Privacy Policy

PRIVACY POLICY

(pursuant to Art. 13 of EU Regulation 2016/679)

This policy describes how Movitaly Srls ("Data Controller") collects and processes the personal data of its customers and users ("Data Subjects") in relation to the services provided.

1. Data Controller

The Data Controller of personal data is Movitaly Srls, with registered office at via del Gonfalone 3, 20123 Milan (MI), Italy, VAT number 11139910969.
For any questions or to exercise your rights, you can contact the Data Controller at the following addresses:

• Email: [email protected]
• Postal Address: via del Gonfalone 3, 20123 Milan (MI), Italy

2. Types of Data Processed

The Data Controller processes the following personal data provided by the Data Subject:

• Personal and contact details: name, surname, address, phone number, email address.
• Tax and billing information: tax code, VAT number, payment details.
• Service-related data: departure and destination addresses, list of goods to be transported, logistical details.

3. Purposes and Legal Basis for Processing

Your personal data is processed for the following purposes:

A) Purposes necessary for the performance of the contract and legal obligations (do not require consent):

Data is processed to manage requests and provide contractual services. The legal basis is the performance of a contract to which you are a party (Art. 6, par. 1, lett. b, GDPR) and compliance with legal obligations (Art. 6, par. 1, lett. c, GDPR).

• Request management: To provide cost estimates for the requested services.
• Service provision: To organize and provide transport and removal services.
• Administrative and accounting management: To issue invoices, manage payments, and comply with tax obligations.
• Complaint and dispute management: To handle any complaints and protect our rights in legal proceedings.
• Fraud prevention and credit recovery: To prevent fraudulent activities and manage late or missed payments, including through third parties.

The provision of data for these purposes is mandatory. Failure to provide it will make it impossible to provide the requested services.

B) Marketing Purposes (require your explicit consent):

Only with your specific and distinct consent (Art. 6, par. 1, lett. a, GDPR), your data may be used for:

• Sending commercial communications, advertising materials, newsletters, and promotions about our services via email, SMS, telephone, or mail.
• Conducting market research, surveys, and customer satisfaction assessments regarding the quality of our services.

The provision of data for these purposes is optional. You can choose not to give your consent or to withdraw it at any time, without affecting the provision of contractual services.

4. Processing Methods and Retention Period

Data processing is carried out using manual and/or IT tools, with logic strictly related to the stated purposes and in a way that ensures data security and confidentiality.

Personal data will be stored for the time strictly necessary to achieve the purposes for which it was collected:

• For contractual and legal purposes (point 3.A), data will be stored for the entire duration of the contractual relationship and, after its termination, for 10 years to comply with legal obligations.
• For marketing purposes (point 3.B), data will be stored until you withdraw your consent or for a maximum period of 24 months from the last contact.

5. Categories of Data Recipients

Your data may be disclosed to third parties for the fulfillment of the purposes described above. These subjects will operate as Data Processors (appointed under a specific contract) or as autonomous Data Controllers. The categories of recipients include:

• Employees and collaborators of the Data Controller, authorized to process data.
• Logistics partners and carriers for the execution of the removal service.
• Credit recovery agencies and legal consultants.
• Professional firms and consultants (accountants, labor consultants) for administrative and tax management.
• Technical service providers (e.g., hosting providers, IT companies).
• Public and supervisory authorities, where required by law.

Data will not be disseminated. Any transfer of data outside the European Union will only occur to countries deemed adequate by the European Commission or on the basis of adequate safeguards (e.g., Standard Contractual Clauses).

6. Rights of the Data Subject

As a Data Subject, you have the right to:

• Access (Art. 15 GDPR): Obtain confirmation as to whether or not personal data concerning you is being processed, and access to such data.
• Rectification (Art. 16 GDPR): Obtain the correction of inaccurate personal data.
• Erasure ("right to be forgotten", Art. 17 GDPR): Obtain the erasure of your data, in the cases provided for by law.
• Restriction of processing (Art. 18 GDPR): Obtain the restriction of processing in certain circumstances.
• Data portability (Art. 20 GDPR): Receive the personal data concerning you in a structured, commonly used, and machine-readable format.
• Object (Art. 21 GDPR): Object at any time to the processing of your data, particularly for marketing purposes.
• Withdraw consent: Withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
• Lodge a complaint (Art. 77 GDPR): Lodge a complaint with the competent supervisory authority (for Italy, the Garante per la Protezione dei Dati Personali).

To exercise your rights, you can send a request to the Data Controller's contact details indicated in point 1.

7. Updates to this Policy

This policy may be subject to change. Any substantial changes will be communicated to you through the contact channels provided.

Last updated: December 12, 2024