Request and issuance of Metrebus Cards and for the issuance/enabling of free circulation cards for police officers, armed forces and ANAS S.p.A personnel

Privacy notice for the request and issuance of Metrebus Cards and for the issuance/enabling of free circulation cards for police officers, armed forces and ANAS S.p.A personnel

Pursuant to articles 13 and 14 of EU Regulation 2016/679 on the “protection of natural persons with regard to the processing of personal data” (hereinafter also “GDPR”), we hereby provide the requested information on the processing of the collected Personal Data ("Data").

The Data Controller of personal data is ATAC S.p.A., whose identification and contact details are reported in paragraph 8.

Processed Data

The Data processed are common data and, in some cases, special data.

Legal basis and purpose of data processing

Data processing is aimed at fulfilling the following purposes:

request and issuance of Metrebus Cards;
issuance/enabling of free circulation cards (police officers, armed forces and ANAS S.p.A. personnel)

All personal data of the interested persons, and possibly those belonging to special categories pursuant to art. 9 of EU Regulation 2016/679, are processed by the Data Controller on the legal basis of one or more of the following lawful processing conditions:

for the performance of a contract to which the data subject is party (art. 6.1.b EU Regulation 2016/679);
compliance with legal obligations (art. 6.1.c EU Regulation 2016/679);
consent of the data subject (art. 6.1 a EU Regulation 2016/679).

Data communication

Transfer of personal data to third countries

Collected data will not be transferred outside the European Economic Area.

Processing methods

The processing of your personal data is based on the principles of fairness, legality and transparency. The processing is done implementing appropriate technical and organisational measures to ensure an appropriate level of security, as described in art. 32 of EU Regulation 2016/679. Data are processed in electronic and/or paper form and minimization measures are implemented, with reference to the type of data, access authorizations and storage time.

Data retention period

Personal data will be stored for the entire duration of the contract and as long as obligations or fulfilments connected to its execution persist. Even after the termination of the contractual relationship, ATAC and any other authorized subject will be able to keep personal data of administrative-accounting nature - also for compliance with legal and regulatory obligations, as well as for their own or third party defensive purposes - namely to fulfil specific legal obligations, up to expiry of the legally applicable retention period on a case-by-case basis.

Rights of the Data Subject

At any time, pursuant to articles 15-22 of EU Regulation 2016/679, you have the right:

to access to your personal data and to all information on their processing;
to the rectification of inaccurate personal data and the integration of incomplete data;
to erasure (right to be forgotten);
to restrict processing;
to data portability;
to object to the processing of your personal data;
not to be subject to a decision based solely on automated processing;
to lodge a complaint with the supervisory authority, in case of deemed violation.

Contact details of the data Controller and of the Data Protection Officer

protocollo@cert2.atac.roma.it

responsabileprotezionedati@atac.roma.it

Title	Type	Size
Appointment of the Data Protection Officer (DPO)	pdf	30 KB	DownloadAppointment of the Data Protection Officer (DPO)
Personal data protection policy	pdf	7834 KB	DownloadPersonal data protection policy
Privacy information management system and designation of Privacy Appointees	pdf	396 KB	DownloadPrivacy information management system and designation of Privacy Appointees
Form to contact the data controller or data processors	pdf	125 KB	DownloadForm to contact the data controller or data processors