Information on applicants for approval, onboarding and certification services

INFORMATION TO APPLICANTS FOR B-PAY APPROVAL AND/OR ONBOARDING SERVICES AND TO APPLICANTS FOR THE CERTIFICATION SERVICE PURSUANT TO AND FOR THE PURPOSES OF ARTICLES 13 AND 14 OF THE 2016/679 EU REGULATION “GENERAL DATA PROTECTION REGULATION”

We inform you that Regulation (EU) 2016/679 (hereinafter “Regulation”) and the related Italian supplementary legislation (hereinafter, together with the Regulation, “Privacy Policy”) establish rules relating to the protection of individuals with regard to the processing of personal data and protect their fundamental rights and freedoms and, in particular, the right to the protection of personal data.

‍

In accordance with the principles dictated by the Privacy Legislation and, specifically, pursuant to articles 13 and 14 of the Regulation, BANCOMAT S.p.A. (hereinafter “BANCOMAT” or “Company” or “Data Controller”) describes below the methods and purposes with which the same — with its sole office in Piazzale Luigi Sturzo n. 15, 00144, Rome — as Data Controller pursuant to art. 4, point 7), of the Regulation, will process the personal data acquired during the approval and/or Onboarding B-Pay procedure and the provision of the Certification service for technological rails BANCOMAT® and PagoBancomat® and BANCOMAT Pay® (hereinafter referred to as “Rail”).

‍

The personal data collected concern, in particular, the personal data, professional qualifications and contact details of representatives, contacts and/or collaborators of BPay Approval and/or Onboarding Applicants (hereinafter “RO”) or Certification Applicants (hereinafter “RC”) — including: Members, Terminal Vendors, Terminal Managers, Service Secure Rooms, Authorization Centers, Service Centers and Manufacturers — involved in the above-mentioned Approval and/or Onboarding B Pay and/or Certification processes, after the conclusion of a special contract with BANCOMAT (of followed by 'Contract'). They are acquired directly by ROs or RCs when filling out the letter of adhesion and the Request for Approval and/or Onboarding B-Pay or Certification in the Rails or acquired by the individual representatives, contacts and/or collaborators of the RO or RC during the membership relationship (for example through the RO declarations form on the personnel assigned to the Approval or through the additional forms available on the “BANCOMAT ON LINE” (“BOL”) platform accessible through the institutional website www.bancomat.it) or again from public lists and records and professional registers.

‍

These personal data will be processed for the following processing purposes:

a) pursuant to art. 6, paragraph 1, letter c) of the Regulation, to comply with legal obligations established by current tax legislation;
b) pursuant to art. 6, paragraph 1, letter b) of the Regulations, to execute the Contract between the Company and the ROs or the RCs;
c) pursuant to art. 6, paragraph 1, letter f) of the Regulation, to pursue the legitimate interest of the Data Controller in exercising or defending a right in court or out of court, even in the event of a breach of contract.

‍

The provision of personal data is optional but necessary, as any refusal by the interested party to provide the data requested in the forms in use makes it impossible to carry out activities related to and related to the Request for Approval and/or Onboarding B Pay and Certification and, therefore, in the event of failure to provide it, it will not be possible to proceed with the conclusion of the relevant Contract and give it correct and timely execution.

‍

Personal data will be processed with automated and non-automated tools, by specifically authorized and specially trained personnel. Specific security measures will be observed to prevent data loss, illegal or incorrect use of the data and unauthorized access. They will be kept for a maximum period of 10 years from the date of termination of the effective of the Agreement concluded between BANCOMAT and ROs and RCs.

BANCOMAT's employees and collaborators may become aware of the personal data collected, who, through their activities, contribute to the execution of the Reference Contract, as well as the following categories of subjects, who, as Data Processors, provide the Data Controller with services instrumental to carrying out their institutional activity: IT service providers; management service providers; administrative service providers; external professionals and consultants, whose names may always be requested from ATM at the addresses indicated below.

‍

Personal data will not be disclosed to third parties and will not be subject to “dissemination”, meaning dissemination or transmission to undetermined subjects, except for the execution of any legal obligations or by possible order of a judicial authority or police force.

‍

There is no provision in any way for the processing of personal data outside the European Economic Area.

‍

Each interested party retains the right to exercise, in cases permitted by law, at any time, free of charge and without formalities, the following rights referred to in articles 15 to 22 of the Regulation: the right to request access to personal data (i.e. the right to obtain confirmation of whether or not personal data concerning them is being processed and, in this case, to obtain access to the data itself, obtaining a copy, and to the information referred to in art. 15 of the Regulation); the correction (or the right to obtain the correction of inaccurate data concerning him or the integration of incomplete data) or the cancellation of the same (or the right to obtain the cancellation of data concerning him, if there is one of the reasons indicated by art. 17 of the Regulation); the limitation of the processing that concerns him (i.e. the right to obtain, in the cases indicated by art. 18 of the Regulation, the marking of the data stored with the aim of limiting their processing in the future), as well as the right to data portability (or the right, in the cases indicated by art. 20 of the Regulation) Regulation, to receive, in a structured format, commonly used and readable by an automatic device, the data concerning him, as well as to transmit such data to another data controller, without impediments).

‍

Furthermore, each interested party has the right to revoke consent to the processing of their data at any time, without this affecting the lawfulness of the processing based on the consent obtained before the revocation, as well as to object, at any time, for reasons related to their particular situation, to the processing of personal data concerning them pursuant to art. 6, paragraph 1, letter f) of the Regulation.

‍

Requests relating to the exercise of the rights described above should be addressed to BANCOMAT, with a single office in Piazzale Luigi Sturzo 15, 00144, Rome; e-mail: privacy@bancomat.it. In response to this request, the Data Protection Officer appointed by BANCOMAT pursuant to articles 37 et seq. of the Regulation is appointed by the Data Protection Officer appointed by BANCOMAT.

‍

Interested parties who believe that the processing of their personal data carried out with reference to what is specified in this information is in violation of the provisions of the GDPR have the right to lodge a complaint with the Guarantor Authority for the protection of personal data (www.garanteprivacy.it), as required by art. 77 of the GDPR itself, or to go to appropriate courts (art. 79 of the GDPR).

‍

The always updated version of this information will always be available to interested parties on the page of the Site containing access to BOL and related Services.