Information COVID19

Dear Sir/Madam,

We need to process information concerning you, your personal data, in order to comply with the extraordinary measures for the containment of the “COVID-19” coronavirus outbreak, as provided for by the Decree of the President of the Council of Ministers dated 8 March 2020, as amended, and by shared protocols, in order to enable you to access our premises and offices. To this end, as required by European legislation for the protection of personal data (European Regulation 679/2016), we hereby provide you with the following information.

Data Controller and Data Protection Officer.

The Data Controller, i.e. the person who makes the decisions regarding the purposes, methods and security of personal data, is the company F.lli Pisa S.r.l., with registered office in Milan, via Montenapoleone no. 9 - -

Purpose and legal bases of processing..

The personal data that you provide us with and which will be gathered during the providing of the services requested by you will be processed for the purposes according to the following legal bases:


(Why we process your data)


(On the basis of which law we process your data)


(What happens if you refuse to provide your personal data and/or to authorise their processing)

To prevent COVID-19 contagion, in compliance with the applicable legal obligations related to the execution of the anti-contagion safety Protocols adopted pursuant to art. 1, no. 7 lett. d) of the Decree of the President of the Council of Ministers dated 11 March 2020 as amended and supplemented.

- Art. 6, Par. 1, Lett. c) GDPR, meaning processing is required to fulfil the legal obligation relating to the execution of the anti-contagion safety Protocol adopted pursuant to art. 1, no. 7, lett. d) of the Decree of the President of the Council of Ministers dated 11 March 2020).

- With regard to the processing of particular data, the exception exists indicated in Art. 9, Par. 2, Lett. b) processing is required to fulfil the obligations of the Data Controller regarding labour law, social security and social protection.

Consent is not required. Any refusal to provide the requested data will result in access to the premises being denied.


Recipients and categories of data processed

The personal data provided by you or acquired during the course of the COVID-19 containment procedures will be processed exclusively by personnel authorised for this purpose or by data processors appointed for this purpose, with respect to whom you may request information from the Data Controller at the contacts indicated above.

Your data will not be disclosed or communicated to third parties, with the exception of those to which the law requires mandatory disclosure.

Your personal data will not be transferred outside the European Union.

We will specifically process the following categories of data:

• data relating to body temperature;

• information about close contacts at high risk of exposure, in the last 14 days, with persons suspected of being positive or who are positive to COVID-19;

• information on persons who, in the last 14 days, have come from risk areas as specified by the WHO;

With reference to the measurement of body temperature, please note that the Company does not record such data in any way. The identification of the person concerned (data subject) and the recording of having exceeded the temperature threshold could take place only if it becomes necessary to document the reasons that prevented access. In this case, the person concerned (data subject) will be informed in advance of such circumstance.

Personal Data storage period and criteria used

The personal data subject to processing are gathered in documents whose conservation is established consistently with the purposes of processing as summarized below. The data will be processed for the time strictly necessary to pursue the aforementioned purpose of prevention from contagion by COVID-19 and stored for a period of time no longer than the end of the state of emergency as established by the special regulations in force.

Rights of the data subject

In the cases provided for, you have the right to obtain from the Data Controller access to your personal data and their rectification or erasure or the restriction of the processing that concerns you or to object to processing (Articles 15 et seq. of the Regulation).

The appropriate application to the Data Controller, accompanied by a copy of an identification document, must be submitted to the contacts of the Data Controller as indicated above.

If you believe that the processing of your personal data carried out by the Data Controller, is being carried out in breach of the provisions of the Regulation, you are hereby informed that you are entitled to lodge a complaint with the Supervisory Authority, as provided for by art. 77 of the Regulation itself, or to take appropriate legal action (art. 79 of the Regulation).


The protection of the data concerning you and compliance with the principles provided for by law, with particular reference to the principle of transparency, are values of primary importance for us. We should be grateful if you would help us by reporting any misunderstandings of this document or suggesting improvements to the Data Controller’s contacts, as indicated above.