Privacy Notice Vaccination Obligations

Information on the processing of personal data relating to the verification of vaccination obligations

Pursuant to Articles 13 and 14 of EU Regulation No. 679 of 2016

EU Regulation 679/2016 (hereinafter the "Regulation") lays down rules on the protection of natural persons with regard to the processing of personal data.

In compliance with the principle of transparency provided for in Articles 5 and 12 of the Regulation, with this information notice the Autonomous Province of Trento provides you with the information required by Articles 13 and 14 of the Regulation (respectively, data collection from the Data Subject and from third parties) regarding the processing of personal data of employees required to comply with the vaccination obligation.

The data controller is the Autonomous Province of Trento (hereinafter, the "Data Controller"), in the person of its legal representative (President of the Provincial Council in office), piazza Dante n. 15, 38122 - Trento, tel. 0461.494697, fax 0461.494603, e-mail direzionegenerale@provincia.tn.itpec segret.generale@pec.provincia.tn.it

The persons responsible for data processing and the persons designated to reply to the Data Subject are the General Manager pro tempore of the Organisation, Personnel and General Affairs Department (Via Grazioli n. 1, 38122 - Trento, tel. 0461.496269, fax 0461.496224, e-mail dip.org.pers@provincia.tn.it pec dip.org.pers@pec.provincia.tn.it )

The contact details of the Data Protection Officer (DPO) are: via Mantova n. 67, 38122 - Trento, fax 0461.499277, e-mail idprivacy@provincia.tn.it (please indicate in the subject line:"DPO intervention request ex art. 38 EU Reg.").

The list of system administrators, whose activity also indirectly concerns services or systems that process or allow the processing of workers' personal information, may be consulted at the specific structure to which the employee is assigned. The list of such system administrators, appointed by Trentino Digitale S.p.A. as Data Processors, can be consulted on the provincial intranet .

The processing of your personal data will be carried out in compliance with the legislation on the protection of personal data and, in particular, with the principles of correctness, lawfulness and transparency, storage limitation and data minimisation in accordance with Articles 5 and 25 of the Regulation.

1. SOURCE OF PERSONAL DATA

Your data have been collected from the Data Subject (you yourself). Where available, the Data Controller may make use of the personal data necessary for the purposes of this processing in the manner provided for in paragraph 3 of Articles 4-bis and 4-ter of Legislative Decree no. 44 of 1 April 2021.

2. CATEGORY OF PERSONAL DATA

The processing in question relates to the verification of compliance with the vaccination obligations provided for by Decree-Law no. 172 of 26 November 2021 and, in particular, the personal data of the interested party such as name and surname, date of birth, any tax code and other personal data contained in the certificate of vaccination, in the certificate of omission or postponement of the vaccination obligation in the event of an established health risk, in the documentation proving the booking of the vaccination or in the communication of the refusal to comply with the obligation.

3. PURPOSE OF PROCESSING

In compliance with art. 13 of the Regulations, your data will be processed in order to fulfil the specific duty of the Data Controller to verify compliance with the vaccination obligation provided for under articles 4-bis and 4-ter of D. L. 1 April 2021, no. 44 as introduced, respectively, by D.L. 10 September 2021, no. 122 and D.L. 26 November 2021, no. 172 for the purposes of prevention of SARS-CoV-2 infection and, in the event of non-compliance, for the application of the relevant legal and economic treatment, including the possible assessment of liability.

The provision of your data is compulsory and consent for its processing is not required.

4. METHODS OF PROCESSING

The processing will be carried out using paper and/or automated (computer/electronic) methods with organisational and technical systems that guarantee the availability, confidentiality and integrity of the data.

Your data will be processed exclusively for the aforesaid purposes by employees specifically authorised to process data and duly instructed by the Data Processors (Managers) or their delegates.

5. AUTOMATED DECISION-MAKING PROCESSES AND PROFILING

The existence of an automated decision-making process, including profiling, is excluded.

6. COMMUNICATION AND DISSEMINATION OF DATA (CATEGORIES OF RECIPIENTS)

Your personal data will be communicated to employers or competent authorities for the possible initiation of liability proceedings in the cases provided for. Your data will not be disseminated.

Only the information that is strictly necessary for your access or non-accessibility to the workplace will be transmitted to your assignment structure.

7. TRANSFER OUTSIDE THE EU

Your personal data will not be transferred outside the European Union.

8. PERIOOD OF DATA RETENTION

In compliance with the principle of storage limitation, your data will be kept for the time strictly necessary for the application of the measures provided for in Articles 4-bis and 4-ter of Legislative Decree no. 44 of 1 April 2021, as amended.

9. DRIGHTS OF THE INTERESTED PARTY

With respect to the Data Controller and at any time, you may exercise your rights under the Regulation.

According to the regulation you may:

1. requestaccess to your personal data and obtain a copy thereof(Art. 15);
2. if you consider them to be inaccurate or incomplete, request their correctionor supplementation respectively(Art. 16);
3. if the legal requirements are met, request their deletion(Art. 17), or exercise the right to limitation(Art. 18);
4. object to the processing of your data at any time on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out in the public interest(Art. 21).

Pursuant toArt. 19, to the extent that this proves impossible or involves a proportionate effort, the Controller shall inform each of the possible recipients to whom the personal data have been transmitted of the rectification or erasure or restriction of processing carried out; if you so request, the Controller shall inform you of these recipients.

Furthermore, you have the right to lodge a complaint with the Data Protection Authority at any time.