Foreword

Edisonweb Srl, including our subsidiaries (hereinafter jointly referred to as “Edisonweb”, “we” or “us”), would like to hereby inform you about data protection at Edisonweb.

Scope and application

This Privacy Statement (“Statement") applies to persons anywhere (“Users”, “customer”, “you” or “data subject”) in the world who use our apps or Services (“Application” and “Services”) providing public transit information and enabling Users to plan and optimize public transportation trips.

Our Services include our websites at https://moovle.me, https://moovle.it and any additional websites owned and operated by Edisonweb or its affiliates (the “Site(s)”), our downloadable mobile application(s) (the “App”) and related public transportation information and additional services.

Data protection regulations for the protection of persons affected by data processing arise from the EU General Data Protection Regulation (Regulation EU 2016/679, hereinafter referred to as “GDPR”). Insofar as we decide on the purposes and means of data processing either alone or jointly with others, this primarily includes the obligation to inform you transparently about the type, scope, purpose, duration, and legal basis of the processing (see Art. 13 and Art. 14 GDPR).
The purpose of this policy (hereinafter “privacy policy”) is to inform you about the way in which we process your personal data.

Definitions

• “Personal Data” means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (Art. 4(1) GDPR). Identifiability can also be provided by linking such information or other additional knowledge. This does not depend on the occurrence, form or physical embodiment of the information (photos, video or audio recordings may also contain personal data).
• “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means (i.e., technology‑supported). This includes the collection (i.e., the procurement), recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data as well as the change of definition of a target or purpose that was originally used as a basis for data processing (Art. 4(2) GDPR).
• “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (Art. 4(7) GDPR).
• “Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller, in particular in accordance with its instructions (Art. 4(8) GDPR).
• “Third party” means a natural or legal person, public authority, agency or other body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data; this also includes other legal entities belonging to the group (Art. 4(10) GDPR).
• “Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her (Art. 4(11) GDPR).

Name and Address of the Controller

The person responsible for the processing of your personal data (Art. 4(7) GDPR) is:
Edisonweb Srl
Address: Via Ignazio Silone 21
95040 Mirabella Imbaccari (CT), Italia
Email: support@edisonweb.com
Further information about our company can be found in the Legal Notice.

Data Protection Officer

Our company data protection officer is available to you at any time to answer all your questions and as a contact person on the subject of data protection.
His contact details are:
Edisonweb Srl
Dr. Riccardo D’Angelo
Address: Via Ignazio Silone 21
95040 Mirabella Imbaccari (CT), Italia
Email: admin@edisonweb.com

Legal Basis for Data Processing

The processing of personal data is permitted if at least one of the legal bases listed below is complied with:
• Art. 6 para. 1(a) GDPR: the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
• Art. 6 para. 1(b) GDPR: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
• Art. 6 para. 1(c) GDPR: processing is necessary for compliance with a legal obligation to which the controller is subject (e.g., a statutory retention obligation);
• Art. 6 para. 1(d) GDPR: processing is necessary in order to protect the vital interests of the data subject or of another natural person;
• Art. 6 para. 1(e) GDPR: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; or
• Art. 6 para. 1(f) GDPR: processing is necessary to safeguard the legitimate interests pursued by the controller or by a third party, unless the opposing interests or rights of the data subject prevail (in particular where the data subject is a child).

Storage Duration and Data Erasure

The storage period of the personal data collected depends on the purpose for which we process the data. The data will be stored for as long as this is necessary to achieve the intended purpose.
If no explicit storage period is specified below, your personal data will be erased or blocked as soon as the purpose or legal basis for the storage no longer applies. However, storage may be extended beyond the specified time in the event of a(n) (imminent) legal dispute with you or if other legal proceedings are initiated or if storage is stipulated by statutory provisions to which we as the controller are subject. If the storage period prescribed by statutory provisions expires, the personal data will be blocked or erased unless further storage by us is required by law.

Data Protection Principles

We promise to follow the following data protection principles:
• Processing is lawful, fair, transparent. Our Processing activities have lawful grounds. We always consider your rights before Processing Personal Data. We will provide you information regarding Processing upon request.
• Processing is limited to the purpose. Our Processing activities fit the purpose for which Personal Data was gathered.
• Processing is done with minimal data. We only gather and Process the minimal amount of Personal Data required for any purpose.
• Processing is limited with a time period. We will not store your personal data for longer than needed.
• We will do our best to ensure the accuracy of data.
• We will do our best to ensure the integrity and confidentiality of data.

Data Subject’s rights

These rights consist in the faculty of access, rectification, cancellation, limitation, opposition to the elaboration and treatment, also in automated form. The interested parties have the right to withdraw at any time the consent for the processing of their personal data and to obtain the portability in an accessible format. In general, the right to information is guaranteed, i.e to know if the personal data are being processed, what data are collected, the origin of the data, the purpose and the subjects that process it.

How users can edit and request deletion of personal data

You may correct your account information at any time by logging into your online or in-app account. If you wish to cancel your account, exercise the other rights about the treatment or view / change the privacy detail settings, we offer control through personal settings. For all features not yet available through personal settings or specific requests, please open a ticket through our support center. Please note that in some cases we may retain certain information about you as required by law, or for legitimate business purposes to the extent permitted by law. For instance, if you have a standing credit or debt on your account, or if we believe you have committed fraud or violated our Terms, we may seek to resolve the issue before deleting your information.

Types of data collected

Personal information

Personal information is information about a person, namely information that identifies an individual or may with reasonable efforts or together with additional information we have access to, enable the identification of an individual, or information relating to an identified or identifiable natural person which may be of a private or sensitive nature. Under certain applicable laws identification of an individual also includes any information which associates an individual with a persistent identifier such as a name, an identification number, persistent cookie identifier etc.
Personal information does not include information that has been anonymized or aggregated so that it can no longer identify or be used to identify a specific natural person.
When you use our Services, we collect information about you in the following general categories:

Personal information we collect automatically

• Information collected when installing the App: When you install the App (or have the App installed or pre-installed) on your mobile device, Edisonweb will set up a user account associated with that mobile device and create a User ID for you. This is a unique identifier generated by us in accordance with this Privacy Policy, which is necessary in order for us to provide you with our Services. After installation of the App, we will collect and use the User ID, together with certain other information including Metro area and certain device information which may include your device ID or other unique identifier, advertising ID, unique device token, device type, operating system (including version and settings), as well as your device screen resolution and keyboard language, all in accordance with this Privacy Policy. We may link this information with the account created (while Registration process) in connection with your mobile device and User ID.
Location Information: We collect location information such as your geolocation and your route and travel information (for example, routes and times of travel from one destination to another) in order to provide you with our Services. When using the App, we collect detailed location, including GPS signals and other device sensor data, sent by your mobile device on which the Service is installed and activated. Edisonweb uses this location and sensor information to provide you with the Service and to create a detailed location history of your public transit trips. The information collected, without being associated with the user, may be used for analysis, research purposes and optimization of transport and mobility services.
Proximity Technologies: We perform some of the automatic collection described above through use of physical beacons, software development kits (or SDKs), application program interfaces (or APIs), unique identifiers, and similar technologies which allow us and our transport and research partners to collect information on field and other actions you take when using our Services. Please take into consideration that certain portions of such above mentioned information may also be collected from your device or software, when the Services are running in the background, i.e. when they have been launched but are not actively used. Please keep in mind that most mobile devices and operating systems allow you to control or disable the use of certain collectable information including location services by applications, in the device’s settings menu.

Information you provide to us and through your use of our services

We collect information you provide directly to us, such as when you create or modify your account, request on-demand services, contact customer support, or otherwise communicate with us. This information may include: name, email, phone number, postal address, profile picture, payment method and other information you choose to provide. The information provided by the user can also be collected without registration and authentication; however, they will not be linked directly to the user account, although they may be linked upon subsequent registration or authentication.
Registration and authentication: Where provided, you may choose to set up a registered User Account in connection with your use of the Services. By registering or authenticating, Users allow our Applications and related services to identify them and give them access to dedicated services. Third parties may provide registration and authentication services, as a social media (for example, Facebook, Google, Apple), or through an application or a separate website that uses our APIs (or APIs we use). In this case, these Services will be able to access some Data, stored by these third-party services, for registration or identification purposes and we may receive information about you or your connections from that site or application.
Note - while our Services are available to all Users, whether or not they set up a registered User Account, we note that setting up such an account may allow you to enjoy certain features in the App that are only available to registered Users. If you choose to use the Services without setting up a registered Account, we will still link all of your information with a User ID generated for you, which is necessary in order for us to provide you with the core features of our Services.
Points of Interests (POI): In addition, you may choose to upload specific destinations and POIs such as your home address, work address or other favorite destinations and POIs in order to personalize the Service. We also collects information regarding public transportation lines, stations and/or routes you may have saved or searched for via the Services, including your most-used travel and public transit routes and stations for purposes of providing the Service, enhancing your user experience and personalizing the Service.
Additional Content: You may choose to upload to the Service User Content, such as images, text, reviews and reports of data gaps or errors, and other types of content which you actively choose to provide. We also collect your responses to surveys we may send you on our behalf or on behalf of our partners.
Transaction Information: We collect transaction details related to your use of our Services, including the type of service requested, date and time the service was provided, amount charged, distance traveled, check-in and check-out location, and other related transaction details. Additionally, if you use a promo code, we may associate your name with that entity has given it to you.
Usage and Preference Information: We collect information about how you and site visitors interact with our Services, preferences expressed, and settings chosen.
Device Information: We collect information about your mobile device, limited to preferred language and format preferences such as date, hour, currency, etc.
Log Information: When you interact with the Services, we collect server logs, which may include information like access dates and times, app features or pages viewed, app crashes and other system activity.

Information about platform permissions

Most mobile platforms (iOS, Android, etc.) have defined certain types of device data that apps cannot access without your consent. And these platforms have different permission systems for obtaining your consent. The iOS platform will alert you the first time the mobile App wants permission to access certain types of data and will let you consent (or not consent) to that request. Android devices will notify you of the permissions that the mobile App seeks before you first use the app, and your use of the app constitutes your consent.

The use of the collected Data

We may use the information we collect about you to: 
• Provide, maintain, and improve our Services, including, for example, to facilitate payments, send receipts, provide products and services you request (and send related information), develop new features, provide customer support to Users and Vehicles, develop safety features, authenticate users, and send product updates and administrative messages;
• Perform internal operations, including, for example, to prevent fraud and abuse of our Services; to troubleshoot software bugs and operational problems; to conduct data analysis, testing, and research; and to monitor and analyze usage and activity trends;
• Send or facilitate communications (i) between you and a Vehicle, such as estimated times of arrival (ETAs), or (ii) between you and third-party cooperation partners in connection with your use of certain features, such as bonus travel code or other promotions;
• Send you communications we think will be of interest to you, including information about products, services, promotions, news, and events of the Service and other companies, where permissible and according to local applicable laws; and to process contest, sweepstake, or other promotion entries and fulfill any related awards;
• Personalize and improve the Services, including to provide or recommend features, content, social connections, referrals, and advertisements.
To conduct questionnaires concerning client satisfaction. We Process your Personal Data in order to fulfil obligation rising from law and/or use your Personal Data for options provided by law. We reserve the right to anonymize Personal Data gathered and to use any such data. We will use data outside the scope of this Policy only when it is anonymized. We save your billing information and other information gathered about you for as long as needed for accounting purposes or other obligations deriving from law, but not longer than 10 years.
We might process your Personal Data for additional purposes that are not mentioned here, but are compatible with the original purpose for which the data was gathered. To do this, we will ensure that:
• the link between purposes, context and nature of Personal Data is suitable for further Processing;
• the further Processing would not harm your interests and
• there would be appropriate safeguard for Processing.
We will inform you of any further Processing and purposes.

Sharing of information

In general, we do not share the information we collect about users with third parties. In some cases we may share information with our trusted partners, subsidiaries or affiliates, including licensee companies or Application concessionaires, in order to make it possible to provide the service or improve the user experience, as described in this Policy.

Sharing Through Our Services

We may share your information: 
• With Vehicles to enable them to provide the Services you request. For example, we share your name, photo (if you provide one), pickup and/or drop-off locations with Vehicle drivers;
• With third parties to provide you a service you requested through a partnership or promotional offering made by a third party or us;
• With the general public if you submit content in a public forum, such as blog comments, social media posts, or other features of our Services that are viewable by the general public;
• With third parties with whom you choose to let us share information, for example other apps or websites that integrate with our API or Services, or those with an API or Service with which we integrate; and
• With your employer (or similar entity) and any necessary third parties engaged by us or your employer (e.g., an expense management service provider), if you participate as business entity.

Other Important Sharing 

We may share your information: 
• With subsidiaries and affiliated entities that provide services or conduct data processing on our behalf, or for data centralization;
• With vendors, consultants, marketing partners, and other service providers who need access to such information to carry out work on our behalf;
• In response to a request for information by a competent authority if we believe disclosure is in accordance with, or is otherwise required by, any applicable law, regulation, or legal process;
• With law enforcement officials, government authorities, or other third parties if we believe your actions are inconsistent with our User agreements, Terms of Service, or policies, or to protect the rights, property, or safety of the Provider or others;
• In connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company;
• If we otherwise notify you and you consent to the sharing; and
• In an aggregated and/or anonymized form which cannot reasonably be used to identify you.

Social sharing features

The Services may integrate with social sharing features and other related tools which let you share actions you take on our Services with other apps, sites, or media, and vice versa. Your use of such features enables the sharing of information with your friends or the public, depending on the settings you establish with the social sharing service. Please refer to the privacy policies of those social sharing services for more information about how they handle the data you provide to or share through them.

Cookies

Regarding the interaction with our Web services, we exclusively use technical cookies.

Changes to this privacy policy

We may change this Statement from time to time. If we make significant changes in the way we treat your personal information, or to the Statement, we will provide you notice through the Services or by some other means, such as email. Your continued use of the Services after such notice constitutes your consent to the changes. We encourage you to periodically review the Statement for the latest information on our privacy practices.