Our Policies

Privacy policy

Privacy policy pursuant to Article 13 of Regulation (EU) 2016/679 (GDPR)

In compliance with Regulation (EU) 2016/679 (GDPR) and with the Italian legislation on the protection of personal data, we are hereby providing you, pursuant to Article 13 of the GDPR, with due information regarding the processing of the personal data you provide us with, in connection with the use of this website.

1. DATA CONTROLLER

Data Controller, pursuant to articles 4 and 24 of the GDPR, is CAP HOLDING SPA., with registered office in Via Rimini 38 – 20142 Milano, in the person of its pro-tempore legal representative. Tel. 02 825021, E-mail: privacy@gruppocap.it.

The Data Protection Officer (DPO) is identified c/o the Data Controller and can be reached by E-mail at: dpo@gruppocap.it.

2. TYPES OF DATA PROCESSED

In relation to the purposes of the processing listed above, the processing concerns the following categories of personal data:

2.1 Navigation data

The computer systems and software procedures necessary for the operation of this website acquire, just for the duration of the session or longer, some personal data (e.g. IP address, domain names of the computers used by users who connect to the website, information related to the user's operating system or computer environment, etc.), required for the usage of this site.

These data are not collected to identify the data subjects to whom they belong; these data, in fact, are not immediately traceable to individuals. Gruppo CAP uses browsing data just for the purpose of obtaining anonymous statistical information on the use of the site and to check that it is functioning correctly, and, after processing, they are immediately deleted.

2.2 Data voluntarily provided by the user

As a customer/user/visitor, by connecting to this website, you may provide Gruppo CAP your personal data in order to access certain services. This result in the acquisition by Gruppo CAP of your IP address and/or any other personal data you may voluntarily provide, which will be processed exclusively for the purpose of providing the requested service. The personal data provided may be communicated to third parties if such disclosure is necessary in order to fulfil your requests.

2.3 Cookies

What cookies are

Cookies, which are small text files, are sent by websites visited by users to their terminals, where they are stored and then resent to the same websites during future visits. Cookies are used for different purposes, they have different characteristics, and they can be used either by the owner of the site you are visiting or by third parties. 

Why we use cookies

Cookies are useful because they allow a website to recognize a user's device and therefore improve the user's browsing experience, for example by remembering their favourite sites. In addition, cookies can in no way retrieve other data from your hard drive, transmit computer viruses or capture email addresses.

How we use cookies

Most of the cookies used while browsing this website are session cookies, i.e. they allow the website to function correctly and are automatically deleted when the browser is closed. Other types of cookies are saved on the computer's hard disk and can only be read by the server that previously stored them.

The use of cookies makes the use of the Internet more efficient and easier and allows you to perform operations that, in the absence of cookies, could not be performed (e.g. management of the reserved area, maintaining identification during the session, etc.). Gruppo CAP uses and manages cookies in full compliance with the current regulations. For further information on the management of cookies, please refer to the Cookie policy available on this website.

3. PROCESSING PURPOSE AND LEGAL BASIS 

The personal data you provide will be processed for the following purposes:

a)      to collect anonymous statistical information on the use of the site, in order to verify its correct functioning;

b)     to enable the use of internet communication protocols;

c)      to monitor traffic on this website;

d)     to provide any services requested by the Data subject through contact form and/or chatbot. These services may be carried out with the support of artificial intelligence models aimed at business process efficiency. Please refer to section "6.1 Operating modes and logics of artificial intelligence systems" for detailed information.

The processing of your personal data for the purposes referred to in points a), b) and c) is automatic when you browse this website, however please note that the information collected is not directly traceable to the data subject. The processing is lawful as it is based on the legitimate interest of the Controller. The processing of your personal data for the purposes referred in points d) is optional, but refusal to provide it will make it impossible for the Controller to carry out the activities indicated therein. The processing is lawful as it is carried out for the performance of pre-contractual and contractual obligations.

4. COMMUNICATION OF DATA

The data may be communicated, for example, to the following categories of recipients:

• Gruppo CAP companies;
• subjects operating on behalf of the Data Controller as data processors, pursuant to art. 28 of the GDPR; 
• subjects that provide services for the management of the information system used by Cap Holding S.p.A. and for the management of the telecommunications networks (including e-mail, database management, platforms, APP providers, call centers, etc.);
• freelancers, studies or companies in the context of assistance and consultancy relationships;
• competent authorities for the fulfilment of legal obligations and/or provisions of public entities, upon request.

The subjects belonging to the above categories act as Data Processors or operate in conditions of total independence as separate Data Controllers. In addition, CAP has signed a joint-ownership agreement with the “Servizio Idrico Integrato” Companies for Information Technology services. The content of the agreement is available on request by contacting the Company at the following e-mail addresses: privacy@gruppocap.it or dpo@gruppocap.it.

The list of Data Processors, including artificial intelligence provider, is constantly updated and available upon request by contacting the Society at the following e-mail addresses: privacy@gruppocap.it or dpo@gruppocap.it.

The data will not be disseminated.

5. TRANSFERS OUTSIDE EUROPEAN UNION

Personal data will be stored and processed by the Controller within the European Union. For the use of artificial intelligence systems, data may be transmitted and processed in the United States.

In the event of any processing of personal data outside the European Union, such processing shall take place only after adequate safeguards have been adopted, in accordance with mandatory regulations. In this case, the data subject may obtain a copy of the conditions underlying the possible transfer by sending an email to privacy@gruppocap.it.

6. PROCESSING METHODS AND DATA RETENTION

The processing will be carried out by persons authorized by the Data Controller through electronic or manual means, with logic strictly related to the purposes indicated and, in any case, in such a way as to guarantee the security and confidentiality of the data. At times, personal data may be processed through applications that may include artificial intelligence systems, including generative AI systems and/or chatbot. The processing of personal data using the above systems does not involve automated decision-making.

In compliance with the provisions of Article 5(1)(e) of the GDPR, the data will be stored in a form that allows the identification of the data subjects according to the following criteria:

• for a period of time not longer to the achievement of the purposes for which they are processed, unless otherwise provided for by regulatory or contractual obligations; 
• in order to comply with specific legal or contractual obligations;
• where applicable and lawful, Until the data subject asks for their deletion.

6.1 Operating modes and logics of artificial intelligence systems

Gruppo CAP uses artificial intelligence systems ensuring special attention to the security of subjects' data. The applications will be aimed at improving internal processes and optimizing business operations, including, for example, the management of user requests and the processing of documents/forms provided by subjects using an OCR (optical character recognition) system enhanced through artificial intelligence. For such activities, CAP uses business-specific APIs that ensure high standards of privacy and security (e.g. SOC 2 Type 2 compliant). In addition, Gruppo CAP is committed to implement additional security measures (e.g. data anonymization) and considers regulatory developments to ensure continuous compliance. Personal data will not be used to train artificial intelligence algorithms and will be kept by the providers for a time not exceeding 30 days or in any case until the specific purposes are achieved. To receive more information about how the Company operates and the security measures applied, it is possible to contact the Company at the following e-mail addresses: privacy@gruppocap.it or dpo@gruppocap.it.

7. RIGHTS OF DATA SUBJECTS

Data subjects have the right, where applicable, to obtain at any time confirmation of the existence of such data and to know its content and origin, verify its accuracy or request its integration or updating, or rectification (Articles 15 and 16 of the GDPR). In addition, data subjects have the right to request data deletion, restriction of processing, revocation of consent, portability of data as well as to lodge a complaint with the supervisory authority and to object in any case, for legitimate reasons, to data processing (Art. 17 et seq. of the GDPR).

These rights may be exercised by written communication to be sent to privacy@gruppocap.it or dpo@gruppocap.it. Data Controller, also through the designated structures, will take care of your request and provide you, without undue delay, with information regarding the action taken on your request.

8. CHANGES TO THE PRIVACY POLICY

Data Controller reserves the right to change, update, add or remove parts of this privacy policy at its own discretion and at any time. The data subject is required to periodically check for any changes. In order to facilitate this verification, this policy will contain the update date. The use of this website, after the publication of the policy updated version, will constitute acceptance of the changes.

LAST UPDATE: 18/04/2024

DATA CONTROLLER

CAP HOLDING S.P.A.