  <p><strong>Privacy Policy</strong></p>
<p><strong>Subject and Scope</strong></p>
<p>This Privacy Policy (“Policy”) applies to anyone (“User/s,” “Client/s,” “you,” or “data subject”) using the applications and Services (“Application”) to request travel booking services provided by independent or affiliated third-party transportation providers (Third-Party Transport Provider).</p>
<p>The data protection regulations for the protection of the data subject’s rights arise primarily from the EU General Data Protection Regulation (EU Regulation 2016/679; hereinafter referred to as “GDPR”). To the extent that we determine the purposes and means of data processing alone or jointly with others, this includes the obligation to inform the user transparently about the type, scope, purpose, duration, and legal basis of processing (see Articles 13 and 14 of the GDPR).</p>
<p>The purpose of this privacy policy (hereinafter: “policy”) is to inform the user about our methods of processing their personal data.</p>
<p><strong>Definitions</strong></p>
<ul>
<li>
<p><strong>“Personal Data”</strong>: Any information relating to an identified or identifiable natural person (the “data subject”). An identifiable person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more specific elements of their physical, physiological, genetic, mental, economic, cultural, or social identity (Article 4(1) of the GDPR). Identification can also be obtained by linking such information or other additional knowledge. This does not depend on the occurrence, form, or physical representation of the information (photos, video or audio recordings may also contain personal data).</p>
</li>
<li>
<p><strong>“Processing”</strong> refers to any operation or set of operations performed on personal data, whether or not by automated means (i.e., with technological support). This includes, in particular, the collection (i.e., sourcing), recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction of personal data, as well as altering the definition of an originally used purpose or objective for data processing (Article 4(2) of the GDPR). <strong>“Data Controller”</strong> is the natural or legal person, public authority, service, or other body that alone or jointly with others determines the purposes and means of processing personal data (Article 4(7) of the GDPR).</p>
</li>
<li>
<p><strong>“Data Processor”</strong> is the natural or legal person, public authority, service, or other body that processes personal data on behalf of the Data Controller, in particular, in accordance with their instructions (Article 4(8) of the GDPR).</p>
</li>
<li>
<p><strong>“Third Party”</strong> means the natural or legal person, public authority, service, or other body that is not the data subject, the Data Controller, the Data Processor, or persons authorized to process personal data under the direct authority of the Data Controller or the Data Processor; this also includes other legal entities belonging to the group (Article 4(10) of the GDPR).</p>
</li>
<li>
<p><strong>“Consent”</strong> of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they signify agreement, by a statement or a clear affirmative action, to the processing of personal data concerning them (Article 4(11) of the GDPR).</p>
</li>
</ul>
<p><strong>Data Controller</strong></p>
<p>The entity responsible for processing the User’s personal data (Article 4(7) of the GDPR) is:</p>
<p>AZIENDA METROPOLITANA TRASPORTI E SOSTA CATANIA S.p.A.</p>
<p>Address: XIII Strada, Zona Industriale</p>
<p>95121 Catania, Italy</p>
<p>Email address: <a rel="noopener">pubblicherelazioni@amt.ct.it</a></p>
<p>Further information about our company is available at <a rel="noopener" href="https://www.amts.ct.it/" target="_new">https://www.amts.ct.it/</a></p>
<p><strong>Data Protection Officer</strong></p>
<p>Our Data Protection Officer is available at any time to answer all the User’s questions and to act as a contact point regarding data protection.</p>
<p>Their details are:</p>
<p>Edisonweb Srl</p>
<p>Dr. Riccardo D’Angelo</p>
<p>Address: Via Ignazio Silone 21</p>
<p>95040 Mirabella Imbaccari (CT), Italy</p>
<p>Email address: <a rel="noopener">admin@edisonweb.com</a></p>
<p><strong>Legal Basis for Data Processing</strong></p>
<p>The processing of personal data is permitted if at least one of the legal bases listed below is met:</p>
<ul>
<li>
<p>Article 6(1)(a) of the GDPR: the data subject has given consent to the processing of their personal data for one or more specific purposes;</p>
</li>
<li>
<p>Article 6(1)(b) of the GDPR: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;</p>
</li>
<li>
<p>Article 6(1)(c) of the GDPR: processing is necessary for compliance with a legal obligation to which the Data Controller is subject (e.g., a legal obligation of retention);</p>
</li>
<li>
<p>Article 6(1)(d) of the GDPR: processing is necessary to protect the vital interests of the data subject or another natural person;</p>
</li>
<li>
<p>Article 6(1)(e) of the GDPR: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;</p>
</li>
<li>
<p>Article 6(1)(f) of the GDPR: processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject (in particular if the data subject is a minor).</p>
</li>
</ul>
<p><strong>Duration of Data Storage and Deletion of Data</strong></p>
<p>The duration of the storage of personal data collected depends on the purpose of processing. Data will be stored for as long as necessary to achieve the intended purpose.</p>
<p>If no explicit retention period is specified below, the User's personal data will be deleted or blocked as soon as the purpose or legal basis for retention is no longer applicable. However, retention may continue beyond the indicated time in the case of one or more legal disputes (imminent) with the User or if other legal proceedings are initiated or if retention is required by legal provisions to which we are subject as Data Controllers. If the retention period prescribed by legal provisions expires, personal data will be blocked or deleted, unless further retention is necessary on our part and there is a legal basis for such extension.</p>
<p><strong>Data Protection Principles</strong></p>
<p>We are committed to following the following data protection principles:</p>
<ul>
<li>
<p>Processing is lawful, fair, and transparent. Our processing activities have legitimate reasons. We always consider the rights of the data subject before processing personal data, providing all information regarding processing upon request.</p>
</li>
<li>
<p>Processing is limited to the purpose for which personal data was collected.</p>
</li>
<li>
<p>Processing is carried out with the minimum amount of information necessary for the different purposes.</p>
</li>
<li>
<p>Processing is limited to a period of time. We do not store personal data for longer than necessary.</p>
</li>
<li>
<p>We make every effort to ensure the accuracy of the data.</p>
</li>
<li>
<p>We make every effort to ensure the integrity and confidentiality of the data.</p>
</li>
</ul>
<p><strong>User Rights</strong></p>
<p>These rights consist of the ability to access, rectify, erase, restrict, object to processing, and process data, including in automated form. Data subjects have the right to withdraw consent to the processing of their personal data at any time and obtain portability in an accessible format. In general, the right to information is guaranteed, i.e., to know if personal data is being processed, what data is collected, from which source it is obtained, the purpose, and the parties that carry out the processing.</p>
<p><strong>User Rights to Modify and Delete Data</strong></p>
<p>The User may modify account-related information at any time by logging into their online account or within the App. If you wish to delete your account, exercise other rights regarding processing, or view/change detailed privacy settings, we offer control through personal settings. For all features not yet available through personal settings or for specific requests, please open a ticket through our support center. Please note that we may, in some cases, retain certain User information as required by law or for legitimate business purposes within the limits permitted by law. For example, if the User has a permanent credit or debt on their account, or if we believe the User has committed fraud or violated our Terms, we may seek to resolve the issue before deleting the information.</p>
<p><strong>Types of Data Collected</strong></p>
<p><strong>Information Collected Provided by the User</strong></p>
<p>We collect information directly provided by the User, for example, when creating or modifying an account, for on-demand services, through customer service contact, or during other communications with us. Such information may include: name, email, phone number, postal address, profile picture, payment method, and other information that the User chooses to provide.</p>
<p><strong>Information Collected Automatically and Through Service Use</strong></p>
<p>When the User uses our Services, we collect information about them in the following general categories:</p>
<ul>
<li>
<p><strong>Registration and Authentication</strong>: By registering or authenticating with the service, users allow our applications and related services to identify them in order to enable access to dedicated services. Third parties may provide registration and authentication services, such as social media (e.g., Facebook), or through a separate application or website that uses our APIs (or APIs we utilize). In this case, these services will be able to access some data stored by these third-party services for registration or identification purposes, and we may receive information about the User or their connections from that site or application.</p>
</li>
<li>
<p><strong>Location Information</strong>: When the User uses the Services for transport, we collect location information related to the route via the vehicle application used by the third-party transport provider. This information is not associated with the User in any way. If the User allows the mobile application to access location services via the authorization system used by their mobile operating system, precise location information of the device, when the application is active, will be used only to enhance the real-time user experience, without any storage and retention of data.</p>
</li>
<li>
<p><strong>Transaction Information</strong>: We collect details related to the transaction and the User's use of our Services, including the type of service requested, the time and date the service was provided, the amount charged, the distance traveled, check-in and check-out points, and other transaction-related details. Additionally, in the case that someone uses a promotional code provided by a partner and/or third-party supplier, we may associate the two names.</p>
</li>
<li>
<p><strong>Usage and Preference Information</strong>: We collect information about how the User interacts with our Services, the preferences expressed, and the choice of settings.</p>
</li>
<li>
<p><strong>Device Information</strong>: We collect information about the User's mobile device, limited to language and preferences regarding date, time, currency format, etc.</p>
</li>
<li>
<p><strong>Log Information</strong>: During the User's interaction with our Services, we collect server log information, which may include information such as access date and time, application functionality or pages viewed, application crashes, and other system activities.</p>
</li>
</ul>
<p><strong>Platform Permission Information</strong></p>
<p>Most mobile device platforms (iOS, Android, etc.) have defined the types of device data that applications cannot access without consent. These platforms have different authorization systems to obtain consent from the User. The iOS platform will inform the User the first time the mobile application requests permission to access certain types of data, giving the opportunity to consent or not consent to the request. Android devices will inform the User of authorization requests before the first use of the mobile application, and using it will equate to consent.</p>
<p><strong>Use of Personal Data</strong></p>
<p>We use the information collected to:</p>
<ul>
<li>
<p>Provide, manage, and improve our Services, such as facilitating payments, sending receipts, providing requested products and services (and sending related information), developing new features, providing customer service to users and providers (e.g., drivers/vehicles), developing security-related features, authenticating users, and sending product updates and administrative messages;</p>
</li>
<li>
<p>Perform internal operations, such as preventing fraud or abuse of our Services; identifying and fixing software bugs or operational issues; conducting data analysis, testing, and research; monitoring and analyzing trends related to usage and activities;</p>
</li>
<li>
<p>Send or facilitate communications (i) between User and driver/vehicle, such as estimated time of arrival, or (ii) between the User and third-party partners regarding the User's use of certain features, such as codes for travel vouchers or other promotions;</p>
</li>
<li>
<p>Send the User communications that we believe may be of interest, including information related to products, services, news, and events related to the service and other entities, where permitted and in accordance with applicable local laws; processing contests, sweepstakes, or other promotions and complying with related prizes;</p>
</li>
<li>
<p>Personalize and enhance the Services, including offering or recommending features, content, social connections, references, and advertising messages.</p>
</li>
<li>
<p>Conduct customer satisfaction surveys.</p>
</li>
</ul>
<p>We process and/or use personal data in order to comply with obligations arising from the law. We reserve the right to anonymize personal data collected and use such data, even outside the scope of this privacy policy, only when it is anonymized. We retain billing information and other related information for as long as necessary for accounting purposes or other legal obligations, but no longer than 10 years.</p>
<p>We may process personal data for additional purposes not mentioned here but compatible with the original purpose for which the data was collected. To do this, we will ensure that:</p>
<ul>
<li>
<p>the link between purpose, context, and nature of the Personal Data is suitable for further processing;</p>
</li>
<li>
<p>the further processing does not harm the interests of the User;</p>
</li>
<li>
<p>there is adequate protection of the processing process.</p>
</li>
</ul>
<p>In any case, we will inform Users of any further processing and purposes.</p>
<p><strong>Sharing of Information</strong></p>
<p>In general, we do not share the information we collect about Users with unrelated third parties. In some cases, we may share information with our trusted partners, subsidiaries, or affiliates, including licensed or franchised companies of the Application, in order to enable the provision of the service or improve the user experience, as described in this Policy.</p>
<p><strong>Sharing via our Services</strong></p>
<p>We may share information regarding Users:</p>
<ul>
<li>
<p>With drivers/vehicles to enable them to provide the requested Services. For example, we may share name, photo (if available), average rating given by Users, and other information related to the place of departure and/or arrival;</p>
</li>
<li>
<p>With third parties, to offer the User a requested service through partnerships or a promotional offer from us or third parties;</p>
</li>
<li>
<p>With the public, if the User submits content on a public forum, such as comments on blogs, posts within social media, or other features of our Services visible to the public;</p>
</li>
<li>
<p>With third parties, with whom the User has chosen to share information, for example, other applications or websites that integrate with our APIs or our Services, or vice versa; and</p>
</li>
<li>
<p>With employees if the User is an employer (or similar entity) and with any other third party involved by us, in case the services are used with business entities.</p>
</li>
</ul>
<p><strong>Other Important Shares</strong></p>
<p>We may share information regarding Users:</p>
<ul>
<li>
<p>With our associated and affiliated entities that provide services or conduct data processing on our behalf, or for logistical and/or data centralization purposes;</p>
</li>
<li>
<p>With vendors, consultants, marketing partners, and other service providers who need access to the aforementioned information to conduct research on our behalf;</p>
</li>
<li>
<p>In response to a request for information from a competent authority if we believe that disclosure is in accordance with, or otherwise required by, any law, regulation, or legal proceeding;</p>
</li>
<li>
<p>With law enforcement officers, government authorities, or third parties if we believe that the User's actions are inconsistent with our agreements with the User, the Terms of Service, or policies, or to protect the rights, property, or safety of ourselves or others;</p>
</li>
<li>
<p>In the event of involvement in or during negotiations of a merger, acquisition, or sale of business assets, consolidation or restructuring, financing, or acquisition of all or part of our business by or within another company;</p>
</li>
<li>
<p>In case of notification by us and related consent from the User; and</p>
</li>
<li>
<p>In an anonymous and/or aggregated form that cannot reasonably be used to identify the User.</p>
</li>
</ul>
<p><strong>Social Sharing Features</strong></p>
<p>The Services may integrate with social sharing features and other related tools that allow sharing actions taken on our Services with other applications, sites, or communication means, and vice versa. The User's use of such features enables sharing information with their friends or the public, based on the settings of the social sharing service. Please refer to the privacy policies of the aforementioned social sharing services for more information on how they manage the data provided or shared by the User.</p>
<p><strong>Cookies</strong></p>
<p>For the parts relating to interaction with our web services, please refer to our Cookie Policy, published on <a rel="noopener" href="http://www.mvmant.com" target="_new">www.mvmant.com</a>, for further information regarding choice freedom related to cookies and related technologies.</p>
<p><strong>Changes to the Policy</strong></p>
<p>We reserve the right to modify this Policy at any time. If we make significant changes to the way we process personal information, or to the Policy, we will notify the User through the Services or any other means, for example via email. Continued use of the Services after receiving such notification constitutes consent to the changes made. We encourage the User to periodically review this Policy for updated information.</p>