We apologize for the inconvenience. Currently this section is available only in Italian
Pursuant to articles 13 and 14 of EU Regulation 2016/679 (hereinafter also "GDPR") on the "protection of individuals with regard to the processing of personal data", we offer the necessary information about the processing of personal data ("Data").
The Data Controller of personal data in execution of the Service Contract is the Mayor of Roma Capitale (hereinafter "Controller"), whose identification and contact details are listed in paragraph 9.
The Data Processor of personal data in execution of the Service Contract is ATAC S.p.A. (hereinafter Processor), whose identification and contact details are listed in paragraph 11.
The Data processed are: a) common data: e.g. personal data, contact details, vehicle plate number, etc; b) special data: health data - number of the vehicle parking permit issued to people with disabilities.
Data is provided by the user of the services and collected and processed by ATAC S.p.A. on behalf of Roma Capitale, which subsequently acquires the Data as described in paragraph 4. for the purposes referred to in paragraph 1, letters d. and e.
Data collection takes place:
The data collected by ATAC are processed by automated systems (centralized servers in case of parking meters and park & ride areas and local servers in structured or surface parking facilities and park & ride facilities that are equipped with optical license plate readers) by linking license plate number, date, start and end time of parking, in order to allow the use of the parking service with automated payment or, in case of ascertainment of violation by ATAC Traffic Auxiliaries, by associating the license plate number, to time and day, place and number of the notice of violation ascertainment of the Road Traffic Code as well as the IUV code.
1. Legal basis and purpose of data processing
Data processing is aimed at fulfilling contractual and legal obligations in execution of the Service Contract, in particular:
a - the management of the sale and issue of hourly, daily and monthly parking tickets that require vehicle plate data for the issue of the ticket;
b - sales management and issuance or renewal of subscriptions - where personal and contact data are required, such as e.g. name, surname, address, phone number, etc.;
c - the ascertainment, in accordance with the traffic laws (Article 12 bis of the Road Traffic Code - introduced by Law no. 120 of 11/09/2020, with amendments, of the Legislative Decree n. 76/2020) of violations related to metered parking;
d - the management of administrative sanctioning procedures resulting from the assessment referred to in paragraph c;
e - the management of potential lawful cancellation reports of the notices of violation ascertainment related to metered parking - the so-called blue stripes - issued under self-protection regime.
f - the account management and fulfilment of tax obligations.
2. Data provision and refusal
It is not necessary to enter the license plate data in the parking meter: to obtain a ticket without licence plate data, that must be placed on the dashboard of the parked vehicle, any alphanumeric value of at least 3 digits will be enough.
In all other cases, data provision is necessary in order to obtain a digitized treatment of the service and/or to fulfil the obligations referred to in paragraph 1. Refusal to provide that data makes it impossible to access parking facilities or may lead to the ascertainment of the violation of the Road Traffic Code rules in absence of any other parking ticket.
3. Data communication
Digital data collected for the assessment, in accordance with the traffic laws (Article 12 bis of the Road Traffic Code - introduced by Law no. 120 of 11/09/2020, with amendments, of the Legislative Decree n. 76/2020), of violations related to metered parking, for the issue of the associated notice of violation ascertainment and of potential lawful cancellation reports of the notices of violation ascertainment under self-protection regime, are transferred by ATAC SpA to the U.O. Supporto alla Gestione dei Procedimenti connessi alle Entrate Extra-Tributarie sul Territorio - Direzione per la Gestione dei Procedimenti connessi alle Entrate Extra-Tributarie - Economic Resources Department of Roma Capitale - as recipient of the Data - for the consequent sanctioning obligations (purposes referred to in paragraph 1, letters c, d, e.
The provided personal Data will be processed by authorized and appropriately trained and instructed persons and may be disclosed to public and private bodies, competent authorities as well as other bodies connected to ATAC S.p.A and/or Roma Capitale. Subjects belonging to the categories to which Data may be communicated, will process and use them, on a case by case basis, acting as Data Processors/Sub-processors expressly appointed by the Data Controller/Data Processor pursuant to articles 26 and 28 of the EU Regulation 2016/679 and Legislative Decree 196/2003 and subsequent amendments and integrations, or rather acting as autonomous Controllers/Processors.
Data transmitted by a third party operator to ATAC as autonomous data Controller or Processor is regulated pursuant to Articles 26 and 28 of the GDPR and by the Legislative Decree 196/2003 and subsequent amendments. The processing of data relating to free parking permits has been authorized by Roma Capitale acting as Data Controller since necessary for the pursuit of the purposes referred to in paragraph 1.
The Data are not subject to disclosure.
4. Data retention and security measures
Digitally processed data are stored on ATAC servers located within the European Union at the data centre in Via Sondrio n. 18 - 00176 Rome or on local servers situated in structured or surface parking facilities, additional to on-street parking.
On-paper processed data are stored at the competent company offices.
The data transferred to Roma Capitale are stored at its Data Center. In any case, they are processed and stored in compliance with the security measures provided for by Article 32 of the GDPR and by Legislative Decree 196/03 and subsequent amendments and are not subject to any further processing.
5. Transfer of personal data to third countries
The data will not be transferred outside the European Union.
6. Processing methods
Data is processed using manual, computerized and telematic tools. The processing will be strictly related to the indicated purposes and, in any case, based on the principles of fairness, legality, transparency, relevance, accuracy, completeness and non-exceedance, as well as with organizational and processing logics strictly related to the purposes for which the data were collected and, in any case, in such a way as to guarantee their security, integrity and confidentiality, in compliance with the organizational, physical and logical measures provided by current regulations.
7. Data retention period
Data are retained for a time strictly necessary for the pursuit of the purposes for which they were collected:
a - Data collected digitally by ATAC through parking meters, Apps and mobile network providers (vehicle plate number), relating to hourly, daily and monthly parking - on-street and in park & ride areas - are kept for up to a maximum of 12 days after expiration of the parking period.
b - Data collected digitally by ATAC for the ascertainment of violations of the Road Traffic Code relating to parking fees and to the issue of the associated notice of violation ascertainment, in accordance with the law (Article 12 bis of the Traffic Code - introduced by Law no. 120 of 11/09/2020, with amendments, of the Legislative Decree n. 76/2020), are not kept by ATAC, but can be processed by ATAC by accessing the digital systems of the Economic Resources Department of Roma Capitale to which they are directly conveyed, for the issue of cancellation reports of the notices of violation ascertainment under self-protection regime and for the purpose referred to in point 1. letter d. within a maximum of 12 days from the issuance of the notice of violation ascertainment.
ATAC stores the number of violation reports issued up to 15/01/2023 for a period of 5 years starting from the end of the year in which the violation report has been raised.
c - On-paper Data collected by ATAC for the ascertainment of violations of the Road Traffic Code relating to parking fees and to the issue of the associated notice of violation ascertainment and of potential lawful cancellation reports of the notices of violation ascertainment under self-protection regime, in accordance with the law (Article 12 bis of the Traffic Code - introduced by Law no. 120 of 11/09/2020, with amendments, of the Legislative Decree n. 76/2020) are not kept by ATAC.
d - Data processed digitally by ATAC referred to in the previous letter b and c are transferred to the OU Supporto alla Gestione dei Procedimenti connessi alle Entrate Extra-Tributarie sul Territorio - Direzione per la Gestione dei Procedimenti connessi alle Entrate Extra-Tributarie - Economic Resources Department of Roma Capitale - as recipient of the Data - for the consequent fulfillments and are kept by the relevant offices for the times provided for by the law on administrative violations and sanctions.
e - Data collected digitally by ATAC (vehicle plate number) in park & ride areas and in structured or surface parking facilities, additional to on-street parking, through optical license plate readers are kept for the 24 hours following the expiration of the parking period.
f - Subscriber data collected by ATAC in paper form will be kept for a period not exceeding 5 years from the end of validity of the last subscription without renewal and, in any case, without prejudice to any retention terms provided for by laws or regulations for fiscal and judicial purposes.
8. Rights of the Data Subject
At any time, pursuant to articles 15-22 of EU Regulation no. 2016/679, the Data Subject has the right to:
a - ask the Data Controller or Data Processor to access the data, their cancellation, the correction of inaccurate data, the integration of incomplete data, as well as to limit their processing in the cases provided for by art. 18 of the GDPR;
b - oppose, at any time, to processing, in whole or in part, of data necessary for the legitimate pursuit of the Controller's interest;
c - in case there are the conditions to exercise one’s right to data portability pursuant to art. 20 of the GDPR, receive the data provided to the Controller in a structured and commonly used format and readable by an automatic device, and transmit them to another data Controller without hindrance;
d - withdraw consent at any time;
e - submit a complaint to the supervisory authority.
The data subject can exercise his rights through a written request, by filling in the appropriate form that can be downloaded on the ATAC website www.atac.roma.it, section “Privacy information” - Form to contact the data controller or data processors - and sending it to the Data Controller, the Data Processor or to the Data Protection Officer to the postal address of the registered office or to the email/certified email address indicated in paragraphs 9 to 12 of this notice.
9. Identity and contact details of the data ControllerThe Controller of the processing of personal data is the Mayor of Roma Capitale. Contact details: Palazzo Senatorio - Via del Campidoglio n.1 - 00186 Rome.
Certified email address: protocollo.gabinettosindaco@pec.comune.roma.it
For further information, please consult the institutional website of Roma Capitale.
10. Identity and contact details of the Data Protection Officer of Roma Capitale
Contact details:
E-mail: rpd@comune.roma.it;
Certified email address: protocollo.rpd@pec.comune.roma.it
For further information, please consult the institutional website of Roma Capitale.
11. Identity and contact details of the Data Processor
The Processor of the personal data is ATAC S.p.A. in the person of its pro tempore legal representative, with registered office in Rome Via Prenestina n. 45 - 00176.
To exercise the rights provided for by the law and better specified above, please write to the following certified email address: protocollo@cert2.atac.roma.it
12. Contact details of the Data Protection Officer of ATAC S.p.A.
Hereinafter the contact details of the Data Protection Officer (DPO): Via Prenestina n. 45 - 00176 Rome, email: responsabileprotezionedati@atac.roma.it