Privacy

Types of processed data:

• Inventory data (e.g., names, addresses).
• Contact details (e.g., email, phone numbers).
• Content data (e.g., text entries, photographs, videos).
• Usage data (e.g., visited websites, interest in content, access times).
• Meta/communication data (e.g., device information, IP addresses).

Categories of data subjects:

Visitors and users of the service (hereinafter, we also collectively refer to the data subjects as “users”).

Purpose of processing:

• Provision of the service, its features, and content.
• Responding to contact inquiries and communicating with users.
• Security measures.
• Range measurement/marketing.

Purpose

The personal data provided will be transmitted to the single coordinating body of the Guest Pass in order to enable the creation and use of the Guest Pass and to provide the associated services.

Recipient

In connection with the issue of the Guest Pass, your data will be transmitted to the Mobilitätskonsortium, VAT Nr. 02735170215, which acts as the cardholder and unified coordinating body and assumes the role of autonomous data controller in processing the transferred data. For further information regarding the processing to which the data will be subjected, you can send an email to privacy@moko.bz.it.

Legal basis

The legal basis for processing is Art. 6 (1) (b) of the GDPR.

Terms used:

“Personal data” refers to any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

“Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and includes virtually any handling of data.

“Pseudonymization” is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

The “controller” is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

“Processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

Relevant legal bases

In accordance with Article 13 of the GDPR, we inform you of the legal bases of our data processing. If the legal basis is not mentioned in the privacy statement, the following applies: The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing for the performance of our services and the execution of contractual measures as well as responding to inquiries is Art. 6 para. 1 lit. b GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing to safeguard our legitimate interests is Art. 6 para. 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person necessitate the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

Security measures

In accordance with Art. 32 GDPR, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the implementation costs, and the nature, scope, circumstances, and purposes of processing as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons.

Measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as the access, input, transmission, security of availability, and its separation. Furthermore, we have established procedures to ensure the exercise of data subjects’ rights, deletion of data, and response to data threats. Furthermore, we consider the protection of personal data already during the development or selection of hardware, software, and procedures, in accordance with the principle of data protection through technology design and data protection-friendly default settings.

Collaboration with processors and third parties

If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transfer it to them, or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g., if a transfer of the data to third parties, such as payment service providers, is necessary for the performance of the contract), users have consented, a legal obligation provides for this, or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.).

If we commission third parties to process data on the basis of a so-called “data processing agreement”, this is done on the basis of Art. 28 GDPR.

Transfers to third countries

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of using third-party services or disclosing or transferring data to third parties, this only takes place if it is necessary for the fulfillment of our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation, or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process data in a third country with a recognized level of data protection, or on the basis of special guarantees, such as contractual obligations through so-called standard protection clauses of the EU Commission, or if companies are certified under the “Privacy Shield” or bind the EU-US Data Protection Agreement.

Rights of data subjects

You have the right to request confirmation as to whether the data in question is being processed and to request information about this data, as well as further information and a copy of the data in accordance with legal requirements.

You have the right to request the completion of data concerning you or the correction of incorrect data concerning you in accordance with legal requirements.

You have the right to demand that the data concerning you be deleted immediately in accordance with legal requirements, or alternatively, to demand a restriction of the processing of the data in accordance with legal requirements.

You have the right to request that the data concerning you that you have provided to us be received in accordance with legal requirements and to request its transmission to other responsible parties.

You also have the right, in accordance with legal requirements, to lodge a complaint with the competent supervisory authority.

Withdrawal

You have the right to revoke any consent you may have given with effect for the future in accordance with legal requirements.

Right of objection

You may object to the future processing of data concerning you at any time in accordance with Art. 21 GDPR. The objection may be lodged in particular against processing for direct marketing purposes.

Cookies and right to object to direct mail

“Cookies” are small files that are stored on the user’s computer. Different data can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after his or her visit to an online service. Temporary cookies, or “session cookies” or “transient cookies,” are cookies that are deleted after a user leaves an online offer and closes his browser. In such a cookie, for example, the content of a shopping cart in an online store or a login status can be stored. Cookies are referred to as “permanent” or “persistent” and remain stored even after the browser is closed. For example, the login status can be saved if users visit it after several days. The interests of the users who are used for reach measurement or marketing purposes can also be stored in such a cookie. Third-party cookies” are cookies that are offered by providers other than the person responsible for operating the online service (otherwise, if only their cookies are called “first-party cookies”).

We may use temporary and permanent cookies and clarify this within the scope of our privacy policy.

If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional limitations of this online offer.

A general objection to the use of cookies for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by deactivating them in the browser settings. Please note that in this case, not all functions of this online offer can be used.

Deletion of data

The data processed by us will be deleted in accordance with Art. 17 and 18 GDPR or their processing will be restricted. Unless expressly stated within the scope of this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them. If the data are not deleted because they are required for other and legally permissible purposes, their processing will be restricted. That is, the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

Changes and updates to the privacy policy
We ask you to inform yourself regularly about the content of our privacy policy. We will adjust the privacy policy as soon as changes in the data processing we carry out make this necessary. We will inform you as soon as the changes require your cooperation (e.g., consent) or other individual notification.

Hosting and emailing

The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, e-mailing, security services, and technical maintenance services that we use for the purpose of operating this online service.
Here we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties, and visitors to this online service based on our legitimate interests in the efficient and secure provision of this online service pursuant to Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing agreement).

Google Analytics

Based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online service within the meaning of Art. 6(1)(f) GDPR), we use Google Analytics, a web analysis service provided by Google LLC (“Google”). Google uses cookies. The information generated by the cookie about the use of the online service by the user is generally transmitted to a Google server in the USA and stored there. Google is certified under the Privacy Shield Agreement and thereby offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf to evaluate the use of our online service by users, to compile reports on the activities within this online service, and to provide us with further services associated with the use of this online service and the use of the Internet.

Pseudonymous user profiles can be created from the processed data.

We use Google Analytics only with IP anonymization enabled. This means that Google will truncate the IP address of users within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent the collection of the data generated by the cookie and related to their use of the online service to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

The personal data of users will be deleted or anonymized after 14 months.

Google Universal Analytics

We use Google Analytics in the form of “Universal Analytics”. “Universal Analytics” refers to a process by Google Analytics in which the user analysis is based on a pseudonymous user ID and thus a pseudonymous profile of the user is created with information from the use of various devices (so-called “cross-device tracking”).

Online presences in social media We maintain online presences within social networks and platforms in order to communicate with customers, interested parties, and users active there and to inform them about our services. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.

Unless otherwise stated in our privacy policy, we process the data of users if they communicate with us within social networks and platforms, e.g., if they write articles on our online presences or send us messages.

Integration of third-party services and content

Within our online service, we use content or service offers from third-party providers based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online service within the meaning of Art. 6(1)(f) GDPR) to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”).

This always presupposes that the third-party providers of this content perceive the IP address of the users, as they could not send the content to their browser without the IP address. The IP address is therefore required to display this content. We make every effort to use only those contents whose respective providers only use the IP address to deliver the contents. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain technical information about the browser and operating system, referring websites, visiting time, and other details about the use of our online service, as well as be linked to such information from other sources.

Google Fonts

We integrate the fonts (“Google Fonts”) of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Google Maps

We integrate the maps of the service “Google Maps” of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The processed data may include, in particular, IP addresses and location data of the users, which, however, cannot be collected without their consent (usually in the context of the settings of their mobile devices). The data may be processed in the USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Google ReCaptcha

We integrate the function for the recognition of bots, e.g., for entries in online forms (“ReCaptcha”) of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

YouTube

We integrate the videos of the platform “YouTube” of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

The rights of users

Users have the right, upon request, to obtain information free of charge about the personal data that we have stored about them.
In addition, users have the right to correction of incorrect data, limitation of processing, and deletion of their personal data if applicable, if there is no legal obligation to retain such data.
Users may also request that the data provided by them be made available to them in a structured, common, and machine-readable format.

Rights to information

You have the right to request confirmation as to whether the data in question will be processed and to be informed of this data and to receive further information and a copy of the data in accordance with Art. 15 GDPR.

Right to rectification

You have the right to request the completion of data concerning you or the correction of incorrect data concerning you in accordance with Art. 16 GDPR.

Right to deletion

In accordance with Art. 17 GDPR, you have the right to demand that relevant data be deleted immediately or, alternatively, to demand a restriction on the processing of the data in accordance with Art. 18 GDPR.

Right to limitation of processing

You have the right to request the restriction of the processing of your data in accordance with Art. 18 GDPR.

Right to data portability

You have the right to request that the data concerning you that you have provided to us be received in accordance with Art. 20 GDPR and to request its transmission to other responsible parties.

Right of withdrawal

You have the right to revoke consents granted pursuant to Art. 7(3) GDPR with future effect.

Right of objection

You may object to the future processing of data concerning you at any time in accordance with Art. 21 GDPR. The objection may be lodged in particular against processing for direct marketing purposes.

Deletion of data

The data processed by us will be deleted in accordance with Art. 17 and 18 GDPR or their processing will be restricted. Unless expressly stated within the scope of this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them. If the data are not deleted because they are required for other and legally permissible purposes, their processing will be restricted. That is, the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

Online presences in social media

We maintain online presences within social networks and platforms in order to communicate with customers, interested parties, and users active there and to inform them about our services. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.

Unless otherwise stated in our privacy policy, we process the data of users if they communicate with us within social networks and platforms, e.g., if they write articles on our online presences or send us messages.

Integration of third-party services and content Within our online service, we use content or service offers from third-party providers based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online service within the meaning of Art. 6(1)(f) GDPR) to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”).

This always presupposes that the third-party providers of this content perceive the IP address of the users, as they could not send the content to their browser without the IP address. The IP address is therefore required to display this content. We make every effort to use only those contents whose respective providers only use the IP address to deliver the contents. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain technical information about the browser and operating system, referring websites, visiting time, and other details about the use of our online service, as well as be linked to such information from other sources.