Privacy Policy

Personal-Data Processing Policy

Pursuant to Articles 13 and 14 of EU Regulation 2016/679 of 27 April 2016⁽¹⁾ (hereinafter the “Privacy Regulation”), we provide you with the following information regarding the processing⁽²⁾ of the personal data of users accessing the website of www.innovation.a2a.eu and its sub domains. The policy does not apply to any linked website.

1.Who processes personal data?

The data controller⁽³⁾ is A2A S.p.A. with registered office in via Lamarmora, 230 – 25124 Brescia and executive and administrative offices in Corso di Porta Vittoria, 4 – 20122 Milan.

2.Who can be contacted?

For all questions concerning the processing of personal data and the exercise of your rights, you may contact the Data Protection Officer (DPO), at the following email addressdpo.privacy@a2a.eu.

3.Why are personal data processed?

4.What personal data are processed?

The following categories of data are processed:

• Browsing data (e.g. IP addresses or the domain names of computers used by users connecting to the site, the time of the request, the method used to submit the request to the server, the numeric code denoting the server response, and other parameters relating to the operating system or the browser used by the user);
• Personal data (e.g. first name, surname);
• Contact details (e.g. telephone numbers, fixed and/or mobile, email address);

Other data in the above categories.

5.How are the data processed?

Processing is carried out by authorised persons in performing their assigned tasks, with or without the aid of electronic tools, according to the principles of lawfulness and integrity, in order to protect the data-subject’s rights and privacy at all times.

6.To whom are personal data communicated?

Your personal data may be disclosed to:

• Companies that provide IT services and other companies of the A2A Group that will act as Data Controllers or Data Processors, as the case may be;
• Public Administrations and Police Authorities in the fulfilment of legal obligations, which will act as Data Controllers.

Your data will never be disseminated (made available to indeterminate parties).

7.Are the data transferred to third countries?

Your personal data will be processed within the European Economic Area (“EEA”). If it is exceptionally necessary to transfer your personal data outside the EEA, such transfer will take place on the basis of an adequacy decision of the European Commission, where applicable, or subject to appropriate safeguards required by the Privacy Regulation.

8.How long are the data stored?

Your data will be retained for the time necessary to achieve the purposes for which they are processed or to comply with legal obligations and, in particular:

• browsing data will be stored for a maximum of 2 years after the last access to the site;
• The personal data will be stored on the platform for as long as the user uses it, and in the event of non-use they will be removed together with the user after 12 months.
• Data of participants in non-interest initiatives will be kept for 16 months after their collection;
• The data of participants in the initiatives that are contracted will be stored for 10 years from the termination/last performance related to the contract, or from the moment the statute of limitations is interrupted.
• The duration of the cookies used on the site can be found in the relevant sections.
  
  
  In the event of a dispute, the aforementioned retention periods may be extended up to ten (10) years from the settlement of the same.
  

9.What rights can you exercise?

You have the right to ask the Data Controller to:

• Confirmation of whether or not your personal data is being processed and, if so, to obtain access to it (right of access);
• The rectification of inaccurate personal data or the integration of incomplete personal data (right of rectification);
• The deletion of the data itself if one of the reasons provided for in the Privacy Regulation (right to be forgotten) exists;
• Limitation of processing when one of the hypotheses provided for by the Privacy Regulation applies (right of limitation);
• To receive in a structured, commonly used and machine-readable format the personal data you have provided to the Data Controller and to transmit such data to another Data Controller (right to portability);
• To object at any time to processing carried out in pursuit of a legitimate interest of the data controller and for marketing and profiling purposes (right to object);
• To withdraw any consent to the processing of your data, at any time, without prejudice to the lawfulness of the processing based on the consent given before the withdrawal.

To exercise your rights, you may send a written request to Data Controller or to the Data Protection Officer, identifying the A2A Group company to which your request is directed.

Without prejudice to any other administrative or legal remedy, you have the right to lodge a complaint with the Personal Data Protection Authority, should you believe your processing has violated the Privacy Regulation.

10.What is the source of the personal data?

The navigation data necessary for the computer management of the site are acquired by the computer systems and software procedures that govern its operation.

Personal data necessary to register on the portal are provided by you and any refusal to provide them will prevent you from accessing the service.

11.Are the data subject to automated decisions?

The data will not be subject to decisions based solely on automated processing, including profiling, which produce legal effects concerning you or which significantly affect you

12.Cookies

When you access or otherwise interact with this site and its functions (such as digital services, apps, t

When you access or otherwise interact with this site and its functions (such as digital services, apps, tools, and messaging systems, if any), the Data Controller may use cookies, web beacons, and similar technologies in order to ensure the functioning of any services offered, to improve site performance, to offer additional functionality, and to send advertising which is targeted to your interests.

WHAT ARE COOKIES?

Cookies are text files containing small quantities of information which are stored (during a user’s visit, or for subsequent visits as well) on the computer or mobile device used by a user to visit a website. On subsequent site visits by the user, any cookies previously stored on the device are sent back to the site which had installed them. This allows the site to recognise a specific device for technical reasons (such as to store any user-defined site-navigation settings and other preferences), and/or analytical and/or profiling when the user has expressly consented to the same. Cookies installed on user devices do not acquire user emails, pull data from the hard drive, or transmit viruses.

Cookies may be divided into two major categories:

Proprietary cookies: cookies installed by the operator of the site the user is visiting.

Third-party cookies: cookies installed by the operator of a different site through the site the user is visiting.

TYPES OF COOKIES INSTALLED ON THIS WEBSITE

For details of the Cookie Policy please visit the dedicated page.

(1) General Data Protection Regulation (GDPR).

(2) Processing: any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

(3) Data controller: the natural or legal person or public authority that determines the purposes and means of the processing of personal data.