Personal Data Processing Policy pursuant to Articles 13 and 14 of European Regulation no. 679/2016
1. Identity and contact details of the Data Controller
Pursuant to the code in force regarding the protection of Personal Data, under Legislative Decree no. 196/2003, as amended by Legislative Decree no. 101/2018, and the European Regulation on Personal Data Protection 2016/679, the Data Controller is the Municipality of Rimini, with registered office in Piazza Cavour 27 - 47900 Rimini.
In order to simplify the forwarding procedure and reduce response times, please submit any requests referred to in Paragraph 11 to the Municipality of Rimini, at Piazza Cavour 27 or email protocollo.generale@pec.comune.rimini.it.
2.The Personal Data Protection Officer
The Municipality of Rimini has appointed STUDIO PACI & C. SRL (with email: DPO@studiopaciecsrl.it - PEC: studiopaciecsrl@pec.it) as the Data Protection Officer.
3.Purpose and legal basis of the processing
The Data Subject’s Personal Data is processed by the Municipality of Rimini for the purposes of conducting institutional functions and thus, in accordance with Article 6 paragraph 1 letter e), does not require consent, or else is processed for additional services on the basis of the consent acquired. In the latter case, the Personal Data is processed exclusively for the purposes for which the Data Subject communicates their details, in accordance with Article 6, paragraph 1, letter a) of Regulation 2016/679.
For example: - registering for RiminiTurismo's Club Cittàmica; - signing up for the RiminiTurismo newsletter...
4. The Data Processor
The Municipality of Rimini may use third parties to complete certain activities and relative processing of the Personal Data, of which the Municipality itself remains the Data Controller. In accordance with the legal provisions, such entities shall ensure levels of experience, capacity and reliability in order to ensure compliance with current processing provisions, including the data security profile.
Instructions, tasks and appointments regarding such third parties are formalised by the Municipality of Rimini with the designation of the same as “Data Processors”. Such entities shall be subject to periodic checks in order to ensure the guaranteed levels recorded as part of the initial assignment are being maintained.
5. Persons authorised to conduct the processing
The Personal Data collated is processed by internal staff and collaborators who have received prior authorisation and designation to conduct the processing, with specific instructions given in relation to the measures, precautions and modus operandi, all aimed at the definite protection of the Data Subject’s Personal Data.
6. Data collection
The Personal Data is collected directly from the Data Subjects. In the event that the use of IT platforms is foreseen, certain Personal Data may be collected automatically by the computer system due to the use of such platforms. The Data Subjects' Personal Data shall be processed using automated and non-automated tools. Specific safety measures are observed to prevent data loss, illicit or improper use and unauthorised access.
7.Data provision
The provision of Personal Data is not compulsory but it is necessary, given that the failure to provide such shall result in the impossibility of carrying out the institutional activity pertaining to the procedure and impede subscription to additional services such as the Club Cittàmica or Newsletter.
8. Recipients of Personal Data
Upon exercising the right of access to administrative documentation and civic access by third parties, any communication of Personal Data shall occur exclusively in accordance with that set out under applicable legislation in force at the time. Personal Data may also be communicated, upon express request by the judicial or police authorities. Personal Data is subject to dissemination in cases set out under legislation and according to the principles of protection envisaged, including publication on the pages of the Municipality of Rimini’s website (Transparent Administration, Official Noticeboard, and so on).
9. Transfer of Personal Data to non-EU countries
The Personal Data that is gathered shall not be transferred outside the European Economic Area.
10. Retention period
Data Subjects’ Personal Data is retained for a period not exceeding that necessary for the pursuit of the aforementioned purposes. To this end, also via periodic checks, the strict relevance, non-excessive and indispensability of the data is consistently monitored in relation to the rapport, performance or assignment underway, to be established or concluded, also with reference to the data provided by Data Subjects under their own initiative. The data which, also following such verifications, is deemed excessive, irrelevant or superfluous shall not be utilised, except for the possible retention of the deed or document in which the data is contained, in accordance with the law. Personal Data may in any case be retained even beyond the period necessary for the aforementioned grounds, should this prove necessary for archiving purposes in the public interest, for historical research or for statistical reasons, as established under Article 5 of EU Regulation 2016/679.
11. Rights of the Data Subject
Data Subjects have the right of access to the data pertaining to them and to request – in compliance with the provisions and terms concerning the process – any updating, rectification, integration, erasure or blocking of any data that is not relevant or which has been collated in a manner that does not comply with the regulations, as well as to oppose processing for legitimate reasons, pursuant to Articles 15 to 22 of EU Regulation 2016/679.
In order to simplify the methods of forwarding and the response time, please submit requests to the Municipality of Rimini via emailing protocollo.generale@pec.comune.rimini.it, or to further discuss this right with us, by contacting us through the “Contacts” section of the website.
This is without prejudice to the right of the Data Subject to file a complaint with the Data Protection Authority acting as Supervisory Authority for the processing of Personal Data.