POLICY ON PROCESSING VISITORS' PERSONAL DATA AND VIDEO SURVEILLANCE
pursuant to art. 13 of EU regulation 2016/679
WHO IS the data controller of your data?
AGN ENERGIA Spa, with registered office in 10088 Volpiano (TO), via Amalfi 6, is the Data Controller (hereinafter the Data Controller). The Company has adopted the same technical-organisational measures and best practices regarding protection of personal data as the group.
Data Subjects may contact the Controller by writing to the e-mail address: firstname.lastname@example.org or at the telephone numbers given in the “Contacts” section of the website www.agnenergia.com.
They can also contact the Data Protection Officer (RDP or DPO) at the following e-mail address: email@example.com.
WHAT DATA do we process?
We collect and process personal data provided by visitors when registering at the entrance to our premises, such as:
- personal and contact data (e.g. name and surname, address, email);
- company to which they belong;
- details of the identification document.
In addition, we would like to inform you that, where appropriately signposted prior to the relevant radius of action by means of appropriate signs, company video surveillance systems are in operation and we will therefore process the visualised and/or recorded images of persons accessing our premises and falling within the range of the cameras.
How are the data collected?
Personal Data are provided directly by the visitor at the reception desk at the entrance to the premises. The provision of data is optional, but failure to provide them for the aforementioned purposes means that you will not be able to access the building.
With regard to the images captured/recorded by the company's video surveillance systems, they will be collected as soon as the person concerned enters the video surveillance area, which is recognizable through appropriate signs.
What are the PURPOSES and LEGAL BASES of the processing?
The processing of the personal data provided for registration at the entrance is carried out for the purposes of access control, security of the premises and physical safety of the persons accessing the premises, in accordance with Legislative Decree no. 81/2008 and to specific legal regulations. Such processing is carried out on the basis of a legal obligation (Art. 6 par. 1 lett. C of the GDPR), in the case of access to supervised storage sites as defined by fire protection legislation, or based on the Data Controller's legitimate interest (Art. 6 par. 1 lett. of the GDPR) in cases of access to locations other than those specified above.
The processing of video surveillance data is carried out based on the Data Controller's legitimate interest (Art. 6 par. 1 lett. F of the GDPR) for the purposes of protecting the company's assets, security and containment of criminal phenomena, as well as the safety of those involved in the loading and unloading of LPG tankers during such operations.
HOW LONG do we keep your personal data?
The data provided for entry registration will be stored for 12 months or for a longer period of time if this is necessary to comply with legal obligations, requests by authorities or to exercise and/or enforce a right.
The images detected and recorded by the company's video surveillance system for security purposes and to protect the company's assets are retained for a maximum period of 7 days from their detection.
What are the PROCESSING METHODS?
The processing of data for the purposes set out above takes place both in automated form, on electronic or magnetic media, and in non-automated form, on paper. It should be noted that the Data Controller does not carry out fully automated decision-making processes.
WHO will we communicate your personal data to?
Your personal data may be communicated to subjects belonging to companies of the Group and to subjects external to the company in their capacity as Data Processors, such as suppliers of surveillance and security services and suppliers of technical services strictly related to the activity.
Your personal data may also be disclosed, upon request, to law enforcement agencies and public or judicial authorities for the fulfilment of legal obligations.
WHERE do we transfer your data?
The data collected will not be transferred outside the European Economic Area.
WHAT ARE YOUR RIGHTS?
In relation to the aforementioned processing, you may exercise the rights referred to in articles 15 to 22 of EU Regulation 2016/679.
In particular, in the cases set out in the Regulation, the Data Subject has the right to ask the Data Controller for access to their data (Art. 15 GDPR), rectification (Art. 16 GDPR) or deletion (Art. 17 GDPR). The Data Subject has the right to object to the processing (Art. 17 GDPR) or to request restriction of processing (Art. 18 GDPR) and to obtain their data in a structured, commonly used and machine-readable format (Art. 20 GDPR).
The aforementioned rights may be exercised against the Controller by writing to the e-mail address firstname.lastname@example.org or by contacting him at the addresses indicated at the beginning of this policy.
Pursuant to the applicable legislation, the Data Subject can also lodge a complaint with the Guarantor Authority for the protection of personal data pursuant to Art. 77 of the Regulation if they believe that their personal data has been processed in contravention of current legislation, or can refer to the judicial authority pursuant to Art. 78 GDPR.
The exercise of the Data Subject's rights is free of charge in accordance with Article 12 of EU Regulation 2016/679.
Update date: 01/01/2022
The Data Controller
AGN ENERGIA Spa