Skip to contentSkip to bottom of the pageSkip to top of the page

Privacy policy

Privacy policy

Under the terms of articles 13 and 14 of EU General Data Protection Regulation 2016/679 of 26 April 2016 (hereafter referred to as the ‘GDPR’), we provide the following information relative to the processing of the personal data of users who access the website www.a2acaloreservizi.it and its sub-domains. The information is not applicable to other sites consulted by the user through links.

1. Who processes the personal data?

The personal data is processed by A2A Heat and Services, with registered office in Via Lamarmora, 230 - 25124, Brescia.

2. Who is the Data Protection Officer?

The Data Processor has nominated a Data Protection Officer (DPO) who can be contacted at the following e-mail address: dpo.privacy@a2a.it.

3. Who does the data processed relate to?

The data processed relates to those who access and utilize the website of the Data Processor. These users will hereafter be referred to as “website users”. 

4. Why is personal data processed?

 

Purpose of processingLegal grounds for processing
To allow the correct and optimal use of the website. The legitimate interest of the processor to ensure for the user the correct functioning of the website and its ease of use. 
To carry out maintenance on IT systems.
To provide the service or services requested – including the filling in of forms – such as in response to requests for contact or other information, in order to handle requests for estimates or the issue of energy certification, in order to answer enquiries concerning ongoing contracts, subscriptions to the newsletter, registration to the personal area, the checking of district heating coverage, making appointments, consulting maps, etc.Compliance with a contract of which involves or will involve the website user or compliance with pre-contractual measures.  
To defend a right in a judicial context and to prevent fraud. The legitimate interest of the data processor in defence of a right and the prevention of fraud.
To respond to requests from public authorities and other official agencies.Compliance with a legal obligation.

5. How is the data processed?

The processing is carried out by personnel authorized to do so in the performance of their dutires, with or without the use of electronic devices, in accordance with the principles of lawfulness and correctness so as to ensure at all times the confidentiality and rights of the website user. 
The use of maps present on the website does not involve identification of the geographical location of the user.

6. Who is the personal data communicated to?

Your personal data can be made available to:

  • third parties responsible for the performance of activities related to and instrumental in the processing carried out by the Data Processor, for example companies providing IT services;
  • public authorities and other official agencies such as the Agenzia delle Entrate (Italian tax authority), Acquirente Unico S.p.A., Anagrafe Tributaria (fiscal data registry) and Autorità di Regolazione per Energia Reti e Ambiente (energy, networks and environment regulator).

These parties will act, as each case requires, with responsibility as processor of the data.

Moreover, your data can be made available to:

  • A2A S.p.A., as parent company, nominated as data processor for the purposes of providing Group company services regulated by contract;
  • other Group companies operating as autonomous data processors in the event of A2A Heat and Services mistakenly receiving requests addressed to and clearly referable to other companies belonging to the Group.

Your data will not be divulged (made available to undetermined parties).

7. Is the data sent to other countries?

The processing may involve the transfer of data outside the EEA, in particular the United States of America. In this case, the transfer is covered by the EU-USA DPF (Data Privacy Framework) based on the European Commission adequacy decision of 10 July 2023.

8. For how long is the data kept?

The following data storage times will be applied: 

Data processed Storage time 
Data required for registration to the Personal Area.10 years from the termination/last operation related to the contract or from the time of interruption of the prescription period. 
Data required for the administration of services and requests made by users who have a contractual relationship with the data processor.10 years from the termination/last operation related to the contract or from the time of interruption of the prescription period.
Data required for the administration of services and requests made by users who do not have a contractual relationship with the data processor.5 years from the formulation of the request for any requests by official agencies and/or the website users. 
Data processed in order to respond to any requests made by authorities and other official agencies, etc.5 years from response to the request by authorities and other official agencies and/or the website users.
Data processed in the sphere of the defence of a right in a judicial context or in order to prevent fraud. 10 years from the definitive judicial sentence. 

The duration of cookies used can be consulted in the relative section of this information.

In the event of disputes and/or extrajudicial requests, the storage times indicated above can be extended by up to 10 years from their resolution. 

9. Which rights can be exercised?

You have the right to ask the Data Controller, in those cases foreseen by law:

  • for confirmation that processing of your personal data is or is not being carried out and, if so, to obtain access (right of access);
  • the correction of personal data that is incorrect or the completion of personal data that is incomplete (right of rectification);
  • the deletion of data if there is motive as foreseen by the GDPR (right of erasure);
  • the limitation of processing if one of the circumstances foreseen by the GDPR exists (right to restrict processing);
  • to receive the data provided by you to the Processor in a structured form, for normal use and readable using an automatic device and to transmit such data to another data processor (right to data portability).

Right to object. At any time, you can object to the processing of your data for purposes related to a legitimate interest on the part of the Data Controller. In this case, the Controller will abstain from processing your personal data unless there are legitimate or mandatory reasons to proceed with the processing or to carry out the verification, the exercise or defence of a right in legal proceedings.

To exercise your rights, you can send an e-mail message to compliance.privacy@a2a.it or make a written request addressed to the company acting as data processor. Where it is not possible to directly reply to your request using the channel that you have used to contact us (as in the event of your e-mail address being indicated as deactivated or not reachable), we reserve the right to utilise other contact channels referable to you which may already be present in our systems.

It is possible to obtain further information relating to the processing of data based on legitimate interest (specifically on assessment carried out for the balancing of interests of the Data Processor and the rights and liberties of the website user) Or relating to the transfer of data outside the EEA by writing to the e-mail address compliance.privacy@a2a.it.

You have the right, in all cases, to contact the privacy authority and or to initiate legal proceedings in defence of your rights pursuant to articles 77 and 79 of the Regulation. For further information: https://www.garanteprivacy.it/home/diritti/come-agire-per-tutelare-i-tuoi-dati-personali
 

10. What are the consequences of failure to provide data?

Providing the data necessary to allow access to services requested or for compliance with legal requirements is obligatory. Failure to provide such data makes provision of the service impossible. However, the provision of data for processing based on the legitimate interest of the Data Processor is not obligatory.

11. Cookie

Cookies and other tracking tools are used in the website to enable the gathering of data on the user’s internet activity comma such as the IP address.
These tools are usually strings of text placed and stored by the website administrator (or by the administrator of third-party sites in the event of third parties) in devices at the disposal of the user (e.g. a computer, a tablet, a smartphone, etc.).
In the context of a website, the following tools are used:

  • cookies and technical tools strictly necessary to ensure the correct and optimal functioning of the website itself or to provide the service requested by the user. Within this category, there are some tools (e.g. Google Maps) which, while functioning, perform a limited processing of personal data (generally limited to the IP address) for the sole purpose of providing the service requested by the user, such as the visualisation of maps on the website. For the use of such tools, consent of the user is not required.
  • third-party cookies and analytical tools (e.g. Google Analytics 4) exclusively for the processing of general anonymous statistics. For the use of such tools, consent of the user is not required.
  • tools designed to improve the user experience during access to a website which allow the user to interact with content from external platforms or networks (e.g. Vimeo or Youtube widget players). The functioning of these tools is subject to the prior consent of the user, who is free to express such consent by means of the cookie banner or, at any later time, by accessing the ‘Change cookie preferences’ link in the website’s footer.

For further information on individual cookies and tracking tools used in the website, you can consult the cookie policy at the following link.
 

Skip to top of the page