Information about the Privacy and Cookies of

Information concerning the processing of personal data prepared and provided by Ferrovie del Gargano s.r.l. as Data Controller, in accordance with art. 13 of Legislative Decree no. 196/2003 "Code regarding the protection of personal data" (hereinafter also "Code") and pursuant to art. 13 and 14 of EU Regulation 2016/679 about the protection of personal data of individuals (hereinafter also "Regulations" or "GDPR"), to Users who visit the website (hereinafter even just the "Site").

The following information is provided for the website and not for other websites that may be consulted by the User through links. The Data Controller will collect and process the types of data listed below in accordance with the provisions of the Code and the Regulations.

I. Data Controller and contact information.

The Data Controller is Ferrovie del Gargano S.r.l. based in Bari, via Luigi Zuppetta n. 7 / D - tel. 080 5207311 - fax 080 5207331, PEC:, VAT number 04383720721.

Data Protection Officer – The figure of the Data Protection Officer is identified in the person of Dr. Luigi Pirro. You can contact the DPO) for any need concerning the processing of your data by sending the request to the e-mail address:

II. Treatment Mode

The Data Controller processes the personal data provided and / or collected by users with analogical and telematics tools, adopting the appropriate security measures to prevent unauthorized access to the systems and, therefore, their disclosure, modification or destruction not authorized.
Personal data are also processed in aggregate form, with organizational methods and with logics strictly suited to the purposes indicated in this statement. Sometimes, the data may be viewed by categories of subjects authorized by the Data Controller, also called, persons in charge of data processing and involved in the organization of the provision of services linked to the website (such as, for example, administrative staff or commercial staff, the marketing department, the legal department or system administrators) or even external subjects (suppliers of third party technical services, couriers, hosting providers) who will be appointed, if the Data Controller deems it necessary, responsible for processing. The updated list of the Managers and of the persons in charge can always be requested by the interested party and is available at the registered office of the Data Controller.

III. Types of collected data and purposes

a) Contact data

These data are requested by the User when completing the information request form on the website and include: Name, Surname, Location, Nationality, Mobile Phone Number, Date of Birth and e-mail and personal website and may be processed by the Data Controller for the following purposes:

  1. a) fulfill the specific requests of the User;
  2. execute the travel regulations, available on the website, and issue the tickets via computer;
  3. with the prior consent of the User, to provide commercial information on the products and services offered by the Owner;
  4. with the prior consent of the User,to establish and manage business relationships, with particular reference to commercial promotion, advertising, market research, surveys, statistical and marketing elaborations in a broad sense relating to products and services provided by the Owner, using both Automated Contact way pursuant to art. 130 of the Privacy Code (e-mail, sms, mms, WhatsApp, telefax, etc.), both Traditional Contact way (paper mail or calls with operator);
  5. with the consent of the User, to detect his level of satisfaction and consent, about the products and / or services offered, in relation to the analysis of the habits and purchase choices, as well as the making of market research choices made directly by the Owner .

The purposes referred to in paragraphs 4) and 5) may also be performed by the Owner through the use of cookies, as specified in point V of this information, prepared pursuant to the Provision of the Privacy Guarantor dated 08.05.2014 "Identification of simplified procedures for the information and the acquisition of consent for the use of cookies ".

b) Navigation data

The computer systems and software procedures used to let the website operate acquire, during their normal functioning, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified persons, but by for it nature, through processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or domain names of the computers used by users who connect to the website, the addresses in URI (Uniform Resource Identifier) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the response status given by the server (success, error, etc.) and other parameters relating to the operating system and the IT environment of the User.

These data are used for the sole purpose of obtaining anonymous statistical information on the use of the website and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the website: except for this eventuality, the data are stored for the times defined in the following point IV of this information.

c) Provision of data

The provision of contact data, referred to in section III a) of this information, is mandatory and their failure to provide, even partial, will make it impossible for the Data Controller to proceed with the provision of the services requested, as detailed in the purposes III a.1 and III a.2.

The provision of registration data for all the purposes referred to in points III a.3, III a.4 and III a.5 is optional and there are therefore no consequences in case of refusal to provide, except the impossibility to inform the User about promotional activities or to verify his level of satisfaction.

The User assumes the responsibility of the Personal Data of third parties communicated or shared through the website and guarantees to have the right to communicate or disseminate them, freeing the data controller from any liability to third parties.

Personal Data may be entered voluntarily by the User, or collected automatically during navigation on the website

IV. Place and duration of processing the collected data

a) Place
The Data are processed at the operational offices of the Data Controller and the Data Processors, as well as any other place where the parties involved in the processing are located.

If personal data are transferred to a third country or to an international organization, the person interested will be informed of the existence of adequate guarantees pursuant to Article 46 of the "Regulations" relating to the transfer.

To get more information you can contact the data controller.

b) Duration of treatment and storage

The Data are processed for the time necessary to perform the service requested by the User, or required by the purposes described in this document, and the User can always ask for the interruption of treatment or the cancellation, updating and modification of the Data .

The Data will not be stored beyond 24 months limited to personal data and solely for marketing purposes, in accordance with the indications of the Authority for the Protection of Personal Data on the subject. For the exercise of the right of defense, however, the duration of treatment will be equal to the time of expiration of the period for the exercise of ordinary legal action.

V. Cookie Policy

This website does not use cookies, other than those of a technical nature and, therefore, the data controller is not required to provide appropriate information about their use.

 a) Information about Cookies

A cookie (from English, literally, "cookie") is a small and light text file that is generated by web services in order to memorize user preferences, activities and tastes. The cookie created by a service can be read and modified by the same in order to better characterize its users and, above all, to recognize the user when he returns to the site.

So, in the cookie can be stored different information for disparate purposes, but only if the user has enabled the installation of cookies from the preferences of their browser.

It should be noted that cookies are not and cannot be dangerous in the common sense of the term: in fact, they cannot in any way carry viruses or other malware. Instead, they can be used to track user behavior on websites that use certain services.

In general cookies can be completely disabled by the settings of the browser at any time. For more information, we recommend that you read the help and support pages related to it provided by the developers of the same.

VI. Rights of the interested parties

The subjects to whom the Personal Data refer as interested parties may exercise their rights pursuant to art. 13, 14, 16, 17, 18, 19, 20 and 21 of the "Regulations" and, therefore, will be able to summarize:

  • ask the Data Controller to access personal data and to correct or cancel them or limit their processing or to oppose their processing, in addition to the right to data portability;
  • obtain from the individual Data Controller confirmation that it is or is not undergoing treatment of personal data concerning him and in this case, to obtain access to personal data and the following information: a) the purposes of the processing; b) the categories of personal data in question; c) the addressees or categories of addressees to whom the personal data have been or will be communicated, in particular if addresses of third countries or international organizations; (d) where possible, the preservation period of the personal data provided or, if not possible, the criteria used to determine this period; e) the existence of the right of the interested party to request the Data Controller to rectify or delete personal data or limit the processing of personal data concerning him or to oppose their treatment; f) the right to lodge a complaint with a supervisory authority; g) if the data are not collected from the interested party, all information available on their origin; h) the existence of an automated decision-making process, including the profiling referred to in Article 22, paragraphs 1 and 4 of the Rules and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of this treatment for the interested party;
  • to obtain from the Data Controller the correction of inaccurate personal data concerning him without undue delay. Taking into account the purposes of the processing, the party interested has the right to obtain the integration of incomplete personal data, also by providing an additional declaration;
  • to obtain from the Data Controller the deletion of personal data concerning him without undue delay. The Data Controller is obliged to cancel the personal data without undue delay if there is one of the following reasons: a) personal data are no longer necessary for the purposes for which they were collected or otherwise processed; 4.5.2016 L 119/43 Official Journal of the European Union EN, b) the interested party revokes the consent on which the treatment is based in accordance with Article 6 (1) (a) or Article 9 (2) letter a) of the Regulation and if there is no other legal basis for the processing; c) the interested party opposes the processing pursuant to Article 21 (1) of the Regulation and there is no legitimate overriding reason to proceed with the processing, or opposes the treatment pursuant to Article 21 (2) of the Rules; d) personal data have been processed unlawfully; e) personal data must be deleted in order to fulfill a legal obligation provided for by the law of the Union or of the Member State to which the Data Controller is subject; f) personal data have been collected in relation to the offer of information society services referred to in Article 8, paragraph 1 of the Rules;
  • obtain from the Data Controller the limitation of processing when one of the hypotheses of Article 18 of the "Regulation" occurs;
  • receive, in a structured format, in common and automatic device-readable form, personal data concerning the data provided to the Data Controller in order to transmit such data to another Data Controller without impediments if: a) the processing is based on consent pursuant to Article 6 (1) (a) or Article 9 (2) (a) of the "Regulation" or on a contract within the meaning of Article 6 (1) (b) of the "Regulation" ; and b) processing is carried out by automated means;
  • object at any time, for reasons related to his particular situation, to the processing of personal data concerning him pursuant to article 6, paragraph 1, letters e) or f) of the "Regulations", including profiling on the basis of such provisions. The Data Controller will refrain from further processing the personal data unless he demonstrates the existence of legitimate cogent reasons to proceed with the processing which prevail over the interests, rights and freedoms of the data subject or for the assessment, exercise or the defense of a right in court;
  • ​request the complete deletion of the data concerning him, exercising his right to oblivion, without prejudice to the possibility of the Data Controller to keep only the necessary data in another database, separate from the one with which he is processing, in order to exercise his right of defense.

VII. Right of opposition

  • If personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him for these purposes, including profiling to the extent to which it is connected to such direct marketing.
  • If the person involved opposes processing for direct marketing purposes, personal data can no longer be processed for these purposes.

VIII. Changes to this privacy policy

The Data Controller reserves the right to make any modification to this extended information by giving publicity on this page.

At the bottom of the present the date of last modification will be affixed to allow the tracking of the modifications themselves. A copy of each version of this information is available to interested parties at the data controller's registered office.

In the event that the user does not accept the changes made, he can ask the Data Controller to remove his personal data. Unless otherwise specified, the previous privacy and cookie policy will continue to be applied to personal data collected up to that point.

In case of non-acceptance of the changes made to this privacy policy, and without prejudice to the rights of the interested party referred to in the previous articles, he may request the Data Controller to remove his Personal Data. Unless otherwise specified, the previous privacy policy will continue to apply to the Personal Data collected up to that point.

IX. Information on this privacy policy

The Data Controller is responsible for this privacy statement and for the cookies stored by their services.

X. Normative references

Directive n. 95/46 / CE, Directive 2002/58 / CE, as amended by Directive 2009/136 / EC, provision of the Privacy Guarantor n. 229 May 8th 2014, Legislative Decree 196/2003, EU Regulation 2019/679.

Bari, 30.07.2018