On 27th April 2016, the European Union approved an important reform to the regulatory framework pertaining to the protection of personal data with the adoption of the “General Data Protection Regulation” (GDPR or Regulation), which became directly applicable in Member States. The Regulation replaced Directive 95/46/EC (“Data Protection Directive”) and its application became mandatory from 25 May 2018, two years after its entry into force.

The new Regulation reinforces the safeguards related to the right to personal data protection, in line with the recognition of the protection of personal data as a fundamental right in the EU. Furthermore, the Regulation represents a necessary and urgent response to the challenges posed by technological developments that allow for the collection and processing of large quantities of personal data in real time, thereby enabling the development of automated decision-making without any human involvement. The Regulation meets the requirement to protect privacy, which is an increasingly pressing concern for European citizens.

Trenitalia S.p.A. considers the protection of the personal data of its customers, employees and suppliers an obligation that goes beyond simple regulatory compliance. For this reason it has adopted its own Data Protection Framework that is intended to be a set of roles and responsibilities, internal rules and methodologies, aimed at guaranteeing the management and mitigation of risks for the rights and freedoms of individuals related to the processing of personal data.

EU Regulation 2016/679 (Articles 15 to 23) grants data subjects the option to exercise specific rights. In particular, in relation to the processing of your personal data, you have the right to request Trenitalia S.p.A. for:  access to your data; the rectification, cancellation and portability of your data; limitation of processing; opposition to processing. In particular:

• Right to access: You have the right to ask Trenitalia S.p.A. for confirmation as to whether or not personal data concerning you is being processed and, should that be the case, to access this personal data;
• Right to rectification: You have the right to obtain from Trenitalia S.p.A. the correction of inaccurate personal data concerning you;
• Right to erasure/right to be forgotten: You have the right, under certain circumstances, to obtain from Trenitalia S.p.A. the cancellation of your personal data;
• Right to data portability: You have the right, under certain circumstances, to obtain from Trenitalia S.p.A. your personal data in a structured format, commonly used and readable by an automatic device. You also have the right to transmit your data to another data controller without impediments by Trenitalia S.p.A.;
• Right to restriction of processing: You have the right, under certain circumstances, to obtain from Trenitalia S.p.A. the restriction of processing;
• Right to object to processing: You can object at any time, for reasons connected to your particular situation, to the processing of your personal data; Trenitalia S.p.A. will refrain from further processing of your personal data, unless it can demonstrate the existence of compelling legitimate reasons to proceed with the processing that prevail over your own interests, rights and freedoms or in the event of establishing, exercising or defending a right in court.

Furthermore, you can lodge a complaint with the Supervisory Authority, which in Italy is the Italian Data Protection Authority.

You may request to exercise your rights from Trenitalia S.p.A at any time by contacting the following email address: areaclienti@trenitalia.it or by contacting the Data Protection Officer at: protezionedati@trenitalia.it.

 

(DPO), who is responsible for monitoring compliance with the Regulation.

The Data Protection Officer for Trenitalia S.p.A. can be contacted at the following address:

Trenitalia S.p.A. – Data Protection Officer

Piazza della Croce Rossa, 1

00161 Rome

email: protezionedati@trenitalia.it

The processing of the personal data of users who consult the Trenitalia website: www.trenitalia.com

This policy (along with the other documents cited herein) describes what personal data we collect from users and how it is processed. This policy is restricted to the processing of personal data of users who consult the trenitalia.com website, for the purposes expressly defined below, and does not appertain to any of the information collected through other methods, sources or any other websites that can be reached by the user via the links present on the above-mentioned website, unless otherwise specifically stated. 

Please refer to the specific policies provided during the data collection phase for details on each type of processing, including, by way of example, but not limited to:

• Purchasing non-transferable train tickets
• Chat and call back
• Chaperone service
• Registered customers who are not loyalty programme members
• Registered minors who are not loyalty programme members
• CartaFRECCIA
• CartaFRECCIA minors
• X-Go
• X-Go minors
• Cookies
• The Conciliation Process
• Call Centre
• Video surveillance
• Management of contractual procedures
• Checking travel irregularities on board the train
• Re-routing in the case of operational abnormalities

 

The contact information for Trenitalia S.p.A. is listed below: 

 

• The Data Controller for Trenitalia S.p.A., represented by the Chief Executive Officer, with registered office in Piazza della Croce Rossa 1 (Rome), can be contacted at: titolaretrattamento@trenitalia.it.  

• The Data Protection Officer can be contacted at the following email address: protezionedati@trenitalia.it. 

With regard to the processing of the personal data of users/customers who consult the website “www.trenitalia.com”, Trenitalia S.p.A. (The Data Controller Trenitalia S.p.A., represented by the Chief Executive Officer, pro-tempore, can be contacted at: titolaretrattamento@trenitalia.it, with registered office in Piazza della Croce Rossa 1, 00161, Rome) pursuant to Article 13 of EU Regulation 2016/679, hereby informs users/customers that:

1.  all personal data provided voluntarily (e.g. name, surname, email address, etc.) will be processed solely for the purposes described in the relevant “Personal Data Protection Policy” drawn up by the Data Controller for the various online services. These policies, which can be consulted at the time of data provision, will provide further information, such as the legal bases for processing, notification regarding any possible recipients of personal data, the retention period for personal data (or the criteria used to determine this period), the existence of automated decision-making processes, including profiling, in addition to all the relevant information, which is also reported at the end of this section, required to exercise your privacy rights; 

2.  the voluntary sending of emails to the addresses indicated on this website shall result in the subsequent acquisition of the email address and any other personal data included in the electronic communication, as well as the sender’s data, which is necessary to respond to requests. These data shall be used for the sole purpose of providing the information requested.

3.  the data shall not be used for any other purposes except with the explicit consent of the data subject;

4.  while browsing the website, technical information relating to the hardware and software used by visitors is collected. This information does not include any personal user data, rather it only provides technical/IT data that are used in an aggregate and anonymous manner for the sole purpose of improving the quality of service and providing statistics on site usage. For further information, please consult the section dedicated to Cookies.

Personal data shall be processed using automated tools only for as long as is strictly necessary in order to achieve the purposes for which they were provided, and the related electronic media will be protected by the adoption of suitable technical and organisational measures pursuant to Art. 32 of the GDPR.

The accuracy and truthfulness of the personal data communicated to Trenitalia S.p.A falls under the responsibility of the individual transmitting the information.

There is a specific policy dedicated to Ukrainian citizens coming from Ukraine and subjects coming from Ukraine, for whom travel shall be provided free of charge on Intercity, Eurocity and Regional trains to reach their first place of destination or reception within 5 days of their entry into Italy, as per the Decrees no. 873, dated 06/03/2022, and no. 876, dated 13/03/2022 of the Presidency of the Council of Ministers, Civil Protection Department.