Our Policies

The privacy policy and management policy of our social media channels.

Privacy policy

Information document pursuant to art. 13, EU Reg. 2016/679- GDPR Information for the processing of personal data collected from the data subject

In compliance with the provisions of EU Reg. EU 2016/679 (European Regulation for the protection of personal data), we provide you with the necessary information regarding the processing of personal data collected. The policy is not to be considered valid for other websites that may be consulted through links on the websites under the domain of the Controller, which is not to be considered in any way responsible for the websites of third parties. This policy is provided pursuant to Art. 13 of EU Reg. EU 2016/679 (European Regulation for the protection of personal data) and is also inspired by the provisions of Directive 2002/58/EC, as updated by Directive 2009/136/EC, on Cookies as well as what is established by the Provision of the Italian Data Protection Authority of 8 May 2014 on cookies.

  • Processable personal data: “personal data” means any information concerning an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier or one or more elements characteristic of his/her physical, physiological, genetic, mental, economic, cultural or social identity; (C26, C27, C30).
  • Special categories of data: e.g., racial and ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, biometric or health-related data – see art. 9 GDPR.
  • Browsing data: the computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and IT environment. This data is used solely for the purpose of obtaining anonymous statistical information on the use of the site and to check its correct operation and is deleted immediately after processing. Specific information about the use of browsing data can be found in the footer of the website, link COOKIE POLICY.


  • DATA CONTROLLER pursuant to Art. 4 and 24 of EU Reg. 2016/679 is CAP HOLDING SPA, with registered office in Via Del Mulino, 2 – Palazzo U10 – 20057 Assago (MI), in the person of its legal representative pro tempore.
  • DATA PROTECTION OFFICER (DPO), pursuant to Articles 37-39 of EU Reg 2016/679 at the Data Controller contactable at the e-mail address dpo@gruppocap.it.


Specific information will be reported or displayed on the pages of the site prepared for particular services on request: registration to the online centre and use of the services provided therein; management of the services provided in the CUSTOMER area, FORMS section; for spontaneous applications, in the GROUP area, section JOIN THE TEAM; to use the service WebGis Acque di Lombardia, in the ACTIVITIES area; to subscribe to the QUALIFICATION SYSTEM or register in the SUPPLIERS REGISTER; to use the water control service of your home and the free shipping service, in the WATER QUALITY area”.


The personal data provided may be communicated to recipients, appointed pursuant to art. 28 of EU Reg. 2016/679, which will process the data as data processors and/or as natural persons acting under the authority of the Data Controller, operating in total autonomy as separate Data Controllers. By way of example and not limited to, they may be communicated to third parties belonging to the following categories: - CAP Group companies - subjects that provide services for the management of the information system used by CAP HOLDING SPA and telecommunications networks (including e-mail); - firms or companies in the context of assistance and consultancy relationships; - competent authorities for fulfilling legal obligations and/or provisions of public bodies, upon request; - in the case of administrative accounting purposes, the data may possibly be transmitted to commercial information companies for the assessment of solvency and payment behaviour and/or to subjects for debt recovery purposes.

The list of designated Data Processors is constantly updated and available at the headquarters of CAP Holding S.p.A. or by writing to privacy@gruppocap.it

The personal data provided will not be transferred outside the European Union.

You may assert your rights as expressed in Articles 15 et seq. of EU Regulation 2016/679, by writing to the Data Controller at privacy@gruppocap.it. By way of example, you have the right, at any time, to ask where applicable:

Art. 15 - Access: confirmation whether or not personal data concerning you is being processed;
Art. 16 - Rectification: you may request to rectify or supplement the data in our possession, if inaccurate;
Art. 17 - Erasure: you can request that your processed data be deleted, if longer necessary for the purposes of the Subject, or withdraw consent where given.
Art. 18 - Restriction: you can request the restriction of the processing of your personal data, when one of the conditions referred to in Art. 18 of the GDPR is met;
Art. 21 - Objection: you can object to the processing of your data, unless the Data Controller processes the data for legitimate compelling reasons that prevail over the interests, rights and freedoms of the data subject.

There is no automated decision-making process.

Without prejudice to any other administrative and judicial appeal, if you believe that the processing of your data violates the provisions of EU Reg. 2016/679, pursuant to art. 15 letter f) of the aforementioned EU Reg. 2016/679, you have the right to lodge a complaint with the Data Protection Authority.

In the cases provided, you have the right to the portability of your data and in this case the Data Controller will provide you with the personal data concerning you in a structured, commonly used and readable format, from an automatic device.

The Data Controller reserves the right to change, update, add or remove portions of this Privacy Policy at its discretion and at any time. The data subject is required to periodically check for any changes. In order to facilitate this check, the information will contain an indication of the date of its update. Use of the site, after publication of the changes, will constitute acceptance of the same.

Update date: 21/12/2018

Social media policy

CAP Group Social media channels terms and conditions of use

We use the main social media channels to communicate with citizens who use our Integrated Water Service through the web. The channels are managed by a digital team coordinated by us.


We use social channels to disseminate news, updates and information related to the Integrated Water Service and to collect comments, questions, requests, criticism and suggestions. The channels produce their own textual content, photographs, infographics, videos and other multimedia materials that are to be considered under Creative Commons CC BYND 3.0 [Attribution-Non derived works http://creativecommons.org/licenses/bynd/3.0/en/deed.it]: they can be reproduced freely, but must always be credited to the original channel of reference.

The comments and content of users who interact on our channels and should always be presented with name and surname represent the opinions of individuals and not that of the Group, which cannot be held responsible for the truthfulness or otherwise of what is posted by third parties, whether legal or natural entities.


Our social channels are moderated from Monday to Friday, from 9.30 am to 6.30 pm.

Our objective is to respond to citizens' requests whenever possible and to manage them with the competent offices to identify the most relevant response. Response times vary depending on the type of request; not everything can be resolved through social media channels, but we will do our best to indicate the best solutions.

For all emergencies, always refer to the current Emergency Response channels.


Interaction and socialisation activities are an important step for us and for you, but we need a shared code of conduct as a common basis for the best possible use of the channels.

Everyone has the right to intervene and express their own free opinion; on our social media channels there is no prior censorship. However, comments and posts that violate the conditions set out in this document will be removed.

In particular, our channels may not be used to publish posts and comments that are discriminatory or offensive to other users, whether or not present at the discussion, Bodies, associations, companies or those who manage and moderate them, for any reason. Insults, threats, turpitude or attitudes that harm personal dignity, the rights of minorities and minors, the principles of freedom and equality will not be tolerated. Comments that are off-topic with respect to the discussion of a given post, comments or posts that present sensitive data, remarks posted repeatedly, comments and posts written to disturb the discussion or offend those who manage and moderate social channels, commercial and political spam will be moderated.

Our social media team reserves the right to use bans or blocks for those who repeatedly violate these conditions or those contained in the policies in order to prevent further action and to report 


The processing of users' personal data will respond to the policies in use on the social channels used (Facebook, Twitter, LinkedIn, YouTube, Instagram). Sensitive data posted in comments or public posts within our social media channels will be removed (see the Moderation section above).