3. Processing methods
This data will be processed by the Company, in accordance with the GDPR and national legislation including any measures issued by the competent supervisory authorities, where applicable. The data shall be processed exclusively by specifically authorised personnel of the Company belonging to the functions closely involved in the process of managing the App and shall in no way be accessible, or in any case usable, even indirectly, by other company functions. The data shall be processed by means of software and systems dedicated to the above-mentioned functions in accordance with the principles of correctness, fairness and transparency laid down by the applicable legislation on the protection of personal data and protecting the confidentiality of the person to whom the data refer.
The Company adopts a number of technical, IT and organisational measures in order to guarantee an adequate level of security and processing according to the principle of data minimisation. In particular:
- the Company shall collect and process the braking data for the purposes referred to in points 1.a) and 1.b) above in pseudonymised form, i.e. not directly associated with any user identification data but only with a randomly created alphanumeric code that does not allow the direct identification of the user (Vehicle ID and Trip ID);
- To activate the driving monitoring, you can set up an automatic connection between the app and the Bluetooth or a manual connection every time gets into the vehicle: it is understood that you can deactivate the connection between the app and the Bluetooth at any time and thus stop the recording of driving/braking data;
- In addition, analysis activities for product improvement purposes will only be carried out on a reduced set of information, after aggregation and subsequent anonymization to ensure that such data can no longer be linked to the user.
4. Disclosure, data transfer and dissemination
The Company also uses third parties to provide certain services that involve the processing of personal data, including management and hosting services of the App. These third parties act as data processors, on the basis of specific and adequate instructions in terms of processing methods and security measures indicated in specific contractual documentation. Further information can be requested at the contacts listed below.
In the ranking drawn up periodically among App users (point 1.b) above), only the nickname, mark, model and typology of the vehicle and the experience points accumulated will be shared with other users.
The data will not be transferred outside the European Union and will not be disseminated.
5. Data retention
The data will be kept for the period of time necessary to fulfil the above-mentioned purposes. In particular:
- The IP address of the device will be deleted immediately after each connection to the network;
- The main data on the App (such as your nickname, email, Bluetooth, profile photo, vehicle make and model, scoring data and experience points, Vehicle ID, etc.) will be retained as long as the App is not deleted by you using the "DELETE" function.
- The location data collected and then included in the travel reports will be stored, in pseudonymised form, in Brembo's data centre, for the purpose of research and development of new products and technologies, for one year only and will be anonymised thereafter.
- The reports of the individual trips made available to you (and the location data necessary to track back you trip that you can display within your own area) will be stored, in pseudonymised form, for a period of 5 years, in order to allow you to review, over time, the reports of previous trips and assess the driving/braking progress made; after 5 years, these reports will be deleted. It is understood that you may at any time decide to permanently delete individual trip reports even before this deadline using the specific function in the App.
6. Rights of the people concerned
Users who use the Application may exercise, in relation to the data processing described herein, the rights provided for by the GDPR (Articles 15-21), including:
▪ receive confirmation of the existence of your personal data and access to their content (access rights, Art. 15 GDPR);
▪ update, amend and/or correct your personal data, where applicable taking into account that part of the data is pseudonymised (right of rectification. Art. 16 GDPR);
▪ request the deletion or restriction of data processed in breach of the law, including data whose retention is unnecessary for the purposes for which the data were collected or otherwise processed (right to be forgotten, Art. 17 GDPR, and right to restriction, Art. 18 GDPR);
▪ withdraw the consent given, without prejudice to the lawfulness of the processing based on the consent given before the withdrawal;
▪ to receive a copy of the data in electronic format concerning him made in the context of the contract and to request that such data be transmitted to another data controller (right to data portability, Art. 20 GDPR).
Users may also object to the processing, in the cases provided for by the Regulation (right to object, Art. 21 GDPR).
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law or have compelling legitimate interests to keep. In order to exercise these rights or to request further information on this policy, may contact the Data Protection Officer (DPO) by sending an e-mail to privacy.italy@brembo.it, or by post by registered letter with return receipt to the Company's registered office at the addresses indicated, to the address of the Data Protection Officer.
Users may also lodge a complaint with the Data Protection Authority competent, i.e. a German Supervisory authority (a list of which is available
here), or the Italian Supervisor Authority (whose contact details are available
here).
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws
7. Identity and contact details of the Data Controller and contact details of the Data Protection Officer
The Data Controller is Brembo S.p.A. with registered office in Curno, via Brembo n.25 - 24035, telephone 035.6052111, in the person of the pro-tempore Legal Representative.
The Data Protection Officer can be contacted at privacy.italy@brembo.it.