Interested subjects: persons filmed by video surveillance systems.

§ The updated version of this policy is also available at all times on the following website: https://www.privacylab.it/informativa.php?21287458525 [IT version]

ABOUT US

The company Ve.La. S.p.A - (from this point forward referred to as Vela), with its registered office in Venice, Isola Nova del Tronchetto 21, is the Data Controller of the personal data collected; Vela is subject to the management and coordination of AVM S.p.A. and performs several activities, which include: (i) distribution, marketing and sale of transport tickets and tickets granting access to public and private services, such as museums, cultural institutions, shows, sporting events and other similar activities; (ii) activities for the coordination, development and distribution of services and products, aimed at improving the quality of visits and the management of tourist flows in the Municipality of Venice; (iii) programming artistic and entertainment events, including the great traditional Venetian festivals, and adding value to marketing activities linked to the brand of the City of Venice; (iv) promotion and management of the spaces under the ownership of the Municipality of Venice in the premises of the Arsenale.

 

THE PERSONAL DATA THAT MAY BE COLLECTED FROM YOU

In the framework of the activity, we may collect and then process various categories of common personal data, namely: vehicle identification data (licence plate number, vehicle description), image, footage and video surveillance system recordings.

 

PURPOSES FOR WHICH YOUR DATA MAY BE USED

Specifically, Your personal and contact data will also be used for the following purposes necessary for the fulfilment of the holder's legitimate interest:

• requirements in terms of organisation, production, and work safety as a result of the installation of audiovisual equipment and/or other instruments that also allow for remote monitoring of the activities of workers, in order to increase the safety and security within the premises of the Company;
• the protection of company assets.

 

HOW YOUR PERSONAL DATA IS PROCESSED

All of your personal data is stored in our records or the records of our suppliers or business partners and it is accessible and used in compliance with our security standards and policies (or the equivalent standards applied by our suppliers or business partners).

Your personal data may be processed using the following methods:

• a video surveillance system, installed in compliance with all the applicable regulations (and therefore, where necessary, following trade union agreements).

We use a wide range of security measures to improve the protection and maintenance of the security, integrity and accessibility of your personal data.

The measures we implement include, and are not limited to, the following:
- strict restriction of access to your personal data, on a need-to-know basis and only for the specified purposes;
- perimeter security systems to prohibit unauthorised access from external sources;
- permanent monitoring of access to information systems in order to detect and stop the misuse of personal data;
- vulnerability tests, aimed at highlighting any gaps in perimeter security;
- tracking of access to your personal data by our staff and the control of the purpose it serves;
- double-factor authentication;
- encryption using Secure Socket Layer (SSL) technology in the case of transactions on our websites that require you to submit your personal data.

WHO WE CAN SHARE YOUR PERSONAL DATA WITH

Your data is only processed by our specifically instructed and authorised staff and, more specifically, by the following categories of staff:

• Vela employees in the specific relevant departments.

In order to execute some of the processing activities, we may communicate your personal data to the following categories of external parties, who will process them either as independent data controllers or as data processors, duly appointed in compliance with the applicable legislation:

1. insurance companies;
2. subsidiary and associated companies;
3. consulting and IT services companies.

 

THE PERIOD OF TIME YOUR PERSONAL DATA IS STORED

In compliance with the principles of lawfulness, purpose limitation and data minimisation, in compliance with Article 5 of the GDPR, we retain your personal data only for the time necessary to achieve the purpose for which it was collected or for any other legitimate related purpose. Therefore, if personal data is processed for two separate purposes, we retain that data until the purpose with the longer retention period expires, but we do not continue to process personal data for the purpose for which the retention period has expired. We restrict access to your personal data only to the subjects who require them to fulfil their tasks.

The personal data that are no longer required, or for which there is no longer a legal requirement for the retention thereof, is irreversibly anonymised (and as such can be safely stored) or destroyed.

Below are the retention times in relation to the different purposes listed above:

• 5 days; in the event that defense in court is necessary, records may be retained for as long as necessary for such purposes.

 

YOUR DATA PROTECTION RIGHTS AND YOUR RIGHT TO LODGE COMPLAINTS WITH THE SUPERVISORY AUTHORITY

You are entitled to obtain, if the conditions provided for by law are met, confirmation as to whether or not personal data concerning you exist, to have them communicated to you in an understandable form and to lodge a complaint with the supervisory authority.

More specifically, you are entitled to be provided with:

• access to your personal data and all related information (Article 15 of the GDPR);
• the correction of inaccurate personal data and the integration of incomplete personal data (Article 16 of the GDPR)
• the erasure of personal data if any of the cases specified in Article 17 of the GDPR exist
• the restriction of the processing of your personal data if any of the conditions specified in Article 18 of the GDPR exist
• the portability of personal data (Article 20 of the GDPR).

You are entitled to object, in whole or in part, to the processing of personal data relating to you:

• for legitimate reasons associated with your particular situation, even if they are relevant to the purpose of the data collection.

 

CONTACT DETAILS

Please be informed that the Data Controller is Ve.La S.p.A (Isola Nova del Tronchetto, 21 , 30135 Venezia (VE), VAT 03069670275. Contact details: e-mail vela@velaspa.com, telephone + 39 041 27 22 661).

We also inform you of the fact that we have appointed an external Data Protection Officer (DPO), whom you are entitled to contact as a general contact on issues relating to the protection of your personal data and associated rights.

DPO Data Protection Officer (e-mail contact details:  dpogruppoavm@avmspa.it).

The updated version of this policy is also available at all times on the following website: 

https://www.privacylab.it/informativa.php?21287458525