TARGA TELEMATICS S.P.A PRIVACY POLICY
1 Processing of personal data
Targa Telematics and the other companies in the group process personal data on behalf of and following the instructions of their customers, and therefore act as Data Processors pursuant to GDPR Article 4, paragraph 8. In some cases, Targa Telematics and the other companies in the group determine the purposes of the processing and the personal data, acting as Data Controllers pursuant to GDPR Articles 4, paragraph 7, and 26. This information is provided pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (“GDPR”) and current national legislation, to those who interact with the web services of TARGA TELEMATICS S.P.A. and the other companies in the group.
1.1 Browsing data
The computer systems and software procedures used to operate this website, during their normal operation, process certain personal data, the transmission of which is typically implicit in the use of Internet protocols.
This information is not collected to be associated with any specific data subject; however, by its very nature, it could, through processing and association with third-party data, identify users.
This category of data includes the IP addresses or domain names of the computers used to connect to the site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response provided by the server (e.g., success, error, etc.), and other parameters related to the user’s operating system and computer environment.
This data is used solely for the purpose of obtaining anonymous statistical information on the use of the site, to monitor its proper functioning, and is deleted once the processing is complete. The data may also be used to ascertain responsibility in the event of hypothetical cybercrimes against the site.
1.2 Data provided voluntarily by the user
The optional, explicit, and voluntary sending of emails to the addresses provided on this site, including by filling out specific forms, results in the subsequent acquisition of the following data:
- User account information: The user may provide, if agreed, their name, surname, email, mobile phone number, and other data necessary to provide the activated service and fulfill the agreements with the Data Controller.
- User messages: Targa Telematics and the companies in the group may collect emails sent by the user to the assistance services for the sole purpose of addressing the user's request and, possibly, generating statistics on the types of issues or suggestions for improving the services offered. The emails sent are stored on secure servers operated by companies that are GDPR-compliant and provide their services within the EU. It is requested that anyone who has received a message from these email addresses by mistake refrain from using it and delete it.
- User Location Data: The system may collect and store the user's location data during driving activities exclusively after the user has provided explicit consent, and solely for the purposes necessary to deliver the activated service and to fulfill the agreements with the Data Controller.
1.3 Purpose and Basis judges
The collection and processing of voluntarily provided personal data are carried out for the following purposes and based on the respective legal grounds:
| Purpose | Legal basis (art. 6 GDPR) |
|---|---|
| Processing requests for information or support regarding the services provided and the products/solutions sold directly by TARGA TELEMATICS S.P.A. and the other companies in the group, as well as processing any type of mailing, including contact forms. Creation of statistics for the continuous improvement of the service. | Specific request of the data subject – explicit consent of the data subject (Article 6, paragraph 1, letter a). |
| Management of E-recruitment and/or other types of professional collaboration. | Specific request of the data subject – explicit consent of the data subject (Article 6, paragraph 1, letter a). |
| Subscription to the newsletter service (the newsletter does not contain commercial and/or promotional content). | Specific request of the data subject – explicit consent of the data subject (Article 6, paragraph 1, letter a). |
| Provision of telematic services. |
Specific request of the data subject – explicit consent of the data subject
(Article 6, paragraph 1, letter a). If the data are processed to pursue the legitimate interests of the Data Controller under Article 6, paragraph 1, letter f, a data protection impact assessment will be conducted to ensure that the processing does not adversely affect the rights and freedoms of the data subjects. |
In addition, the following information will be collected automatically:
- Third-Party Service Providers. We work with third-party service providers to optimize this website in a qualified manner. These providers are subject to the same privacy restrictions as in this policy.
The collection and recording of data, as listed above, will take place for specific, explicit, and legitimate purposes and in a manner compatible with these purposes, as part of the processing necessary for the company’s activities. The data will be collected accurately and, if necessary, updated appropriately, ensuring that they are relevant, complete, and not excessive in relation to the purposes of the collection. Their storage will be limited to the period necessary for the purpose for which they were collected and will subsequently be processed in accordance with the GDPR and applicable national legislation..
Personal data may be processed using paper or electronic tools suitable for recording and storing the data, and, in any case, in a manner that ensures the security and protection of the data subject. Specific security measures will be implemented to prevent data loss, unlawful or incorrect use, and unauthorized access, in full compliance with Article 32 of the GDPR and applicable national legislation.
2 Recipients
2.1 Communication of data
Without prejudice to communications made in compliance with legal obligations, all data collected and processed may be communicated to:
- Subjects to whom it is necessary to communicate the data for the execution of a contract to which the data subject is a party, or for the execution of pre-contractual measures adopted at the request of the data subject, as well as, in general, for the pursuit of the purposes.
- Subjects who carry out processing on behalf of the Data Controller in their capacity as Data Processors pursuant to Article 28 of the GDPR, such as those providing services for the management of information systems and telecommunications networks (including email). The complete and updated list of Data Processors is available from the Data Controller upon request.
- Subjects authorized to access the data under current legislation and/or those to whom the data must be communicated due to legal obligations
Personal data may be processed by employees and consultants assigned to the competent offices of the Data Controller, who are explicitly authorized to process the data pursuant to Article 29 of the GDPR and current national legislation.
2.2 Data transfers abroad
Personal data is not transferred outside the European Economic Area.
Should the need arise for a transfer abroad, this will only be carried out for the purposes related to this policy, i.e., technical aspects related to the structure of the company’s information system and/or the application of technical and organizational measures deemed appropriate by the Data Controller (Article 32 GDPR), exclusively in compliance with Articles 44 et seq. of the GDPR. This includes situations such as: the presence of adequacy decisions (Article 45 GDPR) and/or appropriate safeguards, provided that the data subjects have the rights to enforce effective remedies (Articles 46 and 47 GDPR), or where, from time to time, it falls within one of the specific exceptions referred to in Article 49 GDPR.