On April 27, 2016, the European Union approved a significant reform of the regulatory framework for personal data protection by adopting the "General Data Protection Regulation" (GDPR or Regulation), which is directly applicable in Member States. The Regulation replaces Directive 95/46/EC ("Data Protection Directive") and became mandatory starting May 25, 2018, two years after its entry into force.
The new Regulation strengthens the protection of the right to personal data protection (Data Protection), in line with recognizing personal data protection as a fundamental EU right. It also represents a necessary and urgent response to the challenges posed by technological developments that enable the collection and processing of large amounts of personal data in real-time, allowing for the development of automated decisions that exclude human intervention. The Regulation addresses the growing need for privacy protection felt by European citizens.
Grandi Stazioni Rail considers the protection of personal data of its Clients, Employees, and Suppliers an obligation beyond mere regulatory compliance. For this reason, it has adopted its own Data Protection Framework, which is a set of roles and responsibilities, internal rules, and methodologies aimed at ensuring the management and mitigation of risks to the rights and freedoms of individuals related to the processing of personal data.
The EU Regulation 2016/679 (Articles 15-23) grants individuals specific rights regarding the processing of their personal data. These include the right to:
Access: Request confirmation of data processing and access to personal data.
Rectification: Request correction of inaccurate data.
Erasure/Right to be Forgotten: Request deletion of personal data in certain circumstances.
Data Portability: Request personal data in a structured, commonly used format and transmit it to another data controller.
Restriction of Processing: Request limitations on data processing.
Objection: Object to data processing for specific personal reasons.
Individuals may file complaints with the relevant authority, in Italy, the Data Protection Authority.
For more details, individuals can contact Grandi Stazioni Rail at the provided email addresses: titolaretrattamento@grandistazioni.it
This notice (along with other documents referred to within it) describes the personal data we collect from users and how we process it. The notice is intended for the processing of personal data of users who visit the website grandistazioni.it, for the purposes specifically outlined below, and does not concern any information collected through other methods, sources, or other websites accessible to the user through links on the site, unless explicitly specified.
Below are the references for Grandi Stazioni Rail S.p.A.:
Grandi Stazioni Rail S.p.A., Data Controller, is represented by the current CEO, with its legal headquarters located at Via Giovanni Giolitti, 34 – 00185 (Rome), and can be contacted at the email address titolaretrattamento@grandistazioni.it; The Data Protection Officer can be contacted at the email address protezionedati@grandistazioni.it. Below are the personal data subject to processing through the website, within the limits of the purposes defined in this notice:
Personal data provided voluntarily (e.g., name, surname, email address, etc.) will be processed solely for the purposes described in the specific "Privacy Notices" prepared by the Data Controller for the various online services. These notices, which can be consulted when providing data, will provide additional information, such as the legal basis for processing, the potential recipients of the personal data, the period of retention of personal data (or the criteria for determining such period), the existence of automated decision-making processes, including profiling, as well as all useful information, also provided at the end of this section, for the exercise of privacy rights.
The voluntary sending of emails to the addresses indicated on this site involves the subsequent acquisition of the email address and any other personal data entered in the electronic communication, as well as the sender's data, necessary to respond to the requests. These data will be used solely to provide the requested information.
The data will not be used for other purposes unless with the explicit consent of the data subject.
By browsing the site, technical information related to the hardware and software used by visitors is collected. This information does not provide personal data of the user but only technical/informatics data that is used in an aggregated and anonymous manner solely for the purpose of improving the quality of service and providing statistics regarding the use of the site. For more information, refer to the section dedicated to cookies.
Personal data will be processed with automated tools for the time strictly necessary to achieve the purposes for which they were provided, and the related IT systems will be protected through the adoption of appropriate technical-organizational measures in accordance with Article 32 of the GDPR.
The accuracy and truthfulness of the personal data provided to Grandi Stazioni Rail S.p.A. are the responsibility of the person transmitting the data.
It is specified that only CVs submitted through the "Work with Us" section of the Ferrovie dello Stato Italiane S.p.A. website will be considered, and CVs submitted through other channels will be immediately deleted and considered as not provided.