Privacy policy

Information on personal data processing carried out through this website

The following describes this website’s management method and provides the information concerning the current legislation in the framework of the European Parliament Regulation no. 679/2016, on personal protection with regard to personal data processing and free movement in relation to personal information processing for users who access the www.a2a.eu website and its subdomains; this information is not provided for any other website consulted by the user using links.


Purpose of the processing and type of processed data

Browsing data is acquired by computer systems and by software procedures that regulate the operation of this website. This information is not collected to allow subsequent identification of the user, but is only used to obtain anonymous statistical information on the use of this website and to make sure it is working correctly; this category of data includes IP addresses or users’ computers domain names when they connect to this website, the time of this request, the method used to submit the request to the server, the numerical code indicating the response status provided by the server (successful completion, error, etc.) and other parameters related to the operating system and browser used by the user.
This data may be used by competent Authorities for the assessment of liability in the event of cyber crimes against this website.
The data provided voluntarily by the users, with the contact forms of this website, is processed for the sole purpose of carrying out the requested service or performance (for example: sending a curriculum vitae, an information request for investors, school tours of the installations, subscription to services to receive press releases, newsletter subscriptions for A2A activities and schools, etc.).
In relation to certain specific services, and upon informed consent of the subject concerned, the entered data may also be used by the Processing Holder to provide information and updates on the services offered, for sales or product and service placement activities and to develop market research and surveys.

 

Cookies

When the user accesses or interacts with this website, its services, Apps, tools or messaging systems, the Data Holder may use cookies, Web beacons and other similar technologies in order to ensure proper operation of the services offered, improve performance, offer additional features and send targeted advertising according to the user’s interests.

TYPES OF COOKIES

Cookies are small text strings (usually consisting of letters and numbers) that allow a website to recognise a particular device or browser; in fact, these text files are sent from a website to the user’s browser and then stored on his or her device (e.g. computers, tablets, smartphones, etc.) and retransmitted to the same website during the user’s following visit.
The following is a list of the types and characteristics of cookies sent to the user's terminal during his/her browsing on the website:

  • Proprietary cookies: cookies installed by the manager of the website that the user is visiting.
  • Third-party cookies: cookies installed by the manager of a different website through the website that the user is visiting.
  • Technical cookies: these are used for the sole purpose of communication transmissions on an electronic communications network or to the extent strictly necessary for the provider of a company information service to provide a service explicitly requested by the contractor or the user.

These cookies can be distinguished in:

  • browsing or session cookies that guarantee the normal browsing and use of the website;
  • cookie analytics, integrated to technical cookies when used to collect aggregated information, concerning the number of users and how they visit the website;
  • functionality cookies, that allow the user to browse according to a set of selected criteria (e.g. language setting) in order to improve the service provided.  
  • Consent of the subject concerned is not required for the installation and use of technical cookies.
  • Third-party profiling cookies: these cookies are used to create user-related profiles and are used to send advertising messages in line with the preferences expressed by the user in the context of network browsing. These cookies are installed through this website by third parties, such as Facebook, Twitter, LinkedIn, Google and YouTube. User Consent is required for the installation and use of third-party profiling cookies.
  • Third-party analytical cookies (Google Analytics provided by Google) used by the Holder for the sole purpose of collecting aggregated information, such as the number of website users, the most visited pages, etc. These cookies will not be used for profiling purposes. Tools to reduce the identification power of cookies have been adopted therefore the third party will not match the collected information with other already available information.

In relation to the aforementioned third party cookies installed on this website, notwithstanding the concerned subject’s possibility to disable them with the browser settings as indicated below, the following is a list of the links related to information notes and consent forms made available by the respective third parties:

The user has the right to disable the use of all or part of the profiling cookies. Even in the absence of profiling cookies, the user will still display the Holder’s advertising messages, which are not based on the interests and preferences expressed by the user when browsing.
In particular, the user can block, delete, or disable individual cookies by changing the browser settings. Most browsers allow setting rules to activate and disable all or just part of the cookies sent.
The following links provide instructions to disable cookies on major browsers:

However, the Holder reminds you that disabling cookies might interfere with the user's overall browsing experience.
Further information is available on the Data Protection Authority’s website.


User password and security

Certain services offered in the Customer Area (if any) provide a registration procedure, for confidentiality and security reasons; the user must create his/her own required access code (password), and User-ID, to access the protected services. The user can change his/her password at any time by following the instructions provided by the system.
The user is the only person responsible for maintaining the secrecy and confidentiality of his/her User-ID and/or password and is solely responsible for it. The user assumes complete responsibility for his/her activities regarding navigation on this website and is obliged to inform the Holder of any security breach immediately – even by third parties –of which he/she is aware; the user also undertakes to indemnify and exempt the Holder from any claim, demand or threat relating to or arising from navigation on this website.

Links to other websites

Hyperlinks (links) to other websites can be found on the pages of this website, that are proposed to provide a better service for its users; the Holder can not be held responsible in any way for the content of the websites to which the users may have access through their website.
The existence of a link to another website does not imply the Holder’s approval or acceptance of liability concerning the content of the new website that is accessed, also in relation to the policy adopted for the processing of personal data and its’ use.


Processing methods and data retention time

Data processing is carried out using electronic and, in certain cases, paper-based instruments according to principles of correctness, lawfulness and transparency, in order to protect the confidentiality and the rights of the subject concerned at all times, in compliance with the provisions of the legislation in force. Technical and organisational security measures have been adopted to protect data from destruction or loss, that can be accidental, and against unauthorised access or disclosure,.
Data will be retained, according to the provisions of existing legislation, for a period of time strictly necessary to achieve the purpose for which they are processed.
Consequently, in the absence of specific regulations that provide for different times of retention, the Holder shall undertake to use this data for the purposes indicated in this information note for a time consistent with the same purposes. In any case, the Holder is engaged to avoid using data indefinitely.


Nature of data conferral and any consequences of refusal

All browsing data collected within this processing procedure is strictly functional for the computerised management of this website. The registration procedure to access the Customer Area (where existing) is compulsory in order to exclude unauthorised access to the services offered. Conferral of personal data voluntarily provided by contact forms is optional, but failure to collect data entails the impossibility to carry out the services and/or the requested information.


Subjects responsible for data processing and System administrators – Data communication and disclosure

Data processing related to the Web services of this website takes place at the registered offices of the A2A Group and the collected personal data is processed by responsible personnel requiring knowledge of this data to perform their activities. Personal data may be communicated to third parties responsible for the execution of related activities and instrumental to their treatment, described in the specific information note contained in the contact form of this website, and to the competent authorities in fulfilment of statutory obligations.
Subject to specific consent granted by the subject concerned, and where specified, data conferred voluntarily may be communicated to other companies of the A2A Group or to third parties for marketing and information purposes; any consent may be revoked at any time


Data Holder and Processor

The Holder of the personal data processing is the A2A Spa Company with registered offices in Via Lamarmora, 230 – 25124 Brescia. Companies providing services that involve processing data on behalf of the Holder have been appointed as Data Processors.
Any interested party may contact the Data Protection Officer by sending a notice to the following address: dpo.privacy@a2a.eu.


Rights of the subject concerned

The subjects to whom personal data refer are entitled to specific rights, including those of asking the Data Controller:

  • to confirm that your personal data is being processed and, if so, to obtain access to this data (right of access).
  • to correct inaccurate personal data, or integrate incomplete personal data (right of data correction).
  • to delete this data, if one of the reasons provided by the Regulation occurs (right to be forgotten).
  • to limit the processing when one of the reasons provided by the Regulation occurs (right of data limitation).
  • to receive the personal data provided by you to the Holder in a structured format that is of common use and readable by automatic devices, and to transmit this data to another Data Holder (right to data portability).

The subject concerned also has the right to withdraw his/her consent to the data processing at any time, without prejudice to the lawfulness of the consent granted prior to revocation, and to oppose the data processing for marketing and/or market profiling purposes (right of opposition).
To exercise your rights, you may contact the Data Controller at the following contacts: e-mail address webcom@a2a.eu or a write a letter to A2A Spa, via Lamarmora, 230 – 25124 Brescia or to the address Corso di Porta Vittoria 4 – 20122 Milan. You have the right to file a complaint to Supervisory authorities if you deem that the processing of your data is breaching EU Privacy Regulations, without prejudice to any other administrative or legal appeal.

Current legislation in force regarding the processingof personal data as defined in accordance with the provisions of EU Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data, as well as the free movement of such data (General Regulations on Data Protection, hereinafter referred to as “EU Privacy Regulations”) includes provisions to ensure that the processing of personal complies with rights and fundamental freedoms of natural persons, with particular regard to the right to the protection of personal data. 

Purpose of processing

In fulfilment of the obligations provided for by the legislation in force, we hereby inform you that the Data Controller (hereinafter also referred to as the “Controller), performs the processing of your personal data for the purpose of controlling access to the premises of the companies of A2A Group. This processing serves, in particular, to verify the identity of persons accessing corporate areas and to have immediate information on who is on company premises daily, including for reasons of safety. We also wish to inform you that, for reasons of safety and protection of company assets, a video surveillance system with closed-circuit television cameras is in operation on company premises. The images taken are processed by authorized personnel only.

Processing methods and data retention period

Processing will be performed with or without the aid of electronic tools, according to the principles of fairness, lawfulness and transparency, in order to protect at all times the confidentiality and rights of the person concerned in compliance with the provisions of the legislation in force.
Your data will be retained, in accordance with the regulations in force, for no longer than is necessary to fulfil the purposes for which it is processed.

Nature of the provision and possible consequences of refusal

All the data collected within the scope of this processing is used for the declared purposes and for the fulfilment of legal requirements, including those on personal safety. The provision of the personal data required is optional, but the refusal to provide such data precludes access to the premises of the companies of A2A Group, given the urgent need to identify anyone who enters company areas.

Persons authorised to process personal data - Disclosure and dissemination of data

The personal data and images collected are processed by authorized personnel who need to have knowledge of such data in order to perform their duties and by external parties who may act as joint controllers or data processors, as required.
Your personal data may be disclosed to third parties who are responsible for the execution of related activities that are instrumental to this processing, to national authorities, public administrations, other companies of the A2A Group and third parties, in fulfilment of legal obligations. 
Your data will not be disseminated.

Data Controller and Processor and Data Protection Officer

The Data Controller is A2A S.p.A., with registered office in Via Lamarmora 230 - Brescia. The role of Data Processor has be assigned to certain companies that provide the Controller with specific processing services or perform activities related to, instrumental to or in support of the activities performed by the service provider. Any queries may be sent in writing to the Data Protection Officer at the following address dpo.privacy@a2a.eu.

Rights of the interested party

According to the EU Privacy Regulations, you have the right to obtain from the Data Controller:
-    confirmation as to whether or not your personal data is being processed, and, where that is the case, access to the personal data (right of access).
-    rectification of inaccurate personal data, or to have incomplete personal data completed (right of rectification).
-    the cancellation of personal data, where one of the grounds provided for by Regulations applies (right of cancellation).
-    the restriction of processing where one of the grounds provided for by the Regulations applies (right of restriction).
-    to receive your personal data, which you provided to the Controller, in a structured, commonly used and machine-readable format and the right to transmit it to another data controller (right to portability).
You also have the right to obtain all the information relating to the possible transfer of data to countries outside the EU.
To exercise these rights, you can send an email to securitycontrolroom@a2a.eu or written communication to the Controller.
Without prejudice to any other administrative appeal or judicial review, you have the right to lodge a complaint with a Supervisory Authority if you believe that the processing of your data  violates the EU Privacy Regulations.

 

1) Processing: any operation or set of operations, performed with or without the use of automated processes and applied to personal data or sets of personal data, such as the collection, recording, organization, structuring, retention, adaptation or modification, extraction, consultation, use, disclosure by transmission, dissemination or any other form of provision, comparison or interconnection, limitation, deletion or destruction.