COVID-19

Privacy Policy Statement pursuant to art. 13-14 of EU reg. 2016/679 GDPR (General Data Protection Regulation)

In the emergency related to the spread of the COVID-19 coronavirus epidemic, we provide below the information relating to the processing of your personal data in compliance with art. 13 of the European Union Regulation 2016/679 (“GDPR”).

The principles of fairness, lawfulness, transparency and protection of your privacy and your rights are the foundation of this treatment.

1. Processing of personal data

The following data shall be processed, within the scopes and methods defined in this statement:

  1. data related to body temperature;
  2. information on close contacts at high risk of exposure, with suspected subjects or subjects tested positive to COVID-19 in the last 14 days;
  3. information regarding the origin from risk areas according to WHO indications, in the last 14 days.

The processed data refer to the following data subjects:

  1. staff and external consultants. This statement supplements that already provided for the processing of personal data functional to the establishment and implementation of the employment or consultancy relationship;
  2. suppliers; customers; contractors; visitors. Patients, relatives, guardians, referents, support administrators and patients’ chaperones; guests and any other third party authorized to access the offices, spaces or other places related to your facility.

2. Purpose of data processing

In order to implement the anti-contagion safety protocol, pursuant to art. 1, no. 7, lett. d) of the Decree Law of the Italian Presidency of the Council of Ministers dated 11th March 2020, personal data will be processed for these purposes.

3. Nature of data provision and consequences of the refusal to respond, legal basis

Taking into account the purposes of data processing as illustrated above, we inform you that your personal data are processed without your explicit consent where deemed necessary to safeguard your health and the health of others (art. 6, lett. d) GDPR – Decree Law no. 6 dated 23rd February 2020 (on urgent measures for the containment and management of the epidemiological emergency by COVID-19) and Decree Law of the Italian Presidency of the Council of Ministers dated 11th March 2020, as well as to allow access to offices, spaces or other places in your facility (art. 6, lett. b) GDPR; the provision of data is therefore mandatory and the incorrect or partial provision or failure to provide such data may result in the impossibility to access the area.

4. Methods of data processing

Based on specific instructions provided in relation to the purposes and methods, the data processing is carried out by the staff acting on the basis of precise given instructions.

The same may be performed by a third party who acts as data processor formally appointed by the Data Controller pursuant to art. 28 GDPR and clearly identifiable and recognizable.

In the event where the body temperature shall be measured, the company does not carry out any recording of the data. The identification of the data subject and the recording of the exceeding of the temperature threshold could take place only if it was necessary to document the reasons for which access was prevented. In this case, the data subject will be informed.

5. Duration of the processing

The data will be kept and will be processed for the time strictly necessary to pursue the aforementioned purpose of preventing contagion from COVID-19 and no later than the end of the state of emergency, currently set to 31st July 2020 in the Decision of the Council of Ministers dated 31st January 2020, i.e. until it will be necessary to process them due to:

  1. specific regulatory obligations;
  2. provisions of public authorities;
  3. any grounds for justice.

6. Disclosure of your data

We inform you that your data will be disclosed:

  1. exclusively within the purposes indicated in this statement only to subjects internal to our Company expressly authorized;
  2. for the sole purposes referred to in the previous point to the appointed data processors;
  3. to all public entities for which there is or will be an obligation for the Data Controller to communicate the data.

Personal data will not be disclosed to third parties or disseminated, except for specific regulatory obligations (e.g. in the event of reconstruction of the chain of close contacts of an employee tested positive for COVID-19 and consequent request by the Health Authority)

7. Your rights

In relation to the data processed by the company you can, at any time, exercise the following rights:

  • right to access personal data, to know which data are processed and the details related to the processing;
  • right to request rectification of personal data, which allows to request the amendment of inaccurate or obsolete data;
  • right to data portability, which allows to obtain a copy of the data that are processed for possible transfer to another data controller, other than the company;
  • right to obtain restriction of processing, where applicable as provided for by the applicable discipline;
  • right to erasure, which allows to request the erasure of personal data;
  • right to object, cessation of data processing (e.g. commercial communications);
  • right to lodge a complaint with the supervisory authority, for any reports, complaints or appeals to the Data Protection Supervisor: www.garanteprivacy.it

8. Contact data

The Data Controller can be contacted at: info@touringsuperleggera.eu