Our Policies
The privacy policy and management policy of our social media channels.
Privacy policy
Privacy policy pursuant to Article 13 of Regulation (EU) 2016/679 (GDPR)
In compliance with Regulation (EU) 2016/679 (GDPR) and with the Italian legislation on the protection of personal data, we are hereby providing you, pursuant to Article 13 of the GDPR, with due information regarding the processing of the personal data you provide us with, in connection with the use of this website.
1. DATA CONTROLLER
Data Controller, pursuant to articles 4 and 24 of the GDPR, is CAP HOLDING SPA., with registered office in Via Rimini 38 – 20142 Milano, in the person of its pro-tempore legal representative. Tel. 02 825021, E-mail: privacy@gruppocap.it.
The Data Protection Officer (DPO) is identified c/o the Data Controller and can be reached by E-mail at: dpo@gruppocap.it.
2. TYPES OF DATA PROCESSED
In relation to the purposes of the processing listed above, the processing concerns the following categories of personal data:
2.1 Navigation data
The computer systems and software procedures necessary for the operation of this website acquire, just for the duration of the session or longer, some personal data (e.g. IP address, domain names of the computers used by users who connect to the website, information related to the user's operating system or computer environment, etc.), required for the usage of this site.
These data are not collected to identify the data subjects to whom they belong; these data, in fact, are not immediately traceable to individuals. Gruppo CAP uses browsing data just for the purpose of obtaining anonymous statistical information on the use of the site and to check that it is functioning correctly, and, after processing, they are immediately deleted.
2.2 Data voluntarily provided by the user
As a customer/user/visitor, by connecting to this website, you may provide Gruppo CAP your personal data in order to access certain services. This result in the acquisition by Gruppo CAP of your IP address and/or any other personal data you may voluntarily provide, which will be processed exclusively for the purpose of providing the requested service. The personal data provided may be communicated to third parties if such disclosure is necessary in order to fulfil your requests.
2.3 Cookies
What cookies are
Cookies, which are small text files, are sent by websites visited by users to their terminals, where they are stored and then resent to the same websites during future visits. Cookies are used for different purposes, they have different characteristics, and they can be used either by the owner of the site you are visiting or by third parties.
Why we use cookies
Cookies are useful because they allow a website to recognize a user's device and therefore improve the user's browsing experience, for example by remembering their favourite sites. In addition, cookies can in no way retrieve other data from your hard drive, transmit computer viruses or capture email addresses.
How we use cookies
Most of the cookies used while browsing this website are session cookies, i.e. they allow the website to function correctly and are automatically deleted when the browser is closed. Other types of cookies are saved on the computer's hard disk and can only be read by the server that previously stored them.
The use of cookies makes the use of the Internet more efficient and easier and allows you to perform operations that, in the absence of cookies, could not be performed (e.g. management of the reserved area, maintaining identification during the session, etc.). Gruppo CAP uses and manages cookies in full compliance with the current regulations. For further information on the management of cookies, please refer to the Cookie policy available on this website.
3. PROCESSING PURPOSE AND LEGAL BASIS
The personal data you provide will be processed for the following purposes:
a) to collect anonymous statistical information on the use of the site, in order to verify its correct functioning;
b) to enable the use of internet communication protocols;
c) to monitor traffic on this website;
d) to provide any services requested by the Data subject through contact form and/or chatbot. These services may be carried out with the support of artificial intelligence models aimed at business process efficiency. Please refer to section "6.1 Operating modes and logics of artificial intelligence systems" for detailed information.
The processing of your personal data for the purposes referred to in points a), b) and c) is automatic when you browse this website, however please note that the information collected is not directly traceable to the data subject. The processing is lawful as it is based on the legitimate interest of the Controller. The processing of your personal data for the purposes referred in points d) is optional, but refusal to provide it will make it impossible for the Controller to carry out the activities indicated therein. The processing is lawful as it is carried out for the performance of pre-contractual and contractual obligations.
4. COMMUNICATION OF DATA
The data may be communicated, for example, to the following categories of recipients:
- Gruppo CAP companies;
- subjects operating on behalf of the Data Controller as data processors, pursuant to art. 28 of the GDPR;
- subjects that provide services for the management of the information system used by Cap Holding S.p.A. and for the management of the telecommunications networks (including e-mail, database management, platforms, APP providers, call centers, etc.);
- freelancers, studies or companies in the context of assistance and consultancy relationships;
- competent authorities for the fulfilment of legal obligations and/or provisions of public entities, upon request.
The subjects belonging to the above categories act as Data Processors or operate in conditions of total independence as separate Data Controllers. In addition, CAP has signed a joint-ownership agreement with the “Servizio Idrico Integrato” Companies for Information Technology services. The content of the agreement is available on request by contacting the Company at the following e-mail addresses: privacy@gruppocap.it or dpo@gruppocap.it.
The list of Data Processors, including artificial intelligence provider, is constantly updated and available upon request by contacting the Society at the following e-mail addresses: privacy@gruppocap.it or dpo@gruppocap.it.
The data will not be disseminated.
5. TRANSFERS OUTSIDE EUROPEAN UNION
Personal data will be stored and processed by the Controller within the European Union. For the use of artificial intelligence systems, data may be transmitted and processed in the United States.
In the event of any processing of personal data outside the European Union, such processing shall take place only after adequate safeguards have been adopted, in accordance with mandatory regulations. In this case, the data subject may obtain a copy of the conditions underlying the possible transfer by sending an email to privacy@gruppocap.it.
6. PROCESSING METHODS AND DATA RETENTION
The processing will be carried out by persons authorized by the Data Controller through electronic or manual means, with logic strictly related to the purposes indicated and, in any case, in such a way as to guarantee the security and confidentiality of the data. At times, personal data may be processed through applications that may include artificial intelligence systems, including generative AI systems and/or chatbot. The processing of personal data using the above systems does not involve automated decision-making.
In compliance with the provisions of Article 5(1)(e) of the GDPR, the data will be stored in a form that allows the identification of the data subjects according to the following criteria:
- for a period of time not longer to the achievement of the purposes for which they are processed, unless otherwise provided for by regulatory or contractual obligations;
- in order to comply with specific legal or contractual obligations;
- where applicable and lawful, Until the data subject asks for their deletion.
6.1 Operating modes and logics of artificial intelligence systems
Gruppo CAP uses artificial intelligence systems ensuring special attention to the security of subjects' data. The applications will be aimed at improving internal processes and optimizing business operations, including, for example, the management of user requests and the processing of documents/forms provided by subjects using an OCR (optical character recognition) system enhanced through artificial intelligence. For such activities, CAP uses business-specific APIs that ensure high standards of privacy and security (e.g. SOC 2 Type 2 compliant). In addition, Gruppo CAP is committed to implement additional security measures (e.g. data anonymization) and considers regulatory developments to ensure continuous compliance. Personal data will not be used to train artificial intelligence algorithms and will be kept by the providers for a time not exceeding 30 days or in any case until the specific purposes are achieved. To receive more information about how the Company operates and the security measures applied, it is possible to contact the Company at the following e-mail addresses: privacy@gruppocap.it or dpo@gruppocap.it.
7. RIGHTS OF DATA SUBJECTS
Data subjects have the right, where applicable, to obtain at any time confirmation of the existence of such data and to know its content and origin, verify its accuracy or request its integration or updating, or rectification (Articles 15 and 16 of the GDPR). In addition, data subjects have the right to request data deletion, restriction of processing, revocation of consent, portability of data as well as to lodge a complaint with the supervisory authority and to object in any case, for legitimate reasons, to data processing (Art. 17 et seq. of the GDPR).
These rights may be exercised by written communication to be sent to privacy@gruppocap.it or dpo@gruppocap.it. Data Controller, also through the designated structures, will take care of your request and provide you, without undue delay, with information regarding the action taken on your request.
8. CHANGES TO THE PRIVACY POLICY
Data Controller reserves the right to change, update, add or remove parts of this privacy policy at its own discretion and at any time. The data subject is required to periodically check for any changes. In order to facilitate this verification, this policy will contain the update date. The use of this website, after the publication of the policy updated version, will constitute acceptance of the changes.
LAST UPDATE: 18/04/2024
DATA CONTROLLER
CAP HOLDING S.P.A.
Social media policy
CAP Group Social media channels terms and conditions of use
We use the main social media channels to communicate with citizens who use our Integrated Water Service through the web. The channels are managed by a digital team coordinated by us.
Contents
We use social channels to disseminate news, updates and information related to the Integrated Water Service and to collect comments, questions, requests, criticism and suggestions. The channels produce their own textual content, photographs, infographics, videos and other multimedia materials that are to be considered under Creative Commons CC BYND 3.0 [Attribution-Non derived works http://creativecommons.org/licenses/bynd/3.0/en/deed.it]: they can be reproduced freely, but must always be credited to the original channel of reference.
The comments and content of users who interact on our channels and should always be presented with name and surname represent the opinions of individuals and not that of the Group, which cannot be held responsible for the truthfulness or otherwise of what is posted by third parties, whether legal or natural entities.
Answers
Our social channels are moderated from Monday to Friday, from 9.30 am to 6.30 pm.
Our objective is to respond to citizens' requests whenever possible and to manage them with the competent offices to identify the most relevant response. Response times vary depending on the type of request; not everything can be resolved through social media channels, but we will do our best to indicate the best solutions.
For all emergencies, always refer to the current Emergency Response channels.
For emergencies
Refer to the Emergency Service section.
Moderation
Interaction and socialisation activities are an important step for us and for you, but we need a shared code of conduct as a common basis for the best possible use of the channels.
Everyone has the right to intervene and express their own free opinion; on our social media channels there is no prior censorship. However, comments and posts that violate the conditions set out in this document will be removed.
In particular, our channels may not be used to publish posts and comments that are discriminatory or offensive to other users, whether or not present at the discussion, Bodies, associations, companies or those who manage and moderate them, for any reason. Insults, threats, turpitude or attitudes that harm personal dignity, the rights of minorities and minors, the principles of freedom and equality will not be tolerated. Comments that are off-topic with respect to the discussion of a given post, comments or posts that present sensitive data, remarks posted repeatedly, comments and posts written to disturb the discussion or offend those who manage and moderate social channels, commercial and political spam will be moderated.
Our social media team reserves the right to use bans or blocks for those who repeatedly violate these conditions or those contained in the policies in order to prevent further action and to report
Privacy
The processing of users' personal data will respond to the policies in use on the social channels used (Facebook, Twitter, LinkedIn, YouTube, Instagram). Sensitive data posted in comments or public posts within our social media channels will be removed (see the Moderation section above).