ItaliaRail.com, a website owned by InterRail LLC, is committed to protecting the online privacy of visitors to our website. This policy applies only to the website and online services provided by ItaliaRail.com. The purpose of this policy is to inform you about the types of information we gather about you when you visit our website, how we may use that information, and how we disclose it to third parties.
ItaliaRail.com abides to the principles of and complies with the EU-U.S. Privacy Shield Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal data from the European Union member countries and Switzerland. ItaliaRail.com complies with the EU Data Protection Directive through adherence to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. ItaliaRail.com has certified with the Department of Commerce adherence to these principle for all personal data received from the European Union. To learn more about the Privacy Shield and Safe Harbor Framework programs, and to view ItaliaRail.com’s certification, please visit https://www.privacyshield.gov and https://www.export.gov/safeharbor
I. Information We Collect
When you use our websites, we may also collect “non-personal information,” which is information that, by itself, cannot be used to identify or contact you, such as demographic information (your age, gender, income, education, profession, zip code, etc.). Non-personal information may also include technical information, such as your IP address, the type of browser you are using, the website that you came to our site from, or that you go to directly from our site, and other anonymous data involving your use of our websites. Non-personal information may also include information that you provide us through your use of our website.
We collect personal information from you when you purchase products from our online order process and/or mobile App (Application). For example, we require you to provide your name, contact information, shipping and billing addresses, and a credit card number before we process your orders. We also collect information about your transactions with us. We may use the information that you provide to communicate with you about products purchased through our online service, to provide customer support in connection with those products, and to provide information on products related to those you have ordered from us. You can opt-out at any time from receiving information on products related to those you have ordered from us by sending an email to email@example.com.
II. How We Use the Information
Our Services and Websites
We use your personal information to provide you any services that you may request or require, to communicate with you, to allow you to make purchases and to provide information on products related to those you have ordered from us. You can opt-out at any time from receiving information on products related to those you have ordered from us by sending an email to firstname.lastname@example.org. We use aggregated non-personal information about our users to understand our website’s demographics, such as the geographic distribution of our users, the age ranges of our users, or a combination of these or other demographics. We use the non-personal information we collect to analyze how our websites are being used, and to improve the content of our websites, online product offerings, and promotional efforts.
If you send us an email with questions or comments, we may use your personal information to respond to your questions or comments, and we may save your questions or comments for future reference. However, aside from our reply to such an email, should you at any time opt-out of receiving further communications we will not send you emails unless you request a particular service that involves email communications or in order to provide customer support in connection with those products. There may be times when you will have the opportunity to subscribe to an email list or electronic newsletter that will send information about our websites to your email address. However, we will provide you with the option to change your preferences and opt-out of receiving those communications.
If you make a purchase through our online ordering service and/or our mobile App, we may use the information you provide to send you important announcements and updates regarding our website or online service. In those instances, and at any other time, you can opt-out at any time by writing an email to email@example.com. When you provide us with your personal information to make a purchase through our online ordering, we only use this information to process your online order and credit card number. We also use your address and billing information to bill you and provide associated support.
III. Disclosure of Information to Third Parties
We sometimes engage unaffiliated businesses to assist us in providing you certain services. For example, we may hire a shipping company to help us deliver our products or services to you. We may also use third parties to process online transactions and credit card payments. In those instances, we may need to share your personal information with them. We use these providers based on contractual relationships and require them to use your personal information only to provide the particular product or service and do not authorize them to use your personal information for any other reason. In compliance with the Privacy Shield Framework provisions, we remain liable for the onward transfer to third parties.
We may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
We may disclose personal information when we are required or requested to do so by law, court order or other government or law enforcement authority or regulatory agency; to enforce or apply our rights and agreements; or when we believe in good faith that disclosing this information is necessary or advisable, including, for example, to protect the rights, property, or safety of ItaliaRail.com, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction.
IV. Security of Information
The security of your personal information is important to us. We maintain physical, electronic, and procedural safeguards to secure your personal information. However, “perfect security” does not exist on the Internet, and there is always some risk in transmitting information electronically. This website takes all reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected both online and off-line.
When our registration/order form asks users to enter sensitive information (such as credit card number), that information is compliant with the Payment Card Industry Data Security Standard (PCI DSS) which is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information as well as the information is encrypted and protected with the best encryption software in the industry, SSL (Secure Sockets Layer). The site employs SSL via a digital certificate issued by Thawte.
If you have any questions about the security at our website, you can send an email to firstname.lastname@example.org.
V. Right of Access
VI. Dispute Resolution
In compliance with the Privacy Shield and Safe Harbor Principles, ItaliaRail commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield and Safe Harbor policies should first contact ItaliaRail at email@example.com. We will respond to your complaint within 45 days.
We would also like to notify you that you have the option of independent recourse free of charge on issues concerning your data at the following independent dispute resolution body based in the USA:
Should you find that a claimed violation has not been resolved after having addressed your complaint to us or to the independent dispute resolution mechanism mentioned above, you have the possibility to invoke binding arbitration administered by the Privacy Shield Panel of the Department of Commerce.
ItaliaRail has further committed to cooperate with EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs for more information or to file a complaint. The services of EU DPAs are provided at no cost to you.
This Policy is effective as of November 8th, 2016. We reserve the right to change this policy at any time, and will post any changes to this Policy as soon as they go into effect. Please refer back to this Policy on a regular basis.
VI. Trenitalia S.p.A. Night Train Personal Data Protection Policy
Specific rules concern the data that it will be necessary to provide when boarding night trains of Trenitalia S.p.A., the rail carrier whose tickets we sell for services in Italy. We report below the relevant excerpt of the Personal Data Protection Policy of Trenitalia S.p.A
Personal data protection – Italian law 196/2003- art 13.
According to the Italian law 196, dated June 30th, 2003, article 13, “Code for the protection of personal data” and, as provided by Trenitalia transportation rules, we inform You that, as from October 1st, 2010, it is compulsory to travel in night accommodations (beds and couchettes) provided with ID (Passport or Identity card).
The staff on board will record the following information: name, surname, reference number of the ID. As from December 12th, 2010, when buying the ticket for the night trains, customers’ names travelling must be indicated on the ticket.
All of these data will be treated for all purposes related to the safety of all corporate assets of Trenitalia. Personal data listed above are also necessary for the validity of the ticket.
The holder of all customers’ data is Trenitalia S.p.A Company, in Rome, at Piazza della Croce Rossa 1, 00161.
The information requested will be kept as long as necessary, in order to pursuit all of the purposes listed above and they will be used exclusively by manual means and/or information systems, adopting the suitable measures to ensure the security and confidentiality of customers’ data.
All of the customers’ data will not be disclosed to third parties and they will not be disclosed outside Trenitalia, except for all the cases provided by law.
“Compagnia Internazionale delle Carrozze Letto e del Turismo S.A” and “Società Wasteels International Italia Srl” will be informed as companies in charge of the night services on the train and, consequently, of all customers’ data collection.
The list of all the persons in charge of customers’ data can be examined in Rome, at Trenitalia Divisione Passeggeri N/I building, at p.zza della Croce Rossa 1.
Any right against the responsible of data collection may be exercised under the Italian law 196/03 article 7.