We apologize for the inconvenience. Currently this section is available only in Italian
Pursuant to articles 13 and 14 of EU Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data (hereinafter “GDPR”), we hereby provide information on the processing of Personal Data (hereinafter "Data").
The Data Controller of the Data in execution of the Service Contract is the Mayor of Roma Capitale (hereinafter also "Data Controller"), whose identity and contact details are listed in paragraph 9.
The Data Processor of the Data in execution of the Service Contract is ATAC S.p.A. (hereinafter “Processor”), whose identity and contact details are listed in paragraph 11.
The Data processed are common data: vehicle plate number
Data is collected and processed by ATAC S.p.A. on behalf of Roma Capitale, which subsequently acquires the Data for the purposes referred to in paragraph 1.
Data collection takes place when the license plate number is detected by the ATAC Traffic Auxiliaries that, according to the applicable law, ascertain violations of The Road Traffic Code relating to the protected and reserved lanes as well as bus stop and terminus areas (pertaining to lines operated by ATAC) - the so-called yellow stripes.
In case of ascertainment of violation by ATAC Traffic Auxiliaries, the Data collected by ATAC are processed through automated systems, by associating the license plate number to time and day, place and number of the violation report and IUV code.
1. Legal basis and purpose of data processing
Data processing is aimed at fulfilling contractual and legal obligations in execution of the Service Contract and the applicable law, in particular:
a) the ascertainment of violations of The Road Traffic Code and issue of the associated notice of violation ascertainment, relating to the protected and reserved lanes as well as bus stop and terminus areas (pertaining to lines operated by ATAC) - the so-called yellow stripes.
b) the management of administrative sanctioning procedures resulting from the assessment referred to in subsection a);
c) the issue of potential lawful cancellation reports of the notices of violation ascertainment for Road Traffic Code violations, relating to protected and reserved lanes as well as bus stop and terminus areas (pertaining to lines operated by ATAC) - the so-called yellow stripes - issued under self-protection regime;
d) the administrative management of contractual obligations, relating to the Service Contract and the applicable law.
2. Data provision and refusal
Data processing is necessary for the obligations referred to in paragraph 1.
3. Data Communication
Digital data processed for the lawful assessment of violations of the Road Traffic Code, relating to protected and reserved lanes as well as bus stop and terminus areas (pertaining to lines operated by ATAC) - the so-called yellow stripes - and to issue the associated notice of violation ascertainment and the potential cancellation report, are transferred by ATAC S.p.A. to the OU Supporto alla Gestione dei Procedimenti connessi alle Entrate Extra-Tributarie sul Territorio - Direzione per la Gestione dei Procedimenti connessi alle Entrate Extra-Tributarie - Dipartimento Risorse Economiche di Roma Capitale - recipient of the Data - for the consequent sanctioning fulfilments (purposes referred to in paragraph 1. letters a), b), c).
The provided personal Data will be processed only by appointed/authorized and appropriately trained and instructed persons and may be disclosed to public and private bodies, competent authorities as well as other bodies connected to ATAC S.p.A and/or Roma Capitale. Subjects belonging to the categories to which Data may be communicated, will process and use them, on a case by case basis, acting as Data Processors/Sub-processors expressly appointed by the Data Controller/ Processor pursuant to articles 26 and 28 of the EU Regulation 2016/679 and Legislative Decree 196/2003 and subsequent amendments and integrations, or rather acting as autonomous Controllers/Processors.
The Data transmitted by the third-party Operator to ATAC, as independent Data Controller or Data Processor, is regulated pursuant to articles 26 and 28 of the GDPR and by Legislative Decree 196/2003 and subsequent amendments and additions.
The Data are not subject to disclosure.
4. Data retention and security measures
Digital Data are not processed on ATAC servers, but will be conveyed directly to the servers of Roma Capitale via third-party Apps. On-paper processed Data (notices of violation ascertainment) are not stored by ATAC.
In any case, they are processed and stored in compliance with the security measures provided for by Article 32 of the GDPR and by Legislative Decree 196/03 and subsequent amendments and are not subject to any further processing.
5. Transfer of personal data to third countries
The Data will not be transferred outside the European Union.
6. Processing methods
Data is processed using manual, computerized and telematic tools. The processing will be strictly related to the indicated purposes and, in any case, based on the principles of fairness, legality, transparency, relevance, accuracy, completeness and non-exceedance, as well as with organizational and processing logics strictly related to the purposes for which the Data were collected and in such a way as to guarantee their security, integrity and confidentiality, in compliance with the organizational, physical and logical measures provided by current regulations.
7. Data retention period
Data are retained for a time strictly necessary for the pursuit of the purposes for which they were collected.
a) Data collected digitally by ATAC for the lawful assessment of violations of the Road Traffic Code relating to protected and reserved lanes as well as bus stop and terminus areas (pertaining to lines operated by ATAC) - the so-called yellow stripes - and for the issue of the associated notice of violation ascertainment are not stored by ATAC, but may be processed by ATAC by accessing to the digital systems of the Economic Resources Department of Roma Capitale to which they are directly conveyed, for the issue of cancellation reports related to violation ascertainment notices issued under self-protection regime and for the purposes referred to in paragraph 1. letter d) within a maximum of 12 days from the issue of the notice of violation ascertainment.
ATAC stores the number of violation reports issued up to 15/01/2023 for a period of 5 years starting from the end of the year in which the violation report has been raised.
b) On-paper Data collected by ATAC for the assessment of violations of the Road Traffic Code relating to protected and reserved lanes as well as bus stop and terminus areas (pertaining to lines operated by ATAC) - the so-called yellow stripes - are not stored by ATAC.
c) The Data processed by ATAC are transferred directly to the OU Supporto alla Gestione dei Procedimenti connessi alle Entrate Extra-Tributarie sul Territorio - Direzione per la Gestione dei Procedimenti connessi alle Entrate Extra-Tributarie - Dipartimento Risorse Economiche di Roma Capitale - recipient of the Data - for the consequent sanctioning fulfilments and are stored by the competent Capitoline Offices for the time period established by the applicable law on the subject of administrative sanctioning procedures.
In any case, without prejudice to possible storage terms required by applicable law or regulations for tax and judicial purposes.
8. Rights of the Data Subject
At any time, pursuant to articles 15-22 of EU Regulation no. 2016/679, the Data Subject has the right to:
a) ask the Data Controller or Data Processor to access the data, their cancellation, the correction of inaccurate data, the integration of incomplete data, as well as to limit their processing in the cases provided for by art. 18 of the GDPR;
b) oppose, at any time, to processing, in whole or in part, of data necessary for the legitimate pursuit of the Controller's interest;
c) in case there are the conditions to exercise one’s right to data portability pursuant to art. 20 of the GDPR, receive the data provided to the Controller in a structured and commonly used format and readable by an automatic device, and transmit them to another data Controller without hindrance;
d) withdraw consent at any time;
e) submit a complaint to the supervisory authority.
The Data Subject can exercise his rights through a written request, by filling in the appropriate form that can be downloaded on the ATAC website www.atac.roma.it, section “Privacy information” – “Form to contact the Data Controller or Data Processors” - and sending it to the Data Controller, the Data Processor or to the Data Protection Officer to the postal address of the registered office or to the e-mail/certified e-mail address indicated in paragraphs 9 to 12 of this notice.
9. Identity and contact details of the Data Controller
The Controller of the processing of personal Data is the Mayor of Roma Capitale. Contact details: Palazzo Senatorio - Via del Campidoglio n.1 - 00186 Rome. Certified e-mail address: protocollo.gabinettosindaco@pec.comune.roma.it
10. Identity and contact details of the Data Protection Officer of Roma Capitale
Contact details: email rpd@comune.roma.it - certified e-mail address: rpd@pec.comune.roma.it
For further information, please consult the institutional website of Roma Capitale.
11. Identity and contact details of the Data Processor
The Processor of the personal Data is ATAC S.p.A. in the person of its pro tempore legal representative, with registered office in Rome Via Prenestina n. 45 - 00176. To exercise the rights provided for by the applicable law and better specified above, please write to the following certified e-mail address: protocollo@cert2.atac.roma.it
12. Contact details of the Data Protection Officer of ATAC S.p.A.
Hereinafter the contact details of the Data Protection Officer (DPO): Via Prenestina n. 45 - 00176 Rome, e-mail responsabileprotezionedati@atac.roma.it