We apologize for the inconvenience. Currently this section is available only in Italian
Pursuant to art. 13 and 14 of EU Regulation 2016/679 on the "protection of natural persons with regard to the processing of personal data" (hereinafter "GDPR"), Atac provides the requested information about the processing of Personal Data (hereinafter "data").
The Data Controller of personal data is ATAC S.p.A. (hereinafter also Atac and/or Controller), whose identification and contact details are reported in paragraph 9.
The personal data processed by Atac were collected on the occasion of registration on the Citizen Wallet platform (hereinafter also CW) of Roma Capitale, acting as Data Controller and are then transmitted to Atac upon freely given specific consent. The data transmitted to Atac are the following common data: tax code and univocal identification code and/or the choice of one of the prizes made available by Atac. Atac processes the data acting as independent Controller. In detail, Atac processes only the data of those who have subscribed to CW, who are registered on MyAtac and on Tap & Go and then transmits them to the CW platform and/or of those who are registered to CW and have chosen one of the prizes made available by Atac.
1. Legal basis and purpose of data processing
The legal basis of the processing is freely given specific consent for the choice of the awarding event (Tap & go) and/or the freely given specific consent for the choice of the "Atac Vantaggi" prize. "Tramjazz", acting as independent Controller, confers the prize inherent to its service to the interested party, subject to the freely given specific consent given at the moment of the communication of the data to Roma Capitale while choosing the prize.
The processing on behalf of Atac takes place to:
a. allow Atac to add value to its travel tickets (BIT, 24 H and monthly pass) purchased with Tap & Go as rewarding behavior (Token) and to transmit the value to Roma Capitale (CW), which will add it to the Citizen’s Wallet
b. confer a bonus to those who access the "Atac Vantaggi" portal
2. Data provision and refusal
The provision of personal data is necessary to carry out the activities referred to in paragraph 1. The failure to provide personal data makes it impossible for Atac to fulfil them.
In case of revocation of the consent, the data processed by Atac will be cancelled physically and logically, without prejudice to the lawfulness of the treatment based on the consent given before the revocation.
3. Data Communication
The provided personal data will be processed by authorized and appropriately trained personnel and may be disclosed to public and private bodies or competent authorities and to bodies connected to ATAC S.p.A. In detail, Atac will transmit to Roma Capitale, which will acquire them as independent Data Controller, the data relating to the improvement of the tokens of the interested parties that have chosen to add value to the purchased travel tickets using Tap & Go as rewarding behavior.
All subjects to which the data may be disclosed will process the data and use them, as appropriate, acting as Data Processors expressly appointed by the Data Controller pursuant to art. 28 of the GDPR, or rather as independent Data Controllers. Furthermore, the Data may be viewed by companies authorized by Atac S.p.A., acting as independent data Controllers/Processors, suppliers of goods/services for the maintenance and/or review of procedures and IT equipment. The data are not subject to disclosure.
4. Data processing methods and security measures
Personal data are stored on servers located at the Atac data centres of Via Sondrio n. 18 and/or Via Prenestina n. 45 - 00176 Rome and/or within the European Union. Any data processed on paper are stored at the competent company offices. In any case, they are processed and stored in compliance with the security measures provided for in Article 32 of the GDPR and are not subject to any further processing.
5. Transfer of personal data to third countries
Data will not be transferred outside the European Union.
6. Processing methods
The processing of personal data is based on the principles of fairness, legality and transparency. The processing is carried out by the Controller and by persons specifically authorized by the Controller for the time necessary to fulfil the above mentioned purposes. The processing will be strictly related to the indicated purposes and use methods that guarantee security and confidentiality of the data.
7. Data retention period
Data are retained for a time strictly necessary for the pursuit of the purposes for which they were collected, up to a revocation of consent and, in any case, for the duration of the Citizen Wallet initiative. Any retention terms provided for by law or regulations, for accounting, administrative, tax and judicial purposes are reserved.
8. Rights of the Data Subject
At any time, the interested party may exercise the rights provided for in articles 15-22 of EU Regulation 2016/679 through a written request that can be downloaded from the ATAC S.p.A. website www.atac.roma.it - section "Privacy notice" - "Form to contact the Data Controller or Data Processors” that has to be sent to the Data Controller or Data Protection Officer at the postal address of the registered office or to the email contacts indicated in paragraphs 9 and 10 of this notice. The interested party may also submit a complaint to the supervisory authority pursuant to art. 77 of the Regulation.
9. Identity and contact details of the data Controller
The Controller of the processing of your personal data is ATAC S.p.A. - Azienda per la mobilità di Roma Capitale - in the person of its pro tempore legal representative, with registered office in Rome Via Prenestina n. 45 - 00176. Certified email address: protocollo@cert2.atac.roma.it
10. Contact details of the Data Protection Officer of Atac S.p.A.
Hereinafter the contact details of the appointed Data Protection Officer (DPO): Via Prenestina n. 45 - 00176 Rome, email: responsabileprotezionedati@atac.roma.it