We apologize for the inconvenience. Currently this section is available only in Italian
Pursuant to articles 13 and 14 of EU Regulation 2016/679 on the "protection of individuals with regard to the processing of personal data" (hereinafter also " EU Regulation 2016/679" or “GDPR”), we offer the necessary information about the processing of personal data ("Data").
The Data Controller of personal data in execution of the Service Contract is the Mayor of Roma Capitale (hereinafter "Controller"), whose identification and contact details are contained in paragraph 10.
The Data Processor of personal data in execution of the Service Contract is ATAC S.p.A. (hereinafter Processor), whose identification and contact details are contained in paragraph 12.
The Data processed are: a) common data: e.g. personal data, contact details, vehicle plate number, etc; b) special data: health data - number of the free parking permit issued to people with disabilities.
Data is provided by the user of the services and collected and processed by ATAC S.p.A. on behalf of Roma Capitale, which subsequently acquires the Data as described in paragraph 4. for the purposes referred to in paragraph 1, letters d. and e.
To consult the Privacy Policy of Roma Capitale: Information for Data Subjects - Imposition of Administrative Sanctions please click here.
Data collection takes place:
The Data collected by ATAC are processed by automated systems (centralized servers in case of parking meters and park & ride car parks and local servers in structured or surface parking facilities and park & ride facilities that are equipped with optical license plate readers) by linking license plate number, date, start and end time of parking, in order to allow the use of the parking service with automated payment or, in case of ascertainment of violation by ATAC Traffic Auxiliaries, by associating the license plate number, to time and day, place and number of the notice of violation ascertainment of the Road Traffic Code as well as the IUV code.
1. Legal basis and purpose of data processing
The processing of personal data of the Data Subjects, and possibly of special categories of personal data pursuant to art. 9 of EU Regulation 2016/679, by the Data Controller and/or the Data Processor shall be lawful only if at least one of the following applies:
Hereinafter the purposes for which personal Data of the interested party will be processed:
a - management of the sale and issue of hourly, daily and monthly parking tickets that require vehicle plate data;
b - sales management and issuance or renewal of subscriptions - where personal and contact data are required, such as e.g. name, surname, address, phone number, etc.;
c - ascertainment, in accordance with the traffic laws (Article 12 bis of the Road Traffic Code - introduced by Law no. 120 of 11/09/2020, with amendments, of the Legislative Decree n. 76/2020), of violations related to metered parking;
d - the management of administrative sanctioning procedures resulting from the ascertainment referred to in paragraph c;
e - management of potential lawful cancellation reports of the notices of violation ascertainment related to metered parking - the so-called blue stripes - issued under self-protection regime.
f - account management and fulfilment of tax obligations;
g - to fulfill specific requests of the Data Subject.
2. Data provision and refusal
It is not necessary to enter the license plate data in the parking meter: to obtain a ticket without licence plate data, that must be placed on the dashboard of the parked vehicle, any alphanumeric value of at least 3 digits will be enough.
In all other cases, Data provision is necessary in order to obtain a digitized treatment of the service and/or to fulfil the obligations referred to in paragraph 1. Refusal to provide that data makes it impossible to access parking facilities or may lead to an ascertainment of violation of the Road Traffic Code rules in absence of any other parking ticket.
3. Data communication
Digital data collected for the ascertainment, in accordance with the traffic laws (Article 12 bis of the Road Traffic Code - introduced by Law no. 120 of 11/09/2020, with amendments, of the Legislative Decree n. 76/2020), of violations related to metered parking, for the issue of the associated notice of violation ascertainment and of potential lawful cancellation reports of the notices of violation ascertainment under self-protection regime, are transferred by ATAC SpA to the U.O. Supporto alla Gestione dei Procedimenti connessi alle Entrate Extra-Tributarie sul Territorio - Direzione per la Gestione dei Procedimenti connessi alle Entrate Extra-Tributarie - Economic Resources Department of Roma Capitale - as recipient of the Data - for the consequent sanctioning obligations (purposes referred to in paragraph 1, letters c, d, e).
The provided personal Data will be processed by authorized and appropriately trained and instructed persons and may be disclosed to public and private bodies, competent authorities as well as other bodies connected to ATAC S.p.A and/or Roma Capitale. Subjects belonging to the categories to which Data may be communicated, will process and use them, on a case by case basis, acting as Data Processors/Sub-Processors expressly appointed by the Data Controller/Data Processor pursuant to EU Regulation 2016/679 and Legislative Decree 196/2003 and subsequent amendments and integrations, or rather acting as autonomous Controllers/Processors.
When necessary, the Data provided may moreover be communicated to subjects whose right of access is recognized by provisions of law, secondary and community legislation, as well as to natural or legal persons (public and/or private), if the communication is essential or functional to the performance of the activity of Roma Capitale in the ways and for the purposes illustrated above.
The Data are not subject to dissemination.
4. Data retention and security measures
Digitally processed data are stored on ATAC servers located within the European Union at the data centre in Via Sondrio n. 18 - 00176 Rome or on local servers situated in structured parking facilities or surface parking lots additional to on-street parking.
On-paper processed data are stored at the competent company offices.
The data transferred to Roma Capitale are stored at its Data Center. In any case, they are processed and stored in compliance with the security measures provided for by Article 32 of the GDPR and by Legislative Decree 196/03 and subsequent amendments and are not subject to any further processing.
5. Transfer of personal data to third countries
The data will not be transferred outside the European Union.
6. Processing methods
Data is processed using manual, computerized and telematic tools. The processing will be strictly related to the indicated purposes and, in any case, based on the principles of fairness, legality, transparency, relevance, accuracy, completeness and non-exceedance, as well as with organizational and processing logics strictly related to the purposes for which the data were collected and, in any case, in such a way as to guarantee their security, integrity and confidentiality, in compliance with the organizational, physical and logical measures provided by current regulations.
7. Data retention period
Data are retained for a time strictly necessary for the pursuit of the purposes for which they were collected:
a - Data collected digitally by ATAC may be processed for up to a maximum of 12 days after issuance of the ticket.
b - Data collected digitally by ATAC using optical readers in park & ride car parks and in structured parking facilities or surface parking lots additional to on-street parking (vehicle registration number) are stored for 24 hours after the expiration of the parking period.
c - On-paper Data collected by ATAC for the ascertainment of violations of the Road Traffic Code (Article 12 bis of the Traffic Code - introduced by Law no. 120 of 11/09/2020, with amendments, of the Legislative Decree n. 76/2020) relating to parking fees and to the issue of the associated notice of violation ascertainment and of potential lawful cancellation reports of the notices of violation ascertainment under self-protection regime, are not retained by ATAC.
d - ATAC retains the number of violation reports issued up to 15/01/2023 for a period of 5 years starting from the end of the year in which the violation report has been raised.
e - Subscriber data collected by ATAC in paper form will be retained for a period not exceeding 5 years from the end of validity of the last subscription without renewal and, in any case, without prejudice to any retention terms provided for by laws or regulations for fiscal and judicial purposes.
In any case, any retention periods provided for by law or regulations for tax and judicial purposes remain unaffected.
8. Rights of the Data Subject
At any time, pursuant to articles 15-22 of EU Regulation 2016/679, the Data Subject has the right to:
a - ask the Data Controller or Data Processor to access the Data, their erasure, the rectification of inaccurate data, the integration of incomplete data, as well as to restrict their processing in the cases provided for by art.18 of EU Regulation 2016/679;
b - object, at any time, to processing his data, in whole or in part, if the conditions set out in art. 21 of EU Regulation 2016/679 subsist;
c - in case there are the conditions to exercise one’s right to data portability pursuant to art. 20 of the EU Regulation 2016/679, receive the data provided to the Controller in a structured and commonly used format and readable by an automatic device, and transmit them to another Data Controller without hindrance.
The Data Subject can exercise his rights through a written request, by filling out the appropriate form that can be downloaded on the ATAC website www.atac.roma.it, section “Privacy information” - Form to contact the Data Controller or Data processors - and sending it, together with a copy of a valid identification document, to the Data Processor or to the Data Protection Officer to the postal address of the registered office or to the email/certified email address indicated in paragraphs 11 and 12 of this notice.
9. Right to lodge a complaint with a supervisory authority (art.13.2d of EU Regulation 2016/679)
The interested party has the right to lodge a complaint with a supervisory authority (in particular the Italian Data Protection Authority www.garanteprivacy.it).
10. Identity and contact details of the data ControllerThe Controller of the processing of personal data is the Mayor of Roma Capitale. Contact details: Palazzo Senatorio - Via del Campidoglio n.1 - 00186 Rome.
Certified email address: protocollo.gabinettosindaco@pec.comune.roma.it
11. Identity and contact details of the Data Protection Officer of Roma Capitale
Contact details:
E-mail: dpo@comune.roma.it;
Certified email address: dpo@pec.comune.roma.it
To consult the Privacy Policy of Roma Capitale please click here
12. Identity and contact details of the Data Processor
The Processor of the personal data is ATAC S.p.A. in the person of its pro tempore legal representative, with registered office in Rome Via Prenestina n. 45 - 00176.
To exercise the rights provided for by the law and better specified above, please write to the following certified email address: protocollo@cert2.atac.roma.it
13. Contact details of the Data Protection Officer of ATAC S.p.A.
Hereinafter the contact details of the Data Protection Officer (DPO): Via Prenestina n. 45 - 00176 Rome, email: responsabileprotezionedati@atac.roma.it