Privacy & Cookies
(pursuant to Article 13 of EU Regulation no. 2016/679)
Data Controller and DPO (Data Protection Officer)
The data controller is GEST S.p.A., who can be contacted by e-mail at the address firstname.lastname@example.org or by sending a letter to: GEST S.p.A. – Via dell’Unità d’Italia, 10 – 50018 Scandicci (FI) – Italy.
The DPO can be contacted by writing to: email@example.com or by sending a letter to: GEST S.p.A. – Privacy Holder – Via dell’Unità d’Italia, 10 – 50018 Scandicci (FI) – Italy.
The computer systems and software procedures used to operate this site collect some personal data during normal use, the transmission of which is implicit in the use of Internet communication protocols.
This category of data includes the IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, time of request, method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the web server, as well as other parameters relating to the operating system and the computer environment of the user.
These data, necessary for the provision of web services, are also processed for the purpose of obtaining statistical information on the use of the website and to check the correct functioning of the services offered. The data are processed for the minimum retention period required by current legislation.
These data could be used to ascertain responsibility in the event of hypothetical cybercrimes against the site and/or users.
Data provided spontaneously by the user
GEST S.p.A. collects directly from the customer (hereinafter in this Policy, for brevity, also the “Data Subject”) their personal data such as, by way of example only: name, surname, residence, home and/or office address, e-mail address, mobile phone number.
In the event of an application, only the data contained in the CV sent and voluntarily shared by the data subject will be collected.
Legal basis and optional nature of the provision
Apart from what is specified below for navigation data, the user is free to provide the personal data necessary to execute the requests for the services offered on the site. The Data Controller processes the user’s data, which are optional, based on the consent received, i.e. through the explicit approval of this policy and the specific methods and purposes illustrated therein. Failure to provide the data requested as necessary (marked with an asterisk) may result in the impossibility to carry out the services and/or information requested.
Purpose of processing
Personal data will be processed for the following purposes:
- to manage requests for information by filling in specific forms to send text messages to GEST S.p.A., in the dedicated section;
- to manage refund requests due to anomalies for tickets issued by automatic ticket machines;
- to manage requests related to lost items;
- to manage the receipt of spontaneous applications (CVs).
The legal basis of the processing is for the purpose of executing a contract pursuant to art. 6 par. 1 letter b) of the 2016/679 EU Regulation.
Personal data will be processed exclusively by employees of GEST S.p.A..
The data may be shared with companies appointed by GEST S.p.A. for the review of IT procedures.
GEST S.p.A. will not transfer data to a third country or to an international organization.
The data is not subject to an automated decision-making process.
Personal data will be stored for the following purposes:
- the data provided when submitting requests for reimbursement will be kept for 5 years, and in order to allow the company to defend itself from possible claims made in relation to the request itself;
- the data provided during the submission of spontaneous applications (CVs) will be kept for 2 years;
- the data provided during the filing of a complaint and/or reporting anomalies to the service will be kept for 5 years for the after-sales management (complaints, anomalies) and in order to allow the company to defend itself from possible claims made in relation to the request itself.
At the end of the respective retention periods, the data will be deleted or otherwise irreversibly anonymised, except for the further retention of some or all of the data for compliance with a legal obligation, an order by a Public Authority, or for the protection of a right or a legitimate interest.
Rights of the Data Subject
The data subject or data subject has the right to:
- ask GEST S.p.A. confirmation as to whether or not personal data concerning them is being processed and, in this case, to obtain access to it (pursuant to Article 15 of EU Regulation 2016/679) by writing to: firstname.lastname@example.org or by sending a letter to: GEST S.p.A. – Via dell’Unità d’Italia, 10 – 50018 Scandicci (FI) – Italy;
- ask GEST S.p.A. the correction of inaccurate personal data concerning them and/or the integration of incomplete personal data (pursuant to Article 16 of EU Regulation 2016/679) by contacting the toll-free number: 800 335850;
- ask GEST S.p.A. the deletion of data processed for the purpose of managing customer complaints only if the personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;
- obtain from GEST S.p.A. the deletion of data if they had been unlawfully processed, to fulfil an obligation under EU law or the law of the member state to which the data controller is subject to (pursuant to Article 17 of EU Regulation 2016/679).
Data subjects can ask GEST S.p.A. for the limitation of data processing when one of the following hypotheses occurs:
- the data subject disputes the accuracy of the personal data and requests the limitation for the time necessary for the controller to verify the accuracy of the personal data; the processing is unlawful and the data subject opposes the deletion of the data and requests instead that their use is limited, although the controller no longer needs them for the purposes of the processing, the personal data are necessary for the data subject for the ascertainment, the exercise or the defence of a right in court (Article 18 of EU Regulation 2016/679);
- the data subject can exercise the right by writing to: email@example.com or by sending a letter to: GEST S.p.A. – Privacy Holder – Via dell’Unità d’Italia, 10 – 50018 Scandicci (FI) – Italy.
The data subject does not have the right to object to the processing of the data collected for the purpose of managing data relating to complaints and/or the reporting of service anomalies, because the processing is based on art. 6 par. 1 letter b) of EU Regulation 2016/679 – execution of a contract – and not on art. 6 par. 1 letter e) – execution of a task of public interest – or lett. f) – legitimate interest of the controller (pursuant to Article 21 of EU Regulation 2016/679).
The data subject has the right to file a complaint with a supervisory authority if they believe that the processing that concerns them violates EU Regulation 2016/679. The complaint can be filed with the supervisory authority of the Member State in which the data subject habitually resides or works, or in the place where the alleged violation occurred (Article 77 of EU Regulation 2016/679).
The personal data are necessary for the conclusion of the treatment; without such data it will be impossible to manage the complaint and/or the reporting of anomalies of the service.
While using the site, GEST S.p.A. and/or any third parties have the right to collect information on its use, for example by using cookies.
What are cookies?
Cookies are small text files that are saved through the pages of a website on your computer (or on any other device connected to the Internet, including tablets and smartphones) and sent by the browser (for example Google Chrome, Microsoft Edge, Mozilla Firefox) every time you visit a website. They memorize the preferences expressed while surfing the net and save them on the user’s computer. They contain the name of the site that places them, the time spent on the user’s computer and a usually numeric or textual identifier.
In fact, cookies simplify navigation by remembering the user’s name, password and preferences, including the language.
Furthermore, cookies record access to the site for monitoring purposes and only store preferences and interests based on the content clicked during the visit. For example, by counting the visitors who access a particular page, GEST S.p.A. is able to identify the most popular sections of its site.
For us, at GEST S.p.A., it is essential that users are informed about the cookies we use and their respective purposes, to guarantee not only the privacy of each one, but also the usability of our sites.
Further information on the cookies we use and their purposes is available in the paragraph “Types of cookies”.
What kind of cookies do we use?
This site uses two types of cookies: session cookies and persistent cookies. Session cookies are temporary and remain on your computer or device until the site is closed. Persistent cookies, on the other hand, remain on the computer longer, for example until they are manually deleted. The permanence of cookies on a device depends on their specific duration and on the settings of the browser used.
Do we use third party cookies?
We collaborate with a number of partners who are in turn able to download cookies on users’ computers, for example statistical cookies from Google.
Can cookies be deactivated or deleted?
Your browser is likely to accept cookies automatically. The browser can be set in such a way as to block all cookies or to signal their saving on the computer. Blocking or deleting from the browser of cookies used by GEST S.p.A. could affect the usability of our site.
Check the instructions of your browser via one of the links below: