29.10.2024
Information pursuant to Regulation (EU) 2016/679 (GDPR)
Dear Sir/Madam,
Cantieri Navali dello Stretto S.r.l. has installed video surveillance cameras in some areas where it operates. These cameras may capture images of people passing by or stopping within their viewing range. The collection, recording, storage, and use of such images constitute the "processing of personal data" under the General Data Protection Regulation (EU Regulation 2016/679, GDPR).
Data Controller
The Data Controller is Cantieri Navali dello Stretto S.r.l.
You can contact the Data Controller at:
- E-mail: privacy@carontetourist.it
- Phone: 090/9038201
The C&T Group has appointed a Data Protection Officer (DPO) under Articles 37 et seq. of GDPR. The DPO can be reached at the Data Controller's office or via email at dpo@carontetourist.it.
Types of Data Collected
The personal data are images captured by surveillance cameras in the Punta Cugno area, in Augusta (SR), under concession to Cantieri Navali dello Stretto.
Processing occurs through a closed-circuit video surveillance system. Live images are monitored by on-site security personnel, which may include third parties expressly appointed for this purpose.
Access to recorded images is restricted to authorized personnel and only if requested by the data subject and public authorities, or in case of incidents that may endanger people's safety or company assets.
Visible signs indicating the presence of surveillance cameras have been placed in the monitored areas before individuals enter the cameras' viewing range.
Processing is conducted in compliance with the GDPR principles, applicable national legislation (Privacy Code), the European Data Protection Board’s Guidelines 3/2019 on video data processing, and the guidelines on video surveillance issued by the Italian Data Protection Authority (“Garante”).
Purpose and Legal Basis for Processing
Your data are processed for the following purposes:
|
|
Purpose |
Legal Basis |
|
a) |
To ensure the safety of individuals in the monitored area. |
Processing is necessary for the legitimate interests of the Data Controller, provided that such interests do not override the rights, freedoms, or interests of the data subject (Article 6(1)(f), GDPR). |
|
b) |
To protect company assets and maintain security in the monitored area. |
Processing is necessary for the legitimate interests of the Data Controller, provided that such interests do not override the rights, freedoms, or interests of the data subject (Article 6(1)(f), GDPR). |
|
c) |
To collect evidence of liability in the event of incidents. |
Processing is necessary for the legitimate interests of the Data Controller, provided that such interests do not override the rights, freedoms, or interests of the data subject (Article 6(1)(f), GDPR). |
Mandatory or Optional Nature of Processing
Processing personal data for the above purposes is necessary to monitor the flow of people and vehicles in the areas under surveillance. Data subjects can avoid processing by not entering these areas.
Notice signs indicating the presence of surveillance cameras are placed near all monitored areas.
Recipients of Personal Data
Real-time footage is monitored by on-site security personnel, which may include specifically appointed third-party operators.
Recorded images may also be disclosed to judicial authorities or law enforcement on specific requests.
Processing Methods
Personal data are collected as people transit through monitored areas. Processing is carried out using IT systems in compliance with data protection laws, with adequate technical and organizational measures in place as per Article 32.1 of GDPR. These measures ensure the integrity, confidentiality, and availability of data.
Access to data stored in electronic databases is restricted to authorized personnel through personal access credentials.
Data Retention Period
Recorded images are retained for up to 96 hours after capture unless special circumstances require a longer retention period, such as holidays, activity suspension, or specific investigative requests from judicial authorities or law enforcement.
After this period, the images are automatically overwritten with new recordings.
Data Subject Rights Under Articles 15-22 of GDPR
Data subjects can contact the Data Controller or any designated external processors to exercise their rights under Articles 15-22 of GDPR. These include:
- The right to access their data;
- The right to request the deletion of data;
- The right to object to processing (applicable to processing based on the Data Controller's legitimate interest);
- The right to request processing restrictions;
- The right to receive their data in a structured, commonly used, and machine-readable format.
However, as per Paragraph 3.5 of the Italian Data Protection Authority's Guidelines, the right to rectification does not apply to recorded images because they are real-time, objective representations of facts.
Data subjects also have the right to complain to the competent supervisory authority.
How to Submit a Request
To exercise the above rights, data subjects can contact the Data Controller anytime by emailing privacy@carontetourist.it.
They may also complain to the Italian Data Protection Authority at the following link: https://www.garanteprivacy.it/garante/doc.jsp?ID=4535524 or any other relevant supervisory authority.