Mobility privacy

1. DATA CONTROLLER

The Data Controller is ADR Mobility S.r.l., with registered office in Via Pier Paolo Racchetti, 1 - 00054 Fiumicino (Rome) (hereinafter, “ADR Mobility” or the “Controller”), which, by virtue of current ENAC ordinances and existing agreements, exclusively manages the entry and exit of the aforementioned areas.
It remains understood that, within the scope of their jurisdiction, the Fiumicino Local Police Department operates independently by reason of applicable regulations.

2. DATA PROTECTION OFFICER

3. TYPES OF DATA PROCESSED

In compliance with the principles established by current legislation, the personal data[1] processed are those collected during the management of ZTC-ZTL areas and parking meter services.
Regarding vehicles entering and exiting the ZTC and ZTL areas of the Airports, ADR Mobility uses designated systems marked by specific signage to capture a snapshot of the vehicle with its related license plate, the area and the time and date of entry and exit of the vehicle.
For timed parking in the blue-marked areas within the ZTC zone at Fiumicino airport "Leonardo da Vinci", parking meters are available for payment, including via debit or credit cards, which prevent the vehicle from being fined for exceeding the parking time limit in the ZTC area. In this case, ADR Mobility collects at parking meters: the vehicle's license plate (so the user does not need to display the payment receipt), along with the area, the time and the start and end date of parking, as well as information on the concluded transaction (such as the amount paid). Data related to the number of debit or credit cards used for electronic payments at the parking meters are processed by the acquiring service, Six Payment Solution, acting as an autonomous data controller.
For ZTL permit requests, which are granted to people with disabilities with a vehicle pass, ADR Mobility processes the data related to the “disabled parking permit” provided in the online service request form. For more details, please refer to the privacy policy governing this service, available online here.

4. PURPOSE AND LEGAL BASIS OF PROCESSING

The personal data collected to track the entry and exit of vehicles in the ZTC/ZTL[2] areas are processed by ADR Mobility S.r.l. based on a legal obligation under Article 6(1)(c) of the GDPR. This processing is specifically carried out in compliance with ENAC Airport Direction Lazio Ordinances No 12/2014, 14/2014, 18/2014 and Airport Ordinance No 3/2024 for Fiumicino, as well as No 15/17 for Ciampino, which implement Law No 33 of 2012 concerning the operation of Limited and Controlled Traffic Zones at airports.
The personal data collected to enable payment for parking at the designated parking meters in the ZTC area are processed under Article 6(1)(b) of the GDPR, as necessary for the performance of a contract to which the data subject is a party. 
Providing personal data for these purposes is essential for granting the data subject access to the ZTC/ZTL areas and/or enabling payment for parking in the blue-marked spaces.
Access to these areas necessarily requires processing personal data related to the vehicle’s license plate and entry and exit times, in accordance with the Highway Code and applicable ordinances.
It is understood that ADR Mobility may also process personal data to prevent and/or detect potential fraudulent activities or abuses, and/or to defend its rights, including in legal proceedings. This is done based on its legitimate interest under Article 6(1)(f) of the GDPR to protect its rights. For this purpose, no new or additional data submission is required, as ADR Mobility will pursue this purpose, if necessary, by processing the data collected for the previously mentioned purposes.

5. PROCESSING METHODS

The data collected to track the entry and exit of vehicles from the ZTC and ZTL areas are collected through an automatic detection system and stored on dedicated servers owned by Aeroporti di Roma S.p.A., which are accessible to Police Forces as autonomous data controllers.
The entrance of vehicles to the Kiss&Go and Stop&Go areas is connected with automatic detection systems, approved and specially signposted by specific sign, to record the time of entry and exit, the access area and the vehicle with its license plate, which is personal data of the user.
Data collected through the parking meters managed by ADR Mobility for paid parking in the ZTC area (cf. what noted in the previous paragraph 3) are recorded in the same ZTC automatic detection system to allow Police Forces to differentiate between paying vehicles and those that may be fined for exceeding the parking limits.
Data related to payments made via debit and/or credit card used via the dedicated POS devices installed on the parking meters are processed by the acquiring service Six Payment Solution, which, as an autonomous data controller, manages the data through its own channels and sends it directly to the relevant bank.

6. TRANSFER OF DATA OUTSIDE THE EU

Personal data will not be disseminated and/or disclosed to third parties located outside the European Economic Area.

7. DATA RETENTION PERIODS

Personal data are only stored for as long as necessary for the purposes for which they are collected in compliance with the principle of minimisation pursuant to Article 5(1)(c) of the GDPR.
Specifically, for vehicles entering the ZTL-ZTC areas, the license plate number is kept for 8 months after the vehicle exits, while the photo of the license plate is retained for 3 months following the vehicle's exit from these areas.
In the event of violations of entry and parking limits, the information is used by the Fiumicino Local Police Department which is the authority responsible, under Legislative Decree No. 33 of 2012, to prevent and detect violations related to road traffic within the airport area. ADR Mobility retains this information in the exclusive availability of the Local Police Department of Fiumicino, which acts as a competent entity in relation to sanctioning proceedings under applicable legislation.
Data related to parking payments made through parking meters (such as the vehicle's license plate and payment details) is retained to help the Fiumicino Local Police Department distinguish between vehicles that have paid and those that may be subject to fines for exceeding parking limits.
ADR Mobility keeps data related to parking payments made through parking meters (such as the vehicle's license plate and payment details) to verify that the service has been provided. In particular, in accordance with the relevant regulations, this data is stored for 8 months after the vehicle exits, allowing users the maximum time to receive and potentially contest any penalties.

8. RECIPIENTS OF PERSONAL DATA

During the processing activities conducted by the Data Controller, only authorised personnel from ADR Mobility who are authorised to carry out processing operations may become aware of personal data.
Additionally, for the purposes mentioned above, the personal data will be accessible to the relevant Police Forces (i.e., the Fiumicino Local Police Department) as autonomous data controllers as they are, in accordance with the law, the entities in charge in relation to violations of the Highway Code.
Personal data may also be processed by third parties which the Data Controller uses to maintain and manage the systems or physical archives used, acting as external Data Processors in accordance with Article 28(3) of the GDPR. These third parties include:

• Park IT, responsible for managing and maintaining the software and hardware of the PMS-entervo system used for ZTC and ZTL detections, as well as the software and hardware of the parking meters system;

• ADR S.p.A., manager of the maintenance, monitoring and remote assistance services of ZTL and ZTC Systems, which has appointed MOVYON S.p.A. as a “Sub-Processor”.

Personal data related to electronic payments made at the parking meters are processed by the acquiring service Six Payment Solution, which acts as an autonomous data controller.
In any event, your data will not be disseminated.

9. RIGHTS OF THE DATA SUBJECT

Data subjects are informed that Articles 15-22 of the GDPR grant them specific rights under certain conditions. The data subject can request from the data controller access to, rectification of, erasure of and restriction of the processing of their personal data, as well as data portability. Data subjects also have the right to object to the processing. In the event that the right to object is exercised, the Data Controller reserves the right not to proceed with the request, and thus to continue processing, if there are compelling legitimate grounds for processing that override the interests, rights and freedoms of the data subject.
The aforementioned rights can be exercised by contacting the Data Protection Officer at the following e-mail address: dpo@adr.it, or by writing to the attention of the DPO at the following address: Via Pier Paolo Racchetti, 1 00054 Fiumicino (RM).
The data subject has the right to lodge a complaint directly with the Italian Data Protection Authority under Article 77 of the GDPR.

10. CHANGES TO THE NOTICE

The Data Controller reserves the right to change and update this privacy policy over time.

Document updated: October 2024