Privacy Policy

Privacy Policy

PERSONAL DATA PROCESSING INFORMATION

This information notice is provided to individual members and to individuals acting on behalf of legal entity members of the company A21 Holding S.r.l. pursuant to art. 13 GDPR 679/2016 – "European Regulation on the protection of personal data".

1. Subject of Processing
Given the services and products offered by our Organization, the Data Controller processes personal, identifying, and non-sensitive data (in particular, name, surname, tax code, VAT number, email, telephone number (hereinafter, "personal data" or also "data") communicated by you when requesting services from our organization and/or at the time of defining contractual agreements and/or promotional initiatives and for the purposes listed below.

2. Purposes of Processing
Your personal data are processed:

A) Without your express consent, because deriving from legal and/or contractual obligations (art. 24 letters a, b, c Privacy Code and art. 6 letters b, e GDPR), for the following purposes:

  • Manage and maintain the services requested by the data subject and to contact the data subject for the organization of the requested services;
  • Fulfill pre-contractual, contractual and tax obligations deriving from ongoing relationships with you;
  • Fulfill obligations provided for by law, a regulation, community legislation or an order from the Authority, including for Accounting and Tax matters;
  • Prevent or detect fraudulent activities or harmful abuses and/or for the purposes provided for by current anti-money laundering legislation.
  • Mandatory compliance arising from requirements of organizational and management models based on specific recognized standards (e.g., ISO, UNI standards, etc.) required by law and/or specific contractual requirements requested by the data subject and/or explicitly stated as a service requirement.
  • Management of spontaneous applications and potential selection of personnel/partners.
  • Exercise the rights of the Data Controller, for example, the right of defense in court.
  • Availability of the data subject for information related to the requested services and their management;
  • Allow registration for services and allow the sending of useful information to the data subject based on the requested services;

B) Only with your specific and distinct consent (articles 23 and 130 Privacy Code and art. 7 GDPR), for the following purposes:

  • B.1 Data processing to improve services and not necessary for carrying out the operations indicated in point 2A, but aimed at improving the requested services, and in any case always obtained directly from the data subject. Compliance for the development of processes and services required by implemented management systems and organizational models, but not mandatory and not referring to specific standards. Data will be used to accelerate subsequent service requests to our organization.
  • B.2 Marketing and/or commercial: Sending you newsletters, commercial communications and/or advertising material via email about products or services offered by the organization. We inform you that if you are already our client, we may send you commercial communications relating to services and products similar to those you have already used, unless you object (art. 130 c. 4 Privacy Code). For sending informational, promotional, advertising, marketing material.

3. Legal Basis
The processing of data for the purposes indicated above finds its legal basis in art. 6 paragraph 1 letter a (consent), letter b (performance of pre-contractual and contractual obligations), letter c (compliance with legal obligation) letter f (legitimate interest) EU Reg. 2016/679.

4. Data Communication
Your data may be made accessible and/or communicated for the purposes referred to in art. 2.A) and 2.B):
Without prejudice to communications and disclosures made in compliance with legal obligations, the Data Controller may communicate your data, in Italy and/or abroad (as indicated in the following points) to:

  • Employees and collaborators of the Data Controller, in their capacity as authorized persons and/or data processors and/or system administrators;
  • Technicians and/or collaborators for administrative, tax and accounting management and/or to fulfill specific legal obligations or for which external suppliers have been identified.
  • Our network of agents; factoring companies; credit institutions; debt collection companies; credit insurance companies; commercial information companies for the requested services; professionals and consultants; companies operating in the transport sector; technicians and collaborators appointed to provide the requested services/products, to supervisory bodies, judicial authorities as well as to all other subjects to whom communication is mandatory by law for the fulfillment of the aforementioned purposes. To legal entities to whom services referred to in this information notice are entrusted.
  • Companies or other legal entities, qualified and appointed pursuant to art. 28 of Regulation 679/16, for support activities including: communication management and development, management and development of company processes and projects, communication and promotion systems, for the storage of personal data. Access may be granted to third parties and affiliated companies, which provide services deemed necessary and/or useful by the data controller for the management of company activities and related support processes or requested by you. Among the suppliers are companies for the maintenance of IT systems; credit institutions, professional firms, companies that provide services on IT systems/platforms that the Data Controller deems useful to use, to companies that carry out outsourcing activities on behalf of the Data Controller, in their capacity as external data processors.
  • The network of body shops affiliated with A21 Holding S.r.l. for carrying out vehicle repair services.

5. Data Transfer
The management and storage of personal data will take place on servers located within the European Union of the Data Controller and/or appointed third-party companies duly designated as Data Processors. Currently, our servers are located in Italy. The data will not be transferred outside the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to move the location of the servers to Italy and/or the European Union and/or non-EU countries. In this case, the Data Controller ensures from now on that the transfer of data outside the EU will take place in accordance with applicable legal provisions by stipulating, if necessary, agreements that guarantee an adequate level of protection and/or by adopting the standard contractual clauses provided by the European Commission.

6. Data Retention
The processing of your personal data is carried out through the operations indicated in art. 4 Privacy Code and art. 4 no. 2) GDPR, specifically: collection, recording, organization, storage, consultation, elaboration, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure and destruction of data. Your personal data are subjected to both paper and electronic and automated processing.
The Data Controller will process personal data for the time necessary to fulfill the above purposes and in any case for no more than 10 years from the termination of the relationship for the Purposes referred to in point 2.A (unless other legislative requirements apply). For the purposes referred to in point 2B, however, data will be processed for a maximum period of 2 years from the collection of data and/or from the end of contractual, commercial, communicative relationships established after collection.
In any case, data will no longer be processed after the data subject's consent is revoked (unless required by legal obligations).

7. Data Subject Rights
With reference to art. 7 of Legislative Decree 196/2003 and arts. 15 – right of access, 16 – right to rectification, 17 – right to erasure, 18 – right to restriction of processing, 20 – right to data portability, 21 – right to object, 22 right to object to automated decision-making of GDPR 679/16, the data subject exercises his/her rights by writing to the Data Controller at the address indicated above, or by email, specifying the subject of his/her request, the right he/she intends to exercise and attaching a photocopy of an identity document attesting to the legitimacy of the request.
The form to request the exercise of rights from the company is available at the following address: info@a21holding.it

8. Withdrawal of Consent
With reference to art. 23 of Legislative Decree 196/2003 and art. 6 of GDPR 679/16, the data subject can revoke any consent given at any time.
However, the processing covered by this information notice is lawful and permitted, even in the absence of consent, as it is necessary for the performance of a contract to which the data subject is a party (the service provision relationship) or for the fulfillment of their requests.

9. Lodging a Complaint
The data subject has the right to lodge a complaint with the supervisory authority of their state of residence.
The form to lodge a complaint is available at the following address: info@a21holding.it

10. Mandatory or Optional Nature of Data Provision and Consequences of Refusal to Respond
The provision of data for the purposes referred to in art. 2.A) is mandatory. Without them, we would not be able to guarantee the services referred to in point 2.A). The provision of data for the purposes referred to in point 2.B) is, however, optional.
You can therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive commercial communications and advertising material relating to the Services offered by the Data Controller. In any case, you will continue to have the right to the Services referred to in art. 2.A).

11. Automated Decision-Making Processes
The Data Controller does not carry out processing operations that consist of automated decision-making processes on the data.

12. Minors
The Data Controller's services are not intended for minors under 16 years of age and the Data Controller does not intentionally collect personal information referring to minors. In the event that information on minors is involuntarily recorded, the Data Controller will promptly delete it, upon user request. For any processing needs of minors, specific consent and authorization will be requested from the person exercising parental authority and/or from the holder of parental responsibility (as provided by art. 8 of Regulation 679/16).

13. Data Controller, Processors and Authorized Persons
The Data Controller is A21 Holding S.r.l. with registered office in Via Giosuè Carducci, 125/C – 20099 Sesto San Giovanni (MI) – in the person of the pro-tempore legal representative. The data controller can be contacted at the addresses listed above. The updated list of data processors and authorized persons is kept at the Data Controller's headquarters.
The Data Controller can be contacted for requests concerning this Privacy Policy at the following email address: info@a21holding.it

14. Data Protection Officer
The Data Protection Officer (D.P.O.) is not applicable to our organization.

15. Changes to this Privacy Policy
This Privacy Policy may be subject to changes. Therefore, it is advisable to regularly check this Policy and refer to the most updated version.

16. "Cookie" Information
This site uses cookies, text files that are recorded on the user's terminal or that allow access to information on the user's terminal. Cookies allow to store information on visitors' preferences, are used to verify the correct functioning of the site and to improve its functionalities by personalizing the content of the pages based on the type of browser used, or to simplify navigation by automating procedures (e.g., Login, site language), and finally for the analysis of site usage by visitors.
This site uses the following categories of cookies:

  • Technical cookies, used solely for the purpose of transmitting an electronic communication, to ensure the correct display of the site and navigation within it. Furthermore, they allow distinguishing between various connected users in order to provide the correct service to the right user, and for site security reasons. Some of these cookies are deleted when the browser is closed (session cookies), others have a longer duration (such as the cookie necessary to retain the user's consent regarding the use of cookies, which lasts 1 year);
  • Analytical cookies, used directly by the site operator to collect information, in aggregated form, on the number of users and how they visit the site. They are assimilated to technical cookies if the service is anonymized;
  • Profiling and marketing cookies, used exclusively by third parties other than the owner of this site to collect information on user behavior during navigation, and on interests and consumption habits, also for the purpose of providing personalized advertising.

By browsing our website, the visitor expressly consents to the use of cookies and similar technologies, and in particular to the recording of such cookies on their terminal for the purposes indicated above, or to accessing information on their terminal via cookies.

17. Disabling Cookies
The user can refuse the use of cookies and can revoke a previously given consent at any time. Since cookies are linked to the browser used, they can be disabled directly from the browser, thus refusing/revoking consent to the use of cookies.
However, disabling cookies may prevent the correct use of some functions of the site itself, in particular, services provided by third parties may not be accessible, and therefore some content on our site may not be viewable and sharing services, as well as interaction with the site (information request), may be disabled.

18. Third-Party Cookies
This site may issue third-party cookies (such as social network buttons), used to provide additional services and functionalities to visitors and to simplify the use of the site itself, or to provide personalized advertising. This site has no control over these cookies, which are entirely managed by third parties, and has no access to the information collected through these cookies. Information on the use of these cookies and their purposes, as well as on how to disable them, is provided directly by the third parties on the pages indicated below.
It should be noted that generally user tracking does not involve identifying the user, unless the user is already subscribed to the service and is also already logged in, in which case it is understood that the user has already expressed their consent directly to the third party when registering for the relevant service (e.g., Facebook).