Privacy Policy

ASO H&P Srl with registered offices in Via Antonio Salieri 32, 37050 Oppeano VR (Italy). Tax Code and VAT No. 03775710985 (hereinafter, “Data Controller”), as Data Controller, informs you pursuant to art. 13 of Legislative Decree No. 196 of 30.6.2003 (hereinafter, “Privacy Code”) and art. 13 of EU Regulation 2016/679 (hereinafter, “GDPR”) that your data will be processed in the following manner and for the following purposes:

1. Purpose of the processing

The Data Controller processes personal, identifying and non-sensitive data (in particular, name, surname, tax code, VAT No., email, telephone number – hereinafter, “personal data” or “data”) communicated by you during registration to the website of the Data Controller and/or when subscribing to the newsletter service offered by the Data Controller.

2. Purpose of the processing

Your personal data is processed:
A) without your express consent (art. 24, letters a, b and c of the Privacy Code and art. 6, letters b and e of the GDPR) for the following service purposes:
– to allow you to register on the website;
– to manage and maintain the website;
– to allow you to subscribe to the newsletter service provided by the Data Controller and any
additional services requested;
– to prevent or identify fraudulent activity or malicious damage of the website;
– to exercise the rights of the Data Controller, for example the right to defence in court.

B) only with your specific and express consent (Articles 23 and 130 of the Privacy Code and art.7 of the GDPR) for the following marketing purposes:
– to send you, by email, newsletters, commercial communications and/or advertising material on products or services offered by the Data Controller.
We inform you that if you are already our customer, we may send you commercial information regarding the services and products of the Data Controller, similar to those which you have already used, unless you deny your consent (art. 130 c. 4 of the Privacy Code).

3. Processing methods

Your personal data is processed using the methods indicated in article 4 of the Privacy Code and article 4 (2) of the GDPR, and more precisely through the collection, registration, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of the data. Your personal data is subject both to paper and electronic and/or automated processing.
The Data Controller will process your personal data for the time necessary to fulfil the aforementioned purposes and for a period not exceeding 10 years from the termination of the relationship for Service Purposes and not exceeding 2 years from the date on which the data was collected for Marketing Purposes.

4. Access to data

Your data may be made accessible for the purposes set out in art. 2.A) and 2.B):
– to employees and contractors of the Data Controller in their capacity as internal data processors and/or persons incharge of the processing and/or system administrators;
– to companies of ASO H&P, of which the Data Controller is a part (for example, for support activities in the customer’s project feasibility study, project technical management activities, storage of personal data, etc.) or to third parties (for example, website management and maintenance providers, suppliers, credit institutions, professional firms, etc.) that carry out outsourcing activities on behalf of the Data Controller, in their capacity as external data processors.

5. Communication of data

The Data Controller may, without your express consent (under art. 24 letters a), b) and d) of the Privacy Code and art. 6, letters b) and c) of the GDPR), communicate your data for the purposes referred to in art. 2A) to Supervisory Bodies, judicial authorities and to all other entities to whom communication is required by law for the accomplishment of said purposes. Your data shall not be disseminated.

6. Transfer of the data

Your personal data will be managed and stored on servers located in the European Union and belonging to the Data Controller and/or third-party companies appointed and duly identified as Data Processors. Your data shall not be transferred outside the European Union. It is in any case agreed that the Data Controller shall, where necessary, have the right to change the location of the servers to Italy and/or the European Union and/or non-EU countries. In this case, the Data Controller hereby guarantees that the transfer of data outside the EU will take place in accordance with applicable legal provisions, by concluding, if necessary, agreements guaranteeing an adequate level of protection and/or by adopting the standard contractual clauses provided for by the European Commission.

7. Nature of the data provision and consequences of refusal to comply

The provision of the data for the purposes referred to in art. 2.A) is compulsory. Without it, we cannot guarantee your registration on the site or your access to the Services referred to in art.2A). The provision of the data for the purposes referred to in art. 2.B) is optional. You may therefore decide not to provide any data or subsequently to deny consent to the processing of data already provided; in this case, you will not be able to receive the commercial communications and advertising material concerning the Services offered by the Data Controller. In any case you will continue to be entitled to the Services referred to in art. 2.A).

8. Rights of the data subject

In your capacity as Data Subject, you have the rights pursuant to art. 7 of the Privacy Code and to art. 15 of the GDPR; specifically, the right to:
i. obtain confirmation of the existence or non-existence of personal data concerning you, whether or not it is yet recorded, and the communication of such data in an intelligible form; ii. obtain information on: a) the origin of personal data; b) the purposes and methods of the processing; c) the logic applied when processing with the aid of electronic instruments; d) the identifying details of the data controller, processors and designated representative pursuant to art. 5, paragraph 2 of the Privacy Code and art. 3, paragraph 1 of the GDPR; e) the entities or categories of entities to whom the personal data may be communicated or who may gain knowledge of it as designated representatives within state territory, as processors or as persons in charge;

iii. obtain: a) the updating, correction or, where concerned, the extension of the data; b) the cancellation, transformation into anonymous form or blocking of data processed in breach of the law, including data that need not be kept for the purposes for which the data was collected or subsequently processed; c) certification that the operations in letters a) and b) have been brought to the knowledge, also with regard to their content, to those to whom the data was communicated or disseminated, unless this requirement proves impossible or involves the use of
means manifestly disproportionate to the right protected;

iv. object, in whole or in part: a) to the processing of personal data concerning you, even if pertinent to the purpose for which it was collected, for legitimate reasons; b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market surveys or commercial communications, through the use of automated call systems without the intervention of an operator, by email and/or through traditional marketing methods (telephone and/or post). Please note that, with regard to direct marketing through automated methods, the Data Subject’s right to object, as set out in point b) above, is extended to traditional methods, and that the Data Subject is able to exercise the right to object even partially. Therefore, the Data Subject may decide to receive only communications through traditional methods or only automated communications, or neither of the above. Where applicable, you also enjoy the rights pursuant to articles 16-21 of the GDPR (right of rectification, right to be forgotten, right of limitation of processing, right to data portability and the right to object), as well as the right to complain to the Data Protection Authority.

9. Procedure for the exercise of rights

You may exercise your rights at any time by sending:
– a registered letter with return receipt to Via Antonio Salieri 32, 37050 Oppeano VR (Italy)
– an email to:

10. Minors

This site and the Data Controller’s services are not intended for children under the age of 18 and the Data Controller does not knowingly collect personal information about minors. In the event that information relating to minors is unintentionally recorded, the Data Controller shall promptly
erase it at the user’s request.

11. Data controller, processor and persons in charge

The Data Controller is ASO H&P Srl
An updated list of processors and persons in charge of processing data is kept at the premises of the Data Controller.

12. Changes to this Policy

This Policy may undergo changes. We therefore recommend that you regularly check this Policy and refer to the latest version.