The companies KINTO Italy S.p.A. and Toyota Financial Services Corporation, thanking you for your interest in their services, wish to inform you that they have entered into a specific agreement ("Joint Controllership Agreement") to define their respective roles and responsibilities in offering you mobility services accessible through the smartphone application called KINTO Go ("KINTO Go" or "App").
The Joint Controller Agreement’s content will be made available to the data subject who request it at the contacts provided below.
With this KINTO Go Privacy Notice ("Privacy Notice"), KINTO Italia S.p.A ("KINTO Italia") and Toyota Financial Services Corporation ("TFSC") intend to provide all the information required by Article 13 of the General Data Protection Regulation 679/2016 ("EU Regulation" or "GDPR") concerning the processing of personal data through KINTO Go.
This Privacy Notice concerns the processing of personal data (such as your name, your email address) provided directly by you when you register for the App or when you use the services available on KINTO Go and does not concern, instead, information collected through other sources, unless expressly stated.
According to Article 26 GDPR, the purposes and means of the processing operations described below are jointly determined by the following companies (together, "Joint Controllers"):
The Joint Controllers have agreed that KINTO Italy S.p.A. will be the contact point for exercising rights relating to the use of KINTO Go in Italy. For any clarification or request related to the processing of your Personal Data, you can contact KINTO Italia at the following telephone numbers and addresses:
KINTO Italia has appointed a Data Protection Officer ("DPO"), who can be contacted for any clarification or request relating to the processing of your Personal Data. You can request the contact details of the DPO by sending an email to the contact details above.
To allow you to register and use KINTO Go, we collect certain information that directly or indirectly allows your identification ("Personal Data").
In particular, the following categories of Personal Data (Necessary Data) are necessarily required for registering to KINTO Go:
To customize your profile on KINTO Go, you will be further requested to enter the following information (Optional Data):
The provision of the Personal Data listed above is optional, however, in the event of failure to provide the Necessary Data, the Joint Controllers will not be able to create your account and provide the services.
Failure to provide Optional Data, on the contrary, does not preclude the creation of the account and the use of the services; however, in some cases providing further information may be necessary in order to access additional services. The car license plate, for example, is required to access and use the parking payment services. Without such information, access to the parking payment functions will be precluded.
The Personal Data provided will be processed to achieve the following purposes:
Categories of Personal Data | Personal Data | Purposes of processing | Legal basis of processing purposes |
---|---|---|---|
User Data (Necessary Data) | First Name | To register to KINTO Go and provide services (including service notifications). | Art. 6, par. 2, let. b) Performance of the contract |
Last name | |||
E-mail address | |||
Telephone number | |||
User Data (Optional Data) | Geolocation Data of the device used | To know the location of the mobile device and, therefore, the geographical location (geolocation), when using KINTO Go, to allow the Company a faster and more efficient provision of the requested services (e.g. to show the services available in the territory in which the data subject is located and the affiliated establishments providing the requested service based on the location of the device) | Art. 6, par. 2, let. a) Consent |
User Data (Optional Data) | Address | To customise the KINTO Go profile. | Art. 6, par. 2, let. b)Performance of the contract |
Date of birth | |||
Profile picture | |||
Fiscal code | |||
Car license plate | To provide parking payment services. | ||
User Data (Contact Data) | Email-Address |
|
Art. 6, par. 2, let. f)legitimate interest Art. 6, par. 2, let. a)Consent |
TelePhone number |
The Joint Data Controllers allow you to access the KINTO Go Services also from foreign countries ^1.
In order to achieve the aforementioned purpose, the Personal Data you provide will be stored in a special database, owned by the Joint Data Controllers, and dedicated to the storage of your Personal Data ("KINTO Italy Database").
In addition, in order to ensure the proper delivery on the Italian territory of the services provided by KINTO Go, your Personal Data will be duplicated and stored, together with the usage data of each service, in a local database exclusively owned by KINTO Italia ("KINTO Go Italia").
The Optional Data required to customize your profile as anticipated in Section B of this document will be processed and stored exclusively in the KINTO Go Italy database.
Your account will be automatically authenticated through the Global KINTO ID Platform - an account verification authorization system - which will require no further action on your part.
Should you not wish to proceed with authentication through the Global KINTO ID Platform, the ability to proceed with registration and access of services offered by KINTO Go will be precluded.
For more information on the use of KINTO Go services from foreign countries, you can refer to the KINTO Go Terms of Service, available in the App.
[^1] The list of countries from which the KINTO Go services will be accessible will be kept constantly updated by the Joint Data Controllers. Each user may, at any time, request a copy of this list from the contacts provided in Section A of the Privacy Notice.
After registering with KINTO Go, you can use the following services (KINTO Go Services):
The provision of all the services listed above is subject to acknowledgement of this Privacy Notice and acceptance of the Terms and Conditions.
KINTO Italy has purchased from the supplier The & Partners s.r.l. ("T&P"), which, in turn, has entered into a supply agreement with MAPP DIGITAL ITALY S.R.L. ("Mapp"), a license for the use of a Customer Relationship Management ("CRM") through the platform developed by Mapp, which uses Global Access Internet Services GmbH, IP Exchange GmbH and Amazon Web Services EMEA SARL datacenters. The CRM collects all Personal Data collected by KINTO Italy and processed in the manner and for the purposes referred to in point C of this Privacy Notice. Personal Data will be collected directly from you or through tracking and analysis of your preferences and shopping habits on the App.
Personal Data analyzed through the CRM will be processed only in aggregate form for statistical purposes and, with your consent, for marketing and profiling purposes. The Personal Data, stored within the CRM, will only be accessible by personnel specifically authorized by T&P, Mapp and KINTO Italy and will be stored in accordance with the timeframes indicated in point G below.
KINTO Italy guarantees that it has implemented all necessary security measures aimed at ensuring the integrity of the Personal Data contained in the CRM.
In relation to the above processing purposes, the collection, processing and storage of Personal Data will take place through telematic, manual and computer tools, suitable for storing, organizing and selecting the data, and to allow their consultation, extraction and comparison, with logics strictly related to the purposes themselves and, in any case, in order to ensure the security and confidentiality of the data processed, in accordance with the current provisions.
Your Personal Data will be stored in computer archives for the duration necessary to achieve the above purposes and until the request to close the account. After the account closure request has been made, Personal Data will be deleted within 30 days from receipt of the request, for accounts that have not made purchases on KINTO Go; while the data will be stored for tax and accounting purposes within the terms provided by law for accounts that make purchases in the aforementioned App.
After this period, the data will be used only anonymously and for purely statistical, analytical and historical purposes.
Regarding your contact data used for the purposes of marketing, transfer to third parties, profiling and geolocation referred to point C, lett. e., f., g., h., the retention of the data will last for the period that your account is active or until the revocation of the consent you have given. In this case, the Controller will proceed to terminate any processing for the above purposes, except for those strictly necessary to pursue its compelling interests. Regardless of your request to revoke your consent, geolocation data collection may be deactivated and reactivated at any time.
Ultimately, your Personal Data will be processed by authorized and duly instructed parties regarding the protection of privacy, with the use of security measures, inter alia, to ensure: (i) the confidentiality of your Personal Data; (ii) the security of your Personal Data, for example by preventing access to unauthorized parties.
The Joint Controllers take physical, electronic, and organizational measures to ensure the security and accuracy of the Personal Data collected, including limiting the number of people who can physically access the servers containing the databases, as well as electronic security systems and password protection that defend against unauthorized access.
The Joint Controllers will not transfer the Personal Data you provide to a third country or international organization. In order to enable the proper use of the KINTO Go Services from foreign countries, the Data Controllers guarantee that the processing activities will be carried out within the European Union (EU) and/or the European Economic Area (EEA). In cases where a transfer of Personal Data is necessary, the Data Controllers guarantee that any transfer of Personal Data to third countries or international organizations will take place in compliance with the conditions indicated in Chapter V of the GDPR in order to ensure an adequate level of protection of individuals. In particular, the Data Controllers guarantee that no transfer of Personal Data will be made without one of the adequate safeguards provided for in Articles 45 to Articles 49 of the GDPR being in place.
The rights you may exercise in connection with the processing of your Personal Data are those provided for by Articles 15 to 22 of the GDPR:
The aforementioned rights may be exercised by sending a written request or by e-mail to KINTO Italy, using the contacts indicated in point A of this notice.
KINTO Italy, in compliance with current regulations, will respond without undue delay.
Without prejudice to any other administrative or jurisdictional recourse, should you believe that the processing that concerns you violates the Regulation, you have the right to lodge a complaint with the supervisory authority of the Member State in which you reside or habitually work, or of the State in which the alleged violation occurred. For Italy, the competent authority is the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali - GPDP), with whom you can file a complaint by following the instructions available at the following address: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524.
In the event that you need to request the permanent deletion of your Personal Data, for the reasons described in the preceding paragraph, the Joint Data Controllers have provided, according to internal procedures, that the deadline for deletion is 30 days from receipt of the data subject's request.
This right cannot be exercised in case of conflicting legal obligations.
Any changes to the content of this policy will be made known to the user, alternatively, through individual communications, through updates on the KINTO Go website (www.kinto-mobility.it/kinto-go) or directly through the App.