Privacy Policy American School - Frigerio Trasporti

INFORMATION ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ARTICLES 13-14 OF REGULATION (EU) 2016/679

With this document (“Information Notice”) provided pursuant to Regulation (EU) 2016/679 (hereinafter ‘GDPR’), FRIGERIO Trasporti S.r.l. wishes to inform you, as the parent or legal guardian of the minor (” Minor“), about the purposes and methods by which your personal data, as well as that of the Minor, will be processed within the scope of this Frigerio Trasporti Family and Frigerio Trasporti Bus Monitor app (‘App’) and school transport service (”Transport Service”).

👤 Data controller

FRIGERIO Trasporti S.r.l., with registered office in Giussano (MB), Via Viganò no. 5, is the Data Controller.

FRIGERIO Trasporti S.r.l. can be found at the following email address: dpo@frigerioviaggi.com

🔐 Data Processor

The Data Protection Officer (DPO), domiciled for the purposes of this policy at the Data Controller’s registered office, can be contacted at the following email address: dpo@frigerioviaggi.com.

🎯 Purpose and legal basis of processing

Personal data is processed for the following purposes:

Contractual Compliance: The processing of personal data is necessary for the creation and management of the account via the App and the management and provision of the Transport Service via the App, including related communications and updates regarding bus routes and to ensure the safety of minors during the service. The legal basis is the execution of pre-contractual or contractual measures, as referred to in Article 6, paragraph 1, letter b) of the GDPR. The provision of data is optional but necessary to access the Transport Service. Any refusal will make it impossible to provide the Transport Service.
Legal rights and responsibilities: Personal data may be processed, where necessary, to enable the Data Controller to ascertain, exercise, or defend its rights in court or out of court, as well as to comply with legal obligations or requests from competent authorities. The processing of personal data is based on the legal grounds provided for in Article 6(1)(c) and, where applicable, Article 6(1)(f) of the GDPR.

📁 Types of personal data processed

The personal data processed are as follows:

App login details: Username and Password
Identification data: first name, last name, residential address of the Minor;
Details of parent/legal guardian/third parties (e.g., relatives, babysitters): first name, last name, residential address, tax identification number, identity document;
Location data: bus location data (e.g., vehicle geolocation) to ensure the safety and proper operation of the Transportation Service;
Contact details: phone number, email address of parents or legal guardians;

👥 Categories of data subjects

The processing activities are aimed at the following categories of data subjects:

Minors using the Transport Service.
Parents/legal guardians of the Minor/third parties indicated by the parent or guardian.

⚙️ Processing methods and storage time

Data processing will be carried out electronically, adopting technical and organizational security measures to ensure data protection and prevent unauthorized access.

The processing will be carried out in accordance with current regulations, and the data will be stored for the time strictly necessary to ensure the proper fulfillment of contractual and legal obligations, and in any case no longer than the end of the contractual relationship or the revocation of consent by the data subject.

🗣️ Recipients of the processing

Personal data may be shared with the following categories of subjects:

a) authorized and duly trained personnel of the Data Controller, including with regard to security measures and confidentiality obligations;

b) external consultants used by the Data Controller to perform services, such as IT consultants, legal advisors, etc.

c) IT service providers (e.g., hosting services, geolocation) used by the Data Controller to ensure the provision of the Transport Service, duly appointed as data processors, including Nunsys s.a.

d) competent authorities or other entities provided for by law.

🌍 Transfer of personal data outside the EU

Personal data will not be transferred to third countries or international organizations.

📝 Data subject’s rights

In relation to the processing described in this Policy, you may exercise the rights set forth in Articles 15 to 22 of the GDPR, and in particular the following rights:

Right of access (Art. 15 GDPR): right to obtain confirmation as to whether or not personal data concerning you are being processed and, if so, to obtain access to your personal data.
Right of rectification (Art. 16 GDPR): the right to obtain, without undue delay, the rectification of inaccurate personal data concerning you and/or the completion of incomplete data.
Right to erasure (right to be forgotten) (Art. 17 GDPR): the right to obtain the erasure of personal data concerning you, unless processing is necessary to comply with a legal obligation.
Right to restriction of processing (Art. 18 GDPR): right to obtain restriction of processing in the event of inaccurate data or for other legitimate reasons.
Right to data portability (Art. 20 GDPR): the right to receive your personal data in a structured, machine-readable format.
Right to object (Art. 21 GDPR): right to object, at any time, to the processing of personal data for legitimate reasons.
Right not to be subject to automated decisions (Article 22 of the GDPR), including profiling.
To the Italian Data Protection Authority (www.garanteprivacy.it).

To exercise these rights, you may contact the Data Controller at the following addresses:
-Email: dpo@frigerioviaggi.com

LINK UTILI

FRIGERIO – Il Gruppo

INFO

Legal