IEM S.P.S. ITALY S.r.l.
Corso F.M. Perrone 39BR
16152 Genoa (GE)
VAT number 02593050996
info-it@iemgroup.com
GENERAL DATA PROTECTION REGULATION
INTERESTED PARTIES: CUSTOMERS
IEM S.P.S. ITALY S.r.l. in its capacity as Controller and Subprocessor of the processing of your personal data (variable depending on the role played in the data management flow) in accordance with Regulation (EU) 2016/679 (hereinafter “GDPR”), and for the purposes thereof, informs you that the aforementioned legislation provides for the protection of data subjects with regard to the processing of personal data and that such processing will be based on principles of accuracy, legality, transparency and protection of your privacy and rights.
Data processed
• Personal data: license plate number, contact details (email and telephone number to receive the virtual receipt and notify the expiry of the subscription), name and surname, residential address (for the management of residence permits), identity document, registration certificate, data relating to geographical position.
Purpose and legal basis of the treatment
• Creation of the user profile to allow registration and login on the portal, necessary for the proper use of the services offered, as well as the registration of the bank card on the website of the partner bank.
Legal basis for processing: performance of a contract (art. 6 para. 1 letter b GDPR). The award is mandatory for the proper execution of the mission.
• Provision of on-street parking services to enable virtualization of parking tickets and permit management for residents
Legal basis for processing: performance of a contract (art. 6 para. 1 letter b GDPR). The award is mandatory for the proper execution of the mission.
• Verification of the dematerialized payment status of parked vehicles for third-party sanction control, and provision of transaction history to users.
Legal basis for processing: compliance with a legal obligation (art. 6 para. 1 letter c GDPR). The award is mandatory for the proper execution of the mission.
• Real-time monitoring of available spaces, thanks to parking sensors that check the evolution of parking space occupancy, to facilitate infomobility and know the available spaces in a certain area.
Legal basis for processing: execution of a data processing contract related to the use of the service (art. 6 para. 1 letter b GDPR). The award is mandatory for the proper execution of the mission.
Legal basis for processing: expression of consent for the processing of data relating to the geographical location of the user (art. 6 para. 1 letter a GDPR). The award is optional and there are no consequences in case of refusal.
• Consultation and orientation to available parking areas by the choice of parking area.
Legal basis for processing: expression of consent for the processing of data relating to the geographical location of the user (art. 6 para. 1 letter a GDPR). The attribution is necessary to allow the geolocation of the vehicle on the map and the guide of available places.
• Notice to indicate the imminent expiration of the Virtual Ticket.
Legal basis for processing: performance of a contract (art. 6 para. 1 letter b GDPR). The award is mandatory for the proper execution of the mission.
Processing methods and security
Your personal data, contained in an AWS data center located in France (Paris) may be processed using electronic computers or paper archives. Each processing shall take place in accordance with the procedures referred to in the articles 6, 32 of the GDPR and by adopting the appropriate security measures provided, both from an IT and organizational point of view.
The data, encrypted, are used for control or statistical purposes: they are not published, transferred or sold to third parties.
Credit card data is not stored on parking meters or on the company portal: all credit card information is only stored on the secure servers of banking partners.
The Data Controller implements and constantly updates technical and organizational security measures to protect its data against unauthorized access to third parties, destruction, alternation and dissemination. To receive more detailed information about the security measures taken, you can write to the e-mail address indicated in the “Contacts” section.
Storage period
In accordance with the principles of lawfulness, purpose limitation and data minimization, pursuant to art. 5 of the GDPR, the retention period of your personal data is:
• 2 years, after this period, all personal data, already encrypted, (including the license plate number), are permanently deleted from the database
• 10 years in accordance with the legal obligations established by the Civil Code for the conservation of accounting records;
• Until the exercise of the right of withdrawal or withdrawal of consent, for the processing of data based on the user’s consent.
• For the control of the payment made via the application by the police command or auxiliaries, the data are available on the control instrument for a maximum of 72 hours after the end of the stoppage. Thereafter, the data can no longer be queried on the server by the monitoring tool.
• If non-payment or violation of the maximum parking time is found, the control staff initiates a sanction procedure that can often affect a long period of time (weeks / months): this therefore makes it necessary to store the license plate data for a longer period than the previous point.
Recipients
Your personal data may be communicated exclusively to:
• local administrations and managers of urban parking and motorist-related services.
• subjects designated and instructed in accordance with art. 29 GDPR (administrative staff, technicians and employees);
• subjects designated to carry out control activities due to paperless remuneration and statistical survey on employment
• Public bodies and offices to which the data must be communicated by law
The complete list of recipients can be requested by contacting the manager at the address
indicated in the “Contacts” section.
Rights of the interested party
The interested party has the right to exercise the rights recognized in the articles 15-22 of the GDPR including, by way of example:
• access the personal data in our possession and request a copy thereof;
• request the correction of any incomplete or inaccurate personal data;
• request cancellation, subject to the exclusions established by art. 17.3 GDPR;
• request the limitation of processing, without prejudice to the exclusions established by art. 18.2 GDPR;
• oppose one or more processing operations based on consent, not initially giving it or revoking it later, or on a legitimate interest.
• obtain a list of subcontractors, with additional data useful for their identification;
• request data portability (i.e. receive them in a structured, commonly used and easily readable format) to the greatest extent technically possible
• lodge a complaint with the Personal Data Protection Control Authority pursuant to art. 77 of Regulation 2016/679, in the event that you consider that the processing of your data is contrary to current legislation.
You can exercise your rights by sending an e-mail to the address indicated below.
Contacts
Manager email address: info-it@iemgroup.com
