PRIVACY POLICY

In compliance with EU Regulation 2016/679 (General Data Protection Regulation, hereinafter referred to as “GDPR”) and with applicable national legislation on the protection of personal data, we wish to provide users with some information on the processing of personal data, carried out in relation to the navigation of website of AB Holding S.p.A. (hereinafter also only referred to as “AB”), www.gruppoab.com (hereinafter referred to as the “Website”), in a capacity of Website Owner and Data Controller.

The processing of personal data is and shall be based on the principles of lawfulness, fairness, transparency and protection of the user’s rights.

Purposes of the data processing

Users’ personal data can be requested and obtained by filling out the appropriate form, for the purposes specified in each specific section where they are collected. In particular, data may be requested, with prior consent, for the selection of personnel by AB or by its subsidiaries and/or affiliates.

The optional and voluntary sending of emails to the email address listed in the “Contact” section or to any other email address managed by AB or by its subsidiaries and/or affiliates, entails the subsequent acquisition of the sender’s email address, necessary in order to reply to the requests, as well as any other personal data included in the message.

The computer systems and software used on the Website shall collect, during the normal browsing thereof, data related to the use of Internet communication protocols, for the purposes of obtaining statistical information on the use of the Website or to check that the Website operates correctly. For additional information on the types of cookies used by this Website, please consult the specific detailed Cookie Policy.

Data processing methods

The processing of users’ personal data may include any type of operation, including the collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction thereof. Users’ personal data shall be processed using tools and procedures designed to ensure the security and confidentiality of such data, through IT and electronic tools, as well as through paper-based media and archives.

Mandatory or optional provision of personal data

There is no obligation on the part of the user to provide the personal data requested. However, the failure to provide such data may result in a lack of access to the information contained in dedicated sections of the Website and/or to the services requested. Failure to provide such data may determine, where dependent on a legal obligation, an incorrect performance of our services.

Data Retention

The retention period for personal data shall be limited to the necessary use for navigating the Website or for the time strictly necessary for managing eventual requests, unless otherwise indicated in the specific sections of the Website and with the exception of legal and/or administrative obligations, in which case the retention period shall be longer.

Disclosure, dissemination and transfer of personal data

Notwithstanding the disclosure of personal data carried out in order to fulfil legal obligations, personal data collected and subsequently processed may be shared with: (a) adequately trained resources within AB offices, operating as authorised personnel for the processing of personal data and/or (b) other AB subsidiaries and/or affiliates (c) third parties operating in collaboration with AB in the provision of services, duly appointed as data controllers or data processors (e.g. companies that perform IT system management and maintenance services).

Moreover, for all the purposes specified in this Privacy Policy, personal data may be communicated abroad, either within or outside the European Union, in compliance with the rights and guarantees provided for by applicable law and subject to the verification of adequacy of the level of protection guaranteed by the third country.

Users’ personal data shall not in any way be transferred to third parties or disseminated.

Rights of the Data Subject

The Data Subject may exercise, with regard to the processing of the personal data described here, the rights provided for by Articles 15-21 of the GDPR and in particular:

  • right of access: the right to be informed and to request access to personal data processed;
  • right to rectification: the right to request the modification or updating of personal data in case of inaccuracy or incompleteness thereof;
  • right to erasure (“right to be forgotten”): the right to request the deletion of personal data where provided for by the GDPR;
  • right to restriction of processing: the right to temporarily or permanently discontinue the processing of all or some of the user’s personal data where provided for by the GDPR;
  • right to object: the right to object, at any time, to the processing of personal data where provided for by the GDPR (i.e. for reasons connected with the Data Subject’s specific situation);
  • right to data portability: the right to request a copy of the user’s personal data in electronic format and that such data is transmitted to another Data Controller;
  • right to withdraw consent (where the processing of the data is based on consent), at any time, without prejudice to the lawfulness of the data processing based on consent provided prior to the withdrawal thereof;
  • right to lodge a complaint with the supervisory authority in case of violation of the GDPR and of applicable national legislation on the processing of personal data.

In order to exercise these rights, the Data Subject may contact the Data Controller by sending an email to privacy@gruppoab.it or sending a registered letter to the address specified in Article VII of this Privacy Policy.

Data Controller

The Data Controller is AB Holding S.p.A., with registered office in Orzinuovi (BS), Italy, in Via Caduti del Lavoro 13 – email: privacy@gruppoab.it in the person of its Legal Representative.