Policy last updated: June 2025
If you are browsing our website, please note that, in order to meet all your browsing needs, we may need to collect and process some of your personal data. It is important to us that You are aware of this, that you entrust us with your data while maintaining control over it, and that you know your data will always be processed in compliance with the General Data Protection Regulation (GDPR).
For this reason, we invite You to carefully read this Privacy Policy, where we explain Who processes your personal data, How they are processed, for How Long, Why, and To Whom they may be disclosed. Acea Infrastructure may update this Policy in the event of changes to the website, so that you are always transparently informed about how your personal data are processed.
The website is owned and managed by Acea Infrastructure S.p.A., and the information provided in this Privacy Policy applies exclusively to this website. It does not apply to any external websites linked to it. For those, we recommend consulting the privacy policies provided by their respective Data Controller.
Who processes your personal data?
Acea Infrastructure S.p.A. is the Data Controller (“Data Controller”), with its legal and registered office in Rome (RM), Via Vitorchiano 165, certified email: aceainfrastructure@pec.aceaspa.it.
Want to contact us? Write to us! privacy@aceaspa.it
The Data Controller has appointed a Data Protection Officer (DPO), who can be contacted by email at privacy@aceaspa.it
The Acea Group is also active on social media platforms (including, for example, Meta platforms – such as Facebook and Instagram, X, and YouTube) through its pages, where it may collect and process some personal data, including under specific joint controllership agreements. For information on how personal data is processed through these social networks, we invite you to consult the specific privacy policies provided by the respective platform data controllers.
By Personal Data, we mean any information that may allow Your identification. Your Personal Data are processed by Acea Infrastructure using electronic and/or paper-based tools. In particular, while browsing our website, the following personal data may be collected:
Browsing Data: such as IP addresses and domain names of the computers used by users/visitors who connect to the website. Such Personal Data are automatically collected through cookies and are used exclusively to enable users to navigate the website. In anonymous form, they may also be used for statistical purposes (e.g., to evaluate the number of users connected during a specific period, to monitor how many users visit a page, and how long they stay on it). The purposes of this processing are to provide a functional browsing experience, ensure the proper operation of the website, and monitor website performance and traffic. The legal basis is the performance of the requested service or, in the case of non-essential cookies, the data subject’s consent. For detailed information about cookies, please refer to our Cookie Policy.
Data voluntarily and directly provided by users: such as name, surname, and contact data, which are processed exclusively to respond to your requests submitted through specific channels and/or forms. In particular, to use services such as the Digital Desk or Joint Conciliation, we invite you to consult the dedicated privacy policies available in the relevant sections. The purpose of this processing is to respond to specific requests or to provide you with the support you requested. The legal basis is the performance of the requested services or, where applicable, other legal bases specified in the relevant privacy policies.
You are free to provide Your Personal Data, but please bear in mind that failure to provide those Personal Data may, in some circumstances, and where the legal basis is not consent, make it impossible to fulfil your request.
How and with whom do we share your personal data?
We may rely on certain partners to provide you with our services, and as a result, we may need to share Your Personal Data with them. We will do so only with entities that offer the same or equivalent guarantees as those described in this Privacy Policy and that do not use your data for additional purposes or for purposes other than those specified. Such entities will be appointed as Data Processors, which process your data on behalf of Acea Infrastructure, or act as autonomous Data Controllers. If you would like to know in detail who the Data Processors that provide us with technical services are, you can write to privacy@aceaspa.it.
Additionally, Your Personal Data may be accessed by Acea Infrastructure’s internal personnel, who are properly trained, bound by confidentiality, and authorised to process personal data in accordance with current privacy law.
How do we protect your data?
Acea Infrastructure S.p.A., through its dedicated security structures, ensures the protection and confidentiality of your data by adopting appropriate security measures in accordance with Article 32 of the General Data Protection Regulation. These measures are designed to reduce the risk of destruction or loss – accidental too – unauthorised disclosure, or processing that is either unauthorised or not compliant with the purposes for which the personal data were collected (all personal data are protected against unauthorised access through operator’s standard identification techniques, including the use of individual key with mandatory passwords; differentiated access levels are implemented, etc.).
How long do we store your data?
We store your personal data for the period strictly necessary to fulfil the purposes described in this Privacy Policy or in Specific Privacy Policies, or for as long as you require it.
The management and storage of personal data takes place primarily within the European Economic Area (EEA). In the event that personal data are transferred outside the EEA, the Data Controller undertakes to ensure an adequate level of protection and/or to adopt all the specific safeguards required by the GDPR (such as the standard contractual clauses issued by the European Commission).
The services offered through this website are intended exclusively for adults. If we become aware that personal data belonging to a minor has been collected without the necessary consent of a parent or legal guardian, we will immediately destroy and delete such data.
Do you want to exercise your rights?
At any time, you will be able to exercise the rights set out in Articles 15 et seq. of the GDPR, where applicable to your situation. These include the right to know which of your personal data we store in our archive (access), to correct it if you believe it is inaccurate (rectification), to erasure it, to restrict how we use it, to object to its processing, to request that it be transferred to you in a readable format (portability), to use it with another provider, or to withdraw your consent where the processing is based on that legal basis.
You can exercise your rights by contacting the Data Controller or the Data Protection Officer using the contact details provided in the section Who manages your data?
In addition, we remind you that you always have the right to lodge a complaint with the Data Protection Authority.
Policy last updated: June 2025