Privacy Statement of the CAR SHARING SHARENGO® service
pursuant to and for the purposes of art. 13 et seq., EU Reg. 2016/679
(General Data Protection Regulation of EU)


Dear Customer,

We would like to inform you that EU Reg. 2016/679 (“General data protection regulation of EU”) provides the legal ground for the protection of natural persons and other data subjects and respect for the processing of personal data.

Pursuant to the provisions of art. 13 and following of the European Regulation 2016/679 on data protection personal data (“GDPR”) and of the National Privacy Law, therefore, we provide you with the following information:

The entrepreneurial group formed by the controlling company C.S. Group S.p.A. and its subsidiaries: C.S. Florence S.r.l., C.S. Milan S.r.l. and C.S. Rome S.r.l. all with registered office in Livorno (LI), Scali Cerere, 3, ZIP CODE 57122  or “Controller” or “SHARENGO®” as Controller, is committed to protecting and respecting the privacy of users and takes seriously the protection of your personal data. This Privacy Notice provides you with clear and simple information describing the processing of personal data carried out by SHARENGO® and the related commitments made to that effect by the Controller, with the purpose of informing the user about the practices related to collection and use of information that the user could provide via the website or the applications for mobile devices (“App. SHARENGO “).


  1. 1. Some main definitions

The ‘personal data’ means any information relating to an identified or identifiable natural person (‘Data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

The ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

The ‘Controller’ means the natural or legal person, alone or jointly with others, determines the purposes and means of the processing of personal data.

The ‘Processor’ means a natural or legal person, who processes personal data on behalf of the Controller;

The ‘consent’ of the Data subject means any freely given, specific, informed and unambiguous indication of the Data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

The “marketing” means the carrying out of activities of a commercial and promotional nature, such as, for example, in a non-exhaustive way, the sending of advertising material, direct sales, offers and benefits for customers, the carrying out of market researches or commercial communication or promotional activities carried out in the context of events and premium contest promoted by SHARENGO®.

The “profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements of the natural person.


  1. Parties authorized to process personal data

In relation to the service requested, the Controller may process your personal data together with other parties:

External Processors: for the performance of certain activities that are instrumental to the execution of the requested service, or in relation to legal obligations and in compliance with the personal data protection regulations, the Controller may appoint the external processors (third parties who process personal data on behalf of SHARE’NGO®).

Distributors: are employees of SHARENGO® and similar figures, employed in the processing of personal data and authorized by the Controller, directly or through the delegates.

Data Protection Officer (DPO): is the person responsible for the protection of personal data and is designated by the Controller to perform the functions expressly provided for by the European regulation on personal data protection


  1. Purpose, legal basis of the processing to which the data are intended

SHARENGO® processes your data to proceed with your specific requests, or when it is necessary within the scope of the contract or for the purpose of the conclusion and execution of the requests, or the execution of pre-contractual measures adopted upon your request (Article 6 paragraph No. 1 b GDPR).
The processing of your data may also take place in accordance with a legal obligation, as well as for security and fraud prevention purposes. For these purposes the provision of data and your consent to the processing of them are necessary, it is not possible to provide the requested service without this.

The processing of your personal data may also be considered lawful when:

  • it is necessary for the performance of a task carried out in the public interest (SHARENGO® may transfer your
  • personal data to governmental authorities, courts, external consultants and similar third parties that are public entities to the extent required or permitted by applicable law);
  • it is based on the law of the Union or of a Member State for the exercise of public authority;
  • it is necessary to protect the vital interests of the Data subject or of another natural person;
  • it is necessary for the execution of pre-contractual measures, in view of the possible unsaturation of the contractual relationship for the provision of services;
  • it is carried out for purposes other than those for which the personal data were initially collected, if compatible with the purposes for which the personal data were initially collected;
  • is carried out for the legitimate interest of the Controller, or third parties. For example, in the case of claims not manifestly unfounded by third parties asserted against SHARENGO®

For greater transparency towards the Customer, the purposes of the processing related to the fulfillment of the

Contract in every phase.


  1. The Controller treats your personal data, provided during registration to the service on, and / or App. SHARENGO®, in order to create your Client Profile and contact you for purposes related to the execution of the contract. This data also includes the driving license that is verified by the General Directorate for Motorization, Division 7 – Data Processing Center, in order to validate its validity and suitability for the driving our vehicles and the photo of your face.
  2. In order to protect the SHARENGO® vehicle fleet and to improve the service offered, SHARENGO® records the start and end of rental positions, the distance and distance traveled and the time and date of the rental. The rental procedures performed by the Customer are recorded and stored together with the indication of the place and time of departure and arrival, of the methods and duration of use. These data can always be consulted by the Customer in the personal area of the Customer on and / or App SHARENGO® and also constitute the basis for calculating the invoice. If you use a commercial account, details of such use will appear on the SHARENGO® commercial customer account.
  3. The SHARENGO® vehicle could be equipped with a telematic device that allows to verify the correct use of the car, the speed of the race, the tracing of the routes made, the mileage, the driving style of the customer, accelerations and decelerations as a consequence of collisions and on occasion establish the dynamics of any claims.In the case of road accidents during a rental, the Controller treats your personal data relating to the accident in order to activate the related insurance coverage by transmitting to the insurance companies and the experts involved all the information useful for the settlement of the damage.
  4. When contacting the SHARENGO® Customer Service, even in the course of complaints or disputes, the personal data necessary to meet your needs are collected.
  5. The Collector can monitor the geographical position of the vehicle during your rental if there are objective evidence that suggests there is an emergency or a serious violation of the terms of the contract. The processing of these data will take place in order to provide assistance or to make the necessary countermeasures. The above assistance may be provided by SHARENGO® personnel and / or authorized third parties for the management of assistance in case of accident and / or vehicle failure.
  6. If a third-party service is used during a rental, the Controller will process your personal data, possibly transferring it to the other party involved in order to regularize the necessary requirements.
  7. The Data Controller may process your personal data, possibly transferring them to other third-party companies, in turn data controllers, for anti-fraud insurance and accident prevention purposes.


The provision and the consent of personal data necessary for the execution of a contract of which you are a part, or the execution of pre-contractual measures taken upon your request is mandatory, otherwise we would not be able to perform such contract or in a position to take measures on your request.

In the event that the Customer has also issued an explicit and optional consent for the marketing activities, the Controller may process his or her personal data for sending by email, SMS or communications relating to personalized and / or promotional offers of SHARENGO® and its partners reserved preferentially and / or exclusively to SHARENGO® customers and / or invitations to participate in surveys.

Further collection and processing of your personal data may be done, data subject to prior consent, through registration

calls to improve the service and ensure compliance with the contractual terms.

The Controller may use the personal data of the Customers and the data of their use of the services to create statistical analysis and improve the products and services. For these purposes, the data are processed only in anonymous form.

Providing data for the marketing purposes specified above is optional and the Customers’ refusal will not affect the execution of the contractual relationship or the use of the services requested.

In any case, even if the customer has given consent to authorize SHARE’NGO® to pursue all marketing purposes above, will remain free at any time to revoke it, sending without formalities a clear communication to that effect to SHARE ‘ NGO® at the email address:

Following receipt of this opt-out request, SHARENGO® will proceed promptly to the removal and deletion of data from databases used for processing for marketing purposes.


  1. Methods of data processing and storage

In relation to the indicated purposes and in any case in order to guarantee the security and confidentiality of the data, your data are processed electronically, via tele transmission systems and on paper.

Your personal data will be processed in such a way as to guarantee adequate security and confidentiality and to prevent unauthorized access or use of personal data.

Therefore your personal data will be processed and stored in full compliance with the principles of necessity, data minimization and limitation of the retention period, through the adoption of technical and organizational measures appropriate to the risk level of the treatments and for a period of time not superior to the achievement of the purposes for which they are processed, in any case for the period prescribed by law.

The Controller retains personal data if this is required by regulatory obligations.
SHARENGO® as a company providing services, is subject to compliance with legal obligations and provisions, such as data retention obligations according to commercial and tax law rules. In addition, SHARENGO® retains your personal data until the expiry of the statute of limitations in order to be able to enforce any existing legal claims.

SHARE’NGO® adopts technical and organizational security measures to protect data from modification, loss, destruction and unauthorized access. The SHARENGO® security measures are constantly updated based on technological developments and according to the applicable personal data protection law, in particular the General Regulation on the Protection of Personal Data. The data may also be processed in the event that it is necessary to assert or defend in court a right of SHARENGO®.


  1. Legitimate interests pursued by the Controller or third parties

SHARENGO® processes your personal data according to Art. 6 paragraph n. 1 f GDPR, based on the legitimate interests of the Controller in relation to the treatment.

The Controller treats your personal data collected during each individual trip / rental to identify and correct any errors and malfunctions in the rental process and the overall provision of the service and its operation.

The entire SHARENGO® vehicle fleet is equipped with a geolocation system that collects initial and final positions of the

journey and journey made in order to monitor its use.

The data collected in this way are also analyzed according to a statistical model to predict where it will be possible

that an application for SHARENGO® vehicles arises.

SHARENGO® will process your personal data in order to prevent accidents, fraud and any illegal activity.

The Controller may transfer your personal data in the course of relations with the authorities and / or public entities, in the manner and within the terms established by law, as a result of particular requests, procedures or for the fulfillment of legal obligations (such as for example, the renunciation to the actual offender of the reports of the violation of the rules of the Highway Code connected to the provision of the requested services).

In order to collect the receivables from its customers, SHARENGO® could transmit the data to a third-party debt collection company. The personal data of the Customer may be processed to fulfill the obligations provided for by law, by a regulation or by community legislation and for civil, accounting and tax purposes.
We also inform you that SHARENGO®, or authorized third-party companies, will be able to carry out analysis activities through an automated decision-making process concerning the calculation of the risk inherent in the insurance business and anti-fraud and anti-terrorism activities.

Further information is available on request regarding the processing of personal data carried out, following the principle of balancing the interests and therefore on the legitimate interests of the Controller, according to the provisions of Article 6

paragraph n. 1 f GDPR.


  1. Nature of personal data

Your personal identification data (for example, name, surname, tax code, place and date of birth, residential address, telephone number, mobile phone number, e-mail address, driving license number, authority issuing it, release date, expiration date, driving style and geographic location, photos, hereinafter “personal data” or even “data”) communicated by you when you subscribe to the service, related to the provision of the service requested by you.


  1. Scope of communication and dissemination of data

Your data may be disclosed:

  • To all the data subjects to whom the faculty of access to such data is recognized by virtue of regulatory provisions;
  • to SHARENGO® employees and / or employees, as part of their duties (eg: law firms, accountants, audit companies);
  • to all those natural and / or legal persons, public and / or private when the communication is necessary or functional to the performance of our business and in the manner and for the purposes described above (for example companies, bodies and / or associations, parent or holding companies);
  • to other companies involved in the rental of vehicles and / or ancillary activities with which SHARENGO® has a contract in force.


SHARENGO® uses external IT service providers that provide IT maintenance or extensive IT solutions (such as cloud services) and software solutions on behalf of SHARENGO® and external service providers for invoice storage purposes.

Your data may be disclosed to governmental authorities, courts, external consultants and similar third parties that are public bodies or other authorized third parties, provided that the circumstances described above are present (eg breach of the prohibition on parking or administrative offenses)
and to the insurance companies with which SHARE’NGO has a contract in force for all purposes related to the insurance business.

SHARENGO® uses external service providers for market research purposes.

The Controller transfers your personal data to logistics companies if the processing is necessary for communications by mail.

SHARENGO® reserves the right to transfer personal data to credit agencies particularly in order to perform credit checks, prevent fraud and credit verification and / or credit collection.

In the event of a claim with a SHARENGO® vehicle, your data is transferred to the insurance companies, and if it is the case, to the counterpart involved in the accident.

SHARENGO® uses external service providers to ensure the safety and cleanliness of vehicles and the recovery of lost items. For this purpose, vehicle data are transferred to these service providers.

The Controller transmits your personal data to service providers who provide a comparison with the so-called compliance lists or sanctions in compliance with the provisions of the law.

SHARENGO® also uses external service providers to guarantee assistance over the phone to the client and manage administrative sanctions. For this purpose, your personal data are transferred to these service providers.

Your personal data will not be disseminated, except in cases provided by law.


  1. Transferring personal data to a third country

The transfer of personal data from EU countries to “non-EU” non-EU countries is prohibited, in principle, unless the Controller or Processor ensures an “Adequate” level of protection.

Data will not be transferred to “third” countries except for the services expressly requested by the client or the specific cases for which SHARE’NGO® will adopt adequate guarantees and will inform the interested party.


  1. Detailed identification of the Controller and Data Protection Officer



C.S. Group S.p.A., C.S. Firenze S.r.l., C.S. Milano S.r.l., C.S. Roma S.r.l.,

All with registered office in Scali Cerere, 3, ZIP CODE 57122  – Livorno (LI)

Contact details:

Tel: 0287317140



The Data Protection Officer (DPO)

It is available at C.S. Group S.p.A. to the following address: Scali Cerere, 3, CAP 57122

57124 – Livorno (LI)


Tel: 05861735768



  1. Rights of the interested party


10.1 Article 15 (Right of access by the data subject), 16 (Right of rectification) of EU Reg. 2016/679

The data subject shall have the right to obtain from the controller confirmation as to whether personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

(a) the purposes of the processing;
(b) the categories of personal data concerned;
(c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
(d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
(f) the right to lodge a complaint with a supervisory authority;
(g) where the personal data are not collected from the data subject, any available information as to their source;
(h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.


10.2 Right pursuant to art. 17 of EU Reg. 2016/679 – right to erasure (“right to be forgotten”)

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(b)   the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
(c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
(d) the personal data have been unlawfully processed;


(e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
(f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).


10.3 Right referred to in art. 18 Right of Restrictions of process

The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

(a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
(b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
(c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims;
(d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.


10.4 Right referred to in Article 20 Right to data portability

The interested party has the right to receive, in a structured format, in common and automatic way, the personal data concerning him / her provided to a Controller and has the right to transmit this data to another Controller without impediments from part of the Controller.


  1. Revocation of consent to treatment

You have the right to withdraw your consent to the processing of your personal data by sending a registered letter to the following address: Scali Cerere, 3, zip code 57122  Livorno (LI), , with the following text: << withdrawal of consent to the processing of all my personal data >>. At the end of this operation your personal data will be removed from the archives as soon as possible.

If you would like more information on the processing of your personal data, or exercise the rights referred to in the aforementioned point 10), you can send a registered letter to the following address:

Scali Cerere, 3, ZIP CODE 57122  ; anticipating the request by email to Before you can provide, or change any information, you may need to verify your identity and answer some questions. An answer will be provided as soon as possible.


  1. 1 Changes to the Privacy Statement of the CAR SHARING SHARENGO® service

This Privacy Notice may also require further updates (following the implementation of new technologies, etc.), therefore we reserve the right to modify or supplement this information at any time. We will publish the changes on and / or inform you by e-mail.