DATA CONTROLLER AND CONTACTS
The Data Controller is Azienda Trasporti Milanesi S.p.A. (ATM), with registered office in Foro Buonaparte 61, 20121, Milan (Italy).
The Data Protection Officer can be contacted at the following email address: rpd@atm.it
Unless otherwise expressly provided, the provisions set out in this notice shall be deemed applicable to the personal data processed in connection with the use of the Website. It is understood that, with regard to the processing of personal data carried out in relation to specific services, the respective privacy notices applicable to each such service shall apply.
• ATM App
• Audio recording metro intercom
• Booking platform for Key Account
• Card issue for TPL passes at the phisical location
• Card issue for TPL passes via site/app
• Claims management
• Lease contract for commercial spaces
• Management of executives and corporate governance bodies
• Notification, management and enforcement of administrative sanction
• On-call bus Booking Chiamabus
• Parking
• People counter
• Regulated street parking
• Reimbursement/replacement of tickets and reimbursement of TPL season passes
• Relations with customers and third parties
• Staff selection
• Suppliers
• Tram rental for private use
• Tramway restaurant "Atmosfera”
• Validation data for subscriptions and nominative tickets
• Vehicle removal and storage
• Video surveillance
• Video surveillance of corporate premises
• Visitors access to company premises
• Whistleblowing Reporting
PURPOSE OF THE PROCESSING AND LEGAL BASIS
-
The purpose of the processing is the management and maintenance of the Website, as well as the prevention and detection of fraudulent activities or abuses harmful to the Website. The legal basis for the processing is the controller’s legitimate interest. pursuant to art. 6, paragraph 1, letter f) of EU Regulation No. 679/2016.
-
The purpose of the processing is the Controller’s fulfillment of obligations arising from laws, regulations, or national and EU legislation, or imposed by the competent authorities. The legal basis is a legal obligation to which the controller is subject, pursuant to art. 6, paragraph 1, letter c) of EU Regulation No. 679/2016.
-
The purpose of the processing is the prevention and suppression of unlawful acts, as well as the exercise of the Controller’s rights in judicial proceedings and the management of disputes. The Controller’s interest corresponds to the constitutionally protected right to take legal action (Art. 24 of the Italian Constitution) and, as such, is socially recognized as prevailing over the interests of the individual data subject. The legal basis is the Controller’s legitimate interest pursuant to art. 6, paragraph 1, letter f) of EU Regulation No. 679/2016.
CATEGORIES OF DATA PROCESSED
Ordinary personal data provided by users during their use of the Website are processed, including, by way of example: first and last name, telephone number, e‑mail address, and browsing data such as IP address and session ID.
DATA DISCLOSURE
Personal data are processed by personnel authorized pursuant to Article 29 of the GDPR and Article 2‑quaterdecies of the Italian Data Protection Code, by the data controller and may be communicated to companies that provide goods and/or services related to the processing.
METHODS OF PROCESSING
The processing of personal data may also be carried out through automated and computerized procedures, by means of the operations of collection, recording, organization, storage, consultation, processing, alteration, selection, retrieval, comparison, use, interconnection, restriction, disclosure, erasure and destruction of the data. Furthermore, the data are processed solely for the purposes indicated above, in accordance with the principles of lawfulness, fairness, transparency, accuracy, integrity and confidentiality established by the applicable legislation.
DATA TRANSFER
No transfer of the personal data collected for the purposes set out above to third countries outside the European Economic Area or to international organizations is currently envisaged. Should such transfer become necessary, it will be carried out based on an adequacy decision pursuant to Article 45 of the GDPR, or, in the absence thereof, in compliance with the appropriate safeguards provided for under Article 46 of the GDPR.
DATA RETENTION PERIOD
The data will be retained, with reference to the purpose set out under point A), for the period necessary to establish, exercise, or defend a legal claim, until the expiry of the applicable limitation periods for bringing any appeals.
PROVISION OF DATA
The provision of personal data is mandatory for purpose A) and any refusal to provide such data may result in the inability to continue or cause errors while browsing the website.
DATA SUBJECT RIGHTS
All the rights of the data subject are guaranteed in accordance with the provisions of Articles 15, 16, 17, 18, 20, 21, 22 and 77 of the GDPR:
-
right of access to your personal data and all information on the processing carried out;
-
right to rectification of inaccurate personal data and integration of incomplete data;
-
right to erasure (‘right to be forgotten’);
-
right to limit the processing of your personal data;
-
right to data portability;
-
right to object to the processing of your personal data;
-
right not to be subject to a decision based solely on automated processing;
-
right to lodge a complaint with the Italian Data Protection Authority in case a violation is thought to have been carried out.
Should the data subject believe that their rights have been infringed, they are entitled to lodge a complaint.
For further information, we invite you to consult the website of the Italian Data Protection Authority – www.garanteprivacy.it – where a dedicated section on these rights is available.
METHODS FOR EXERCISING RIGHTS
You may exercise your rights at any time by:
COMMUNICATION RELATING TO COMPUTER SYSTEMS
This notice is also addressed to all natural persons interacting electronically with web services provided in these websistes and web applications:
• www.atm.it
• www.atm-mi.it
• www.atm-alert.it
• www.carriere.atm.it
• www.nordesttrasporti.it
• www.atmosfera.atm.it
• ATM Milano Official App mobile application owned by Azienda Trasporti Milanesi S.p.A.
• ATM Group newsletter
• www.atminternational.com.
• www.atmmilano.it
Personal data will be processed using IT/electronic tools for newsletter services and will be used for anonymous statistical and market research studies, always due to service offered.
The information is valid only for the above-mentioned websites and not for other sites that can be consulted by link to third-party websites.
This information is also based on Recommendation n. 2/2001 adopted by the European Authorities in order to identify the requirements for collecting personal data online with the methods, timing, and nature of the data provided by the controllers to end users when they connect to web pages, regardless of the purposes of the connection.
Another processing purpose, in this specific case, is the correct browsing on ATM Group's websites indicated above, as well as the use of services provided by ATM Group to those who register theirselves.
TYPES OF DATA PROCESSED
During normal functioning, computer systems in general, Internet transmission protocols and the based site software collect some personal data.
The information is not collected for identification purposes, although this may be possible through processing by the competent Authorities.
DATA COLLECTED
The data collected refers to: IP addresses; Uniform Resource Identifier (URI) addresses of the requested resources; time of the request; methodology used for the server request; size of the file obtained in response; numerical code indicating the status of the response given by the server (successful outcome, error, etc.) and other parameters relating to the operating system and the user's computer environment.
Appropriate security measures are applied for all data processing in order to prevent the loss of information, illegal or improper use and incorrect or unauthorized access.
This data will be used only for anonymous statistical purposes and for managing the sites and the mobile application ATM Milano official app.
PROCESSING METHODS AND COOKIES
Cookies are text files containing small amounts of information that are downloaded to the user's device, if enabled, when browsing the Azienda Trasporti Milanesi S.p.A. website and mobile app ATM Milano official app.
No personal data is acquired by the site unless knowingly provided by the user.
ATM Group doesn’t use cookies to pass on natural person information, although cookies are used in an aggregate way, not in order to identifythe website visitors, nor to monitor customers’ browsing habits. In this field, ATM Group web activities are focused only to improve the service offered and to make browsing on the site more secure and efficient.
Azienda Trasporti Milanesi S.p.A. uses "cookies" in order to provide the website’s visitors with contextualised information and to obtain access statistics (using the Google Analytics service) https://support.google.com/analytics/answer/6004245?hl=en
The site uses cookies in accordance with the following purposes and classification:
SYSTEM COOKIES
These cookies allow the user to browse the site and use its functions, for example, to access the sites and ATM Milano official app secure areas. Without these cookies, it will not always be possible to provide the authentication and correct functioning of the website.
These cookies are not defined by Azienda Trasporti Milanesi S.p.A.; rather they are generated and used automatically by the software platforms used.
Nevertheless, they are intended for the purpose of general functioning and do not have any effect on the protection of the user's personal data.
COOKIES FOR PERFOMANCES AND BROWSING ANALYSIS STATISTICS
Azienda Trasporti Milanesi S.p.A. uses the Google Analytics statistics platform and incorporates its cookies and access methods.
https://support.google.com/analytics/answer/6004245?hl=en
This analytical tool collects the standard log information used on the Internet and anonymous information on the visitor's browsing behaviour.
Should you wish not to choose be analyzed by Google Analytics on all websites, visit https://tools.google.com/dlpage/gaoptout, and follow Google's instructions.
The platform Matomo is used for the site www.atminternational.com. Complete information can be consulted at the link: https://matomo.org/privacy/?menu
TECHNICAL COOKIES
The cookies used are considered technical, also called "session" or "temporary", which help the user browse the site and remember the choices made during the session. They are deactivated as soon as you leave the site via the log out procedure or after a period of inactivity. Profiling cookies are not used.
REGISTERING TO THE SITE AND CREATING AN ACCOUNT
When registering to the ATM Group website services, the user must create a personal account from the registration page. To do this, the user must enter some basic personal data, a user ID (e-mail) and a password.
The user is responsible for the correctness and truthfulness of the information, as well as the safe custody of access credentials and the website activities attributable to their identity.
HOW TO DELETE YOUR PROFILE
To delete your ATM profile it is necessary to enter your personal area and, in the "Profile section", click on the "Delete profile" button (at the bottom of the page).
GEOLOCATION SERVICES, THIRD PART MAP SERVICES AND TRACKING
The geolocation access is not mandatory and can be refused by the user letting him free to use all the ATM Milano app's functions. The geolocation services, when allowed by the user, are active only when the app is active. The locations are not stored by ATM Group and are managed by the following maps services:
- Google for Android (read their policy https://policies.google.com/privacy?hl=en&gl=ZZ)
- Apple for iOs (read their policy https://www.apple.com/uk/privacy/)
- Windows for Windows (read their policy https://privacy.microsoft.com/)
The tracking service allows you to choose whether the ATM app can track user activities and has the purpose of improving its functionality.