This text describes how the personal data of users visiting the südtirolmobil website or using the südtirolmobil app is processed. It contains and refers to information prescribed in Article 13 of the European Union Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data; i.e. the data of anyone who visits and uses the services available at www.suedtirolmobil.info.
Protecting your personal data is very important to us. We would like you to know when we store which data and how we use it. As a company under private law, we are subject to the provisions prescribed in Article 13 of the European Union Regulation (EU) 2016/679. We have taken a series of technical and organisational measures to ensure that both we and any external service providers observe the above data protection provisions at all times.
Please note that we may process data relating to identified or identifiable users who visit this website.
STA - Strutture Trasporto Alto Adige SpA/Südtiroler Transportstrukturen AG (Via dei Conciapelli/Gerbergasse 60, 39100 Bolzano/Bozen, email@example.com) is responsible for all data processing.
The person responsible for the protection of personal data can be contacted at firstname.lastname@example.org.
Personal data is any information that can be used to determine your identity. This includes information such as your name, address, postal address, telephone number or age. It does however not include any information that is not directly associated with your identity, such as preferred websites etc.
As a general rule, you can use our online services without revealing your identity. However, if you order a Südtirol Pass or subscribe to a seasonal/annual pass etc., we have to ask for your name and other personal data in order to process your request. Any fields that are required to conclude a contract for our services are marked as mandatory and must be filled in.
To provide the best possible service, our website and app require information on the location of the device on which they are used. If they cannot access the location information, the service will not function ideally; we therefore recommend that you enable access to your device’s GPS location service. This information is processed by a third party called Mapbox (www.mapbox.com) within the map displayed in order to locate the nearest stops and stations. In addition, anonymous location information is combined with points of interest (POI) listed on Open Data Hub Südtirol – Alto Adige (https://opendatahub.bz.it). The location information collected by a device does not allow us to identify individual users and serves the sole purpose of providing the requested service; any additional information arising from the use of the application (such as the user’s personal data, searches, preferred stops etc.) is only stored in the data controller’s computer systems for the time strictly necessary to provide the requested service.
Your data is stored on AWS (Amazon Web Service) servers within the European Union. This data can only be accessed by a selected number of persons specially authorised for the purpose of technical, commercial and administrative server support.
When accessing the Südtirol Pass portal from our website or app, you will be transferred to a different website where your data will be processed by an external service provider (Servizi S.T. GmbH) duly appointed by STA - Südtiroler Transportstrukturen AG/Strutture Trasporto Alto Adige SpA in accordance with Art. 28 of the European Union Regulation (EU) 2016/679.
You can exercise your rights as set forth in the provisions of the European Union Regulation (EU) 2016/679 by contacting STA - Südtiroler Transportstrukturen AG/Strutture Trasporto Alto Adige SpA at any time: email@example.com.
This website uses Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (hereinafter called Google), based on the principle of the controller’s legitimate interest with regard to analysing the use of the website and/or app.
When you visit our website or use our app, a connection is established with servers owned by Google. Data is then transmitted to Google’s servers, some of which are located in the USA. Our website and app use an IP anonymisation feature. This means that in EU member states and any country covered by the European Economic Area agreement, Google will shorten your IP address and render it anonymous. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there.
According to the information provided by Google, Google uses the collected data to analyse the use of the website and/or app, to create reports on usage activities and for other services in connection with the use of the website, app and the internet. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.
Google Analytics for Firebase
In order to improve the quality of our app, we use Google Analytics for Firebase, a Google service collecting anonymous usage statistics. This is only done to improve our product and does not affect your personal data. IP addresses are only stored in anonymised form. The anonymous usage data collected is transferred to Google servers and stored there. Google evaluates this data and compiles reports about usage activities within the app.
For more information on Google Firebase and data protection, please visit: https://www.google.com/policies/privacy/ and https://firebase.google.com/support/privacy.
We use push notifications to inform users about changes and disruptions to selected bus routes, stops, train lines and stations. They may also include alerts, important updates and news regarding Südtirol Pass tickets and public mobility in general.
In order to use this service, push notifications must be enabled in your browser or device.
For our push messages, we use Google’s Firebase Cloud Messaging services. An anonymised push reference key, which is required for the push service, is assigned to each web browser or mobile end device. In the process, the Firebase servers merely transmit the push message; no data related to a natural person can be determined from this.
You can revoke your consent at any time and unsubscribe by disabling our push notification service in your browser or device settings.
For more information on Firebase safety and data protection, please visit https://firebase.google.com/support/privacy.
We use technical, navigation or session cookies enabling you to browse and use our website (e.g. choice of language, timetable searches, paying for or topping up your Südtirol Pass, authentication when accessing personalised information online etc.).
We also use analytics cookies, which are equivalent to technical cookies in that they are installed and used directly by us, the operator of the website or app, to collect aggregate information on visitor numbers and navigational use.
However, we do not install profiling cookies, which are used for advertising messages based on the user’s navigation. In accordance with European and Italian law, prior consent is required for the use of profiling cookies.
Most browsers are set to automatically accept cookies. You can deactivate the automatic storage of cookies at any time or tell your browser to notify you whenever cookies are used.
Disclosure of personal data
Any data processing within the context of our online services is carried out at the aforementioned headquarters by designated in-house technicians or by technicians in charge of occasional maintenance works. No data retrieved from our online services is disclosed or transferred. The personal data of users who submit contact requests will only be used to provide the requested service and will only be passed on to third parties if necessary and solely for the aforementioned purpose.
This website contains links to third-party websites. We have no control whatsoever over the privacy practices of third-party websites. This information applies exclusively to our own website and app but not to any website accessed through external links.
Any data collected is processed with automated tools and solely for the purposes of information management as required. Specialist security measures are in place to prevent the loss of data as well as any unauthorised or improper use or unauthorised access.
Users under the age of 14 years should not disclose and pass on personal data without their parents’ or legal guardian’s express consent. We do not request any personal data from minors, nor do we collect such data or pass it on to third parties.
Rights of the persons affected
Any person to whom such personal data refers is entitled at any time to obtain information as to whether or not such data has been collected, about its content and origin, to verify its accuracy or to ask for their data to be completed, updated or rectified as set forth in Art. 16 of the European Union Regulation (EU) 2016/679.
Art. 16 of Regulation (EU) 2016/679 furthermore stipulates that all users have the right to ask for any unlawfully processed data to be erased, rendered anonymous or made unavailable and to object to the processing of data for legitimate reasons. Furthermore, you have the right to submit a complaint to the relevant data protection authority (www.garanteprivacy.it) and to bring action before a competent court.
If you have any questions, suggestions or comments regarding data protection, please contact us at firstname.lastname@example.org.
Südtirol Pass and Euregio Family Pass holders can book their journeys by bus and train online through the südtirolmobil website or in our app.
All journeys booked online are automatically activated and validated for the date and time booked, i.e. you are automatically checked in. If you need to cancel a booked journey, you can do so in the ticket shop up to one minute before the scheduled departure.
Please note that to use this service, you need to be in possession of a paid Südtirol Pass product and to register via the ticket shop on the südtirolmobil website or app. The service requires to types of personal data: 1) your contact details provided on the Südtirol Pass portal (a mobile phone number and/or e-mail address) and 2) the Südtirol Pass ticket number, which you need to sign up to our ticket shop. The access code required to sign up will be sent to your mobile phone or e-mail. During this process, a token based on your Südtirol Pass ticket number is generated and stored by the external service provider in charge (Servizi S.T. GmbH) for the duration of use of the service. After three weeks of inactivity, i.e. if no tickets are booked, the token is invalidated and deleted from the external service provider’s storage.
For more information on data privacy, please visit the Südtirol Pass portal at https://portal.suedtirolmobil.info/privacy.ph.
When accessing the Südtirol Pass portal from our website or app, you will be transferred to a different website where your data will be processed by an external service provider (Servizi S.T. GmbH) duly appointed by STA – Südtiroler Transportstrukturen AG/Strutture Trasporto Alto Adige SpA in accordance with Art. 28 of the European Union Regulation (EU) 2016/679.
Information pursuant to Art. 12, 13 and 14 of the General Data Protection Regulation (EU) 2016/679 (GDPR)
For the purposes of the General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as “GDPR”) on the protection of natural persons with regard to the processing of personal data, STA – Südtiroler Transportstrukturen AG/Strutture Trasporto Alto Adige SpA – in its position as data controller (hereinafter referred to as “Company” or “Controller”) is obliged to provide information on personal data that may have been collected on natural persons (“Data Subjects”).
The data held by the Controller is typically collected directly from the Data Subjects and occasionally also from third parties.
Pursuant to Article 14 g) of the GDPR, the Controller hereby informs all Data Subjects that, if and when personal data is not collected directly from a Data Subject, no automated decision-making processes are used; this includes profiling as referred to in Article 22, paragraphs (1) and (4) of the GDPR.
Purposes of data processing
Any data is processed as part of the Controller’s regular operations in connection with the issuing of and payment for tickets.
Tickets can be purchased online using the ticket shop function of the südtirolmobil app.
All ticket payment is processed by LogPay Financial Services GmbH, which acts as a separate Controller.
Any personal data collected in connection with the above activities is processed for the following purposes:
- for purposes closely related to the contract and the performance of the obligations deriving from the contract itself;
- for purposes related to obligations arising from national and/or international laws or regulations, as well as from measures adopted by national or international bodies or authorities. Where applicable, this includes activities required in order to comply with obligations arising from anti-money laundering legislation.
No consent is required for the processing of this personal data.
Processing this data is permitted under Art. 6 b), c), e) and f) of the General Data Protection Regulation (EU) 2016/679 (GDPR).
Data processing methods
Any data collected may be processed manually or electronically with the help of IT systems; all such methods are designed to safeguard and guarantee data security, confidentiality and availability.
Providing your data for the purposes set forth in 1) is optional; on a practical level, however, refusal to do so would make it impossible to perform the existing pre-contractual and/or contractual relations. Providing your data for the purposes set forth in 2) is mandatory, since it is necessary in order to fulfil any regulatory obligations.
Disclosure of personal data
Collected data may be passed on to any legal entity (office, body or public administration organ, company or institution) that are legally required or entitled to have knowledge of such data, as well as to any person with a right of access (diritto di accesso/Aktenzugriffsrecht) or a so-called right of generalised civic access (diritto di accesso civico generalizzato/allgemeiner Bürgerzugang). In the case of special data and/or data relating to criminal convictions and offences, data may be passed on to legal entities as set forth in the regulations for the processing of sensitive and judicial data, as outlined by the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) on 30/05/2005. Moreover, data may also be passed on to any consultants, insurers and other service providers for processing in connection with the aforementioned purposes.
No consent is required for the processing of data pertaining to the above-mentioned categories.
Scope of availability of personal data within the Company
The data collected may be made available to the Data Controller, their Data Protection Officer and their Data Processing Officers.
Time limits for the processing and storage of personal data
The data processing referred to in this present notice will be limited to the duration strictly necessary to provide the services of the online ticket shop, after which all data will be deleted.
Data Controller and Data Protection Officer
As the Data Controller, STA - Strutture Trasporto Alto Adige SpA/Südtiroler Transportstrukturen AG (Via dei Conciapelli/Gerbergasse 60, 39100 Bolzano/Bozen) is responsible for all data processing.
E-mail address: email@example.com;
As the Data Protection Officer, Paolo Recla is the person responsible for the protection of personal data; for this purpose, they are based at the registered office of this Company.
Certified e-mail address (in Italy: PEC): firstname.lastname@example.org
Rights of the persons affected
In accordance with Articles 15 to 22 of the GDPR, all Data Subjects are entitled to exercise certain rights. In relation to their personal data in particular, all Data Subjects are entitled to obtain the following from the Data Controller: the right to lodge a complaint with a supervisory authority (Art. 13, paragraph  d); the right of access (Art. 15); the right to rectification (Art. 16); the right to erasure (“right to be forgotten”, Art. 17); the right to restriction of processing (Art. 18); the right to be notified of any rectification, erasure of personal data or restriction of processing (Art. 19); the right to data portability (Art. 20); the right to object to the processing of their personal data (Art. 21) and the right not to be subject to automated decision-making processes including profiling (Art. 22).