NapoliPass Privacy Policy
Last Updated: 26/09/2024
NapoliPass App Privacy Policy
This document describes how we use and process your personal data, providing information in a readable and transparent way. It also explains how to contact us if you have any questions about your personal data, which we will be happy to answer.
If you have used our services before, you know that we offer online transportation and/or shipping services as an agent through our website and app.
This Privacy Policy applies to any type of information we collect through our platform or other means connected to our platform (for example, contacting our customer service by email or phone).
We may update the Privacy Policy from time to time. Please feel free to visit this page regularly to stay informed. We will indicate the date of the last revision of this Privacy Policy at the bottom of this page, and any revision will take effect upon publication.
Who is responsible for your data?
When this policy mentions "we," "us," or "our," it refers to Schema ADV SRL, a company based in Italy, with VAT number 08899691219 and registered office at Via G. Porzio 4, is g1, 80143, Naples, NA, which is responsible for your information under this Privacy Policy (the "Data Controller").
Who is the Data Protection Officer?
The Data Controller has a Data Protection Officer who constantly monitors all data processing activities, ensuring your privacy and compliance with applicable regulations. The Data Protection Officer is available to answer any questions you may have regarding the processing of your personal data and the exercise of your rights. You can contact us at help@napolipass.com to exercise any data protection rights or to contact the Data Protection Officer regarding any data protection issues you wish to discuss. Please note that we may ask you to verify your identity and request before proceeding.
Why do we collect your personal data, and on what legal basis do we rely?
I. Booking. During the purchase process, we only ask for the personal data necessary to provide you with our mediation services for contracting transportation and shipping services. This includes completing and managing your booking, sending you communications via email, phone, or SMS regarding your booking (e.g., confirmations, changes, and reminders), and enabling us to respond to your requests. Such communications may be managed by us or our partners. The booking process can be carried out on our website, app, or through our customer service. We aim to show you the most relevant travel and/or shipping information and assist you personally with your booking and post-booking. Please note that the identification data we use will be the email address you provided in your booking/account.
Legal basis: This processing is necessary for the performance of the contract (e.g., to finalize and manage your booking).
II. Other services. We may offer you other travel or shipping-related services based on our role as an agent. This Privacy Policy applies to the data processing related to these additional services. During the contracting process, before or during the data entry, we will inform you if there is any specific information you should be aware of beyond what is already covered in this Privacy Policy.
Legal basis: This processing is necessary for the performance of the contract to provide you with our services or based on your consent.
III. Communications with you. There may be various reasons why we may contact you:
a. To respond to any of your inquiries or requests or those from any Transportation or Shipping Provider and handle them.
b. To contact you personally and help you complete your booking if you are still interested, in case you have not finalized an online booking (as we believe this additional service benefits you by allowing you to continue with a booking without re-entering your details). We also store this information to recognize you when you visit our website again, to improve your user experience.
c. To invite you to provide a review of your experience with us or the Transportation and/or Shipping Provider when using our services. Please note that this feedback may be made available to other customers to help them make decisions about a product or service.
d. To inform you about how to contact us if you need assistance during your journey or to provide other information we believe may be useful in planning or getting the most out of your trip, or information about future trips or a summary of previous bookings made with us.
e. We may need to send you other administrative messages, which may include security alerts.
Legal basis: This processing may be based on the necessity for the performance of the contract, our legitimate business interest in providing our services, or your consent.
IV. Surveys and market research. You may be invited to submit a review of a trip booked with us or to participate in market research. In the latter case, we will explain which personal data will be collected and how it will be used.
Legal basis: This processing is based on our legitimate business interest in improving our services or your consent.
V. Improvement of our services or development of new services. We use personal data for analytical purposes. This is part of our commitment to improving the user experience but may also be used for testing, troubleshooting, and improving the functionality and quality of our online travel services. The main goal is to optimize our online platform to meet your needs, making our website easier and more enjoyable to use. We strive to use pseudonymized or anonymized data for these analytical purposes.
Legal basis: This processing is based on our legitimate business interest in improving our services.
VI. Promoting a safe and reliable service. To create a trustworthy environment for you, your travel companions, our business partners, and our travel suppliers, we may use personal data for the detection and prevention of fraud and other illegal or undesirable activities, as well as for security purposes (e.g., user and booking authentication). For these purposes, we may need to suspend or cancel certain bookings.
Legal basis: This processing is based on our legitimate business interest in preventing fraud. Legal obligations may also apply.
VII. Legal purposes. In certain cases, we may need to use your information to handle and resolve legal disputes, investigations, regulatory compliance, enforce our Terms, or comply with legitimate requests from competent authorities.
Legal basis: This processing is based on fulfilling legal obligations.
We do not make automated decisions based on profiles, other than the legitimate prevention of internet fraud and the personalization of your user experience, marketing, and advertising. In any case, such automated decisions will not have legal effects or significantly affect you.
What types of personal data do we collect?
The personal data we may collect about you falls into the following categories:
I. Information you provide to us.
a. Personal and contact details (e.g., full name, email address, phone number, date of birth...) necessary to enable the booking, provide services, and information. Please note that your email address will be your identification data. We will be able to link your information based on your email.
b. Billing information (e.g., credit card number, cardholder name, and expiration date) to make a payment.
c. Travel companion details (e.g., personal information, travel preferences...) during the booking. In any case, you should have obtained the consent of other individuals before providing us with their personal information and travel preferences, as the access to view or modify their information will only be available through your account or email.
d. Other information (e.g., travel marketing preferences, additional information provided in a survey, contest, or via chat, email, or phone, etc.).
II. Information we collect automatically from the use of our services.
a. Information from your device (e.g., browser type, geographic location, device name, time and duration of the request and visit). When you visit our websites or apps, we may automatically collect certain information from your device. We may link this information to your account.
We use this information, as well as the personal data you provide, to analyze traffic, improve quality, and prevent and detect fraud. We will share it (in some cases with your email in hashed, de-identified form) with third parties; some of them, such as payment providers and financial institutions (for fraud detection, prevention, or chargeback purposes), may act as independent data controllers.
Some of this information may be collected using cookies or similar tracking technologies. The processing of information collected through cookies is based on a different legal basis (e.g., it may be necessary to provide our services, based on your consent). For more information, please refer to our Cookie Policy.
We may process calls and online communications for quality control, analysis, staff training, and legal purposes in case of disputes. Any personal information obtained from you during any communication will be processed in accordance with our Privacy Policy. You may also share your personal data with us (e.g., your contact or booking details, etc.) for other purposes (e.g., when using chat, callback, or other features to help you use our website, or with a future or current booking, etc.). Please note that, when using a third-party feature, that third party may act as a joint controller or as a processor in accordance with its corresponding privacy policy.
III. Information we collect from third parties.
From time to time, we lawfully obtain personal information about you from business partners and other independent third-party sources (e.g., contact information such as email, purchase, or demographic information).
Who will be the recipients of your personal data?
In certain circumstances, we will share your personal data with third parties:
I. Public authorities, beverage and food partners, transport and shipping partners (e.g., the bus company that needs to issue your ticket and/or operate your trip and/or shipment). To provide our services, we must share your personal data with the relevant Transport and Shipping Providers, so they can deliver the requested products or services, as well as with other parties to whom it is necessary to disclose your personal data to diligently provide the requested services. These third parties will act as independent data controllers. Please note that these partners may also contact you, if necessary, to obtain additional information about you in accordance with their independent privacy policy.
II. Affiliated companies. We may process your personal information, as indicated above, for internal purposes related to centralized management. In any case, they will follow practices at least as restrictive as those described in this Privacy Policy.
III. Third-party service providers (e.g., those providing us with IT and hosting services, customer support, analytics, payment and financial services for chargebacks, fraud detection and prevention, etc.) who process your personal data on our behalf and under our instructions for the purposes described above, acting as processors or independent data controllers. When third-party service providers have access to the data, they will only collect the necessary information to perform their functions. They are not authorized to share or use the information for incompatible purposes.
IV. Business partners. Some services on our website or app may be provided entirely or partially by our business partners, and some personal data you provide us (e.g., name, email address, payment details, and other relevant information) will be forwarded to our Business Partner to finalize and manage the service. Relevant information may be shared for the necessary customer support or for the purposes mentioned above. As Business Partners will act as independent data controllers, their independent privacy policy or a specific version of it will also apply. You can find the link before booking the services.
V. Competent authorities. We disclose personal data to law enforcement authorities as required by law or strictly necessary for the prevention, detection, or prosecution of criminal offenses and fraud, or if we are legally obliged to do so. We may also need to disclose personal data to competent authorities to protect and defend our rights or property, or the rights and property of third parties.
VI. Others, with your consent for disclosure.
How do we protect your personal data?
Among other measures (e.g., protocols, internal policies, training, etc.), we can group the main protection actions we undertake:
I. Security measures. Although no online service can guarantee absolute security, we implement reasonable procedures to protect the confidentiality, integrity, and availability of your personal data (e.g., preventing unauthorized access or misuse of your data, using technical and physical restrictions for access and use of personal data, using firewalls, etc.).
If you know or suspect that your account credentials have been lost, stolen, or compromised, or in case of any actual or suspected unauthorized use of your account, or any relevant security matter, please contact us at help@napolipass.com.
II. Retention procedures. We will retain your personal data for as long as necessary to allow you to use our services, to provide our services to you, to comply with applicable laws, resolve disputes with any party, and to allow us to conduct our business (including detecting and preventing fraud or other illegal activities). All personal data we retain will be subject to this Privacy Policy. If you have questions about a specific retention period for certain types of personal data we process about you, please contact us at help@napolipass.com.
For example, if you provide us with your contact email address but then fail to complete your booking, we will retain your email address only temporarily and, in any case, for a maximum period of seven days to assist you with the booking if you are still interested.
III. International data transfers. Our servers are located within the European Union. However, to facilitate our global operations (e.g., via third-party service providers), the transmission of personal data to the recipients described above may include data transfers to countries whose data protection laws are not as comprehensive as those in European Union countries. In such cases, as required, we enter into contractual agreements to ensure that your personal data remains protected in line with European standards.
How can you control the personal data you have provided us?
We want you to have control over how your personal data is used by us. You can do this in the following ways:
I. Managing your information. You can update some of your information by contacting Customer Service.
II. Rectification of your information. You have the right to ask us to correct inaccurate or incomplete personal information about you (which you cannot update yourself through account settings or via our Customer Service).
III. Access to data. You can request information regarding your personal data and copies of such data.
IV. Data portability. You have the right to request copies of the personal information you provided to us in a structured, commonly used, and machine-readable format, where technically feasible.
V. Data deletion. You can request the deletion of your personal information. We may not be able to delete it if data processing is necessary for the execution of the contract between you and us, for our legitimate business interests (e.g., fraud prevention, improving security), or to comply with our legal obligations (e.g., legal reporting, audit obligations). In any case, we will delete it promptly when we can.
As we protect our services from accidental or malicious loss or destruction, residual copies of your personal information may not be removed from our backup systems for a limited period of time (within one week).
VI. Objection and restriction of processing. You can request that we do not process your personal information for specific purposes (including profiling) where such processing is based on legitimate interest, such as direct marketing. If you object to such processing, we will no longer process your personal information for these purposes unless we can demonstrate compelling legitimate grounds for such processing or if it is necessary for the establishment or defense of legal claims.
VII. Withdrawal of your consent. If we are processing your personal information based on your consent, you can withdraw that consent at any time, specifying which consent you are withdrawing. Please note that withdrawing your consent does not affect the lawfulness of the processing based on consent before its withdrawal.
To exercise your rights, send an email to help@napolipass.com or submit your request by mail or courier to the following address: Schema ADV SRL– Via g. Porzio 4, is g1, 80143, Napoli, NA. In your request, you must clearly state your personal identity, including your full name and the email address used to make a purchase or create an account, and the right(s) you are exercising.
We will respond as soon as possible and no later than one month after receiving your validated request unless we need more time to handle your request, in which case we will notify you.
Please note that we may ask you to verify your identity and your request before proceeding.
Exercising these rights is free of charge, unless you make unreasonable or excessive requests. In such a case, we will have the right to charge you a reasonable fee based on administrative costs.