Bina - Istra Group Privacy Policy

Page 1

Bina - Istra Group Privacy Policy (i)

Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as: the “General Data Protection Regulation”), the group of entrepreneurs consisting of the parent company Bina - Istra, joint stock company for financing, construction, operation and maintenance of motorways, Zrinščak 57, Lupoglav, VAT ID No. (OIB): 13439120211 and the subsidiary Bina-Istra Operation and Maintenance, limited liability company for operation and maintenance of motorways, Zrinščak 57, Lupoglav, VAT ID No. (OIB): 76757137512, (hereinafter jointly referred to as: Bina - Istra), is committed to achieving the highest level of protection of personal data of its users, in accordance with applicable regulations and best European practice. Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

(ii)

Bina – Istra provides the service of using the Istrian Y Motorway: i. at regular toll prices; and ii. at discounted prices under subscription scheme in accordance with the General Terms and Conditions for ENC Packages and Electronic Toll Collection Via Payment Cards (hereinafter referred to as: the General Terms and Conditions for ENC packages).

(iii)

This Bina - Istra Group Privacy Policy (hereinafter referred to as: the Privacy Policy) applies to the data subject: i. who submits a request for establishing a user scheme with Bina - Istra in accordance with the General Terms and Conditions for ENC Packages; ii. who is a user of the ENC package in accordance with the General Terms and Conditions for ENC packages; iii. who travels on the Istrian Y Motorway; iv. who addresses Bina - Istra in person at the Bina - Istra’s points of sale or through the customer service by telephone, e-mail address or postal address; 1


v. who visits Bina - Istra’s website (hereinafter jointly: the User). (iv)

The collected personal data are not transferred to third countries.

(v)

The User whose data are processed is entitled to request access to, rectification, completion, erasure and restriction of personal data processing and is entitled to the portability of personal data and to object to Bina - Istra regarding the processing of his personal data and to report suspected breach of his personal data. The User may exercise these rights by contacting the Data Protection Officer at the e-mail address dpo@bina- istra.com or at the postal address Bina - Istra d.d., Zrinščak 57, Lupoglav. The User may also object to the processing of personal data with the supervisory body, the Agency for Personal Data Protection (https://azop.hr/pravaispitanika/zahtjev-zastita-prava).

(vi)

Personal data are collected and processed only for specified and legitimate purposes and are not further processed in a manner that is incompatible with the purposes for which they were collected, unless otherwise provided by law or with the consent of the User.

(vii)

Personal data are protected by appropriate technical and organizational measures against unauthorized consultation, alteration, loss, theft or any other violation and misuse, including primarily the • • • •

Obligation of all subcontractors to protect the personal data of the User by means of appropriate contracts or contractual clauses; Performance of regular controls, reviews and updates of security measures and personal data protection measures; Minimising the processing of personal data; Transparency with regard to the functions and processing of personal data.

(viii)

Data are stored and processed for no longer than is necessary for the execution of certain legal purposes for which they were collected, and no longer than the general limitation period of 5 (five) years or as specified below regarding a specific legal basis and purpose of collection and processing, after which the data are permanently erased or anonymized.

(ix)

Bina - Istra collects only data which are necessary to achieve specific legitimate purposes. Data are collected: a. Directly from the Users who provide them personally; this includes: i. submitting a request for establishing the service and/or for exercising the rights and obligations from the contract (extension of the User's subscriber account) of Bina Istra when the User, if he wants to use/continue to use a particular service, provides data and documents necessary for identification and provision of the service (name and surname, tax number (OIB), address, mobile phone number, e-mail address, copy of vehicle registration certificate, payment card number if necessary for the provision of some of the services of Bina - Istra); ii. collecting data during the communication of the User with Bina - Istra through the 2


customer service (via email address, postal address, telephone conversation with the customer service); b. Automatically via video surveillance at toll stations on the Istrian Y Motorway, at the Učka Tunnel and within interchanges on the Istrian Y Motorway. (x)

Legal basis and purpose of collecting and processing personal data: a. Concluding and executing contracts Data collected from the User for the purpose of taking action at the request of the User before concluding a contract for Bina - Istra’s services in accordance with Item (ix)a are processed for the purpose of concluding and executing contracts for Bina - Istra’s services ("Contractual Data") and include name and surname, tax number (OIB), address, mobile phone number, email address, copy of the vehicle registration certificate, payment card number if this is necessary to provide some of Bina - Istra’s services. The requests for individual Bina - Istra’s services indicate the data which are obligatory for concluding a contract, because a Bina Istra’s service cannot be contracted without them. Contractual Data also include data on Bina - Istra’s services which are or were used by the User, as well as data on the manner and history of payment for Bina - Istra’s services. The data referred to in this Item include the use of data to verify the identity of the User, provide the contracted service, bill and charge for the service, contact the User if necessary in connection with the service, deal with complaints or other actions related to concluding and executing contracts in accordance with the law. The legal basis for data processing for these purposes is the necessity to execute the User's contract or to take measures at the request of the User before concluding a contract. In the event that the User does not want to provide data necessary for the purpose of concluding and executing the contract, Bina - Istra will not be able to conclude the contract and/or perform certain actions related to the execution of the contract. The use of Bina – Istra’s electronic toll collection service automatically generates and collects data necessary for the provision of the service, including the date, times of entry and exit from the Istrian Y Motorway, locations of entry and exit points. These data are collected for the purpose of billing and charging for the service, and the legal basis for processing is the necessity for the execution of the contract. b. Tasks of public interest and discharge of Bina – Istra’s legal obligations Bina - Istra, as determined in point (ix)b, automatically collects specific personal data of the User via video surveillance (vehicle registration number and, depending on the camera angle, weather conditions when the image is taken and lighting, driver’s and co-driver’s image) for the purpose of performing tasks of public interest and Bina – Istra’s discharge of legal obligations. The legal basis for data processing for these purposes is the discharge of Bina – Istra’s obligations under the Roads Act (Official Gazette Nos. 84/11, 18/13, 22/13, 54/13, 3


148/13, 92/14) such as e.g. obligation to ensure that the public is informed about the condition and passability of public roads, emergency events on them and meteorological conditions important for safe traffic operation; monitoring and analysis of the traffic safety situation on public roads, organization of the toll collection system. Data are stored for up to 6 months, except in cases where they are evidence in a court, administrative, arbitration or other equivalent proceedings. c. Request from a competent public authority Pursuant to a written request based on the applicable regulations, Bina - Istra must submit or provide access to specified personal data of the User to competent state authorities (e.g. courts, Police, Personal Data Protection Agency, etc.). d. Bina - Istra’s legitimate interest Bina - Istra processes personal data also for the purposes of protecting the legitimate interests of the User and/or Bina - Istra. This includes, for example, the processing of personal data for security purposes, such as preventing, detecting and prosecuting abuses to the detriment of Users or Bina - Istra, ensuring safety of services, creating services and offers which meet the needs and preferences of Users, market research and analysis. Telephone conversations between the User and Bina - Istra can be recorded and further used for the purpose of improving the quality of work of Bina - Istra employees, dealing with possible complaints of the User, as well as for security purposes, of which the User will be informed before the beginning of the conversation Bina - Istra is authorized to use all contact details of the User to send promotional notices about its own services through all advertising channels, unless the User specifies otherwise. The User may, at any time, declare that he no longer wishes to receive promotional notices, in which case the User's data will no longer be processed for the purposes of direct promotion. The User can provide this statement: (i) by submitting a written statement that he does not wish his data to be processed for purposes of direct promotion or (ii) by simply selecting the appropriate option in each notification received electronically or via SMS. Data required for the purpose of sending promotional notices about Bina - Istra's own services are stored for 730 days from the day of expiry of the ENC package in accordance with the General Terms and Conditions for ENC packages. The legal basis for data processing for these purposes is the legitimate interest of Bina - Istra, except where such interest is overridden by the interest of the User or by fundamental rights and freedoms which require the protection of the User’s data. e. User’s consent Consent of the User means any freely given, specific, informed and unambiguous indication of the User’s wishes by which the user, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him for specific purposes (so called optin). Consent is given in writing. The User may, at any time, in a simple and free-of-charge way, in writing (via the online interface or at Bina – Istra’s points of sale), give, withdraw or deny consent. 4


User's consent is not necessary for the execution of the contract with Bina - Istra, nor is it a condition for concluding a contract with Bina - Istra. f.

Cookies The User receives information about cookies used by the Bina - Istra website during the first visit to the website when the User gives or denies consent to the use of cookies. Cookie settings can be configured in the Internet browser at any time.

(xi)

Forwarding personal data to third parties Bina - Istra forwards personal data of the User to third parties only in cases a. when this is determined by mandatory rules (e.g. a court request) b. when Bina - Istra contracted third parties as subcontractors to perform a certain job as processors (e.g. IT service provider, system maintenance service provider, delivery service provider).

(xii)

This Privacy Policy shall enter into force and apply to all Users as of 25 May 2018 These Privacy Policy may be amended and/or supplemented from time to time and is available at any time on Bina – Istra’s website and at Bina – Istra’s points of sale. This Privacy Policy completely replaces the provisions of the General Terms and Conditions for ENC packages in the part related to the protection of personal data.

5