Under the terms of articles 13 and 14 of EU Regulation 2016/679 of 26 April 2016 (hereafter referred to as the ‘Privacy Regulation’), we provide the following information relative to the processing of the personal data.
1. Who holds the personal data?
The holder of the personal data is A2A S.p.A. with registered office in Via Lamarmora 230, 25124 Brescia, Italy, and head office in Corso di Porta Vittoria 4, 20122, Milan, Italy.
2. Who can be contacted?
For all queries related to the processing of personal data and the exercising of rights, contact the Data Protection Officer (RPD - Responsabile della Protezione dei Dati personali) at the following e-mail address: dpo.privacy@a2a.it.
3. Why is personal data processed?
Your data is processed so that it is possible to check who accesses the premises of A2A Group companies. In particular, the processing enables the identification of people entering company premises and immediately knowing who is present there each day, also for reasons of personal safety.
We wish to inform you that, on these premises, for reasons of security and the protection of corporate assets, a closed-circuit videosurveillance system is in operation.
The legal grounds for this are as follows:
- the pursuit of a legitimate interest on the part of the data controller (eg. protection of corporate assets, safety of people present on the premises, defence of a right in a judicial proceeding);
the fulfilment of a legal obligation to which the data controller is subjected (eg. communication of data to public authorities and official agencies).
4. Which personal data is processed?
The following categories of data are processed:
- personal and identifying information (eg. name, surname, tax identification code, address, date and place of birth);
- data related to the image (eg. identity card photograph and images recorded by the videosurveillance equipment);
- other data relative to the categories inidcated above
5. How is the data processed?
The processing is carried out by the personnel authorized to do so in the performance of their duties, with or without the support of electronic equipment, in accordance with the principles of lawfulness and correctness so as to safeguard at all times the confidentiality and the rights of the party involved.
6. Who is the personal data communicated to?
Your personal data can be made available to:
- companies that provide IT, surveillance and security services and other companies of Group A2A that may act as data controller;
- public bodies and official agencies (when required) in the execution of their legal duties, which will act as data controller.
Your data will not be divulged (made available to unspecified parties).
7. Is the data sent to other countries?
Your personal data will be processed within the European Economic Area (EEA). Should it be necessary, in exceptional circumstances, to transfer your personal data outside the EEA, this will take place on the basis of a decision of acceptability by the European Commission, if applicable, or in the presence of adequate guarantees requested by the Privacy Authority.
8. For how long is the data kept?
Your data will be stored for the time necessary to achieve the purposes for which it is being processed or to ensure compliance with the law and no longer than:
- 7 days from the recording of images carried out for reasons of security and protection of corporate assets, with the exception of requests from judicial authorities or from the police;
- 10 years from the verification of identity of those entering company premises.
In the event of disputes, the length of time for which data can be held can be extended to 10 years from the definition of the dispute.
9. Which rights can be exercised?
You have the right to ask the Data Controller:
- for confirmation that processing of your personal data is or is not under way and, if under way, that you can have access (right of access);
- for correction of personal data that is incorrect or the completion of incomplete personal data (right of rectification);
- for the deletion of the data if there is motivation as foreseen in the Privacy Regulation (right to erasure);
- for limitation of the processing when one of the cases foreseen by the Privacy Regulation exists (right to restrict processing);
- to receive the information provided to the data controller in a structured format, for normal use and readable using an automatic device, and to transmit such data to another data controller (right to data portability);
- to object at any moment to the processing of your data for a legitimate interest on the part of the data controller and for marketing and profiling purposes (right to object);
To exercise your rights, you can make a written request to the Data Controller or Data Protection Officer, indicating the A2A Group company to which the request is addressed.
Except in the case of other administrative or legal complaints or appeals, you have the right to ask the Privacy Authority to ensure protection of your personal data should you deem that its processing violates the privacy Regulation.
10. From which source does the personal data originate and what are the consequences if the data is not given?
All of the data gathered in the sphere of this processing is strictly functional to the stated purposes and to compliance with laws, including those relative to personal safety. The communication of personal data is discretionary but refusal to provide such data impedes access to A2A Group premises given the essential need to identify those entering the property.
11. Is the data subjected to automated decision making?
The data will not be subjected to decisions based solely on automated processing, including profiling, which may have legal effects that concern or significantly affect your person.
Useful resources
Services
A2A S.p.A. - P.I. 11957540153