Italiano

Your seat is guaranteed

and purchasing tickets is easy!

Your seat is guaranteed

and purchasing tickets is easy!

Privacy Policy

Data protection regulations for the protection of the person affected by data processing (we refer to you as a data subject hereinafter, as well as “customer”, “user”, “you”, or “data subject”) arise in particular from the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter referred to as “GDPR”) and the Data Protection Act 2018. Insofar as we decide on the purposes and means of data processing either alone or jointly with others, this primarily includes the obligation to inform you transparently about the type, scope, purpose, duration and legal basis of the processing (cf. Art. 13 and 14 GDPR).

The purpose of this policy (hereinafter: “privacy policy”), is to inform you about the way in which we process your personal data.

Our privacy policy is modular in structure. It consists of one part containing general information about all processing of personal data and processing situations that come into effect each time our website is accessed (Clause 1 General information) and a special part, the content of which only refers to the processing situation specified therein with the name of the respective offer or product, in particular when you visit our websites, which is described in more detail here (Clause 2 Special information).

1. General information

1.1 Definition of terms

This privacy policy is based on the following definitions of terms, as outlined in Art. 4 GDPR:

  • “personal data” is all information that relates to an identified or identifiable natural person (“data subject”). A person is identifiable if he/she can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier, location data or by means of information concerning their physical, physiological, genetic, mental, economic, cultural or social identity characteristics (Art. 4(1) GDPR). Identifiability can also be provided by linking such information or other additional knowledge. This does not depend on the occurrence, form or physical embodiment of the information (photos, video or sound recordings may also contain personal data).

  • “processing” is any operation in which personal data is handled, whether or not by automated means (i.e. technology-supported). This includes in particular the collection (i.e. the procurement), the recording, the organisation, the structuring, the storage, the adaptation or alteration, the retrieval, the consultation, the use, the disclosure by transmission, the dissemination or otherwise making available, the alignment, the combination, the restriction, the erasure or destruction of personal data as well as the change of definition of a target or purpose that was originally used as a basis for data processing (Art. 4(2) GDPR).

  • “controller” is the natural or legal person, public authority, agency or other body that decides alone or together with others on the purposes and means of processing personal data (Art. 4(7) GDPR).

  • “processor” is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller, in particular in accordance with its instructions (Art. 4(8) GDPR).

  • “third party” is any natural or legal person, public authority, agency or other body other than the data subject, controller, processor and persons who under the direct authority of the controller or processor are authorised to process the personal data; this also includes other legal entities belonging to the group (Art. 4(10) GDPR).

  • “consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her; (Art. 4(11) GDPR).

1.2 Name and address of the controller

The person responsible for the processing of your personal data (Art. 4(7) GDPR) is:

Ravello Turismo S.r.l.
Via Scala 14 - 84010 Ravello (SA)
Italy
E-mail: info@ravelloturismo.it

Further information about our company can be found in the legal notice

1.3 Contact details of the data protection officer

Our company data protection officer is available to you at any time to answer all your questions and as a contact person on the subject of data protection.

Her contact details are:

Dario Cantarella
Ravello Turismo S.r.l.
Via Scala 14 - 84010 Ravello (SA)
Italy
E-mail: info@ravelloturismo.it

1.4 Legal basis of data processing

The processing of personal data is permitted if at least one legal basis listed below is complied with:

  • Art. 6 para. 1(a) GDPR: the data subject has given his/her consent to the processing of the personal data concerning him/her for one or more specific purposes;

  • Art. 6 para. 1(b) GDPR: the processing is necessary for the performance of a contract to which the data subject is a contracting party, or for the implementation of pre-contractual measures which are carried out at the request of the data subject;

  • Art. 6 para. 1(c) GDPR: the processing is necessary for compliance with a legal obligation to which the controller is subject (e.g. a statutory retention obligation);

  • Art. 6 para. 1(d) GDPR: the processing is necessary to protect the vital interests of the data subject or another natural person;

  • Art. 6 para. 1(e) GDPR: If the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or;

  • Art. 6 para. 1(f) GDPR: the processing is necessary to safeguard the legitimate interests pursued by the controller or a third party, unless the opposing interests or rights of the data subject prevail (in particular where the data subject is a child).

For processing carried out by us, we specify the applicable legal basis under Clause 2. Processing can also be based on more than one legal basis.

1.5 Categories of recipients

Under certain conditions, we transmit your personal data to our affiliates, or personal data from our affiliates is transferred to us, to the extent that is permissible.

As with any major company, we also use external domestic and foreign service providers to handle our business transactions and work with partner companies at home and abroad. These include, for example:

  • carriers (you can find an overview of the current carriers here)

  • (IT) service providers

  • financial institutions and payment service providers

  • sales partners

  • customer service providers (internal/external)

  • shop operators

  • security companies

  • (travel) insurers

  • other partners engaged for our business operations (e.g. auditors, banks, insurance companies, lawyers, supervisory authorities, other parties participating in company acquisitions)

The service providers and partner companies must provide guarantees that suitable technical and organisational measures are implemented by them in such a way that the processing meets legal requirements and the rights of the data subjects are safeguarded.

We transmit personal data to public bodies and institutions (e.g. police, public prosecutor’s office, supervisory authorities) if there is a corresponding obligation/authorisation.

For processing carried out by us, we specify the categories of the data recipients under Clause 2.

1.6 Requirements for the transfer of personal data to third countries

As part of our business relationships, your personal data may be shared with or disclosed to third parties, who may also be located outside the European Economic Area (EEA), i.e. in third countries.

Insofar as it is necessary, we will inform you in the relevant sections of Clause 2 about the respective details of the transfer to third countries in connection with the processing carried out by us.

The European Commission certifies that some third countries have data protection that is comparable to the EEA standard by means of so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be downloaded from: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html).

However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed.

This is possible, for example, via binding company regulations (referred to as “binding corporate rules”), standard contractual clauses of the European Commission for the protection of personal data, certificates and recognised codes of conduct.

Insofar as it is necessary for your booking and the associated providing and processing of transport services, the transmission of personal data required for this to third countries is permitted in accordance with Art. 49 para. 1(b) GDPR.

Please contact our data protection officer if you would like more detailed information on this topic.

1.7 Storage duration and data erasure

The storage period of the personal data collected depends on the purpose for which we process the data. The data will be stored for as long as this is necessary to achieve the intended purpose.

In the case of processing carried out by us, we specify in Clause 2 how long the data will be stored by us. If no explicit storage period is specified below, your personal data will be erased or blocked as soon as the purpose or legal basis for the storage no longer applies.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

However, storage can take place beyond the specified time in the event of a(n) (imminent) legal dispute with you, or if other legal proceedings are initiated, or if storage is stipulated by statutory provisions to which we as the controller are subject. If the storage period prescribed by statutory provisions expires, the personal data will be blocked or erased unless further storage by us is required and there is a legal basis for this.

1.8 Automated decision making (including profiling)

We do not intend to use any personal data collected from you for any processes involving automated decision-making (including profiling). If we wish to implement these procedures, we will inform you of this separately in accordance with statutory provisions.


1.9    No obligation to provide personal data

We do not fundamentally make the conclusion of contracts with us dependent on you providing us with personal data beforehand. In principle, there is also no statutory or contractual obligation to provide us with your personal data; however, we may only be able to provide certain offers to a limited extent, or not at all, if you do not provide the data required for this.


1.10    Statutory obligation to transmit certain data
Under certain circumstances, we may be subject to a special statutory or legal obligation to provide personal data to third parties, in particular public bodies.


1.11    Data security

We use suitable technical and organisational measures to collect your data, taking into consideration the latest technology, the implementation costs and the nature, the scope, the context and the purpose of the processing, as well as the existing risks of a data breach (including the probability and effect of such an event), in order to protect the data subject against accidental or intentional manipulation, partial or complete loss or destruction, or against unauthorised access by third parties (e.g. we use TLS encryption for our websites). Our security measures are continuously being improved to take into account technological developments.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will be happy to provide you with further information about this upon request. Please contact our data protection officer or our CISO (chief information security officer) in this regard.
His contact details are:

Dario Cantarella
Ravello Turismo S.r.l.
Via Scala 14 - 84010 Ravello (SA)
Italia
E-mail: info@ravelloturismo.it


1.12    Your rights

You may assert your rights as a data subject regarding your personal data at any time, in particular by contacting us using the contact details provided in Clause 1.2. Data subjects have the following rights under the GDPR:

Right to information

You can request information in accordance with Art. 15 GDPR about your personal data processed by us. In your request for information, you should clarify your concern to make it easier for us to compile the necessary data. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. Upon request, we will provide you with a copy of the data that are the subject of the processing. Please note that your right to information may be limited under certain circumstances in accordance with statutory provisions.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

Right to rectification

If the information relating to you is not (any longer) correct, you may request a correction in accordance with Art. 16 GDPR. If your data is incomplete, you may request completion.

Right to erasure

You may request the erasure of your personal data in accordance with the provisions of Art. 17 GDPR. Your right to erasure depends, among other things, on whether the data relating to you are still required by us to perform our statutory duties.

Right to restriction of processing

In accordance with the provisions of Art. 18 GDPR, you have the right to demand a restriction of the processing of the data relating to you.

Right to data portability

In accordance with the provisions of Art. 20 GDPR, you have the right to receive the data that you have provided to us in a structured, commonly-used and machine-readable format, or to request the transmission to another controller.

Right to object

In accordance with Art. 21 para. 1 GDPR, you have the right to object to the processing of your data at any time for reasons relating to your particular situation. You can object to receiving advertising at any time with effect for the future, in accordance with Art. 21 para. 2 GDPR (objection to advertising in the case of direct marketing).

Right to appeal

If you are of the opinion that we have not complied with the provisions of data protection regulations when processing your data, you can make a complaint to the Information Commissioner’s Office.  Guidance on how to make a complaint can be found here: https://ico.org.uk/make-a-complaint

Right to withdraw consent

You can withdraw your consent to the processing of your data at any time with future effect. This also applies to declarations of consent that were issued before the GDPR came into force, i.e. before 25/05/2018.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

2.    Special information

2.1    Visiting our websites

Information about Amico Shuttle and the services we offer can be found in particular at www.amicoshuttle.com including the associated subpages (hereinafter referred to jointly as “website” or “websites”). When you visit our websites, your personal data is processed.


2.1.1    Provision of websites

When using the websites for information purposes, we collect, store and process the following categories of personal data:

Log data: when you visit our websites, a log data record (referred to as “server log files”) is saved on our web server. This consists of:

  • the page from which the page was requested (referred to as referrer URL)
  • the name and URL of the requested page
  • the date and time of the access request (in the time zone of the server)
  • the version of the web browser used
  • the IP address of the requesting computer
  • the amount of data transferred
  • the operating system
  • the message whether the call was successful (access status/Http status code)
  • GMT time zone difference

We use IT service providers for hosting our websites and for statistical evaluations of the log data.

The processing of the log data serves statistical purposes and improves the quality of our websites, in particular the stability and security of the connection.

The legal basis is Art. 6 para. 1(f) GDPR. Our legitimate interest is to be able to make the websites available to you properly.


2.1.2    Contact forms

When using contact forms, the data transmitted in this way are processed (e.g. title, surname and first name, address, company, email address and the time of transmission, subject matter of the enquiry).
The processing of contact form data takes place in order to process enquiries, and depending on the basis and the subject matter of your enquiry, either on the legal basis of Art. 6 para. 1(b) GDPR, if it concerns a contract-related enquiry, or in other cases on the legal basis of Art. 6 para. 1(f) GDPR, our legitimate interest is to process contact enquiries.

We use customer service providers for job processing to answer enquiries made via our contact forms.

In addition, we store the contact form data as well as the respective IP address in order to comply with our obligations to provide evidence, to ensure compliance with and documentation of legal obligations, in order to be able to clarify any possible misuse of your personal data and to ensure the security of our systems.

The legal basis is GDPR Art. 6 para. 1(c) where processing is necessary for compliance with a legal obligation or (f) where processing is necessary for our legitimate interest of answering customer queries.


2.1.3    Booking, providing and processing of transport services

When booking tickets for transport services, we collect, store and process the following categories of personal data:

  • email address
  • surname and first name
  • connection data
  • payment data
  • date of birth (for transport services where children have a special price)
  • consent to the respective terms and conditions
  • advance seat reservation information
  • baggage details
  • language of the booking domain
  • booking channel (web or app)

You also have the option of providing a contact telephone number in case of delays or changes in the itinerary of your trip (optional).

These data are processed for the booking, providing and processing of transport services, including customer service, as well as for the fulfilment of legal obligations.

The legal basis is GDPR Art. 6 para. 1(b) where processing is necessary for the performance of a contract or (c) where processing is necessary for compliance with a legal obligation.

We also use some of these data for product recommendations, see Clause 2.1.4 and for the newsletter, see Clause 2.1.5 and the customer account, see Clause 2.1.6.

When booking tickets for international transport services, the following categories of personal data are also collected depending on the place of departure and arrival:

  • information on gender
  • identity document, passport or ID number

These data are processed for the booking, providing and processing of transport services, including customer service, as well as for the fulfilment of legal obligations.

We pass on the above-mentioned data to the respective carrier or carriers, as well as to public bodies if there is a corresponding obligation/authorisation.

The legal basis is GDPR Art. 6 para. 1(b) where processing is necessary for the performance of a contract or (c) where processing is necessary for compliance with a legal obligation.

The necessary payment data will be transmitted to a payment service provider for the secure processing of the payments initiated by you.

Our payment service providers are:

STRIPE
Privacy Policy Stripe

Il fondamento giuridico è previsto dall’Art. 6 comma 1(b) o (f) del GDPR.


2.1.4    Product recommendation

To the extent permitted, we may use the email address received in connection with the booking or transport service to send you regular offers by email for products from our range similar to those already purchased.
We use external customer service providers as processors to send product recommendations.

You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter or have consented to marketing communication by email. We would like to provide you in this way with information about products from our range that you might be interested in, based on your recent purchases with us.

The legal basis is Art. 6 para. 1(f) GDPR; our legitimate interest is to inform you about our product range and to suggest certain products to you.

You can object to the use of your email address for this purpose at any time by using the unsubscribe link of the product recommendation, or by sending a message to info@amicoshuttle.com.


2.1.5  Use of cookies, plugins and other services

When you visit our website, information in the form of a cookie (small text file) is saved on your terminal. It saves information about how you use the website (identification ID, visit date, etc.). With the use of cookies, we make it easier for you to use our site with various service functions (such as the recognition of previous visits), and consequently, we can better adapt the site to your needs.

The use of technically necessary cookies is based on Art. 6 (1) lit. f GDPR. Our legitimate interest is to provide you with the specific functionalities of our websites, to improve them, and to ensure the security and integrity of our websites.

You can prevent cookies from being saved and to delete cookies already existing by changing your browser settings accordingly. The help function of most browsers tells you how to make these settings. However, if you do not accept cookies, the service features of the Internet offer may be impaired. Therefore, we recommend leaving the cookie function turned on.

Comprehensive information on how this can be accomplished on a number of browsers can be found on the following websites: youronlinechoices, Network Advertising Initiative and/or Digital Advertising Alliance. You can also find information there about how to delete cookies from your computer as well as general information about cookies. We use different types of cookies:

Transient cookies, which are also known as in-memory cookie or "session cookies", are cookies that are deleted after you leave our website and close the browser. E.g. these cookies usually save language settings or the content of the order.

Persistent or permanent cookies remain stored even after the browser is closed. This enables e.g. saving the login status or any search terms that were entered. We use such cookies, among other things, to measure the reach or for marketing purposes. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. However, you can delete these cookies at any time in the security settings of your browser.

In addition to so-called "first-party cookies", which we set as controllers for data processing, "third-party cookies" are also used, which are offered by other providers.

As part of consent management (consent banner), we give you the opportunity to decide between the use of cookies and the use of comparable technologies. You can find a detailed overview with comprehensive information about the services used and access to your consent settings, including the possibility of revocation here.

2.1.6 Machine Learning and Dynamic Adaptation of website/app

We use machine learning to optimise and automate our processes. This involves teaching a system decision-making logic based on use cases, i.e. the system can learn from the past and use algorithms to develop statistical models that can be applied to similar tasks in the future.

For example, we use machine learning in a secured and hashed model to quickly and easily create customised travel offers for you. For this purpose, we use framework data, in particular user ID, the corresponding travel and search history and the IP-address.

Additionally, we use data to automatically adapt our website and app to offer you the best experience possible. For example, we can use your purchase history to offer you additional services (e.g.: adding a seat reservation, purchasing additional luggage etc...) or help you in your user journey (e.g.: if you have an upcoming trip in the near future, we could point you to the real time tracking of your bus).

For this purpose, in addition to the framework data listed above, we also use the purchase history and contacts with Amico Shuttle via Customer Service. The data is salted and hashed to provide an additional layer of protection.

We base this processing on our legitimate interest pursuant to Art. 6 para. 1 (f) GDPR, as we have an economic interest in offering you the most suitable experience. You also benefit from this as you receive a journey offer tailored to your needs rather than a standard recommendation, or we redirect you to services that would benefit your planning, travel and post-travel experience.

If you wish to object to the processing of your data for the purposes of machine learning or dynamic adaptation of website/app, you may do so at any time in accordance with the legal provisions by objecting under this mail “info@amicoshuttle.com”. Please note that you will then only receive standard services.


2.1.7 Fraud Prevention

To prevent fraudulent bookings, we process order-related data, e.g. IP-address, name, e-mail address.

This is lawful under Art. 6 para. 1 (f) GDPR. Our legitimate interest is to prevent being victim to fraud and suffering financial losses.

In individual cases, a decision about cancellation may occur after booking based on automated decision. The logic for this is based on a set of internal algorithms that processes relevant data points and provides us with scores on matches to different fraudulent patterns or compare the data points with thresholds and values typical of fraudulent patterns in order to detect fraudulent bookings. If you wish to contest this decision, express your own point of view or obtain the intervention of a human of the part of the controller, please reach out to info@amicoshutttle.com


2.2    Customer service

When you contact our customer service, we collect the personal data that you provide to us on your own initiative. For example, you can send this to us by email, telephone or letter. Your personal data will only be used in order to contact you, or for the purpose for which you have provided us with this data, e.g. for processing your enquiries, technical administration or customer administration.

This data (including information on means of communication such as email address, telephone number) is provided on a voluntary basis. We use the data to process your concern, to fulfil legal obligations if necessary, and for administrative purposes.

The legal basis is GDPR Art. 6 para. 1(b) where processing is necessary for the performance of a contract, (c) where processing is necessary for compliance with a legal obligation or (f)where processing is necessary for our legitimate interests of providing a good customer service.

In the case of a telephone enquiry, your data is also processed by telephone applications and in part also via a voice dialogue system in order to support us in the distribution and processing of enquiries.
For our customer service, we use external customer service providers as processors.

We do not fundamentally make the conclusion of contracts with us dependent on you providing us with personal data beforehand. In principle, there is also no statutory or contractual obligation to provide us with your personal data; however, we may only be able to provide certain offers to a limited extent, or not at all, if you do not provide the data required for this.

Ravello Turismo S.r.l.

Via Scala 14
84010 Ravello (SA)
Italia

© 2024 Ravello Turismo S.r.l.

P.IVA: 05019700656