On 27 April 2016, the European Union approved an important reform to the regulatory framework on personal data protection by adopting the “General Data Protection Regulation or Regulation), directly application in Member States. The Regulation replaces Directive 95/46.EC (“Data Protection Directive”) and its application was mandatory from 25 May 2018, two years after it came into force.
The new Regulation consolidates the safeguarding of the right to protection of personal data (Data Protection), in line with the recognition of the protection of personal data as a fundamental right in the EU. The Regulation is also a necessary and urgent response to the challenges posed by technological developments that allow the collection and processing of large amounts of personal data in real time, enabling the development of automated decisions beyond human intervention. The Regulation meets the need for privacy protection that is increasingly felt by European citizens.
Rete Ferroviaria Italiana considers the protection of the personal data of its customers, employees and suppliers to be an obligation that goes beyond mere regulatory compliance. For this reason, it has adopted its own Data Protection Framework, intended as a set of roles and responsibilities, internal rules and methodologies, aimed at ensuring the management and mitigation of risks to the rights and freedoms of individuals related to the processing of personal data.
SPECIFIC POLICY
The changes introduced by the GDPR include the role of the 'Data Protection Officer' (DPO), responsible for monitoring compliance with the Regulation. For Rete Ferroviaria Italiana, the following individual was appointed as Data Protection Officer by the Board of Directors at its meeting on 20/01/2020:
Carla Cioffi
Piazza della Croce Rossa, 1- 00161 Roma
The EU Regulation 2016/679 (Articles 15 to 23) confers specific rights on data subjects. In particular, in relation to the processing of your personal data, you are entitled to request the following from Rete Ferroviaria Italiana S.p.A: access to their data; amendment, deletion and portability of their data; limitation of processing; objection to processing. More specifically:
In addition, you may lodge a complaint with the Supervisory Authority, which in Italy is the Italian Data Protection Authority. At any time, you may contact Rete Ferroviaria Italiana S.p.A. to exercise your rights at titolaretrattamento@rfi.it or by emailing the Data Protection Officer at protezionedati@rfi.it.
This policy (together with other documents referred to in this document) describes the personal data that we collect from users and how we process them. The policy strictly relates to the processing, for the purposes specifically identified below, of personal data of users who consult the website rfi.it and does not concern any of the information collected through other methods, sources or any other websites accessible by the user through links on the same, unless this is expressly specified.
Please refer to the specific policies provided when the data is collected for details on each processing. Rete Ferroviaria Italiana considers the protection of the personal data of its customers, employees and suppliers to be an obligation that goes beyond mere regulatory compliance. For this reason, we have updated the Personal Data Protection policies and we have adopted a Data Protection Framework, intended as a set of roles and responsibilities, internal rules and methodologies, aimed at ensuring the management and mitigation of risks to the rights and freedoms of individuals related to the processing of personal data.
The contacts for Rete Ferroviaria Italiana S.p.A can be found below:
The personal data processed through the website within the limits of the purposes defined in this policy are indicated below:
The personal data will be processed using automated tools for the time needed to achieve the purposes for which they were provided and the relevant IT media will be protected by adopted adequate technical and organisational measures pursuant to art. 32 of the GDPR.
The person sending the personal data to Rete Ferroviaria Italiana S.p.A. is responsible for ensuring they are accurate and truthful.