Privacy policy

Information on personal data processing carried out through this website

The following describes this website’s management method and provides the information concerning the current legislation in the framework of the European Parliament Regulation no. 679/2016, on personal protection with regard to personal data processing and free movement in relation to personal information processing for users who access the www.a2a.eu website and its subdomains; this information is not provided for any other website consulted by the user using links.


Purpose of the processing and type of processed data

Browsing data is acquired by computer systems and by software procedures that regulate the operation of this website. This information is not collected to allow subsequent identification of the user, but is only used to obtain anonymous statistical information on the use of this website and to make sure it is working correctly; this category of data includes IP addresses or users’ computers domain names when they connect to this website, the time of this request, the method used to submit the request to the server, the numerical code indicating the response status provided by the server (successful completion, error, etc.) and other parameters related to the operating system and browser used by the user.
This data may be used by competent Authorities for the assessment of liability in the event of cyber crimes against this website.
The data provided voluntarily by the users, with the contact forms of this website, is processed for the sole purpose of carrying out the requested service or performance (for example: sending a curriculum vitae, an information request for investors, school tours of the installations, subscription to services to receive press releases, newsletter subscriptions for A2A activities and schools, etc.).
In relation to certain specific services, and upon informed consent of the subject concerned, the entered data may also be used by the Processing Holder to provide information and updates on the services offered, for sales or product and service placement activities and to develop market research and surveys.

Data processing may be predicated - in terms of legal basis - on contract performance (the rendering of services requested by you over the website), discharge of a legal duty to which Data Controller is subject (e.g. disclosing data to the authorities), the pursuit of a legitimate interest on the part of Data Controller (e.g. disclosure of personal data within the A2A group for accounting-related or network-security purposes), or consent expressed by You.

Cookies

When the user accesses or interacts with this website, its services, Apps, tools or messaging systems, the Data Holder may use cookies, Web beacons and other similar technologies in order to ensure proper operation of the services offered, improve performance, offer additional features and send targeted advertising according to the user’s interests.

TYPES OF COOKIES

Cookies are small text strings (usually consisting of letters and numbers) that allow a website to recognise a particular device or browser; in fact, these text files are sent from a website to the user’s browser and then stored on his or her device (e.g. computers, tablets, smartphones, etc.) and retransmitted to the same website during the user’s following visit.
The following is a list of the types and characteristics of cookies sent to the user's terminal during his/her browsing on the website:

  • Proprietary cookies: cookies installed by the manager of the website that the user is visiting.
  • Third-party cookies: cookies installed by the manager of a different website through the website that the user is visiting.
  • Technical cookies: these are used for the sole purpose of communication transmissions on an electronic communications network or to the extent strictly necessary for the provider of a company information service to provide a service explicitly requested by the contractor or the user.

These cookies can be distinguished in:

  • browsing or session cookies that guarantee the normal browsing and use of the website;
  • cookie analytics, integrated to technical cookies when used to collect aggregated information, concerning the number of users and how they visit the website;
  • functionality cookies, that allow the user to browse according to a set of selected criteria (e.g. language setting) in order to improve the service provided.  
  • Consent of the subject concerned is not required for the installation and use of technical cookies.
  • Third-party analytical cookies (Google Analytics provided by Google) used by the Holder for the sole purpose of collecting aggregated information, such as the number of website users, the most visited pages, etc. These cookies will not be used for profiling purposes. Tools to reduce the identification power of cookies have been adopted therefore the third party will not match the collected information with other already available information.

In relation to the aforementioned third party cookies installed on this website, notwithstanding the concerned subject’s possibility to disable them with the browser settings as indicated below, the following is a list of the links related to information notes and consent forms made available by the respective third parties:

  • GOOGLE ANALYTICS
    Privacy statement
    These cookies can be disabled by clicking on the following link

In particular, the user can block, delete, or disable individual cookies by changing the browser settings. Most browsers allow setting rules to activate and disable all or just part of the cookies sent.
The following links provide instructions to disable cookies on major browsers:

However, the Holder reminds you that disabling cookies might interfere with the user's overall browsing experience.
Further information is available on the Data Protection Authority’s website.

Links to other websites

Hyperlinks (links) to other websites can be found on the pages of this website, that are proposed to provide a better service for its users; the Holder can not be held responsible in any way for the content of the websites to which the users may have access through their website.
The existence of a link to another website does not imply the Holder’s approval or acceptance of liability concerning the content of the new website that is accessed, also in relation to the policy adopted for the processing of personal data and its’ use.


Processing methods and data retention time

Data processing is carried out using electronic and, in certain cases, paper-based instruments according to principles of correctness, lawfulness and transparency, in order to protect the confidentiality and the rights of the subject concerned at all times, in compliance with the provisions of the legislation in force. Technical and organisational security measures have been adopted to protect data from destruction or loss, that can be accidental, and against unauthorised access or disclosure. Personal data will not be subject to decisions based solely on automated processing, including profiling, which produces legal effects concerning you or with other similarly significant effects on you.
Data will be retained, according to the provisions of existing legislation, for a period of time strictly necessary to achieve the purpose for which they are processed.
Consequently, in the absence of specific regulations that provide for different times of retention, the Holder shall undertake to use this data for the purposes indicated in this information note for a time consistent with the same purposes. In any case, the Holder is engaged to avoid using data indefinitely.


Nature of data conferral and any consequences of refusal

All browsing data collected within this processing procedure is strictly functional for the computerised management of this website. Conferral of personal data voluntarily provided by contact forms is optional, but failure to collect data entails the impossibility to carry out the services and/or the requested information.


Subjects responsible for data processing and System administrators – Data communication and disclosure

Processing relating to web services on this site will take place at A2A Group registered offices. The personal data collected shall be processed by authorised personnel, who need to access them in the performance of their job duties. Your personal data may be disclosed to third parties engaged to carry out activities related and instrumental to the processing itself (IT companies), as set forth in the specific policies appearing in the contact form on this site, and by any authority with jurisdiction over the matter in the discharge of a statutory/regulatory duty, or by any recipient having a legitimate interest in the same.
With the data subject’s express consent, and where indicated, any data voluntarily submitted may be disclosed to other companies in the A2A Group, or to third-party companies, for marketing and other related purposes; such consent may be revoked at any time.


Data Holder and Processor

The Holder of the personal data processing is the A2A Spa Company with registered offices in Via Lamarmora, 230 – 25124 Brescia and administrative and management headquarters located at Corso di Porta Vittoria 4 - 20122 Milan.
Any interested party may contact the Data Protection Officer by sending a notice to the following address: dpo.privacy@a2a.eu, note the company within the A2A Group (Data Controller) to which the request is directed.


Rights of the subject concerned

The subjects to whom personal data refer are entitled to specific rights, including those of asking the Data Controller:

  • to confirm that your personal data is being processed and, if so, to obtain access to this data (right of access).
  • to correct inaccurate personal data, or integrate incomplete personal data (right of data correction).
  • to delete this data, if one of the reasons provided by the Regulation occurs (right to be forgotten).
  • to limit the processing when one of the reasons provided by the Regulation occurs (right of data limitation).
  • to receive the personal data provided by you to the Holder in a structured format that is of common use and readable by automatic devices, and to transmit this data to another Data Holder (right to data portability).
  • to object, at any time, to processing performed in the pursuit of a legitimate interest of the data controller (right of objection).

The data subject also has the right to revoke consent to data processing at any time, without thereby prejudicing the lawfulness of the processing based on the consent given before the revocation.
To exercise your rights, please contact Data Controller at: webcom@a2a.eu or by letter – A2A Spa at Via Lamarmora, 230 – 25124 Brescia or at Corso di Porta Vittoria 4 – 20122 Milan. Without prejudice to any other administrative or jurisdictional appeal, you are entitled to file a complaint to the control authority, if you feel that the processing that concerns you violates the EU Privacy Regulation.

Current legislation in force regarding the processingof personal data as defined in accordance with the provisions of EU Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data, as well as the free movement of such data (General Regulations on Data Protection, hereinafter referred to as “EU Privacy Regulations”) includes provisions to ensure that the processing of personal complies with rights and fundamental freedoms of natural persons, with particular regard to the right to the protection of personal data. 

Purpose of the processing and legal basis of the processing

In fulfilment of the obligations provided for by the legislation in force, we hereby inform you that the Data Controller (hereinafter also referred to as the “Controller), performs the processing of your personal data for the purpose of controlling access to the premises of the companies of A2A Group. This processing serves, in particular, to verify the identity of persons accessing corporate areas and to have immediate information on who is on company premises daily, including for reasons of safety. We also wish to inform you that, for reasons of safety and protection of company assets, a video surveillance system with closed-circuit television cameras is in operation on company premises. The images taken are processed by authorized personnel only.
Processing of data may have as its legal basis the pursuit of a legitimate interest by the Data Controller (e.g. protection of corporate assets or defending a right in court) or the eventual fulfilment of an legal obligation (e.g. data communications to the authorities) to which the Data Controller is subject.

Processing methods and data retention period

Processing will be performed with or without the aid of electronic tools, according to the principles of fairness, lawfulness and transparency, in order to protect at all times the confidentiality and rights of the person concerned in compliance with the provisions of the legislation in force.
Personal data will not be subjected to decisions based solely on automated processing, including profiling, which produce legal effects concerning you or that in a similar way affect you significantly.
Your data will be retained, in accordance with the regulations in force, for no longer than is necessary to fulfil the purposes for which it is processed.
The retention period of the images taken by the video surveillance systems is a maximum of seven days except for any requests by the police or judicial authorities.

Nature of the provision and possible consequences of refusal

All the data collected within the scope of this processing is used for the declared purposes and for the fulfilment of legal requirements, including those on personal safety. The provision of the personal data required is optional, but the refusal to provide such data precludes access to the premises of the companies of A2A Group, given the urgent need to identify anyone who enters company areas.

Persons authorised to process personal data - Disclosure and dissemination of data

The personal data and images collected are processed by authorized personnel who need to have knowledge of such data in order to perform their duties and by external parties who may act as joint controllers or data processors, as required.
Your personal data may be disclosed to third parties who are responsible for the execution of related activities that are instrumental to this processing, to national authorities, public administrations, other companies of the A2A Group and third parties, in fulfilment of legal obligations. 
Your data will not be disseminated.

Data Controller and Processor and Data Protection Officer

The Data Controller is A2A S.p.A., with registered office in Via Lamarmora 230 - Brescia. The role of Data Processor has be assigned to certain companies that provide the Controller with specific processing services or perform activities related to, instrumental. Any queries may be sent in writing to the Data Protection Officer at the following address dpo.privacy@a2a.eu, indicating the Company of the A2A Group (Data controller) intended to receive the request.

Rights of the interested party

According to the EU Privacy Regulations, you have the right to obtain from the Data Controller:
-  confirmation as to whether or not your personal data is being processed, and, where that is the case, access to the personal data (right of access).
-  rectification of inaccurate personal data, or to have incomplete personal data completed (right of rectification).
-  the cancellation of personal data, where one of the grounds provided for by Regulations applies (right of cancellation).
-  the restriction of processing where one of the grounds provided for by the Regulations applies (right of restriction).
-  to receive your personal data, which you provided to the Controller, in a structured, commonly used and machine-readable format and the right to transmit it to another data controller (right to portability).
-  to oppose at any time the processing performed in the pursuit of a legitimate interest of the Controller (right of opposition).

To exercise these rights, you can send an email to securitycontrolroom@a2a.eu or written communication to the Controller.
Without prejudice to any other administrative appeal or judicial review, you have the right to lodge a complaint with a Supervisory Authority if you believe that the processing of your data  violates the EU Privacy Regulations.

 

1) Processing: any operation or set of operations, performed with or without the use of automated processes and applied to personal data or sets of personal data, such as the collection, recording, organization, structuring, retention, adaptation or modification, extraction, consultation, use, disclosure by transmission, dissemination or any other form of provision, comparison or interconnection, limitation, deletion or destruction.

The current applicable data-processing regulations (1)  defined in accordance with the provisions of EU Regulation no. 2016/679 of 27 April 2016 regarding the protection of natural persons with respect to personal-data processing, as well as the free circulation of such data (General Regulation on Data Protection or “GDPR”), contain provisions aimed ensuring personal-data processing takes place in a manner respecting the rights and fundamental liberties of natural persons, with specific reference to the protection of personal data.

  1. Data Controller
    The Data Controller is A2A Security S.c.p.A. with registered office in Milan at Corso di Porta Vittoria 4.
     
  2. Data Protection Officer
    Data Controller has appointed a Data Protection Officer (DPO) who may be reached via email at dpo.privacy@a2a.eu, for any privacy-related questions or concerns, or to exercise data-subject rights (note the A2A Group company to whom to request is directed).
     
  3. Processing Purposes and the Legal Bases therefor
    In accordance with the duties contemplated under applicable law, we would like to inform you that the Data Controller (hereinafter “Data Controller” shall process your information to:
    - Manage complaints, reports, suggestions, and informational enquiries;
    - Carry out all activities necessary or convenient to continually improve service delivery (including but not limited to the analysis and monitoring of customer-service quality, and to conduct customer-satisfaction assessments).
    Data Controller would likewise inform you that this call may be recorded solely for the purpose of quality monitoring and assessments on all processes and customer-service efforts.
    The data processing may have, as a legal basis:
    - Fielding a complaint or information request;
    - The pursuit of a Data-Controller interest (disclosure of personal data within the business group for internal administrative purposes, marketing activities falling under the category of soft spam, analysis of customer-service efforts);
    - Discharge of a legal duty incumbent on Data Controller (e.g. disclosure of data to the authorities);
    - Specific consent expressed voluntarily by you.
     

  4. Categories of Personal Data
    Personal data processed by Data Controller shall include but not be limited to:
    - Biographical data and other identifiers (e.g. name, surname, Tax ID number, address, place and date of birth);
    - Contact information (e.g. telephone numbers - landline and mobile - email address);
    - Data relating to the supply agreement (e.g. supply type, POD);
    - Voice recordings
    - Other data falling under the aforementioned categories
    Data Controller may request the processing of its own customers’ data to carry out specific requests
     

  5. Recipients of Personal Data
    Your personal data shall be processed by authorised staff who need to access the data in the performance of their job duties, and by third parties taking action as independent Data Controllers and Data Supervisors.
    Your personal data may be disclosed to:
    - Parties charged with carrying out of operations connected and relating to processing (archival-services companies, IT service providers, social-media-management firms, marketing firms, credit-collection companies, professional firms, default-services operators, brokerages, insurance companies);
    - Other companies in the A2A Group, to the authorities, to research institutions or universities;
    - Entities of the public administration, and other parties in the discharge of statutory duties;
    - Other parties holding a legitimate interest.
    Your data shall not be disseminated.

  6. Data Transfer to Non-EU Countries
    Data Controller shall reserve the right to transfer your personal data to any country based on adequacy decisions of the European Commission, pursuant to those adequacy guarantees contemplated by applicable law.
     

  7. Personal-Data Retention Period
    Your data shall be retained in accordance with the provisions of applicable privacy regulations for no longer than strictly necessary to pursue those purposes for which they were processed, or as statutory / regulatory duties demand.
    Data from recorded calls shall be retained for thirty (30) days.
    Should any request be made by the relevant authorities, the aforementioned retention periods shall be extended, whereas in instances of any dispute, the personal data shall be retained until the dispute has been resolved.
     

  8. Processing Method
    The processing shall be carried out with or without the assistance of electronic tools, according to the tenets of ethics, lawfulness, transparency, in order to protect the data-subject's rights and privacy at all times in accordance with applicable law.
     

  9. Rights of the Data Subject
    The GDPR grants you the ability to exercise certain rights, including the right to ask the Data Controller to:
    - Confirm whether any processing is being conducted on your personal data, and in such cases, to access the same (access rights);
    - Correct any inaccurate personal data, or to supplement incomplete personal data (correction rights);
    - Delete the data themselves if one of the reasons contemplated under the GDPR applies (right to be forgotten);
    - Limit processing when one of the situations contemplated under the GDPR applies (limitation rights);
    - Receive the personal data you supplied to the Data Controller in a structured, commonly used, and machine-readable format, and to transmit such data to another Data Controller (portability rights);
    - Object at any time to processing carried out to pursue a Data Controller legitimate interest, and for marketing- and profiling-related purposes (right of objection);
    - Revoke consent, if provided, on the processing of your data, at any time, without thereby prejudicing the lawfulness of any processing predicated on your consent prior to such revocation.
    To exercise your rights, you may send a written request to Data Controller or Data Protection Officer.
    Without prejudice to any administrative or legal petition or appeal, you have the right to lodge a complaint to any authority, should you believe your processing to have violated the GDPR.
     

  10. Source of the Personal Data
    All personal data supplied by you, observed by the Data Controller, or lawfully collected through any third party (e.g. companies providing lists), shall be strictly functional to the purposes described above.
     

  11. Automated Decision-Making Processes
    Your data shall not be subject to decisions based solely on automated processing, including profiling, which produce legal effects on the data subject, or which in any other way significantly impact your person.

     

(1) Processing: Any operation or set of operations carried out with or without the assistance of automated processes and applied to personal data, or to a set of personal data, such as collection, recording, organisation, structuring, retention, adaptation, modification, extraction, consultation, use, disclosure by transmission, dissemination, or any other method of making the data available, comparison, or interconnection, limitation, deletion, or destruction.