European Regulation 2016/679 dated 27 April 2016 concerning the "Protection of natural persons with regard to the processing of personal data and on the free circulation of such data" (so-called "General Data Protection Regulation" or "Regulation"), envisages the protection of personal data, which must be processed in respect of fundamental rights and freedoms, with specific regard to the right of confidentiality.
Pursuant to artt. 12 and 13 of the Regulation Amplia Infrastructures s.p.a. with headquarters in Roma, Via Giulio Vincenzo Bona, 95,101 – 00156 (RM), Tax ID 00481670586, VAT Code 00904791001 in the capacity of Data Controller of the personal data managed through the company website www.ampliaspa.it (also "Website") hereby informs you that the processing of your personal data will be based on the principles of correctness, legality and transparency, ensuring confidentiality and guaranteeing your rights in this regard.
1. Identity and contact details of the Data Controller
The Data Controller of your personal data is Amplia Infrastructures s.p.a. with headquarters in Roma, Via Giulio Vincenzo Bona, 95,101 – 00156 (RM).
2. Contact details of the Data Protection Officer
In fulfilment of art. 37 of the Regulation, the Controller has designated a Data Protection Officer (so-called "RPD" or "DPO") who can be contacted at the following e-mail address: firstname.lastname@example.org
3. Scope of data processing
The processing of your personal data by Amplia Infrastructures s.p.a. will be for scopes correlated to the management and administration of the company website.
In particular, your personal data may be processed to:
- enable browsing of the Website
- ascertain and prevent crimes
- receiving correspondence and/or requests for information from users
- allowing the selection of personnel
- enabling access to suppliers’ portals
4. Juridical basis of data processing
The juridical basis of data processing is the consent given by the interested party/website user. In the “contacts” page, consent is expressly requested before messages are sent.
5. Nature of the personal data processed
Technical browsing data
The Web server used by Amplia Infrastructures S.p.A., which is managed by third parties, automatically collects certain personal data during browsing, the transmission of which is implicit in the use of internet communication protocols.
This electronic traffic data is processed in respect of European Regulation 2016/679 dated 27 April 2016 concerning the "Protection of natural persons with regard to the processing of personal data and on the free circulation of such data" and is preserved.
Data supplied voluntarily by the users
The optional, explicit and voluntary sending of messages to the Amplia Infrastructures addresses and the compiling and forwarding of the forms on the website imply the acquisition of the data of the user/receiver that is necessary or useful in replying or following up a request for a specific service.
6. Modalities of processing
Personal data is processed using automatic tools for the time strictly necessary to achieve the scopes for which it was collected. Specific security measures have been taken to prevent data loss, illegal and improper use and unauthorised access.
7. Categories of recipients and transfer of data overseas
Data collected over the internet will not be either distributed or communicated to third parties other than those specifically authorised by the Data Controller.
Specifically, those subjects providing website management and hosting services appointed as “external data managers” and Amplia employees designated as “data processing managers” for controlling and managing the website contacts and its contents and analysing website access trends may have access to the personal data processed through this website.
The data collected for the purposes described in this disclosure note will not be transferred overseas to Companies or other entities outside the EU. However, the Data Controller reserves the right to use cloud-based services; in such an eventuality, the service providers may be based in other countries. In this case, only the providers who give adequate guarantees will be selected, as envisaged and required by art. 46 of GDPR 2016/679.
8. Preservation of personal data
The personal data processed for the scopes listed in this policy will be preserved for the sole purpose of ascertaining and preventing crimes for a period of 12 (twelve) months from the date of communication of the data, after which it will be deleted or made anonymous.
9. Rights of the interested party
The interested party involved in data processing may exercise the rights of which in art. 15 and art. 22 of the GDPR 2016/679, and specifically:
- obtain confirmation of the existence or otherwise of their own personal data, even if not yet registered, in a concise, transparent, comprehensible and easily accessible format, using simple and clear language;
- a description of: a. the origin of the personal data; b. the purposes and methods of data processing; c. the legitimate interests pursued by the Data Controller or third parties; d. the recipients or categories of recipients of the personal data; e. the intention of the data controller to transfer personal data to another country or international organization; f. the period of conservation of personal data; g. the logic applied, and also the importance and expected consequences of such data processing for the interested party, in the event of processing with the assistance of electronic tools in the context of an automatic collection and/or profiling system; h. the identification details of the Data Controller, the Managers, the designated Representative and the Data Protection Officer (known as the DPO); i. the subjects and categories of subjects to which personal data may be communicated or that may become aware of personal data in the capacity of representative designated within State territory, managers or officers;
- the updating, correction or, if of interest, integration of the data;
- the cancellation, transformation to anonymous status or blockage of data processed in breach of the law, including that which does not need to be kept in relation to the purposes for which the data is collected or subsequently processed;
- restrictions on data processing;
- the portability of their own personal data to other Data Controllers;
- waiving data processing;
- opposing the processing of their own personal data, fully or partly and for legitimate reasons pertinent to the purpose of data collection.
In order to exercise the above rights, the interested party may contact AMPLIA Infrastructures S.p.A. or its DPO at any time, through the contacts given in points nos. 1 and 2 of this disclosure note.
10. Complaints to the Supervisory Authority
Lastly, pursuant to Article 77 of the Regulation, we would remind you that you have the right to lodge complaints to the Supervisory Authority (Guarantor for the Protection of personal data), should you believe that the processing of your personal data is in breach of the Regulation itself.
11. Nature of processing and obligation to provide data
Much of the data requested from you is necessary (also in execution of legal obligations) to start-up and continue commercial relations. In certain cases, the failure to provide data may imply the impossibility of continuing said relations.
12. Existence of automated decision making process in data processing
It must be noted that there are NO automated decision making processes used in the processing of the above data, pursuant to Article 22 of the Regulation.
Forms for exercising privacy rights
Form B: Data correction-deletion-limitation
Form C: Data portability
Form D: Right not to be subject to automated decision making
Form E: Objection to processing