Our Policies

The privacy policy and management policy of our social media channels.

Privacy policy

Privacy policy pursuant to and for the purposes of Article 13 of Regulation (EU) 2016/679 (GDPR)

In compliance with Regulation (EU) 2016/679 (GDPR) and with the Italian legislation on the protection of personal data, we are hereby providing you, pursuant to Article 13 of the GDPR, with due information regarding the processing of the personal data you provide us with, in connection with the use of this website.


Data Controller, pursuant to articles 4 and 24 of the GDPR, is CAP HOLDING SPA., with registered office in Via Rimini 38 – 20142 Milano, in the person of its pro-tempore legal representative. The Data Protection Officer (DPO) is identified c/o the Data Controller and can be reached by E-mail at: dpo@gruppocap.it.


In relation to the purposes of the processing listed above, the processing concerns the following categories of personal data:

2.1 Navigation data

The computer systems and software procedures necessary for the operation of this website acquire, just for the duration of the session or longer, some personal data (e.g. IP address, domain names of the computers used by users who connect to the website, information related to the user's operating system or computer environment, etc.), necessary to allow you to use this site easily.

These data are not collected to identify the data subjects to whom they belong; these data, in fact, are not immediately traceable to individuals. Gruppo CAP uses browsing data just for the purpose of obtaining anonymous statistical information on the use of the site and to check that it is functioning correctly, and, after processing, they are immediately deleted.

2.2 Data voluntarily provided by the user

As a customer/user/visitor, by connecting to this website, you may provide Gruppo CAP with your personal data in order to access certain services. This result in the acquisition by the Gruppo CAP of your IP address and/or any other personal data you may voluntarily provide, which will be processed exclusively for the purpose of providing the requested service. The personal data provided may be communicated to third parties if such disclosure is necessary in order to fulfil your requests.

2.3 Cookies

What cookies are

Cookies are small text files that websites visited by users send to their terminals, where they are stored in order to be sent back to the same websites on subsequent visits. Cookies are used for different purposes, they have different characteristics, and they can be used either by the owner of the site you are visiting or by third parties. 

Why we use cookies

Cookies are useful because they allow a website to recognise a user's device and therefore improve the user's browsing experience, for example by remembering their favourite sites. In addition, cookies can in no way retrieve other data from your hard drive, transmit computer viruses or capture email addresses.

How we use cookies

Most of the cookies used while browsing this website are session cookies, i.e. they allow the website to function correctly and are automatically deleted when the browser is closed. Other types of cookies are saved on the computer's hard disk and can only be read by the server that previously stored them.

The use of cookies makes the use of the Internet more efficient and easier and allows you to perform operations that, in the absence of cookies, could not be performed (e.g. management of the reserved area, maintaining identification during the session, etc.). Gruppo CAP uses and manages cookies in full compliance with the current regulations. For further information on the management of cookies, please refer to the Cookie policy available on this website.


The personal data you provide will be processed for the following purposes:

a) to collect anonymous statistical information on the use of the site, in order to verify its correct functioning;

b) to enable the use of internet communication protocols;

c) to monitor traffic on this website;

d) to provide any services requested by the Data subject.

The processing of your personal data for the purposes referred to in points a), b) and c) is automatic when you browse this website, however please note that the information collected is not directly traceable to the data subject. The processing is lawful as it is based on the legitimate interest of the Controller. The processing of your personal data for the purposes referred to in points d) is optional, but refusal to provide it will make it impossible for the Controller to carry out the activities indicated therein. The processing is lawful as it is carried out for the performance of pre-contractual and contractual obligations.


The data may be communicated, by way of example, to the following categories of recipients:

  • Gruppo CAP companies;
  • subjects operating on behalf of the Data Controller as data processors, pursuant to art. 28 of the GDPR; 
  • subjects that provide services for the management of the information system used by Cap Holding S.p.A. and for the management of the telecommunications networks (including e-mail, database management, platforms, APP providers, call centers, etc.);
  • freelancers, studies or companies in the context of assistance and consultancy relationships;
  • competent authorities for the fulfilment of legal obligations and/or provisions of public entities, upon request.

The subjects belonging to the above categories act as Data Processors or operate in conditions of total independence as separate Data Controllers. In addition, CAP has signed a joint-ownership agreement with the “Servizio Idrico Integrato” Companies for Information Technology services. The content of the agreement is available on request by contacting the Company at the following e-mail addresses:privacy@gruppocap.it or dpo@gruppocap.it

The list of Data Processors is constantly updated and available at the Data Controller's offices. The data will not be disseminated.


Personal data will be stored and processed by the Controller within the European Union. 

In the event of any processing of personal data outside the European Union, such processing shall take place only after adequate safeguards have been adopted, in accordance with mandatory regulations. In this case, the data subject may obtain a copy of the conditions underlying the possible transfer by sending an email to privacy@gruppocap.it.


The processing will be carried out by persons authorised by the Data Controller through electronic or manual means, with logic strictly related to the purposes indicated and, in any case, in such a way as to guarantee the security and confidentiality of the data.

In compliance with the provisions of Article 5(1)(e) of the GDPR, the data will be stored in a form that allows the identification of the data subjects according to the following criteria:

  • for a period of time not superior to the achievement of the purposes for which they are processed, unless otherwise provided for by regulatory or contractual obligations; 
  • in order to comply with specific legal or contractual obligations;
  • where applicable and lawful, until such time as the data subject requests their erasure.


Data subjects have the right, where applicable, to obtain at any time confirmation or otherwise of the existence of such data and to know its content and origin, verify its accuracy or request its integration or updating, or rectification (Articles 15 and 16 of the GDPR). In addition, data subjects have the right to request data deletion, restriction of processing, revocation of consent, portability of data as well as to lodge a complaint with the supervisory authority and to object in any case, for legitimate reasons, to data processing (Art. 17 et seq. of the GDPR).

These rights may be exercised by written communication to be sent to privacy@gruppocap.it or dpo@gruppocap.it. Data Controller, also through the designated structures, will take care of your request and provide you, without undue delay, with information regarding the action taken on your request.


Data Controller reserves the right to change, update, add or remove parts of this privacy policy at its own discretion and at any time. The data subject is required to periodically check for any changes. In order to facilitate this verification, this policy will contain the update date. The use of this website, after the publication of the policy updated version, will constitute acceptance of the changes.

UPDATE DATE: 15/04/2021



Social media policy

CAP Group Social media channels terms and conditions of use

We use the main social media channels to communicate with citizens who use our Integrated Water Service through the web. The channels are managed by a digital team coordinated by us.


We use social channels to disseminate news, updates and information related to the Integrated Water Service and to collect comments, questions, requests, criticism and suggestions. The channels produce their own textual content, photographs, infographics, videos and other multimedia materials that are to be considered under Creative Commons CC BYND 3.0 [Attribution-Non derived works http://creativecommons.org/licenses/bynd/3.0/en/deed.it]: they can be reproduced freely, but must always be credited to the original channel of reference.

The comments and content of users who interact on our channels and should always be presented with name and surname represent the opinions of individuals and not that of the Group, which cannot be held responsible for the truthfulness or otherwise of what is posted by third parties, whether legal or natural entities.


Our social channels are moderated from Monday to Friday, from 9.30 am to 6.30 pm.

Our objective is to respond to citizens' requests whenever possible and to manage them with the competent offices to identify the most relevant response. Response times vary depending on the type of request; not everything can be resolved through social media channels, but we will do our best to indicate the best solutions.

For all emergencies, always refer to the current Emergency Response channels.


Interaction and socialisation activities are an important step for us and for you, but we need a shared code of conduct as a common basis for the best possible use of the channels.

Everyone has the right to intervene and express their own free opinion; on our social media channels there is no prior censorship. However, comments and posts that violate the conditions set out in this document will be removed.

In particular, our channels may not be used to publish posts and comments that are discriminatory or offensive to other users, whether or not present at the discussion, Bodies, associations, companies or those who manage and moderate them, for any reason. Insults, threats, turpitude or attitudes that harm personal dignity, the rights of minorities and minors, the principles of freedom and equality will not be tolerated. Comments that are off-topic with respect to the discussion of a given post, comments or posts that present sensitive data, remarks posted repeatedly, comments and posts written to disturb the discussion or offend those who manage and moderate social channels, commercial and political spam will be moderated.

Our social media team reserves the right to use bans or blocks for those who repeatedly violate these conditions or those contained in the policies in order to prevent further action and to report 


The processing of users' personal data will respond to the policies in use on the social channels used (Facebook, Twitter, LinkedIn, YouTube, Instagram). Sensitive data posted in comments or public posts within our social media channels will be removed (see the Moderation section above).