federica.paiola
Thu, 05/07/2020 - 15:26

Please find below a list of site-management methods; we also herewith provide a policy pursuant to Art. 13 and 14 of EU Regulation no. 2016/679 of 27 April 2016(1) relating to the protection of natural persons with respect to data processing(2)  and the free circulation of personal data (hereinafter, “Privacy Regulation”), applicable to the processing of user personal data for those accessing www.apricaspa.it and its sub-domains. The policy does not apply to any linked website.

Titolari del trattamento dei dati personali

1. Who processes the personal data?

The Personal Data Controller  is Aprica S.p.A with registered office at Via Lamarmora, 230 – 25124 Brescia.
Responsabile della protezione dei dati personali

2. Who can be contacted?

For all questions relation to the processing of personal data and the exercise of your rights, you can contact the Personal Data Processing Manager at the e-mail address dpo.privacy@a2a.eu.
Finalità e base giuridica del trattamento

3. Why are the personal data processed?

Processing Purposes Legal Bases of the Processing
Navigation data is simply used to glean anonymous statistics on site usage and to monitor the proper functioning thereof. The users are not identified. The Data Controller legitimate interest in site management
The data you supply voluntarily through the call centres, contact forms or the registration in the portal for the collection of bulky waste are processed solely to perform the service requested (e.g.: informational enquiries and services, notices, newsletter mailings, etc.). The conclusion, execution of a contract
or the response to your pre-contractual requests.
To fulfil legal obligations (e.g. provisions handed down by the Authorities or the Magistrature, etc.). The fulfilment of a legal obligation.
In order to locate your device to help you insert the fields “Municipality” and “house number” relating to requests for information or notices via a dedicated contact form. Consent expressed voluntarily by you.
To carry out market studies and research, send advertising material and commercial information (marketing) on your products and services. Consent expressed voluntarily by you.

 
Categorie di dati personali

4. Which personal data are processed?

The following categories of data are processed:

  • navigation data (e.g. IP addresses or the domain names of computers used by users connecting to the site, the time of the request, the method used to submit the request to the server, the numeric code denoting the server response, and other parameters relating to the operating system or the browser used by the user);
  • Identifiers (e.g. name, surname, Tax ID number, address, place and date of birth);
  • contact information (e.g. telephone numbers - landline and/or mobile - email address);
  • device location data;
  • other data falling under the aforementioned categories.
5. Come sono trattati i dati? 

5. How are the data processed?

The processing shall be carried out by authorised personnel in carrying our their activities, with or without the assistance of electronic tools, according to the tenets of ethics, lawfulness, transparency, in order to protect the data subject's rights and privacy at all times.
It should be noted that the location services can be activated and deactivated by you at any time through your browser settings. The site will not store any data relating to the location of your device. 

With your specific consent, marketing operations may be conducted using traditional channels, including regular post and operator-placed calls, or through automated channels including email, SMS, MMS, fax, and robocalls.
 
6. A chi sono comunicati i dati personali?

6. To whom can your personal data be disclosed?

Your personal data may be disclosed to:

  • companies that carry out environmental, archiving, IT, marketing and social media management services, other A2A Group companies that will act, depending on the case, as Data Controllers or Data Processing Managers; 
  • Research Institutes and Universities, that act as Data Controllers; 
  • Public administrations and public safety authorities in fulfilment of the legal obligations, that act as Data Controllers.

Your data shall never be disseminated (made available to indeterminate persons or entities).
 
7. I dati sono trasferiti in paesi terzi?

7. Are the data transferred to third countries? 

Your data shall be retained for so long as necessary to pursue those purposes for which they were collected. 
To wit, in respect of:

  • navigation data, the data shall be retained for a maximum of three (3) years from the most recent site visit; 
  • data collected in contact forms, data shall be retained for ten (10) years from when the requested service was performed, or from when the statute of limitations was interrupted; 
  • data collected for marketing operations, the data shall be retained for ten (10) years from the most recent marketing campaign;
  • newsletter subscription, data shall be retained for one (1) month from the user’s unsubscribing from the service;
  • reports/suggestions/informational enquiries, the data shall be retained for two (2) years from the reply;

For the duration of any cookies used on the site, please view the “Cookies” section of the instant policy.

In case of litigation, the aforementioned retention period may be extended up to ten (10) years from the identification of the same.
8. Per quanto tempo i dati sono conservati?

8. How long is the data stored for?

Your data shall be stored for the time needed to achieve the objectives for which they are processed or to fulfil the legal obligations and, in particular:

  • navigation data for a maximum of three (3) years from the most recent site visit; 
  • data collected in the portal or through call centres for ten (10) years from when the requested service was performed, or from when the statute of limitations was interrupted;
  • newsletter subscription for one (1) month from the user’s unsubscribing from the service;
  • reports/suggestions/informational enquiries for two (2) years from the reply;
  • the data contained in telephone call recordings for two (2) years from collection;
  • data collected for marketing activities for ten (10) years from the most recent marketing campaign.

For the duration of any cookies used on the site, please view the “Cookies” section of the instant policy.

In case of litigation, the aforementioned retention period may be extended up to ten (10) years from the settlement of the same.
 
Diritti dell’interessato

9. What rights can you exercise?

You have the right to ask the Data Controller to:

  • Confirm whether any processing is being conducted on your personal data, and in such cases, to access the same (access rights);
  • Correct any inaccurate personal data, or to supplement incomplete personal data (correction rights);
  • Delete the data themselves if one of the reasons contemplated under the GDPR applies (right to be forgotten);
  • Limit processing when one of the situations contemplated under the GDPR applies (limitation rights);
  • Receive the personal data you supplied to the Data Controller in a structured, commonly used, and machine-readable format, and to transmit such data to another Data Controller (portability rights);
  • Object at any time to processing carried out to pursue a Data Controller legitimate interest, and for marketing- and profiling-related purposes (right of objection); 
  • Revoke consent, if provided, on the processing of your data, at any time, without thereby prejudicing the lawfulness of any processing predicated on your consent prior to such revocation. 

Consent issued to conduct marketing operations through automated means (including but not limited to: SMS, MMS, fax, telephone, email, apps) shall extend to traditional communication channels (regular post or operator-placed calls) as well. By the same token, any objection to marketing conducted through automated means shall likewise encompass traditional methods of communication. You may, however, opt in or out of either of these marketing channels.
To exercise your rights, you may send a written request to Data Controller or to the Data Protection Officer, identifying the A2A Group company to which your request is directed. 
Without prejudice to any administrative or legal petition or appeal, you have the right to lodge a complaint to the Italian Data Protection Authority, should you believe your processing to have violated the GDPR.
 
Origine dei dati personali e conseguenze del mancato conferimento

10. The personal data comes from which source?

Navigation data needed for the digital management of the website are acquired by IT systems and by the software systems tasked with running the same.
Personal data collected through call centres or contact forms are those submitted by you; any refusal to provide them shall make it impossible to respond to your requests.
Personal data needed for marketing purposes alone are those submitted by you. Any refusal to provide them shall make it impossible for us to send you information which is commercial in nature, but will not affect us providing you the requested services.
 
Processi decisionali automatizzati

11. Are the data subject to automated decisions?

The data will not be subject to decisions based solely on automated processing, including profiling, which produces legal effects concerning you or that have significant effects on you.
Cookie

12. Cookies

When you access or otherwise interact with this site and its functions (such as digital services, apps, tools, and messaging systems, if any), the Data Controller may use cookies, web beacons, and similar technologies in order to ensure the functioning of any services offered, to improve site performance, to offer additional functionality, and to send advertising which is targeted to your interests. 

WHAT ARE COOKIES?
Cookies are text files containing small quantities of information which are stored (during a user’s visit, or for subsequent visits as well) on the computer or mobile device used by a user to visit a website. On subsequent site visits by the user, any cookies previously stored on the device are sent back to the site which had installed them. This allows the site to recognise a specific device for technical reasons (such as to store any user-defined site-navigation settings and other preferences), and/or analytical and/or profiling when the user has expressly consented to the same. Cookies installed on user devices do not acquire user emails, pull data from the hard drive, or transmit viruses.
 

Cookies may be divided into two major categories:

  • Proprietary cookies: cookies installed by the website manager of the site the user is visiting.
  • Third-party cookies: cookies installed by the website manager of a different site, through the site a user is visiting.
     

TYPES OF COOKIES INSTALLED ON THIS WEBSITE
Please find below a list of the cookie types and characteristics sent to the user's terminal over the course of the user's navigation on the instant site.

  • Technical cookies: these are used to communicate with the IT system, for the sole purpose of ensuring proper website function, in order to allow the user to have unimpeded access to the site.
    these are strictly necessary to ensure normal site functioning and use. Data-subject consent is not required to install or use technical cookies
    Such cookies may be broken down into:
    • navigation and session cookies, which ensure normal, correct website navigation and usage; such cookies differ based on the time stored on user's device. Whilst session cookies are deleted automatically at the end of each browsing session, navigation cookies are stored for a longer period (although never longer than one year from data collection).
    • analytical cookies, similar to technical cookies when used to collect information, in an aggregate form, on the number of site users and how they visit the website; the storage period for such cookies is provided in the table appearing below. functional cookies allow the user to browse based on a series of selected criteria (such as the language setting) in order to improve quality of service. these cookies are stored for less than one year from data collection.  
  • Third-party analytical cookies (Google analytics provided by Google) used by Data Controller solely for purposes of collecting aggregated data such as the number of site users, the most popular pages on the site, etc. These cookies are not used for profiling purposes. Tools which reduce the ability of cookies to identify users have been implemented; the third party does not cross-reference collected information with other data in such third-party's possession..

LIST OF ANALYTICAL COOKIES AND PROFILING COOKIES PRESENT ON THIS SITE, AND HOW TO DISABLE THEM

With respect to the third-parties cookies installed on this website and mentioned above, and subject to the data subject’s option to disable them by changing his/her browser settings as described infra, please find below links to policies and consent forms made available by the third parties in question:

COOKIE NAME DURATION DESCRIPTION DOMAIN POLICY LINK  OPT-OUT LINK
_ga 2 years Cookies used by Google Analytics to analyse navigation data apricaspa.it https://policies.google.com/technologies/partner-sites?hl=it These cookies may be disabled by clicking on the following link
_gat_gtag_UA_* 1 minute
_gid 24 hours

To wit, the user may block, delete, or disable individual cookies by changing the user’s browser settings. Most browsers, indeed, allow users to change settings to enable or disable all or a portion of cookies sent out.
Instructions to disable cookies on the most popular browsers are available through the following links:

The data controller wishes to remind you, however, that should you disable cookies, your overall browsing experience may suffer.
For more information, please visit the Data Protection Authority website.

(1)General Data Protection Regulation (GDPR).
(2)Processing: Any operation or set of operations carried out with or without the assistance of automated processes and applied to personal data, or to a set of personal data, such as collection, recording, organisation, structuring, retention, adaptation, modification, extraction, consultation, use, disclosure by transmission, dissemination, or any other method of making the data available, comparison, or interconnection, limitation, deletion, or destruction.

VIDEO SURVEILLANCE: PERSONAL PRIVACY STATEMENT

Current legislation in force regarding the processingof personal data as defined in accordance with the provisions of EU Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data, as well as the free movement of such data (General Regulations on Data Protection, hereinafter referred to as “EU Privacy Regulations”) includes provisions to ensure that the processing of personal complies with rights and fundamental freedoms of natural persons, with particular regard to the right to the protection of personal data.

Purpose of the processing and legal basis of the processing
In fulfilment of the obligations provided for by the legislation in force, we hereby inform you that the Data Controller (hereinafter also referred to as the “Controller), performs the processing of your personal data for the purpose of controlling access to the premises of the companies of A2A Group. This processing serves, in particular, to verify the identity of persons accessing corporate areas and to have immediate information on who is on company premises daily, including for reasons of safety. We also wish to inform you that, for reasons of safety and protection of company assets, a video surveillance system with closed-circuit television cameras is in operation on company premises. The images taken are processed by authorized personnel only.
Processing of data may have as its legal basis the pursuit of a legitimate interest by the Data Controller (e.g. protection of corporate assets or defending a right in court) or the eventual fulfilment of an legal obligation (e.g. data communications to the authorities) to which the Data Controller is subject.

Processing methods and data retention period 
Processing will be performed with or without the aid of electronic tools, according to the principles of fairness, lawfulness and transparency, in order to protect at all times the confidentiality and rights of the person concerned in compliance with the provisions of the legislation in force.
Personal data will not be subjected to decisions based solely on automated processing, including profiling, which produce legal effects concerning you or that in a similar way affect you significantly.
Your data will be retained, in accordance with the regulations in force, for no longer than is necessary to fulfil the purposes for which it is processed.
The retention period of the images taken by the video surveillance systems is a maximum of seven days except for any requests by the police or judicial authorities.

Nature of the provision and possible consequences of refusal
All the data collected within the scope of this processing is used for the declared purposes and for the fulfilment of legal requirements, including those on personal safety. The provision of the personal data required is optional, but the refusal to provide such data precludes access to the premises of the companies of A2A Group, given the urgent need to identify anyone who enters company areas.

Persons authorised to process personal data - Disclosure and dissemination of data
The personal data and images collected are processed by authorized personnel who need to have knowledge of such data in order to perform their duties and by external parties who may act as joint controllers or data processors, as required.
Your personal data may be disclosed to third parties who are responsible for the execution of related activities that are instrumental to this processing, to national authorities, public administrations, other companies of the A2A Group and third parties, in fulfilment of legal obligations. 
Your data will not be disseminated.

Data Controller and Processor and Data Protection Officer
The Data Controller is Aprica SpA, with registered office in Via Lamarmora 230 - Brescia. The role of Data Processor has be assigned to certain companies that provide the Controller with specific processing services or perform activities related to, instrumental.

Any queries may be sent in writing to the Data Protection Officer at the following address dpo.privacy@a2a.eu, indicating the Company of the A2A Group (Data controller) intended to receive the request.

Rights of the interested party
According to the EU Privacy Regulations, you have the right to obtain from the Data Controller:
- confirmation as to whether or not your personal data is being processed, and, where that is the case, access to the personal data (right of access).
- rectification of inaccurate personal data, or to have incomplete personal data completed (right of rectification).
- the cancellation of personal data, where one of the grounds provided for by Regulations applies (right of cancellation).
- the restriction of processing where one of the grounds provided for by the Regulations applies (right of restriction).
- to receive your personal data, which you provided to the Controller, in a structured, commonly used and machine-readable format and the right to transmit it to another data controller (right to portability)
- to oppose at any time the processing performed in the pursuit of a legitimate interest of the Controller (right of opposition).

To exercise these rights, you can send an email to securitycontrolroom@a2a.eu or written communication to the Controller.
Without prejudice to any other administrative appeal or judicial review, you have the right to lodge a complaint with a Supervisory Authority if you believe that the processing of your data violates the EU Privacy Regulations.

 

1) Processing: any operation or set of operations, performed with or without the use of automated processes and applied to personal data or sets of personal data, such as the collection, recording, organization, structuring, retention, adaptation or modification, extraction, consultation, use, disclosure by transmission, dissemination or any other form of provision, comparison or interconnection, limitation, deletion or destruction.

Private customers: Personal Privacy Statement

Current legislation in force regarding the processing of personal data as defined in accordance with the provisions of EU Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data, as well as the free movement of such data (General Regulations on Data Protection, hereinafter referred to as “EU Privacy Regulations”) includes provisions to ensure that the processing of personal data complies with rights and fundamental freedoms of natural persons, with particular regard to the right to the protection of personal data.

  1. Data controller
    Data controller of the personal data is Aprica S.p.A., with headquarters in Brescia in Via Lamarmora 230.
     
  2. The Data Protection Officer
    The data controller of personal data has appointed an officer responsible for the protection of personal data (RPD) that can be contacted at the following email address: dpo.privacy@a2a.eu.
     
  3. Purpose and legal basis of the processing
     in fulfilling the obligations provided for by current legislation, we inform you that the data controller (hereinafter also referred to as the “Controller”) processes your personal data in order to be able to perform the service you requested (hereinafter the “Service”), fulfil the contractual and legal obligations, carry out all the activities necessary or useful for the constant improvement of the service supplied (including, by way of example and not limited to, the administration of questionnaires aimed at checking the level of satisfaction of the services rendered by the company).
    The processing of data may have as its legal basis the implementation of a contract, the fulfilment of a legal obligation to which the Controller is subject or the pursuit of a legitimate interest of the Controller.
     
  4. Recipients of the personal data The personal data are processed by authorized personnel who need to have knowledge of such data in order to perform their duties and by external parties who may act as joint controllers or data processors, as required.
    Your personal data may be communicated to banking institutions (where provided for) for managing receipts, to subjects which are responsible for the implementation of activities connected with and instrumental to the processing (companies supplying environmental services, computer services companies, call centres, credit recovery agencies, professional offices, archiving service companies), to the other companies in the A2A Group, to authorities, research bodies, universities, public administrations and third parties in fulfilment of legal obligations, or to recipients with a legitimate interest.
    Your data will not be disseminated.
     
  5. The transfer of data to third countries
    The Controller reserves the right to transfer the personal data of the person concerned to a third country based on decisions of adequacy by the European Commission or on the basis of the guarantees provided for by current legislation.
     
  6. Processing methods and data retention period
    Processing will be performed with or without the aid of electronic tools, according to the principles of fairness, lawfulness and transparency, in order to protect at all times the confidentiality and rights of the person concerned in compliance with the provisions of the legislation in force.
    Your data will be retained, in accordance with the regulations in force, for no longer than is necessary to fulfil the purposes for which it is processed.
     
  7. Rights of the person concerned
    According to the EU Privacy Regulations, you have the right to obtain from the Data Controller:
    • confirmation as to whether or not your personal data is being processed, and, where that is the case, access to the personal data (right of access).
    • rectification of inaccurate personal data, or to have incomplete personal data completed (right of rectification).
    • the cancellation of personal data, where one of the grounds provided for by Regulations applies (right of cancellation).
    • the restriction of processing where one of the grounds provided for by the Regulations applies (right of restriction).
    • to receive your personal data, which you provided to the Controller, in a structured, commonly used and machine-readable format and the right to transmit it to another data controller (right to portability).
    • to oppose at any time the processing performed in the pursuit of a legitimate interest of the Controller (right of opposition).

      To exercise the rights you may contact the call centre at the toll-free number 800 437678, send a message to the e-mail box Info.apricaspa@a2a.eu or a written communication addressed to Aprica Spa Via Lamarmora, 230 - 25124 Brescia.
      Without prejudice to any other administrative appeal or judicial review, you have the right to lodge a complaint with a Supervisory Authority if you believe that the processing of your data  violates the EU Privacy Regulations.
       
  8. Origin and nature of the provision and possible consequences of refusingAll personal data collected within the scope of this processing, even through a third party, are strictly functional to the implementation of the requested service and to managing the related fulfilment (such as invoicing, the recovery of any credit, completion of tax, accounting and administrative compliance). 
    The collection of part of the data, such as those that are essential to identify the customer and the place the service is provided is compulsory pursuant to contractual provisions and regulations. Failure to collect implicates the impossibility of performing the service.
  9. Automated decision-making processesdata will not be subjected to decisions based solely on automated processing, including profiling, which produce legal effects that relate to the person concerned or that affect you significantly in a similar way.

1. Processing: any operation or set of operations, performed with or without the use of automated processes and applied to personal data or sets of personal data, such as the collection, recording, organization, structuring, retention, adaptation or modification, extraction, consultation, use, disclosure by transmission, dissemination or any other form of provision, comparison or interconnection, limitation, deletion or destruction.

Potrebbe interessarti

news

Variazioni festività 25 aprile e 1° maggio

Continua a leggere
news

Sarezzo - serata informativa

Continua a leggere
news

Sestri Levante – assemblee informative

Continua a leggere
news

Dosolo – assemblea pubblica

Continua a leggere
Vedi tutte le news