We apologize for the inconvenience. Currently this section is available only in Italian
This document has been written pursuant to EU Regulation 2016/679 (hereinafter: "Regulation") in order to allow you to be acquainted with our privacy policy, to understand how your personal information is managed when you use our site (www.atac.roma.it, hereinafter "site") and, if you want, to express aware consent to the processing of your personal data. The provided information and data or otherwise acquired in the context of the use of navigation services and access to the reserved area of the site (marketing newsletter), will be processed in compliance with the provisions of the Regulation and the confidentiality obligations that inspire the activity of Atac S.p.A.
According to the rules of the Regulation and of the Privacy Code, the data processing carried out by Atac S.p.A. will be based on the principles of lawfulness, correctness, transparency, purpose and conservation time limitations, minimization of data,
accuracy, integrity and confidentiality, as well as on the principle of accountability pursuant to art. 5 of the Regulation.
Personal data being processed
We inform you that the personal data being processed may consist of identifiable information such as your name and surname, email address, company or role covered within it, telephone number, VAT number, an identification number, location data or online identifiers, depending on the requested service.
Furthermore, personal data processed through our site are the following:
1. Navigation data
During their normal operation, the IT systems and software procedures used to operate the site automatically collect information relating to web browsing, the transmission of which is implicit in the use of Internet communication protocols. This kind
of data is not collected to be associated with identified subjects but by its nature it could, through associations and processing with data held by third parties, allow the identification of users or surfers. This category includes information on
IP addresses, domain names of computers used by persons who connect to the site, URI (Uniform Resource Identifier) addresses of the requested resources, time of request, method used to submit the request to the server, the size of the file obtained
in response, the numerical code indicating the status of the response given by the web server (successful, error, etc.) as well as other parameters relating to the operating system and the computer environment of the user. These data are used for
the sole purpose of obtaining anonymous statistical information on the use of this website and to check its correct functioning, to identify anomalies and/or abuses, and are deleted immediately after processing. This data could be used to ascertain
responsibility in case of hypothetical cybercrimes against the site or third parties.
You’ll find specific information in the sections of the website set up for particular services, accessible also after registration, where personal data are requested.
2. Cookies
3. Purposes of processing
Your personal data will be processed by the Data Controller for the following purposes:
3.1 to allow website navigation and the provision of the services made available by the owner;
3.2 to fulfil obligations under applicable laws, regulations or community legislation, or to satisfy requests from authorities;
3.3 for the compilation of statistics, without the possibility to trace your identity;
3.4 to send newsletters and promotional communications for direct marketing purposes through email, sms, MMS, fax, conventional mail or by telephone with operator, where the promoted products may also belong to other partner companies.
Specific security
measures are adopted to prevent data loss, illicit or incorrect use and unauthorized access.
4. Legal basis and mandatory or optional nature of the processing
The legal basis for the processing of personal data for the purposes referred to in paragraph 3.1 is art. 6.1.b) of the Regulation, since the processing is necessary for the provision of services or in response to the requests of the interested party. The legal basis for the processing of personal data for the purposes referred to in paragraph 3.2 is art. 6.1.c) of the Regulation ("processing is necessary for compliance with a legal obligation to which the controller is subject”). The provision of personal data for these purposes is optional, but any failure to provide them would make it impossible to activate the requested services. It should be noted, however, that the treatment referred to in paragraph 3.3 is not performed on the basis of personal data and, therefore, can be freely carried out by the Data Controller.
The legal basis for the processing of personal data for the purposes referred to in paragraph 3.4 is art. 6.1.a) of the Regulation since it is based on consent. The consent is optional and can be reviewed at any time without any consequence (except for the fact that you will no longer receive marketing communications and/or that no profiling activity will be made). Previously granted consent can be revoked following the indications described in paragraph 8 of this note.
The legal basis for the processing of your data for this purpose is art. 6, paragraph 1, lett. f) of the Regulation. The facutlty to oppose processing at any time remains unaffected, from the beginning or with subsequent communications, by written notice
to the contact details indicated in the paragraph “Identity and contact details" of this note, as well as the opportunity to obtain a notice that confirms the interruption of the processing. (art.15 of the Regulation).
5. Recipients of personal data
Your personal data may be shared, for the purposes referred to in paragraph 3 of this note, with:
5.1. subjects who typically act as data processors pursuant to art. 28 of the Regulation, that is, subjects who cooperate with the Data Controller for the pursuit of the aforementioned purposes, including subjects designated to carry out technical maintenance
activities (collectively "Recipients"); the list of data processors who process data can be requested from the Data Controller or the DPO by writing to the contacts indicated in the “Identity and contact details" paragraph of this note;
5.2 persons, bodies or authorities to whom it is mandatory to communicate your personal data due to legal provisions or orders issued by authorities;
5.3 persons authorized by the Data Controller, pursuant to art. 29 of the Regulation, to the processing of personal data necessary to carry out activities strictly related to the provision of services, which are bound by the duty of confidentiality or, in any case, have a legal obligation of confidentiality.
The updated list of subjects who may process your personal data as data processors is available by sending a written request to the Data Controller at the contact details you find below.
6. Transfer of personal data
Personal data are stored on servers located within the European Union at our data centre in Via Sondrio n. 18 - 00176 Rome; the data will not be transferred outside the European Union.
7. Data retention
Personal data processed for the purposes referred to in paragraph 3.1 will be kept for a period strictly necessary to pursue the purposes for which they were collected. In any case, since the treatments are carried out for the provision of services,
the Data Controller will keep personal data for the period of time envisaged and permitted by Italian law to protect his interests (Article 2946 of the Italian Civil Code and subsequent amendments).
Personal data processed for the purposes referred to in paragraph 3.2 will be kept for the time required by the specific obligation or applicable law.
More information about the data retention period and the criteria used to determine this period can be demanded by sending a written request to the Data Controller or the DPO at the contacts indicated in the “Identity and contact details" paragraph of this note.
In any case, the Data Controller has the opportunity to keep your personal data for the period of time provided for and permitted by Italian law to protect his interests (Article 2947 of the Italian Civil Code).
8. Rights of the data subject
At any time, pursuant to articles 15-22 of EU Regulation no. 2016/679, you have the right to:
a) ask for confirmation of the existence or not of your personal data;
b) obtain information on the purposes of the processing, the categories
of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and, when possible, their retention period;
c) obtain the correction and deletion of data;
d) obtain the limitation
of the treatment;
e) obtain data portability, i.e. receive them from a Data Controller, in a structured and commonly used format and readable by an automatic device, and transmit them to another Data Controller without hindrance;
f)
oppose the processing at any time, also in the case of processing for direct marketing purposes;
g) oppose an automated decision-making process relating to natural persons, profiling included;
h) ask the Data Controller access
to your personal data and correct or cancel them or limit their processing or oppose their processing, in addition to the right to data portability;
i) withdraw consent at any time without prejudice to the lawfulness of the processing based
on the consent given before the withdrawal;
j) submit a complaint to the supervisory authority.
You can exercise your rights, in whole or in part, for legitimate reasons, to the processing of your personal data, even if pertinent
to the purpose of the collection. In particular, the data subject has the right to object to the processing of personal data concerning him for the purpose of sending commercial advertising material or commercial communications.
You
will have to send a written request to the contact of the Data Controller or of the Data Protection Officer, that you find in sections 18 and 19 of this note, by filling in the downloadable form at the bottom of the page.
9. Transfer of personal data to third countries
Personal data are stored on servers located within the European Union at our data centre in Via Sondrio n. 18 - 00176 Rome; the data will not be transferred outside the European Union.
10. Identity and contact details of the Data Controller
The Controller of the processing of your personal data is ATAC S.p.A. in the person of its pro tempore legal representative, with registered office in Rome Via Prenestina n. 45- 00176. To exercise the rights provided for by the law and better specified above, you can contact the Controller at the following certified email address: protocollo@cert2.atac.roma.it
11. Contact details of the Data Protection Officer
Hereinafter the contact details of the Data Protection Officer (DPO): Via Prenestina n. 45 - 00176 Rome, email: responsabileprotezionedati@atac.roma.it
12. Changes and/or updates
The Controller reserves the right to change or simply update the content of this policy, in part or completely, also due to variations in the applicable legislation. We therefore invite you to to check this page periodically in order to be always updated on data collection and on the use made of tour personal data by Atac S.p.A.