We apologize for the inconvenience. Currently this section is available only in Italian
Pursuant to article 13 of EU Regulation 2016/679 on the “protection of natural persons with regard to the processing of personal data” (hereinafter also “EU Regulation 2016/679” or “GDPR”), we hereby provide the requested information on the processing of the collected Personal Data (hereinafter also "Data").
The Data Controller of personal data in execution of the Service Contract is the Mayor of Roma Capitale (hereinafter also "Controller"), whose identification and contact details are listed in paragraph 8 of this notice..
The Data Processor of personal data in execution of the Service Contract is ATAC S.p.A. (hereinafter also Processor), whose identification and contact details are listed in paragraph 10 of this notice.
1. Processed Data
The data processed are common user data.
2. Legal basis and purpose of data processing
The processing of personal data of the interested parties is aimed at the provision of services to use the bike parking boxes located in the metro stations, in execution of the Service Contract with Roma Capitale and in application of the Terms of Service.
All personal data of the interested persons are processed by the Data Processor on the legal basis of one or more of the following lawful processing conditions:
• for the performance of a contract to which the data subject is party (art. 6.1.b EU Regulation 2016/679);
• consent of the data subject (art. 6.1.a EU Regulation 2016/679) and, if the data subject requesting the service has reached the age of sixteen but not the age of majority, the consent given by the person exercising the parental responsibility as parent and/or guardian of the minor.
The requested personal data are necessary to benefit from the services referred to in this paragraph. The failure to provide personal data makes it impossible to fulfil the service. The processing of personal data can also take place through automated and computerized processes.ati.
3. Data Communication
The provided personal Data will be processed by authorized and appropriately trained and instructed persons and may be disclosed to private and public bodies (Roma Capitale), competent authorities as well as other bodies connected to ATAC S.p.A, that will process them acting as Data Processors/Sub-processors or rather acting as autonomous Processors.
4. Transfer of personal data to third countries
Collected data will not be transferred outside the European Economic Area.
5. Data processing methods
The processing of provided Data is based on the principles of fairness, lawfulness, and transparency. Each processing takes place through the adoption of technical and organizational security measures, adequate for the processing itself, in accordance with the provisions of Art. 32 of EU Regulation 2016/679. Data are processed in electronic and/or paper form and minimization measures are implemented, with reference to the type of data, access authorizations and storage time.
6. Data retention period
Personal data will be stored for the entire duration of the contract and as long as obligations or fulfilments connected to its execution persist. Even after the termination of the contractual relationship, ATAC and any other possible authorized subject will be able to keep personal data of administrative/accounting nature - also for compliance with legal and regulatory obligations, as well as for their own or third party defensive purposes - namely to fulfil specific legal obligations, up to expiry of the legally applicable retention period on a case-by-case basis.
Booking data will be deleted one hour after reservation when the bike box remains unused. Data relating to the actual use of bike boxes will be stored for maximum 72 hours from the time of collection of the bicycle from the car park. In case of service failure, the Data will be retained in compliance with the law.
7. Rights of the data subject
At any time, pursuant to articles 15-22 of EU Regulation no. 2016/679, the data subject has the right:
• to access to his personal data and to all information on their processing;
• to the rectification of inaccurate personal data and the integration of incomplete data;
• to erasure (right to be forgotten);
• to restrict processing;
• to data portability;
• to object to the processing of his personal data;
• not to be subject to a decision based solely on automated processing;
• to lodge a complaint with the supervisory authority, in case of deemed violation.
The data subject can exercise his rights through a written request, by filling in the appropriate form that can be downloaded on the ATAC website www.atac.roma.it, to be sent together with a valid identity document to the Data Processor.
8. Identity and contact details of the data Controller
The Controller of the processing of personal data is the Mayor of Roma Capitale. Contact details: Palazzo Senatorio - Via del Campidoglio n.1 - 00186 Roma.
Certified email address (PEC): protocollo.gabinettosindaco@pec.comune.roma.it
9. Identity and contact details of the Data Protection Officer of Roma Capitale
Contact details e-mail: rpd@comune.roma.it; certified email address (PEC) protocollo.cybersecurity@pec.comune.roma.it
To consult the Data Controller's Privacy Policy, please visit the institutional website of Roma Capitale
10. Identity and contact details of the Data Processor
The Processor of the personal data is ATAC S.p.A. in the person of its pro tempore legal representative, with registered office in Via Prenestina n. 45 - 00176 Rome. To exercise the rights provided for by the law and better specified above, please write to the following certified email address (PEC): protocollo@cert2.atac.roma.it
11. Contact details of the Data Protection Officer of ATAC S.p.A.
Data Protection Officer (DPO): Via Prenestina n. 45 - 00176 Rome, e-mail: responsabileprotezionedati@atac.roma.it