ATAC S.p.A. (hereinafter "Controller"), acting as data controller, informs you that the personal data (hereinafter, "data") provided by you, will be processed by Atac S.p.A. in the manner and for the purposes specified below, pursuant to articles 13 and 14 of the (EU) Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data.
1. Legal basis and purpose of data processing
The processing is aimed at booking the stairlift service, with or without wheelchair, on the sites indicated in the specific section of the Atac s.p.A. website. The data processed by the Controller are common personal data: such as name, surname, phone number, email address and particular data: any needs related to a person’s disability and/or need to use a wheelchair or not. The data provided by the user of the service for the aforementioned purposes will therefore be used exclusively for the purpose of providing the requested service. The legal basis of the processing is the execution of pre-contractual measures relating to the booking of the requested service and the consent expressed at the time of booking.
2. Data provision and refusal
The provision of personal data is necessary to carry out the activities referred to in paragraph 1. and the failure to provide personal data makes it impossible to fulfil them.
3. Data communication
The provided personal data will be processed exclusively by authorized and appropriately trained company personnel in charge of processing, as well as by Data Processors linked to the Controller by a specific contract for the supply of goods or services, operating on behalf of the Data Controller (processors or persons in charge) or in quality of independent Controllers. Personal data are not subject to disclosure.
4. Data processing methods
Personal data will be subjected to both paper and electronic processing in compliance with the regulations in force and with the principles of fairness, lawfulness, transparency, relevance, completeness and non-excess, accuracy and with organizational and processing logics strictly related to the purposes pursued and in any case in order to guarantee the security, integrity and confidentiality of the data processed, in compliance with the organizational, physical and logical measures in accordance with the provisions of art. 32 of the GDPR 2016/679 as well as any regulations that may impact on data processing.
Atac S.p.A. informs you that by calling the phone number for the stairlift booking service, the phone conversation with the operators will be recorded with computerized tools. Security measures will be implemented to ensure the privacy of the caller. During the phone call, users will be advised in advance of the recording through a brief information note issued by a recorded voice. The recordings will be deleted after 60 days from the date of fulfilment of the service, in case of successful service and in the absence of complaints, or from the date on which the service was requested.
5. Transfer of personal data to third countries
Personal data in paper format are stored at the company’s offices while those in electronic format are stored on servers located within the European Union, outside of which the data will not be transferred.
6. Data retention period
Data are retained for a time strictly necessary for the pursuit of the purposes for which they were collected and in any case not exceeding 60 days from the successful fulfilment of the service. In the event of a complaint, to be submitted within 30 days after the fulfilment of the service, as described in the specific section of the Atac website, data will be kept for the time necessary to the settlement of the report/complaint.
7. Rights of the Data Subject
At any time, pursuant to articles 15-22 of EU Regulation no. 2016/679, you have the right to:
a) ask for confirmation of the existence or not of your personal data;
b) obtain information on the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and, when possible, their retention period;
c) obtain the correction and deletion of data;
d) obtain the limitation of the processing;
e) obtain data portability, i.e. receive them from a data Controller, in a structured and commonly used format and readable by an automatic device, and transmit them to another data Controller without hindrance;
f) oppose the processing at any time, also in the case of processing for direct marketing purposes;
g) oppose an automated decision-making process relating to natural persons, profiling included;
h) ask the data Controller access to your personal data and correct or cancel them, limit their processing or oppose their processing, in addition to the right to data portability;
i) withdraw consent at any time without prejudice to the lawfulness of the processing based on the consent given before the withdrawal;
j) submit a complaint to the supervisory authority.
The data subject can exercise his rights through a written request, by filling in the appropriate form that can be downloaded on the ATAC website www.atac.roma.it, section “Privacy notice” - “Form to contact the data controller
or data processors” and attaching a photocopy of an identification document They have to be sent to the Data Controller or to the Data Protection Officer, to the postal address of the registered office or to the email address indicated in paragraphs
8 and 9 of this notice.
8. Identity and contact details of the data Controller
The Controller of the processing of your personal data is ATAC S.p.A. in the person of its pro tempore legal representative, with registered office in Rome, Via Prenestina n. 45 - 00176. To exercise the rights provided for by the law and better specified above, you can contact the Controller at the following certified email address: email@example.com
9. Contact details of the Data Protection Officer
Hereinafter the contact details of the Data Protection Officer (DPO): Via Prenestina n. 45 - 00176 Rome, email:firstname.lastname@example.org
|Appointment of the Data Protection Officer (DPO)||30 KB||DownloadAppointment of the Data Protection Officer (DPO)|
|Personal data protection policy||7834 KB||DownloadPersonal data protection policy|
|Privacy information management system and designation of Privacy Appointees||396 KB||DownloadPrivacy information management system and designation of Privacy Appointees|
|Form to contact the data controller or data processors||125 KB||DownloadForm to contact the data controller or data processors|