Information on the processing of personal data

Under the terms of articles 13 and 14 of EU Regulation 2016/679 of 26 April 2016(1) (hereafter referred to as the “Privacy Regulation”), we provide the following information relative to the processing of the personal data of users(2) who access the website www.festadellelucia2a.it and its sub-domains. The information is not applicable to any other sites consulted by the user by means of links.

1. Who holds the personal data?

The holder of the personal data(1) is A2A S.p.A. with registered office in Via Lamarmora 230, 25124 Brescia, Italy, and head office in Corso di Porta Vittoria 4, 20122, Milan, Italy.

2. Who can be contacted?

For all queries related to the processing of personal data and the exercising of rights, contact the Data Protection Officer (RPD – Responsabile della Protezione dei Dati personali) at the following e-mail address: dpo.privacy@a2a.eu.

3. Why is personal data processed?

Purpose of processing Legal grounds of processing
Data on Internet activity is used for the sole purpose of gathering anonymous statistical information on the use of the website and to check its correct functioning. Users are not identified. The legitimate interest of the holder in the administration of the Internet site.
In order to comply with legal obligations (for example, orders, provisions or rulings issued by public authorities or the courts of law, etc.). Compliance with a legal obligation.

4. Which personal data is processed?

The following categories of data are processed:

  • – Internet use data (eg. IP addresses or the domain names of computers utilized by the users who connect to the website, the date and time of the request, the method used to make the request to the server, the code indicating the state of the response given by the server and other parameters related to the operating system and to the browser utilized by the user;
  • – other data relative to the categories indicated above.

5. How is the data processed?

The processing is carried out by the personnel authorized to do so in the performance of their duties, with or without the support of electronic equipment, in accordance with the principles of lawfulness and correctness so as to safeguard at all times the confidentiality and the rights of the party involved

6. Who is the personal data communicated to?

Your personal data can be made available to:

  • – IT services, social media management services and other companies of Group A2A that may act as processor;
  • – Public bodies or public security authorities in the execution of their legal duties will act as data controller.

Your data will not be divulged (made available to unspecified parties).

7. Is the data sent to other countries?

The Controller reserves the right to send your personal data to countries belonging to the European Economic Area (EEA), or to third countries outside the EEA that guarantee an acceptable level of protection, equivalent to that ensured within the European Union, on the basis of a decision of acceptability by the European Commission and/or towards which the Privacy Authority has authorized the sending of personal data.

8. For how long is the data kept?

Your data will be stored for the time necessary to achieve the purposes for which it is being processed or to ensure compliance with the law and,

  • specifically internet use data will be held for three years from the date on which it is received.

Information on the duration of the cookies used on the website can be consulted in the relevant section of this information sheet.

In the event of disputes, the length of time for which data can be held can be extended to 10 years from the definition of the dispute.

9. Which rights can be exercised?

You have the right to ask the Data Controller:

  • – for confirmation that processing of your personal data is or is not under way and, if under way, that you can have access (right of access);
  • – for correction of personal data that is incorrect or the completion of incomplete personal data (right of rectification);
  • – for the deletion of the data if there is motivation as foreseen in the Privacy Regulation (right to erasure);
  • – for limitation of the processing when one of the cases foreseen by the Privacy Regulation exists (right to restrict processing);
  • – to receive the information provided to the data controller in a structured format, for normal use and readable using an automatic device, and to transmit such data to another data controller (right to data portability);
  • – to object at any moment to the processing of your data for a legitimate interest on the part of the data controller and for marketing and profiling purposes (right to object);
  • – to withdraw, at any time, consent given for the proceesing of your data, without compromising the lawfulness of the processing based on the consent given prior to the withdrawal.

To exercise your rights, you can make a written request to the Data Controller or Data Protection Officer, indicating the A2A Group company to which the request is addressed.

Except in the case of other administrative or legal complaints or appeals, you have the right to ask the Privacy Authority to ensure protection of your personal data should you deem that its processing violates the privacy Regulation.

10. From which source does personal data originate?

Internet usage data necessary for the administration of the website is obtained from the computer systems and software procedures that regulate its functioning.

11. Is the data subjected to automated decision making?

The data will not be subjected to decisions based solely on automated processing, including profiling, which may have legal effects that concern or significantly affect your person.

12. Cookie

When you access or otherwise interact with this site and its features such as digital services, apps, tools or any messaging systems, the Data Controller may use cookies, web beacons and other similar technologies in order to ensure proper operation of the services offered, improve performance, offer additional features and send targeted advertising according to the user’s interests.


Cookies are text files that contain small quantities of information, which is stored, for the duration of the visit or more than one visit to a website, on the computer or mobile device of the user who visits a website. In later visits by the user to the website, the cookie previously stored on the device is again sent to the site that installed it. This allows the site to recognise a specific device for technical purposes (for example, to memorize site settings and use preferences entered by the user), and/or for analysis and/or profiling purposes if the user has given their consent. Through the installation of cookies on the user’s device, it is not possible to obtain the user’s e-mail address, to recover data from their hard drive or to transmit computer viruses.

Cookies can fall into two distinct macro-categories:

  • Proprietary cookies: cookies installed by the administrator of the site that the user is visiting.
  • Third-party cookies: cookies installed by the administrator of a different site by means of the site that the user is visiting.


For details of our Cookie Policy, you can consult the dedicated page.