(Reg. (EU) 2016/679 - General Data Protection Regulation)
The creditor entity , in its capacity as the Controller of the processing of your personal data (hereinafter the "Controller"), informs you, pursuant to Article 13 of the General Data Protection Regulation (EU) 2016/679 (hereinafter "Regulation") as follows.
The creditor entity is a Public Administration Body member of the Pago PA System, designed by AgID in compliance with Article 5 of Italian Legislative Decree no. 82 of 7 March 2005, as amended and supplemented (hereinafter jointly referred to as "Digital Administration Code"), for payments by citizens to public administration bodies and managers of public services.
The Pago PA System uses Nodo dei Pagamenti - SPC infrastructure that interconnects Public Administration Bodies and Payment Service Providers (PSP).
Citizens can access and register with the web infrastructure of the Debtor Portal (made available by the creditor entity) which provides the set of web functions citizens can use to make the relevant payments through the Pago PA system.
Scope of application
It is pointed out that the information to data subjects given herein refers and is limited exclusively to the data processing as necessary to provide the services provided through the Debtor Portal.
Personal Data source and purposes of their processing
Personal data - yours and, under appropriate proxy, also of persons (natural or legal) on whose behalf you intend to make electronic payments (hereinafter "Personal data") are provided by you during registration with the Debtor Portal and, afterwards, when you make, on various grounds, electronic payments.
Personal data are processed exclusively with the purpose of managing the payment system, as well as of carrying out related and ancillary activities, such as updating the information concerning you, enforcing the rights of the Data Subject and complying with obligations laid down by the law.
Personal data are collected also from third parties, where it is lawful and instrumental to the service provision.
Legal basis of processing
The Personal Data processing for the purposes set out in the section above is based on (i) the legitimate interest of the Controller, (ii) the carrying out of an activity related to the exercise of official authority vested in the Controller, as well as on (iii) complying with obligations laid down by applicable laws, regulations or by the European Union legislation.
Nature of the Personal Data provision
Provision of the Personal Data is necessary because it is instrumental to making electronic payments through the Debtor Portal, as well as required in order to comply with obligations laid down by the applicable laws, regulations or by the European Union legislation.
If you do not provide the necessary Personal Data, you shall not be able to use the services made available on the Debtor Portal.
Data processing methods
The personal data shall be processed with IT, manual and electronic means, in accordance with procedures and logics strictly related to the processing purposes specified herein. All the above shall be fully compliant with the applicable legislation on security, with specific regard to Article 32 of the Regulation.
Your personal data shall be stored for no longer than it is necessary to achieve the purposes for which they were collected and processed.
Categories of entities to which the Data may be sent or disclosed
The personal data may be accessed by the members of our personnel who are authorized to process them as needed. We also disclose the data to providers of professional and technical services that are instrumental to the aforementioned purposes and such providers shall have the capacity as data processors, as well as to any lawful addressee of such data pursuant to applicable laws and regulations.
The personal data shall not be circulated.
The personal data shall not be transferred outside the European Economic Area (EEA).
Rights of the data subject
In your capacity as the subject of the Personal Data processed, you may exercise, at any time, the rights laid down in Article 15 et seq. of the Regulation, among which, by way of example only, it is mentioned the right to obtain confirmation as to whether or not personal data concerning you exist, to verify their content, source and correctness, to obtain integration, updating, rectification, integration, erasure, anonymization and portability; furthermore, you may exercise your right to object to the aforementioned processing, also in case of automated decision-making processes, or to obtain restriction of processing on legitimate grounds. The data subject shall also have the right to withdraw his or her consent at any time, where any consent was given; furthermore, the data subject shall have the right to lodge a complaint with the Garante per la protezione dei dati personali (the Italian Data Protection Authority) at any time.
In accordance with the Regulation, the Controller has appointed a "Personal Data Protection Officer" ( "DPO").
For any and all matters concerning the processing of your Personal Data and/or to exercise your rights as provided for by the Regulation, you may contact the Controller or the DPO using the contact details set forth on the Controller’s web site.