NOTE ON THE PERSONAL DATA PROCESSING AND VIDEO SURVEILLANCE OF VISITORS
pursuant to Article 13 of EU regulation 2016/679
With this note, in compliance with the EU General Regulation 2016/679 on the protection of individuals with regard to the processing of personal data (hereinafter referred to as GDPR or Regulation) we would like to offer a clear and transparent view of the information we collect and process about our visitors and for the activity of video surveillance.
WHO IS THE DATA CONTROLLER of your data?
The company GTS S.p.a. with registered office in Genoa (GE), Via G. D'Annunzio, 2/75, is the Data Controller (hereinafter the Data Controller). The Company is part of the Autogas Group and has adopted the same technical-organizational personal data protection measures and best practices as the companies in the Group.
You can contact the Data Controller by writing to the e-mail address: email@example.com, or calling the number indicated in the “where we are " section of the site www.gtsspa.com/en.
WHAT DATA do we process?
We collect and process the personal data provided by visitors when registering at the entrance to the plant, such as:
• personal data and contact details;
• company to which they belong;
• entry and exit times.
In addition, we would like to inform you that, where appropriately signposted prior to the relevant radius of action using specific signs, video surveillance systems are in operation and we will therefore process the visualised and/or recorded images of persons entering the premises and falling within the range of the cameras.
How are the data collected?
The Personal Data are provided directly by the visitor upon entering the establishment. The provision of data is optional, but failure to provide such data for the above-mentioned purposes means that access to the premises is not possible.
As for the images recorded by the video surveillance systems, these will be collected as soon as the person concerned enters the video surveillance area, which can be recognised by heeding the appropriate signs.
What are the PURPOSES and LEGAL BASIS of the processing?
The processing of the personal data provided for registration at the entrance is carried out for the purposes of access control and protection of the company's assets, the security of the premises and the physical safety of the people who access them, in accordance with Italian Legislative Decree no. 196/2003. 81/2008 and to specific legal regulations. Such processing is carried out on the basis of a legal obligation (Article 6 paragraph 1 C of the GDPR) in the case of access to storage sites under surveillance, as defined by fire protection legislation.
The processing of video surveillance data is carried out on the basis of a legitimate interest of the Data Controller (Article 6 paragraph 1 F of the GDPR) for the purposes of protecting the company's assets, security and containment of criminal phenomena, as well as the safety of those involved in the loading and unloading of LPG tankers during such operations.
HOW LONG do we keep your personal data for?
The data provided for registration at the entrance will be stored for 24 hours after their collection.
The images detected and recorded by the company's video surveillance system are retained for a maximum period of 24 hours after their detection.
Data may be stored for a further period of time if this is necessary to comply with legal obligations, requests by authorities or to exercise and/or enforce a right.
What are the PROCESSING METHODS?
The processing of data for the purposes set out above takes place both in automated form, on electronic or magnetic media, and in non-automated form, on paper. It should be noted that the Data Controller does not carry out fully automated decision-making processes.
TO WHOM will we disclose your personal data?
Your personal data may be disclosed to subjects belonging to companies of the Group and to subjects external to the company organisation in the capacity of Data Processors, such as suppliers of surveillance and security services and suppliers of technical services strictly related to the activity.
Your personal data may also be disclosed, upon request, to law enforcement agencies and public or judicial authorities for the fulfilment of legal obligations.
WHERE do we transfer your data to?
The data collected will not be transferred outside the European Economic Area.
WHAT ARE YOUR RIGHTS?
In relation to the aforementioned processing, you may exercise the rights referred to in articles 15 to 22 of EU Regulation 2016/679.
In particular, in the cases provided for by the Regulations, the Data Subject has the right to ask the Data Controller for access to their data (Article 15 GDPR), the rectification (Article 16 GDPR) or the cancellation of the same (Article 17 GDPR). He or she has the right to object to the processing (Article 17 GDPR) or to request the restriction of the processing (Article 18 GDPR) and to obtain their data in a structured, commonly used and machine readable format (Article 20 GDPR).
The above rights may be exercised towards the Data Controller by writing to the e-mail address firstname.lastname@example.org or by contacting the same at the addresses indicated at the beginning of this privacy note.
Pursuant to the applicable legislation, the Data Subject can also lodge a complaint with the Italian Data Protection Authority pursuant to Article 77 of the Regulation if he/she believes that the processing of his/her Personal Data is contrary to the current legislation, or refer to the judicial authority pursuant to Article 78 GDPR.
The exercising of your rights as a Data Subject is free of charge in accordance with Article 12 of EU Regulation 2016/679.
Changes to our Privacy Note
The Data Controller reserves the right to amend and/or implement this Note, making it available at its offices and on its website, also due to legislative changes, or to recommendations, general authorisations, guidelines, further guarantee measures indicated by the Italian or European Data Protection Authority.
Updated on: 01.04.2022
The Data Controller