We apologize for the inconvenience. Currently this section is available only in Italian
This Privacy Notice is provided pursuant to Article 13 of Regulation (EU) 2016/679 (the “GDPR”) by ATAC S.p.A. - Azienda per la Mobilità, whose registered office is located at Via Prenestina 45, 00176 Rome, Italy, Tax Code and VAT No. 06341981006, acting as Data Controller, in relation to the processing of personal data of individuals who wish to access or make use of the ATAC Historical Archives, comprising the Company's historical technical and photographic collections (the “Historical Archives”).
This Privacy Notice applies to individuals who:
The Data Controller is ATAC S.p.A. - Azienda per la Mobilità, with registered office at Via Prenestina 45, 00176 Rome, Italy, Tax Code and VAT No. 06341981006 (hereinafter referred to as “ATAC”, the “Company” or the “Data Controller”) and may be contacted by registered post addressed to the above registered office or via certified email (PEC) at: protocollo@cert2.atac.roma.it.
ATAC has appointed a Data Protection Officer (“DPO”), who can be contacted by email at: responsabileprotezionedati@atac.roma.it.
When you submit a request to consult the Historical Archive, ATAC collects and processes the following personal data relating to you (first name and surname; place and date of birth; residential address; e-mail address; telephone number; educational qualifications; organisation or institution with which you are affiliated (where applicable). For security purposes, you will also be required to present a valid identity document when accessing ATAC premises. The details contained in the identity document will be recorded for the purposes of identity verification and access control.
Your personal data will be processed for one or more of the following purposes and on the corresponding legal bases.
a) Management of requests to access and consult the Historical Archives, requests for historical documents, requests for reproductions of historical archive materials, and requests to use extracts for documentary productions
ATAC processes your personal data in order to identify you and manage your request to access and consult the Historical Archives and, where applicable, to authorise the reproduction of historical archive materials.
The provision of personal data is mandatory (except where expressly indicated as optional). Failure to provide the requested data will prevent ATAC from granting access to its premises and archive services.
The legal basis for this processing is the legitimate interest of the Data Controller pursuant to Article 6(1)(f) GDPR, namely the management of requests to access the Historical Archives.for reasons related to the protection of individuals and the safeguarding of historical and corporate assets.
b) Compliance with legal and regulatory obligations, including obligations arising from European Union law, requests from competent authorities, and supervisory or regulatory bodies
ATAC processes your personal data where necessary to comply with legal obligations to which it is subject, including, by way of example, obligations relating to security measures and access control at Company premises.
The legal basis for this processing is compliance with a legal obligation pursuant to Article 6(1)(c) GDPR.
The provision of personal data for this purpose is mandatory. Failure to provide such data may prevent the Company from fulfilling its legal obligations.
c) Establishment, exercise or defence of legal claims
Where necessary, ATAC may process your personal data in order to establish, exercise or defend its rights and interests, including in judicial, administrative or out-of-court proceedings, or in connection with disputes involving you or third parties.
The legal basis for this processing is the legitimate interest of the Data Controller pursuant to Article 6(1)(f) GDPR in protecting its legal rights. No additional data will be requested from you for this purpose. Where necessary, ATAC will use personal data already collected for the purposes described above, which are considered compatible with this further purpose.
ATAC implements appropriate technical and organisational security measures to ensure the protection, confidentiality, integrity and availability of personal data. These measures are designed to prevent unauthorised access to, disclosure of, alteration of, or destruction of personal data.
Access to your personal data may be granted, on a need-to-know basis, to duly authorised employees and, where necessary, to external service providers appointed as data processors and involved in access control and security activities relating to Company premises.
All personal data are stored on secure IT systems operated by ATAC or by its service providers and are accessible and processed in accordance with our security standards and policies (or equivalent standards adopted by our service providers).
Your personal data will not be disclosed to the public and will be processed exclusively within countries belonging to the European Union (EU) or the European Economic Area (EEA).
Personal data that are no longer required for the purposes for which they were collected, or for which there is no longer a lawful basis for retention, will be irreversibly anonymised (and may then be retained in anonymous form) or securely deleted. Your personal data will be retained only for as long as is necessary to fulfil the purposes for which they were collected or for any other legitimate purpose connected with those purposes.
Where personal data are processed for more than one purpose, they will be retained until the retention period applicable to the purpose with the longest retention requirement has expired. However, once a particular purpose no longer applies, the data will no longer be processed for that purpose.
In any event, personal data collected for identification purposes and to enable access to Company premises, where recorded on paper forms, will be retained for a period not exceeding five (5) years.
Where personal data are collected and stored in digital format through dedicated software systems, they will be retained for a period of five (5) years, subject to the GDPR principle of data minimisation.
With specific regard to requests from competent authorities, compliance with legal obligations, or the establishment, exercise or defence of legal claims as described in Sections 3(b) and 3(c), personal data will be retained for as long as necessary to comply with the relevant request, fulfil the legal obligation, or protect the Company's rights.
You may exercise the rights granted to you under Articles 15 to 22 of the GDPR at any time by contacting the Data Controller or the Data Protection Officer.
In particular, you have the right to:
Right to object: In addition to the rights listed above, you have the right, on grounds relating to your particular situation, to object at any time to the processing of your personal data where such processing is based on ATAC’s legitimate interests.
You may exercise your rights by completing and submitting the relevant form, or by writing to the certified e-mail address protocollo@cert2.atac.roma.it provided in Section 1 above).
If you believe that the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali). Information on how to submit a complaint is available on the Authority’s website at www.garanteprivacy.it. You also have the right to seek a judicial remedy before the competent courts.