AMSA Privacy policy

The following explains the management modes of the site and the statement provided for by the current regulations in the context of  European Parliament Regulation no. 679/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, in reference to the processing of personal data of users who access the website www.amsa.it and its subdomains; the statement does not cover any other websites consulted by the user through links.

Purpose and legal basis of the processing 

Navigation data are acquired from the computer systems and the software procedures that govern the operation of this site. This information is not collected to allow subsequent identification of the user, but is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct operation; this category of data includes the IP addresses or domain names of the computers used by the users who connect to the site, the time of the request, the method used to submit the request to the server, the numeric code indicating the status of the response given by the server (done, error, etc.) and other parameters related to the operating system and the browser used by the user.

These data may be used by the competent authorities for the purposes of ascertaining liability in case of computer crimes against the site.

Data provided voluntarily by users through the call centre or the contact form on this site are only processed in order to provide the service requested (for example: requests for information and services, reports, newsletters, bulky material collection service reservation etc. etc.).

In relation to certain specific services and prior informed consent of the person concerned, the data can also be used by the Data controller to inform and update on the services offered, sell or place products and services and prepare studies and market research.

The processing of data may have as its legal basis the implementation of a contract (provision of services you requested from the site), the fulfilment of a legal obligation to which the Controller is subject (e.g. data communications to the authorities) or the pursuit of a legitimate interest of the Controller (e.g. transmitting personal data within the A2A Group for administrative purposes or to ensure network security) or the consent you have given.

Cookies
When the user accesses or otherwise interacts with this site, the services, apps, tools or messaging systems the Data controller may use cookies, web beacons and other similar technologies to ensure the operation of the services offered, to improve performance, provide additional functions and send targeted advertising and in line with the interests of the user.

Types of Cookies

Cookies are text strings of small dimensions (usually made up of letters and numbers) that allow a site to recognize a particular device or browser; in fact, these text files are sent from a website to the browser used by the user for navigation, and are subsequently stored on his/her device (e.g. Computer, Tablet, Smartphone, etc.) and retransmitted to the same site during the next visit by the user.

The following are the types and the characteristics of the cookies sent to the user’s terminal during navigation on this site.

• First party cookies: cookies installed by the operator of the site that the user is visiting.
• Third Party Cookies: Cookies installed by the operator of a different site through the site that the user is visiting.
• Technical Cookies: are used for the sole purpose of transmitting a communication over an electronic communications network or to the extent strictly necessary to the supplier of an information company service explicitly requested by the contracting party or by the user to deliver this service.
  These cookies can be split into:
• browser or session cookies, which guarantee the normal navigation and use of the website;
• cookie analytics, integrated with technical cookies where used to collect information in aggregate form, on the number of users and on how these visit the website;
• set cookie that allows the user to navigate depending on a number of selected criteria (e.g. language setting) in order to improve the service rendered.
• The consent of the person concerned is not needed to install and use technical cookies.
• Third party analytics cookies (Google analytics supplied by Google) used by the Controller for the sole purpose of gathering information in aggregate form such as the number of website users, the most visited pages of the site, etc. These cookies will not be used for profiling. Tools that reduce the identifying power of cookies and third parties have been adopted so that the collected information is not intersected with other which already exists.

In relation to the above mentioned third party cookies installed on this site, notwithstanding the possibility for the person concerned to disable them through the browser settings as indicated below, please find below links to the statements and to consent forms made available by the respective third-party:

Google Analytics

Privacy information and consent forms: https://www.google.com/intl/it/policies/privacy/

These cookies can be disabled by clicking on this link: https://tools.google.com/dlpage/gaoptout/ 

In particular, the user can block, delete or disable the individual cookie by changing the browser settings. Most browsers in fact allow rules to be set up to enable and disable all or just part of the cookies sent.
The links below include instructions to disable cookies in the main browsers:

• Chrome
• Explorer
• Safari
• Firefox
• Opera

However the Controller wishes to remind you that disabling cookies may worsen the user’s global navigation experience.

More information is available on the website of the Italian Data Protection Authority.

User password and User security

Some services offered on the site include a registration procedure for reasons of confidentiality and security; the user will have to create their own access code (password) which will be essential, together with the user-id, for access to protected services. The user can at any time change their password by following the instructions provided by the system.

The user has the sole responsibility for maintaining the secrecy and confidentiality of their user-id and/or password and is the only one responsible. The user assumes sole responsibility for all their navigation activities on this site and undertakes to communicate immediately to the Controller any breach of security - even by third parties - of which they are aware; he/she also undertakes to indemnify and hold harmless the Controller from any claim, demand or threat relating to or arising from navigation on this site.

Links to other websites

You can find links to other websites on the pages of this website, proposed to provide a better service to its users; the Controller cannot be held responsible in any way for the content of websites that users may access via its website.
The existence of a link to another site does not therefore imply approval or acceptance of responsibility by the Controller concerning the content of the new site accessed, and in relation to the policy adopted for the processing of personal data as well as to its use.

Processing methods and data retention period

Processing will be performed with or without the aid of electronic tools and, in some cases, with hard copies, according to the principles of fairness, lawfulness and transparency, in order to protect at all times the confidentiality and rights of the person concerned in compliance with the provisions of the legislation in force. To protect your data from destruction or loss, even accidental, and against unauthorized disclosure or access, technical and organizational security measures have been adopted. Personal data will not be subjected to decisions based solely on automated processing, including profiling, which produce legal effects concerning you or that in a similar way affect you significantly.
Your data will be retained, in accordance with the regulations in force, for no longer than is necessary to fulfil the purposes for which it is processed or for the time established by law.

Consequently, in the absence of specific rules providing for different retention times, the Controller will have to use the data for the purposes set out in this statement for a time consistent with its purpose. In any case the Controller will take every care to avoid an indefinite use of the data.

Nature of the provision and possible consequences of refusal

All navigation data collected within the scope of this processing are strictly functional to the management of the site. The registration procedure to access certain services offered by the site is compulsory in order to exclude unauthorized access to the services offered. Providing personal data voluntarily through the call centre or contact form is optional, but failure to collect implicates the impossibility of performing the services and/or providing the information requested.

Persons in charge of processing and System administrators - Communication and dissemination of data

The processing related to the web services of this website takes place at the premises of the A2A Group and the collected personal data are handled by personnel responsible for their processing who need to know about them in the performance of their duties. Your personal data may be communicated to third parties who are responsible for the implementation of activities connected and instrumental to the processing (computer services companies) and to the competent authorities in fulfilment of the legal obligations, or to recipients that have a legitimate interest.
Data provided voluntarily may be communicated to other companies of the A2A Group or to third party companies for marketing purposes and information, subject to prior consent by the person concerned or where specified; any consent given may be revoked.
 

Controller and Processor

The Data Controller is AMSA S.p.A., with registered office in Via  Olgettina 25 – 20132 Milano. The companies that provide services involving the processing of data on behalf of the Controller have been appointed as data processors.

Anybody concerned may contact the Data Protection Officer by sending a communication to the following address dpo.privacy@a2a.eu, indicating the A2A Group company  (Data Controller) as recipient of the request.

Rights of the interested party

The subjects to whom the personal data refers, may exercise specific rights, including those of asking the Data Controller:

• confirmation as to whether or not your personal data is being processed, and, where that is the case, access to the personal data (right of access).
• rectification of inaccurate personal data, or to have incomplete personal data completed (right of rectification).
• the cancellation of personal data, where one of the grounds provided for by Regulations applies (right of cancellation).
• the restriction of processing where one of the grounds provided for by the Regulations applies (right of restriction).
• to receive your personal data, which you provided to the Controller, in a structured, commonly used and machine-readable format and the right to transmit it to another data controller (right to portability).
• to oppose at any time the processing performed in the pursuit of a legitimate interest of the Controller (right of opposition).

The interested party has the right to revoke the consent to processing of the data at any time without affecting the lawfulness of the processing based on the consent given before the revocation.

To exercise the rights you can contact the Data controller at the following addresses:  call centre at the number 800 332299, mail box webcom@a2a.eu 

or written communication - AMSA s.p.a. with registered office in Via Olgettina 25 - 20132 Milan.

Without prejudice to any other administrative appeal or judicial review, you have the right to lodge a complaint with a Supervisory Authority if you believe that the processing of your data  violates the Regulation.