applicable law;
- object to the processing of his/her personal data for reasons connected with his/her particular position;
- receive in a structured, commonly-used and legible electronic forma, any persona data relating to him/her and transmit the data to another controller without impediment by Comac, if technically possible, in the cases and within the limits referred to in article 20 of the Regulation.
Depending on the amount or complexity of the requested information, an appropriate fee may be charged.
The User shall also have the right to lodge a complaint with a supervisory authority (for Italy, “Garante per la protezione dei dati personali” – www.garanteprivacy.it ), if he or she considers that the processing of his/her personal data is carried out in violation of the Regulation.
In any case, the User is invited to contact Comac which undertakes to process the matter with the utmost courtesy, seriousness and discretion.
Comac’s services are primarily intended for an adult audience. Comac does not knowingly solicit or collect personal data or about persons under the age of 16 without the consent of a parent or guardian. Should Comac learn that personal data relating to children have been sent without the consent of a parent or guardian, Comac shall make every reasonable effort to do so:
- delete such personal data from your files as soon as possible; and
- ensure that these personal data are not further used for any purpose and are not further disclosed to third parties.
7. Amendments and updates to this Policy
Last update on 8 May 2019.