Privacy Policy

The following is information regarding the processing of personal data performed through our website (hereinafter the "Site"), and carried out in connection with the use of our Services, as defined in the General Terms and Conditions of Sale, pursuant to Regulation (EU) No. 2016/679 (hereinafter the "Regulation" or "GDPR") and applicable national legislation, in particular D. Lgs 196/2003 as amended by D. Lgs 101/2018. The data controller is the Company Punti Patente Ltd ("we," "our," the "Company," or the "Data Controller"). We consider the privacy of our Users to be fundamental. We therefore ask that you read this Privacy Policy (the "Policy") carefully, as it contains information about how we collect, use, and manage information that we obtain from you or otherwise about you when you use our Site and Services. For the purposes of the Privacy Act, the Company acts as the Data Controller (i.e., as the company that collects and/or receives the information about you and takes responsibility for and handles your personal data).

1. The personal data we may collect


You can use the Services provided by the Company only after you have subscribed. In order to register, you must provide us with at least your name, address, phone number, payment details. Without the above data, we will not be able to provide you with our Services. There may be a need to acquire additional data in the course of registration or for the completion of our online forms, in connection with the provision of additional Services. Without the aforementioned data we will not be able to deliver our additional Services.


We collect information from devices such as computers and smartphones that you use to access our Site and Services, as well as information about those devices. Such information includes, for example, IP addresses, the browser you use and the type of device you use, the region and language settings, the Internet pages you visited before arriving at our Site or after visiting it, as well as the identifiers associated with your devices. Your devices (depending on their settings) may also transmit information about your location to us, if you have given consent to do so. We collect such data in accordance with applicable law and, where required, based on your consent. You can find more information, in addition to this document, on our cookie policy page.


We may track how you use our Internet Site and Services through the use of cookies and other similar tracking devices. For example, we may track how often you visit the Site, what pages you consult, traffic data, data regarding your geographic location, and the domain name of the Internet connectivity provider you use. This information helps us build a profile of our users. This data is collected in accordance with applicable regulations and, where required, based on the consent of the Data Subject. You can find more information on our cookie policy page. Some of this data will be processed in aggregate or statistical form and, therefore, we will not be able to identify you individually. For more information on how we use cookies, please read our Cookie Policy posted on the Site at the following.


The collection and processing of personal data is necessary to follow up on the services requested as well as the provision of the Service and/or the supply of the Product requested. If the Interested Party does not provide the necessary personal data requested in the registration form, the Owner will not be able to provide the relevant Services.

2. How we use your personal information


We will use your personal data for the purposes described in the Terms and Conditions of Service (e.g., subscribing to the Site, handling requests made to Customer Service, fulfilling legal and regulatory obligations. We have set out below, in tabular form, the categories of data processed:

PurposeData CategoriesLegal Basis
Account registration and managementIdentifying data, Product Data, Payment data and Billing information, Technical (or browsing) dataContract and execution of pre-contractual measures
Fulfillment of legal obligationsIdentifying data, Product Data, Payment data and Billing informationFulfillment of legal obligations
Use data analytics to improve our siteTechnical (or browsing) dataLegitimate Interest
Enforce and defend the rights of the SocietyIdentifying data, Product Data, Payment data and Billing informationLegitimate Interest
Marketing communicationsIdentifying data, Product Data, Payment data and Billing informationConsent

3. Right to object to processing


The data subject has the right to object, at any time, to the processing of personal data concerning him or her in accordance with Article 6(1)(f) of the GDPR, including profiling on the basis of these provisions. The data controller shall refrain from further processing your personal data unless the data controller demonstrates the existence of legitimate grounds for processing. processing of your data for "Marketing Purposes" is optional and your prior consent is required. Express consent is always revocable; if you object to processing for Marketing Purposes, your personal data will no longer be processed for such purposes.


Sharing your personal data We may share your personal data with:

  • Companies belonging to our own corporate group;
  • Third party providers of support and consulting services;
  • Banks, Credit Rating Companies see the "Credit Rating" section below and debt collection companies;
  • Public entities, in connection with investigations aimed at preventing the commission of illegal activities;
  • Our business partners or suppliers, as further specified in the section "Marketing and opposition to processing" above;
  • Institutional subjects or public bodies involved in the administrative processes we help you manage. The Data Controller imposes on its Third Party Suppliers compliance with security measures equal to those adopted with respect to the Data Subject.

4. Security and retention of your data

We will take appropriate technical and organizational measures to ensure an adequate level of security to avoid the risk of accidental loss and unauthorized access, use, alteration, or disclosure; for example, we will take the following measures:

  • You can access the 'customer area through a password and email address that are uniquely traceable to you.
  • We keep your personal data on our servers securely and only for as long as is reasonably necessary and proportionate to fulfill the purposes for which it was collected, including also the purposes of fulfilling any legal, tax or accounting requirements.
  • Payment data is encrypted using SSL technology.

5. Monitoring

We may monitor and record communications with you (such as, for example, telephone conversations and emails), for the purposes of quality assurance, training, fraud prevention, and law enforcement.

6. Creditworthiness assessment and anti-fraud

In order to prevent fraud and for anti-money laundering purposes, we may consult the records of credit information and fraud prevention agencies (which will record your request for verification). We also reserve the right to inform such agencies about how you have handled your contractual relationship with us, and information about you may be interconnected with information about other people living at the same address as you, to whom you are financially connected. Third party credit grantors could access this information to make credit decisions about you and the people with whom you are financially associated, as well as for anti-fraud, debtor tracing and anti-money laundering purposes. If you provide us with false or inaccurate information and/or we suspect that fraud has occurred, we will keep track of that fact and may disclose that information to any competent authority and/or do whatever else we are required to do by law.

7. Transfer of data outside the European Economic Area

The information you provide to us will not be transferred to countries outside the European Economic Area (EEA); otherwise you will be informed in advance and, where necessary, your consent will be requested.

You may exercise, as a data subject under the GDPR, your rights under the GDPR (Articles 15-22) at any time. Including:

  • Obtain confirmation as to whether or not personal data concerning you are being processed, and if so, obtain access to the personal data and the following information:
    • the purposes of the processing;
    • the categories of personal data concerned;
    • the recipients or categories of recipients to whom the personal data have been or will be disclosed, particularly if recipients in third countries or international organizations;
    • the intended retention period of the personal data or the criteria used to determine this period;
    • the existence of the right to request from the Data Controller the rectification or erasure of personal data or the restriction of the processing of personal data concerning him or her or to object to their processing;
    • the right to lodge a complaint with the supervisory authority (Data Protection Authority;
    • if the data are not collected from the data subject, all available information about their origin;
    • the existence of automated decision-making, including profiling, and, at least in such cases, meaningful information about the logic used, as well as the significance and expected consequences of such processing for the data subject.
  • Obtain a copy of the data undergoing processing, subject to the limitations set forth in the GDPR;
  • obtain the rectification of inaccurate personal data concerning him/her without undue delay;
  • Obtain the deletion of personal data concerning him/her without undue delay if the conditions set forth in Article 17 of the GDPR are met;
  • obtain from the Data Controller the restriction of processing, if the conditions provided for in Art. 18 of the GDPR exist;
  • obtain communication of the recipients, if the data subject so requests, to whom personal data have been transmitted any rectification or erasure or restriction of processing carried out, unless this proves impossible or involves a disproportionate effort;
  • the right to receive in a structured, commonly used and machine-readable format the personal data concerning him or her and the right to transmit such data to another data controller without hindrance by the Data Controller to whom he or she has provided them, in the cases provided for in Article 20 of the GDPR.