In the European conception of the term, personal data protection means a system for processing personal data that combines the principle of confidentiality (privacy) with the principles ensured by EU Regulation 2016/679 (GDPR), i.e. the availability and integrity of any data processed; this therefore entails a greater level of attention by the Fund to the security of the information it holds.

To download the information to members provided pursuant to EU Regulation 2016/679 and Legislative Decree 196/2003 as amended by Legislative Decree 101/2018, please go to the forms section.

Fasi explains below how it processes the data of users who visit its website and how the cookies installed by the website work.

The information is provided in compliance with Article 13 of GDPR 2016/679 (General Data Protection Regulation), with Recommendation No. 2/2001 of the Article 29 Working Party, and with the General Provision regarding cookies of the Italian Data Protection Authority of 8 May 2014, No. 229.

The following applies only to the www.fasi.it website; the Data Controller is not responsible for any data entered or cookies installed by other websites that may be accessed via links

INFORMATION NOTICE REGARDING VIDEO SURVEILLANCE DEVICES

Information notice regarding video surveillance devices provided
pursuant to EU Regulation 2016/679 and Legislative Decree 196/2003
as amended by Legislative Decree 101/2018

In compliance with the regulations regarding personal data protection, Fasi, in its capacity as Data Controller, pursuant to the provisions of Articles 13 and 14 of EU Regulation 2016/679 wishes t provide you with information regarding:

  • the purposes of and methods used in processing your personal data;
  • the scope of communication and possible dissemination of the same;
  • the nature of the data collected and their provision.

The purpose of this document is to illustrate the nature, purpose and processing methods of the
images captured by devices placed outside and inside the Fasi premises located in Via Vicenza 23 – 00185 Roma.

1- Data Controller
The Data Controller is Fondo Assistenza Sanitaria Integrativa (Fasi) – Via Vicenza 23, 00185 Roma, in the person of its President pro tempore.

2- Data Protection Officer
The Fund has appointed a Data Protection Officer (DPO), who can be contacted by email at dpo@fasi.it.

3- Purpose and legal basis of processing
Processing is performed exclusively for video-surveillance purposes in protection of the company’s assets from unlawful and criminal acts. The legitimising criterion can therefore be found in Art. 6 para. 1 lett. f) of European Regulation 2016/679 (hereinafter also “GDPR”).

4- Data Subjected to processing
The data subjected to processing comprises images from video surveillance devices located both outside and inside the facility and indicated by specific signage.

5- Methods of processing
The processing of images will be carried out using manual, computer, and/or telematic tools, with organizational and processing logics strictly related to the intended purposes, and always in such a way as to ensure the security, integrity, and confidentiality of the data, in compliance with the organizational, physical, and logical measures required by the applicable regulations. This is done to minimize the risks of destruction, loss, modification, unauthorized access, or unauthorized disclosure.

6- Storage period
The images captured by the video surveillance systems are retained for a maximum period of seven days and are then automatically deleted, unless their use is necessary for purposes of protecting the legitimate interest of the Data Controller in legal proceedings.

7- Recipients of personal data and Data Processors
The data provided are not subject to dissemination. Except in cases of proven necessity and by adopting specific authorization and security measures, the images may be transferred to Industria Welfare Salute S.p.A. (IWS), which will process them as an independent data controller. The list of any data processors may be requested directly from the Data Controller.

8- Transfer outside the EU
Your personal data will not be transferred by Fasi to any countries outside the EU. Should any such need arise, this will be done pursuant to Articles 44 et seq. of EU Regulation 679/2016.

9- Rights of the data subject
You may assert your rights under Articles 15 to 22 of the GDPR by contacting the Data Protection Officer via email to dpo@fasi.it

10- Complaints
Furthermore, Fasi informs you that you have the right to make a complaint to the Data Protection Authority according to the procedure described at gpdp.it

Some of the icons used belong to a project curated by OBSERVATORY679 and have not been modified by Fasi. CC License by OSSERVATORIO679

 

INFORMATION ON WEB SURVEILLANCE DEVICES

Information provided by IWS in accordance with art. 14 of the GDPR

Based on the provisions of paragraph 5.c of the above-mentioned Fasi notice, images from the video surveillance system may be transferred to IWS only and exclusively in the event of incidents involving the assets of IWS itself. IWS will act, to the extent of its responsibility, as an autonomous data controller, based on the legitimate interest (Article 6 paragraph 1 letter f of the GDPR) of protecting the company’s assets.

Any images that may be captured, which will be processed solely by specifically authorised personnel, will not be disseminated or transferred outside the European Union, and will be retained for as long as is strictly necessary for IWS to exercise its right to protect the company assets.

The data subjects may exercise, with IWS, the rights referred to in Articles 15 et seq. of the GDPR by contacting the IWS Data Protection Officer (DPO) by email to dataprotection@industriawelfaresalute.it.

WEB INFORMATION NOTICE

Web information notice for users of the website pursuant to Article 13 of Regulation (EU) 2016/679.

Pursuant to Regulation (EU) 2016/679 (hereinafter the “Regulation”), this page describes the methods of processing of personal data belonging to users of the Fasi – Fondo Assistenza Sanitaria Integrativa – website which can be accessed at www.fasi.it . This information does not regard other websites, pages or online services that can be accessed by clicking any hypertext links shown on this website that relate to resources outside this domain. After viewing pages on the above-mentioned site, data relating to identified or identifiable natural persons may be processed.

DATA CONTROLLER

The data controller is Fasi – Fondo Assistenza Sanitaria Integrativa, with headquarters in via Vicenza, 23, 00185 Roma.

TYPE OF DATA PROCESSED AND PURPOSES OF PROCESSING

Browsing data
During normal operations, the computer systems and software procedures used for this website to function capture certain personal data, the transmission of which is implicit in the use of Internet communication protocols. They are not collected with the aim of linking them to identified data subjects, but could by their very nature – through processing and association with data held by third parties – enable users to be identified. This category of data includes the IP addresses or domain names of the computers of users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the resources requested, the time of the request, the method used to send the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s response (success, error, etc.) and other parameters connected with the user’s operating system and IT environment. This processing can be considered legitimate since it is necessary for browsing the website as requested by the user (Article 6, para. 1 lett. b of the Regulation). Browsing data are also processed for the legitimate interest of the Data Controller (Art. 6, para. 1 lett. f of the Regulation) in order to: gather anonymous statistical information on the use of services (most visited pages, number of visitors per hour or per day, etc.); verify the correct functioning of the services offered. Browsing data are not retained for more than six months (other than in the event of any need for criminal investigations by the judicial authority).

Cookies on the Website
As regards the cookies used on this site, please see the “Cookie settings” – Consent to cookies” banner on the web page, where you can indicate your preferences. For more information on cookies please click here.

PROCESSING METHODS

Processing will be carried out with the support of electronic or automated methods and using an organisational and processing logic that is closely related to the purposes themselves, and always in such a way as to ensure the security, integrity and confidentiality of the data to reduce any risks of destruction or loss, unauthorised access, modification or unauthorised disclosure.  The data collected are not disseminated and will not be transferred outside countries regarded as safe by the European Commission or to any subject that is not a party to international programmes for the free circulation of data.

RECIPIENTS OF THE DATA

The recipients of the data collected after visiting the above-mentioned website are the third parties who manage the cookies. The personal data collected are also processed by personnel of the undersigned, who act on the basis of specific authorisations and instructions regarding the relevant purposes and methods used.

RIGHTS OF THE DATA SUBJECT

The data subject may contact the Data Controller without any particular formalities to exercise his/her rights under Articles 15 to 22 of the Regulations (right of: access to personal data, rectification, deletion, restriction, portability, as well as to object to the processing and to be informed of any automated decision-making processes), without prejudice to the right to make a complaint to a Data Protection Authority. These rights may be exercised by contacting the Data Controller with headquarters in via Vicenza 23 – 00185 Roma or its appointed DPO at the following email address dpo@fasi.it