Dear users

We wish to inform you that your data will be processed in compliance with the regulation in question and pursuant to the following criteria:

1. Identity and contact details of the Data Controller.

The Data Controller is Altaeco S.p.a, with registered office and main facility located at Via Giovanni Pascoli No. 4/6 - 20010 Vittuone, Milan (MI), VAT no. 09965410153 EAI number 1332411. The Data Processor can be contacted at the address of its registered office and main facility located at Via Giovanni Pascoli No. 4/6 - 20010 Vittuone, Milan (MI) and/or at the e-mail address privacy@altaeco.com

2. Scope of processing

The Data Processor processes personal identifying data (for example, name, surname, address, telephone, e-mail, hereinafter referred to as "personal data" or even "Data") that you have communicated by filling in the appropriate forms on the Altaeco Spa websites, hereinafter referred to as the "Sites".

3. Processing purposes for which personal data are intended and legal basis of the processing activity.

The purposes of the processing for which the personal data are intended as well as the legal basis of the processing.
Your personal data (for example: company / studio, name, surname, telephone number, e-mail) will be used, with your explicit consent, to send requests for information, periodic newsletters and promotional and commercial communications via e-mail of your interest in services and products. The treatment will be carried out only following explicit consent communicated in these pages. Please note that the consent given may be revoked at any time by sending a letter to the address of the headquarters of the main establishment and registered office located in via G.Pascoli 4/6, 20010 Vittuone (MI) and / or to the e-mail address privacy@altaeco.com expressing the withdrawal of the data processing consent

4. Processing methods

Processing is carried out by means of the operations or set of operations indicated in Art. 4(2) of EU Regulation 2016/679, namely:

  • the collection, registration, organisation, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of provision, comparison or interconnection, limitation, erasure or destruction of data.

Your personal data are subjected to both paper-based and electronic and/or automated processing activities.

5. Retention period of data processed

The Data Controller will process the personal data for the time necessary to fulfil the aforementioned purposes and up to the revocation of consent, unless such information is the subject of other processing activities by the Data Processor.

6. Security measures

The Data Controller has taken appropriate security measures to protect your data against the risk of loss, misuse or alteration. In particular, it has adopted the measures referred to in Articles 32-34 of the Privacy Code and Art. 32 of the GDPR regarding access to paper and digital archives through security procedures, such as spaces accessible only to appointed personnel and equipped with a physical means of closure (such as locks) or electronic key (such as a password). The use of automated decision-making processes, including profiling, does not represent an increase in the risk for data breaches for the data subject, as these processes and profiling have the sole purpose of allowing the Data Processor management that is free of human error in executing that indicated by the data subject, and in the efficient organisation of the information collected with the purpose of facilitating the data subject in using the services requested. The software used is equipped with all of the technical and procedural measures required to prevent any kind of violation of processed and profiled data.

7. Access to data and their communication

Your data may be made accessible for the purposes referred to in Art. 3.A. and 3.B.:

  • to employees and collaborators of the Data Processor in their capacity as persons in charge and/or internal managers of the processing activity and/or system administrators;
  • To third-party companies or other subjects (such as commercial agents, consultants, etc.) who are outsourced to perform activities on behalf of the Data Controller in their capacity as external data processors, both in Italy and abroad.

Your data will not be disseminated.

8. Data transfer

Personal data are stored on servers and archives located in Vittuone (MI), within the European Union. It is understood that, if necessary, the Data Controller will have the right to move the servers outside of the EU. In this case, the Data Controller hereby ensures that the transfer of non-EU data will take place in accordance with the applicable legal provisions, subject to the stipulation of standard contractual clauses as provided for by the European Commission. The Data Processor reserves the right to use cloud services; in this case, the service providers will be selected among those who provide adequate guarantees, as required by Art. 46 of the GDPR 2016/679.

9. Nature of providing data and consequences of their non-provision

For the provision of data for the purposes referred to in Article 3(A), the legal basis of the processing of your personal data is that of executing a contract with you, in providing you with a service that you have specifically requested, in following up on a legal obligation, or in protecting our legitimate interest. The provision of data for the purposes in Art. 3(B) is voluntary. You can therefore decide not to provide any data or to subsequently deny the processing of data already provided. In this case, you will not receive responses to requests for information, newsletters, commercial communications and advertising material regarding the Products/Services offered by the Data Controller.

10. Rights of the Data Subject

As a data subject, you have all of the rights referred to in Art. 15 of the GDPR 2016/679, namely the following:

i. confirmation as to whether or not personal data concerning you are being processed, and their communication in an intelligible form;

ii. obtain the indication of: a) the origin of personal data; b) the processing purposes and methods; c) the logic applied if processing is carried out with the aid of electronic instruments; d) the identification of the controller, processors and any designated representative pursuant to Art. 3.1, of the GDPR 2016/679; e) of persons or categories of persons to whom the personal data may be communicated or may become aware of the data as an appointed representative in the country, or designated or authorised persons;

iii. obtain: a) the update, rectification or, when applicable, the integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; c) an attestation that the operations referred to in letters (a) and (b) have been brought to the attention of those to whom the data have been communicated or disseminated, also as regards their content, except in cases in which such fulfilment proves impossible or involves a use of means manifestly disproportionate to the protected right;

iv. to oppose the following, in whole or in part: a) the processing of personal data concerning you for legitimate reasons, even if pertinent to the purpose of its collection; b) the processing of personal data concerning you for the purpose of sending advertising material, direct sales material or for carrying out market research or commercial communications by e-mail and/or through traditional marketing methods, by telephone and/or post. It is noted that for direct marketing purposes through automated methods, the right of opposition of the data subject as set out in point (b) above extends to traditional methods and that the possibility remains for the data subject to exercise the right to object, even if only partially. Therefore, the data subject can decide to only receive communications using traditional methods, only automated communications, or neither of the two types of communication.

You also have the rights referred to in Articles 16-21 of the GDPR 2016/679 (Right of rectification, right to be forgotten, right of limitation of processing activities, the right to data portability, right of opposition), as well as the right to lodge complaints with the Guarantor Authority.

11. Methods of exercising your rights

You can exercise your rights at any time by sending a communication

  • by post to the registered office and main facility located at Via Giovanni Pascoli No. 4/6 - 20010 Vittuone, Milan (MI)
  • via e-mail to privacy@altaeco.com

It is pointed out that consent is deemed freely given when the "I consent" box is selected. Otherwise, it will not be possible to proceed in pursuing the purpose in question.

Provision of consent

In relation to the information provided, and specifically with reference to the purposes of processing activities relating to sending of requests for information, the download of TEXTURE and/or BIM files, periodic newsletters, direct e-mail marketing, promotional communications and commercial information relating to services and products.