Play&Go – Privacy policy

PLAY&GO – PRIVACY POLICY

Information regarding the processing of personal data

Pursuant to Article 13 of the EU Regulation No. 2016/679 (GDPR), and in general in compliance with the principle of transparency set forth in that Regulation, below we provide information regarding the processing of personal data in the context of the Play&Go application (hereinafter “App”).

The App allows tracking of trips made in integrated, multimodal mobility (e.g., bus, train, bicycle, walking, carpooling, and combinations these).

It is worth pointing out that the App can be used also in the context of sustainable mobility campaigns to award points and prizes based on the trips correctly tracked by participants. In order to enable the Play&Go campaigns to take place, it is necessary to collect and process the information related to the tracking of trips made via the App and resulting from the various game campaigns.

This information should therefore be considered supplementary to those that will be made available upon joining the various game campaigns offered in the App.

  1. Purpose of processing

The processing of personal data takes place within the App and will have the following purposes:

  • register users and allow their participation;
  • ensure the proper functioning of the App;
  • enable the performance, documentation and improvement of the App’s activities;
  • track and validate trips through the App;
  • provide for scientific, historical and statistical research purposes.
  1. Obligation to provide data

The legal basis for processing is the explicit consent upon first use of the App.

All purposes of processing are related to the use of the App. Although there is no obligation to provide the data, failure to do so will result in the impossibility of proceeding with access to the App and thus using it. With reference to geolocation, it should be noted that failure to consent to tracking could jeopardize the validation of trips.

  1. Type of data processed

The following categories of data may be processed for the requirement of the App: 

  • master data and contact data;
  • geolocation data (data on the user’s position detected in real time, based on the GPS present on the mobile device on which the App is installed, during the tracking of a trip); 
  • behavior data (mode of travel, number of kilometers covered).

The user’s public profile data (Google, Facebook, Apple, Smart Community) may be used to personalize the App.

The user’s e-mail address is also used as a means to uniquely identify the user within the Smart Community systems.

  1. Methods of data processing

The processing will be carried out:

  • by means of the App and the use of manual and automated systems;
  • by individuals authorized and trained to perform such tasks, in accordance with the law; 
  • with the use of appropriate measures to ensure the confidentiality of data and prevent access to them by unauthorized third parties;
  • in contexts that do not undermine the personal dignity and decorum of the data subject, ensuring due care to guarantee confidentiality in their use.

No automated decision making process is involved nor any profiling activity.

  1. Duration of data processing

The data will be retained until receipt of the user’s request for deletion and in any case for a period not exceeding the one necessary to fulfill the obligations or tasks referred to in point 1, and in any case to pursue the specific purposes indicated therein, with gradual deletion of data attributable to the specific purposes gradually no longer being pursued.

In some cases, data might be retained even after the account is closed, such as in backups or in the Disaster Recovery system or, in aggregated and anonymized form, if they were used for scientific research purposes.

  1. Disclosure of data

The data collected and processed may be disclosed exclusively for the above specified purposes, to Public Administrations.

Personal data are not subject to dissemination.

For the exclusive purposes of scientific dissemination of statistical and/or scientific results (e.g., through publication of scientific articles and/or the creation of databases, even in open access mode, participation in conferences, etc.), data may be disseminated in anonymous and aggregate form and always in a manner that does not make the Data Subject identifiable.

  1. Place of data processing

The activity of processing personal data takes place on the territory of the European Union, or with the help of IT tools involving processing in countries for which the European Commission has taken a decision on the adequacy of the protection of personal data or, failing that, through the signing with the provider of Standard Contractual Clauses (SCC) of data protection adopted by the European Commission.

  1. Rights of the data subject

The Data Subject has the right to ask the Data Controller at any time to exercise the rights set forth in Articles 15 et seq. of the GDPR and, in particular to :

  • request confirmation of the existence or non-existence of his/her personal data;
  • obtain information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and, when possible, the storage period;
  • obtain rectification and deletion of data;
  • obtain the restriction of processing; 
  • object to the processing at any time.

He or she also has the right to revoke the consent at any time without affecting the lawfulness of processing based on consent given before revocation. 

To exercise the above rights you can write to: playandgo@smartcommunitylab.it 

This is without prejudice to the right to send a complaint to the Data Protection Authority.

  1. Data controller

The data controller for the processing of personal data is the Bruno Kessler Foundation, based in Trento, Italy, via Santa Croce, 77 – +39.0461.314.621-227 – segr.presidenza@fbk.eu

  1. Contact details of the data protection officer 

The Data Controller has designated a Data Protection Officer (DPO) pursuant to Article 37 of the GDPR, who can be contacted through the following channels: +39.0461.314.370 – privacy@fbk.eu.

Updated September 27, 2022