Subjects involved: Subjects who access the company premises.

Transmec Servizi Spa, as Data Controller of your personal data, pursuant to and for the purpose of EU Reg. 2016/679, hereafter “GDPR”, with the following informs you that the aforementioned legislation provides for the protection of the people involved with respect to the processing of personal data and that such processing will be based on principles of fairness, lawfulness, transparency and protection of your privacy and rights.

Your personal data will be processed in accordance with the legislative provisions of the aforementioned law and the confidentiality obligations set forth therein.

Purpose and legal basis of the processing: in particular your data will be processed for the following purposes related to the implementation of obligations concerning legislative obligations:

• Verification of the GREEN PASS validity status, compliant to legal obligations relating to D.L. 127/2021 and Art. 13 of DPCM 17/06/2021. You will not be allowed to access if your temperature exceeds 37.5° or the GREEN PASS should not be valid. The information will be verified when accessing the premises, by authorized personnel, who will carry out the operations in accordance with the instructions issued by the Public Authorities on this subject. Personal data relating to the temperature and the GREEN PASS will not be collected, stored and/or recorded, but only verified when accessing in instant mode.

Methods of processing. Your personal data may be processed in the following ways:

• The GREEN PASS will be verified through the national verification App system: VerificaC19, which allows the reading of the QR code (in paper or electronic format). This application enables the verification of the authenticity and validity of the certifications, without the need for internet connection (offline) and without storing any personal data on the verifier’s device. The QR Code does not reveal how the GREEN PASS has been obtained. The VerificaC19 application complies with the European version, but decreases the amount of data that can be viewed by the operator, to minimize the processed information. For more information https://www.dgc.gov.it/web/faq.html#verifica19. Your body temperature will be verified by the personnel in charge before accessing the premises by electronic devices that are not connected to any telematic network and that are not able to record any information.

Each treatment is carried out in compliance with the procedures set out in Art. 6, 32 of the GDPR and by adopting the appropriate security measures provided.

Your data will be processed by authorized personnel only and in particular by the following categories:

• Appointed verifiers;
• Receptionists duly appointed as external data processors.

Communication: your data may be communicated to external parties for the correct management of the relationship and in particular to the following categories of recipients, including all duly appointed Data Processors.

• The data could be requested by the competent Authorities for the purpose of checking compliance with the obligations imposed by the legislation.

Disclosure: your personal data will not be disclosed in any way.

Retention period. In compliance with the principles of lawfulness, purpose limitation and data minimization, pursuant to Art.5 of GDPR, the retention period of your personal data is:

• Your data will not be stored nor recorded.

Data Controller: the Data Controller, pursuant to the law is Transmec Servizi Spa (Via Ponte Alto 32 , 41011 Campogalliano (MO); VAT n.: 02477120360 ; who can be contacted at the following addresses: [email protected]; Telephone: +39 059 895811) in the person of its pro tempore legal representative.

The Data Protection Officer (DPO) designated by the owner, pursuant to Art. 37 of GDPR is:

• LUCIA GRASSI (E-mail: [email protected]).

You have the right to obtain the cancellation (right to be forgotten), limitation, updating, ratification, portability, opposition to the processing of personal data, concerning you, as well as in general you can exercise all the rights provided by articles 15, 16, 17, 18, 19, 20, 21, 22 of GDPR.

EU Reg. 2016/679: Articles 15, 16, 17, 18, 19, 20, 21, 22, 72 – Rights of the interested party

1. The interested party has the right to obtain confirmation of the existence or not of personal data concerning him, even if not yet registered, their divulgation in an intelligible form and the possibility of making a complaint to the Supervisory Authority.
2. The interested party has the right to obtain information regarding:
   1. the origin of personal data;
   2. the purpose and methods of the processing;
   3. the logic applied in case of processing carried out by means of electronic tools;
   4. the identity of the owner, managers and representatives appointed under Art. 5, paragraph 2;
   5. the subjects or categories of subjects to whom personal data may be communicated or who can learn about them as appointed representatives, managers or agents.
3. The interested party has the right to obtain:
   1. updating, rectification or, when interested, integration of data;
   2. cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept for the purpose for which the data were collected or subsequently processed;
   3. the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disclosed, except in the case in which this fulfillment proves impossible or involves the use of means that are manifestly disproportionate to the protected right;
   4. data portability.
4. The interested party has the right to object, in whole or in part:
   1. for legitimate reasons to the processing of personal data concerning him, even if pertinent to the purpose of the collection;
   2. to the processing of personal data concerning him for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication.