Imposition of administrative sanctions - Metered parking (blue stripe spaces), Parking facilities falling within the competence of Roma Capitale and Surveillance of protected lanes, public transport stops and terminals (yellow stripes)

PRIVACY NOTICE

EU Regulation 2016/679

Information for Data Subjects - Imposition of administrative sanctions

Pursuant to articles 13 and 14 of EU Regulation 2016/679 "General Data Protection Regulation", we inform you that Roma Capitale processes the personal data you provide and freely communicate. Roma Capitale guarantees that the processing of your personal data is carried out in compliance with fundamental rights and freedoms, as well as with your dignity, with particular reference to confidentiality, personal identity and the right to the protection of personal data.

1. Data Controller of the processing of personal data (Art. 13.1.a EU Regulation 2016/679)

The Data Controller of personal data is Roma Capitale. Currently, any information relating to the Data Controller, together with the updated list of designated Managers and System Administrators, is available at Palazzo Senatorio, via del Campidoglio 1, 00186 Rome; certified email address (PEC): protocollo.gabinettosindaco@pec.comune.roma.it.

2. Data Protection Officer - DPO (Art. 13.1.b EU Regulation 2016/679)

The Data Protection Officer (DPO) of Roma Capitale can be reached at the following e-mail address: dpo@comune.roma.it

Purposes of the processing for which the personal data are intended and legal basis for the processing (Art. 13.1.c EU Regulation 2016/679)

All personal data of the Data Subjects, and possibly those belonging to special categories referred to in art. 9 of the EU Regulation or relating to criminal convictions and crimes pursuant to art.10 of the EU Regulation, are processed by the Data Controller only if and to the extent that at least one of the following lawfulness principles applies:

compliance with a legal obligation to which the Controller is subject (art. 6.1.c of EU Reg. 2016/679);
processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (art. 6.1.e of EU Reg. 2016/679)

Hereinafter the purposes for which the Data Subject's personal data will be processed:

data entry in the Capitoline registry and computer databases;
management of the sanctioning procedure regarding violations of the Road Traffic Code, Special Laws and Municipal Regulations and Resolutions of Roma Capitale;
adoption of specific procedural and operational activities with regard to the documentation attesting the possession of the requirements and to the forms of payment of the related fees;
to fulfil specific requests of the Data Subject.

4. Processing methods

The processing of personal data takes place at the headquarters and offices of the Data Controller or, if necessary, at the premises of other categories of subjects indicated in paragraph 6, both in paper or electronic format; by telephone or telematically, also using automated tools appropriate to memorize, manage and transmit the data, in observance of every precautionary measure to guarantee its security and confidentiality.
The processing will be done in such a way as to minimise the risks of destruction or loss, of unauthorized access, of processing for a purpose other than that for which the personal data were collected.
Your personal data is processed:

in compliance with the principle of data minimization, pursuant to articles 5.1.c and 25.2 of EU Regulation 2016/679;
in a lawful and fair manner.

Your data are collected:

for specified, explicit and legitimate purposes;
accurate and, if necessary, updated;
relevant, complete and not excessive in relation to the purposes of the processing.

5. Nature of data collection and consequences of any failure to provide personal data (Art. 13.2.e EU Regulation 2016/679)

The provision of your personal data is mandatory for the purposes set out in paragraph 3. Failure to provide them will result in the failure to provide the requested service, its correct execution and possible legal obligations. Your data is stored at the offices and services of Roma Capitale and at those of external conservators. If necessary, your data may also be stored by other subjects indicated in paragraph 6.

6. Communication and dissemination of personal data (Art. 13.1.e EU Regulation 2016/679)

If necessary, your personal data may be communicated (by giving knowledge of it to one or more specific third parties) to the following recipients:

recipients whose right to access data is recognised by provisions of law, secondary and community legislation;
collaborators, employees and consultants of Roma Capitale, within the scope of their respective duties and/or contractual obligations;
suppliers, including Data Processors designated pursuant to art. 28 of EU Regulation 2016/679, acting on behalf of Roma Capitale;
public and/or private natural and/or legal persons, when communication is necessary or functional to the performance of the activities of Roma Capitale in the ways and for the purposes illustrated above.

In any case, your personal data will not be disseminated, by giving knowledge of them in whichever way to a plurality of unspecified recipients, except to fulfil legal obligations.

7. Criteria used to determine the retention period (Art. 13.2.a EU Regulation 2016/679)

The Data Controller declares that personal data of the Data Subject will be stored for the period necessary to comply with the conservation terms established by the Conservation Plan of Italian Municipalities (“Piano di Conservazione dei Comuni Italiani” - ANCI 2005) and, in any case, in accordance with the regulations in force on the matter.

8. Rights of the Data Subject (Art. 13.2.b EU Regulation 2016/679)

At any time, the Data Subject has the right to:

ask the Data Controller to access his personal data, pursuant to Art. 15 of EU Regulation 2016/679;
ask the Data Controller to rectify his personal data, where this does not conflict with the current legislation on data retention, pursuant to Art. 16 of EU Regulation 2016/679;
ask the Data Controller to erase his personal data, where this does not conflict with the current legislation on data retention, pursuant to Art. 17 of EU Regulation 2016/679;
ask the Data Controller to restrict the processing of his personal data, pursuant to Art. 18 of EU Regulation 2016/679;
object to processing his data, pursuant to Art. 21 of EU Regulation 2016/679.

The above rights may be exercised by filling out the appropriate form, that can be downloaded from the website www.atac.roma.it, “Privacy Information” section - “Form to contact the Data Controller or Data Processor” and sending it to the postal address of the registered office or to the certified e-mail/ e-mail address: protocollo@cert2.atac.roma.it or responsabileprotezionedati@atac.roma.it.

9. Right to lodge a complaint (Art. 13.2.d EU Regulation 2016/679)

The Data Subject is informed that he has the right to lodge a complaint with a supervisory authority (in particular with the Italian Data Protection Authority www.garanteprivacy.it).

10. Source from which the data originate (Art. 14 EU Regulation 2016/679)

Personal data that have not been obtained from the Data Subject are acquired ex officio from Roma Capitale or from other public administrations or third parties.

Title	Type	Size
Appointment of the Data Protection Officer (DPO)	pdf	30 KB	DownloadAppointment of the Data Protection Officer (DPO)
Personal data protection policy	pdf	7834 KB	DownloadPersonal data protection policy
Privacy information management system and designation of Privacy Appointees	pdf	396 KB	DownloadPrivacy information management system and designation of Privacy Appointees
Form to contact the data controller or data processors	pdf	125 KB	DownloadForm to contact the data controller or data processors