In compliance with Regulation (EU) 2016/679 (GDPR) and with the Italian legislation on the protection of personal data, we are hereby providing you, pursuant to Article 13 of the GDPR, with due information regarding the processing of the personal data you provide us with, in connection with the use of this website.
1. DATA CONTROLLER
Data Controller, pursuant to articles 4 and 24 of the GDPR, is CAP HOLDING SPA., with registered office in Via Rimini 38 – 20142 Milano, in the person of its pro-tempore legal representative. The Data Protection Officer (DPO) is identified c/o the Data Controller and can be reached by E-mail at: firstname.lastname@example.org.
2. TYPE OF DATA PROCESSED
In relation to the purposes of the processing listed above, the processing concerns the following categories of personal data:
2.1 Navigation data
The computer systems and software procedures necessary for the operation of this website acquire, just for the duration of the session or longer, some personal data (e.g. IP address, domain names of the computers used by users who connect to the website, information related to the user's operating system or computer environment, etc.), necessary to allow you to use this site easily.
These data are not collected to identify the data subjects to whom they belong; these data, in fact, are not immediately traceable to individuals. Gruppo CAP uses browsing data just for the purpose of obtaining anonymous statistical information on the use of the site and to check that it is functioning correctly, and, after processing, they are immediately deleted.
2.2 Data voluntarily provided by the user
As a customer/user/visitor, by connecting to this website, you may provide Gruppo CAP with your personal data in order to access certain services. This result in the acquisition by the Gruppo CAP of your IP address and/or any other personal data you may voluntarily provide, which will be processed exclusively for the purpose of providing the requested service. The personal data provided may be communicated to third parties if such disclosure is necessary in order to fulfil your requests.
What cookies are
Cookies are small text files that websites visited by users send to their terminals, where they are stored in order to be sent back to the same websites on subsequent visits. Cookies are used for different purposes, they have different characteristics, and they can be used either by the owner of the site you are visiting or by third parties.
Cookies are useful because they allow a website to recognise a user's device and therefore improve the user's browsing experience, for example by remembering their favourite sites. In addition, cookies can in no way retrieve other data from your hard drive, transmit computer viruses or capture email addresses.
Most of the cookies used while browsing this website are session cookies, i.e. they allow the website to function correctly and are automatically deleted when the browser is closed. Other types of cookies are saved on the computer's hard disk and can only be read by the server that previously stored them.
3. PROCESSING PURPOSE AND LEGAL BASIS
The personal data you provide will be processed for the following purposes:
a) to collect anonymous statistical information on the use of the site, in order to verify its correct functioning;
b) to enable the use of internet communication protocols;
c) to monitor traffic on this website;
d) to provide any services requested by the Data subject.
The processing of your personal data for the purposes referred to in points a), b) and c) is automatic when you browse this website, however please note that the information collected is not directly traceable to the data subject. The processing is lawful as it is based on the legitimate interest of the Controller. The processing of your personal data for the purposes referred to in points d) is optional, but refusal to provide it will make it impossible for the Controller to carry out the activities indicated therein. The processing is lawful as it is carried out for the performance of pre-contractual and contractual obligations.
4. COMMUNICATION OF DATA
The data may be communicated, by way of example, to the following categories of recipients:
- Gruppo CAP companies;
- subjects operating on behalf of the Data Controller as data processors, pursuant to art. 28 of the GDPR;
- subjects that provide services for the management of the information system used by Cap Holding S.p.A. and for the management of the telecommunications networks (including e-mail, database management, platforms, APP providers, call centers, etc.);
- freelancers, studies or companies in the context of assistance and consultancy relationships;
- competent authorities for the fulfilment of legal obligations and/or provisions of public entities, upon request.
The subjects belonging to the above categories act as Data Processors or operate in conditions of total independence as separate Data Controllers. In addition, CAP has signed a joint-ownership agreement with the “Servizio Idrico Integrato” Companies for Information Technology services. The content of the agreement is available on request by contacting the Company at the following e-mail addresses:email@example.com or firstname.lastname@example.org
The list of Data Processors is constantly updated and available at the Data Controller's offices. The data will not be disseminated.
5. TRANSFERS OUTSIDE EUROPEAN UNION
Personal data will be stored and processed by the Controller within the European Union.
In the event of any processing of personal data outside the European Union, such processing shall take place only after adequate safeguards have been adopted, in accordance with mandatory regulations. In this case, the data subject may obtain a copy of the conditions underlying the possible transfer by sending an email to email@example.com.
6. PROCESSING METHODS AND DATA RETENTION
The processing will be carried out by persons authorised by the Data Controller through electronic or manual means, with logic strictly related to the purposes indicated and, in any case, in such a way as to guarantee the security and confidentiality of the data.
In compliance with the provisions of Article 5(1)(e) of the GDPR, the data will be stored in a form that allows the identification of the data subjects according to the following criteria:
- for a period of time not superior to the achievement of the purposes for which they are processed, unless otherwise provided for by regulatory or contractual obligations;
- in order to comply with specific legal or contractual obligations;
- where applicable and lawful, until such time as the data subject requests their erasure.
7. RIGHTS OF DATA SUBJECTS
Data subjects have the right, where applicable, to obtain at any time confirmation or otherwise of the existence of such data and to know its content and origin, verify its accuracy or request its integration or updating, or rectification (Articles 15 and 16 of the GDPR). In addition, data subjects have the right to request data deletion, restriction of processing, revocation of consent, portability of data as well as to lodge a complaint with the supervisory authority and to object in any case, for legitimate reasons, to data processing (Art. 17 et seq. of the GDPR).
These rights may be exercised by written communication to be sent to firstname.lastname@example.org or email@example.com. Data Controller, also through the designated structures, will take care of your request and provide you, without undue delay, with information regarding the action taken on your request.
UPDATE DATE: 15/04/2021
CAP HOLDING S.P.A.