Information on the processing of personal data pursuant to Article 13 of EU Regulation 2016/679 of 27 April 2016, addressed to users of the institutional website of Acque Bresciane S.r.l., including the Cookie Policy

Dear User of the institutional website,

Below you will find information on how the institutional website of Acque Bresciane S.r.l. is managed, as well as the privacy notice required under Article 13 of EU Regulation 2016/679 of 27 April 2016 concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data (hereinafter the “Regulation”), in relation to the processing of the personal data of Users who access www.acquebresciane.it (hereinafter, the “Website”) and its subdomains.
This notice does not apply to any other websites that the User may visit via links.

1. Data Controller

Acque Bresciane S.r.l. (hereinafter also the “Company”, the “Provider”, or the “Data Controller”), with registered office at Via Cefalonia, 70 - 25124 Brescia and administrative office at Via XXV Aprile, 18 - 25038 Rovato (BS), VAT and Tax Code 03832490985, registered with the Brescia Chamber of Commerce, acquebresciane@cert.acquebresciane.it

2. Data Protection Officer

The Data Protection Officer (“DPO”) may be contacted by email at: dpo@acquebresciane.it for any matters relating to the processing of personal data.

3. Data Processed

3.1) Browsing data

Personal data processed by the Controller include browsing data (e.g. IP addresses or domain names of the computers used by Users connecting to the Website, the time of the request, the method used to submit the request to the server, the numerical code indicating the status of the server’s response, and other parameters related to the User’s operating system and browser).
Browsing data are collected solely to obtain anonymous statistical information on Website use and to ensure its proper functioning, and not to identify the User.

3.2) Data voluntarily provided by the user

When accessing this Website as a customer, user, or simple visitor, you may share certain personal data to use specific features, including the possible use of the chatbot. In such cases, the Controller may collect information such as your IP address and any other data you voluntarily choose to provide. These data will be used exclusively to enable the requested service.

If necessary to respond to your needs or follow up on your requests, personal data may be transmitted to third parties involved in the service management.

3.3) Cookies

The Website may use cookies for technical purposes and, subject to consent, for additional purposes.
For detailed information on the types used, purposes, retention times, third parties involved, and preference management methods, please refer to the Cookie Policy in §11 below.

4. Purposes and Legal Basis of Processing

Personal data processed during the use of the Provider’s Website are used exclusively for activities related to the use of web pages and the provision of online informational services. Processing is carried out lawfully, fairly, and transparently, following principles of necessity, proportionality, and minimisation.

In particular, data are processed for:

a) Technical operation and security of the Website

Ensuring page access, enabling Internet communication protocols, preserving infrastructure stability and efficiency, preventing anomalies or misuse, and safeguarding network and system security.

b) Measurement and improvement of online services

Obtaining aggregated information about Website use and verifying correct operation, including via statistical indicators. Tools beyond purely technical functions are activated only upon user choice via the preference panel.

c) Traffic monitoring and operational continuity

Monitoring traffic volume and page usage solely to ensure digital service delivery, prevent abuse or incidents, and intervene in case of malfunction.

d) Management of requests via forms and/or chatbot

Providing requested services and managing queries, reports, or support requests submitted through Website channels, including contact forms and/or chatbot.
Some tasks may use AI-based tools to optimize processes and improve interaction quality. More information is available in the dedicated section on AI systems.

e) Compliance with legal obligations

Carrying out activities required by law and responding to requests from competent authorities.

Legal basis summary:

  • Activities under a), b), and c): Legitimate interest of the Controller.
  • Activities under d): Necessary for pre-contractual steps or service provision; data provision is optional but essential.
  • Activities under e): Compliance with a legal obligation.

5. Processing Methods and Data Retention

Processing is carried out by authorized personnel using electronic tools and in accordance with principles of lawfulness, fairness, and transparency. Operations are conducted to ensure confidentiality and protect the rights of data subjects.

Your data will be retained no longer than necessary for the purposes for which they are processed.

Data voluntarily provided and processed through AI systems are stored by providers for a limited period—generally no more than 14 days, or otherwise only as long as needed.

Cookie retention is described in §11.

In case of legal disputes, data may be retained for up to 10 years from resolution.

6. Automated Decision-Making

Data will not be subject to automated decision-making, including profiling, that produces legal or similarly significant effects on the data subject.

7. Disclosure and Transfer of Personal Data

Personal data may be communicated to entities acting as independent Controllers or as Processors appointed by the Provider.

Such entities may include:

  • Providers of digital services (IT services, hosting, platform maintenance, technical support, professional firms, consultants)
  • Competent Authorities for legal compliance and/or upon request

Your data will not be disclosed or made available to unspecified recipients.

8. Transfer of Data Outside the European Union

Personal data are stored and processed within the EU. However, certain AI solutions may involve processing of some voluntarily provided information in the United States.

If transfers outside the EU are necessary, they will occur only with adequate safeguards, in compliance with the law.
You may request a copy of such safeguards by writing to privacy@acquebresciane.it.

9. Operation and Logic of AI Systems

The Controller uses artificial intelligence solutions with particular attention to data protection and processing security. Technologies are adopted to support internal processes such as chatbot-based request management and business process optimization.

The Provider uses enterprise-grade APIs supplied by third parties ensuring high protection standards, including certified security measures (e.g. SOC 2 Type 2). Internal measures include data minimisation or anonymisation and continuous monitoring of legal developments.

Personal data are not used to train AI models.
Information processed via AI systems is stored for a limited period—generally no more than 14 days, or only as required for specific purposes.

More details may be requested at: privacy@acquebresciane.it

10. Rights of the Data Subject

At any time, you have the right to:

  • obtain confirmation of whether your personal data are being processed and access information under Article 15 of the Regulation;
  • obtain rectification of inaccurate data or completion of incomplete data;
  • request erasure of your data in the cases set out in Article 17;
  • request restriction of processing under Article 18;
  • object to processing based on your particular situation, where applicable;
  • receive your personal data in a structured, commonly used, machine-readable format and transmit them to another controller (Article 20), where applicable;
  • withdraw consent at any time (where processing is based on consent), without affecting the lawfulness of processing prior to withdrawal.

Requests may be submitted by post to Via XXV Aprile 18, 25038 Rovato (BS), by email to privacy@acquebresciane.it, or by fax to 030/7714270.

Requests are free unless manifestly unfounded, excessive, or repetitive. In such cases, the Controller may charge a reasonable fee or refuse the request, informing the data subject in advance. Verification of identity may be required.

You may lodge a complaint with the competent Supervisory Authority (in Italy: the Italian Data Protection Authority – www.garanteprivacy.it).
The Controller encourages users to first contact the channels listed above for prompt and amicable resolution.

 

11. Cookie