Policy | Processing of personal data for the verification of the possession of the COVID-19 green certifications for access to the workplace

Information on the processing of personal data for the verification of the possession of the COVID-19 green certifications for access to the workplace



From 15.10.2021 the Company ESTEL GROUP SRL is required to carry out the verification of the COVID-19 green certificate (aka “Green Pass”), in compliance with the provisions of art. 9-septies of Legislative Decree no. 52 of 22 April 2021, in the manner defined by the Prime Ministerial Decree of 17 June 2021, using the specific “VerificaC19” application, for access to their workplaces for people who must carry out a work activity, whether they are also employees of third-party companies in charge of carrying out particular activities (e.g. contractor employees, suppliers, etc.), as well as for the performance of the work activities of its employees with third parties. Those who are exempt from the vaccination campaign are also excluded from the obligation to possess and show the Green Pass, while remaining required to present a special medical certificate issued in accordance with the indications provided by the Ministry of Health.

Highlighting how the entry by workers without a Green Pass constitutes a violation of the rule punishable by a specific administrative fine, and how the Company / Body can also respond to violations for not having put in place the necessary checks on the use of the Green Pass by its workers and employees of third-party companies or for not having defined the operating methods for carrying out the checks, the following information is issued pursuant to Article 13 of EU Regulation 679/2016 (cd. “GDPR”) regarding the processing of personal data resulting from the performance of the checks themselves.

Owner of data processing
The data controller is ESTEL GROUP SRL with registered office in Via Santa Rosa, 70, Thiene, VAT number 03814040246, contact details: tel. 0445 389611, e-mail estelgroupsrl@pec.estel.com.

Purpose of the processing and legal basis
The processing of personal data is aimed exclusively at verifying, by the Company / Body, as an employer, the possession of COVID-19 green certifications (cd. “Green Pass”) valid to allow its employees and third party employees who must carry out a work activity at the same Company / the same Body, to access the places of execution of work activities, or even to their employees and collaborators to go to third party workplaces.

The legal basis of the data processing is constituted by the need to fulfill a legal obligation to which the Data Controller is subject (pursuant to Article 9-septies of Legislative Decree no. 52/2021 and in accordance with Article 13 of the Prime Ministerial Decree of 17.6.2021), as well as to perform a task of public interest or connected to the exercise of public powers, respectively pursuant to art. 6, par. 1 letter .c) and e) of the GDPR. In addition, the processing is necessary for reasons of significant public interest pursuant to Article 9, paragraph 2, letter g) of the GDPR.

Categories of data processed
As part of the verification process of COVID-19 green certificates, only personal data referring to the aforementioned workers and employees of third-party companies will be processed. More specifically, the following will be covered: – common personal data referred to in art. 4, n.1 of EU Regulation 679/2016, namely: name, surname, date of birth; – data relating to health, falling within the special categories of data referred to in art. 9 of the GDPR, only if they are related to the exhibition of medical certification for subjects exempt from the vaccination campaign; – data relating to the outcome of the verification regarding the possession of the valid COVID-19 green certification.

Methods of data processing and storage
The data will be processed by subjects specifically authorized with a formal act to process, using only the “VerificaC19” application inserted in a special Smartphone device, which allows only the impromptu reading of the authenticity, validity and integrity of the certification and which allows you to check with the National Platform-DGC the same “Green Pass” by reading the QR Code present in the Green Pass. The verification process allows, therefore, to carry out only the operations of consultation and visualization of the data. The results of the checks, relating to the possession or not of a valid COVID-19 green certification, returned by the National Platform-DGC, will not be stored in any way in any analog or digital form. The provision of data is mandatory for access to the places where the work takes place, as required by current legislation; failing that, it will not be possible to access them.

Recipients of the communication of certification data
Personal data, processed solely for the achievement of the verification purposes indicated above, and through the sole impromptu reading, excluding any form of storage of the same data, will not be communicated by the Data Controller to third parties, except to the company’s personnel office and to the data processors appointed for payroll management, for any measures provided for by the emergency rules for employees without valid certification.Transfer of personal data to third countries or international organizations
There are no automated decision-making processes or transfers of personal data to third countries (non-EU) or international organizations.

Rights of data subjects and complaint
Pursuant to Articles. from 15 to 21 of the GDPR, the interested parties have the possibility to exercise the rights provided for therein, including: the right of access (art. 15), the right of rectification (art. 16); the right to cancellation (art. 17), opposition (art.21): moreover, in the cases provided for, you can lodge a complaint with the Privacy Guarantor.