Privacy Policy

The “Data Controller”
In accordance with art. 13-14 of the European Regulation n° 679/2016, the Code that regulates the protection of personal data, AST S.p.A. (hereafter “the Company” and/or “AST”) Italian Headquarters (registered office) in Cornaredo (MI), address: via Raffaele Merendi, n°40 - 20010, is the Data Controller (art. 13-14 of the European Regulation n° 679/2016) where your personal data are concerned. You are therefore informed that all personal data acquired in the framework of present or future business relations is classified as personal data treated according to the above mentioned Italian Legislative Decree. The Data Controller also provides the following information where personal data management is concerned:

Where the data are processed
AST S.p.A. with Headquarters in Cornaredo (MI), address: via Raffaele Merendi, n°40 – 20010.

Type of data processed:
Data for personal identification as described in European Regulation n° 679/2016, as well as any information on a natural or legal person, public administration, body or association which is obliged to carry out the periodic back-up of data banks, personal identification data, traffic data and anonymous data. In addition there are the navigation data, the IT systems and the software procedures that implement the functions of this web site and which could, during the course of normal operative functioning, acquire personal data, the transmission of which is implicit in the use of the protocols of Internet communication.  Such information is not gathered in order to be associated with identified persons, given the nature of the data in question; however, they could permit the identification of the user in the course of processing and associations with data held by third parties. The data that fall into this category are: IP addresses, domain names of the computers operated by the users who connect to the site, Uniform Resource Identifier addresses for the resources requested, the time of the request, the method used to make the request to the server, the size of the file received in response to the request, the numerical code that indicates the status of the reply received from the server (success or failure of the request) and other parameters relative to the operative system and the IT environment of the user. These data are only used in order to gather anonymous statistical information on the use of the site and to check that it functions correctly; the data are immediately cancelled after they have been processed. These data could be used to ascertain responsibility in the case of presumed computer crime to the detriment of the site.
Elective provision of data
Apart from the navigation data as specified above, the user is free to provide the personal data in the request forms or those indicated in the section “Contacts” in order to request informative material or other communications. If these data are not provided, it could result impossible to obtain the information requested, as described in detail hereunder.

The objectives of data processing
Personal data is processed for the following reasons:
1. to carry out judicial relations with you, either ongoing or future;  
2. to act in accordance with legal requirements in the framework of the above mentioned judicial  relations;
3. the logistical management of any business relations that are ongoing or under definition as long as they are connected/ related to AST company description;
4. Protection of contractual rights;
5. Internal statistical analysis with the aim of analysing consumer habits and choices;
6. marketing activities by sending, advertising or promotional material relating to the products or services derived and / or similar to those of the commercial relationship.

Data provided voluntarily by the user
E-mails sent freely, explicitly and voluntarily to the addresses indicated within the website bring about the subsequent acquisition of the email address of the sender; this is necessary in order to reply to the requests; any other personal data inserted into the email request by the sender are also acquired. Specific details will be provided or visualized in the pages of the website that are set up for the services requested.  
Duration of the data processing.
The data will be processed for the entire duration of the existing business relations and for the following ten years from the date on which the data were acquired. Unless the interested party provides other indications, it is understood that the data will be cancelled from the server at the end of the tenth year.

Cookies are a small amount of textual information sent to your computer and saved in the user’s Web browser while a website is being viewed. The aim is to register and also sometimes to track the information relative to the user experience where the website in question is concerned. These details are used in order to improve navigation passing from one page to another within the site, saving user preferences that have already been inserted (username, password etc), tracking user preferences thus allowing the presence/absence of targeted marketing initiative to be managed. If the use of cookies is limited, this will have an impact on the status of the user during consultation of the site. If the cookies are blocked or removed from the browser cache, it may not be possible to take full advantage of the services offered by the web application. The site might use third party cookies which allow collection of information on the visitors, key words used to reach the site, the web sites visited; in this case it is possible to view the information note at this address The site could use Persistent Cookies or Session Cookies. The formed continue working even when the browser has been closed. The aim is to achieve more rapid access to the preferences established in a previous session. The latter only last for the duration of the use of the website; they expire at the end of the session.

Social Media
The site can provide access doors to various Social media services (which may include, without limitation, the famous Facebook, Twitter etc.); these services provide comment areas, bulletin boards, forums and other public advertising media platforms available. AST informs you to exercise caution about the disclosure of personal information when using these platforms. The terms of use and privacy policies applicable to each of these social media will govern the information provided and are available on these websites. AST does not perform any form control over the use of personal information disclosed in a public forum, a comment, a bulletin board, making the user the solely responsible for any disclosure.

Means of data processing
Personal data will be processed in paper, digital and telematic form and inserted into the applicable data banks, which can be consulted (and the contents thereby viewed) by the operators designated by the Data Controller, such as the Data Processor and the Persons in charge of the Processing of personal data, who will be able to carry out the consultation, use, handling, comparison and any other appropriate operation, direct or automatic, respecting the legal requirements necessary to guarantee, inter alia, the confidentiality and security of the data, as well as their accuracy, updating, and their relevancy to the declared aims.

The data collected
The data collected are essentially those inherent to:
Identification data (company name, or name and surname allowing a data subject to be identified directly, address, telephone, fax, email, fiscal data etc.); data relative to economic and commercial activity (as an example that is by no means exhaustive: orders gathered, contracts stipulated, competitions, solvency, banking and financial data, accounts and fiscal data, etc.). These data are provided directly by the Client/Interested party, they can also be gathered from autonomous third parties, external Data Controllers/Processers on behalf of AST Data Controller. The data gathered may have residual sensitive and/or judicial characteristics. In this case they will be treated in accordance with the protection envisaged by the European Regulation n° 679/2016.

How the data are provided
Provision of data and their relative processing are obligatory where aims n. 1, 2, 3, 4 e 5 are concerned and also in terms of the fulfilment of commercial requirements; refusal to provide data for these purposes could, therefore, make it impossible for the Controller to carry out these same contractual requirements as well as the legal obligations. Provision of data is elective where the aims described in point 6, those refer to the implementation of the main marketing activities that is established by the Controller and tracing users activities for analysis, saving preferences and credentials.

The framework relative to the communication and dissemination of data
With reference to the aims indicated, the data could be communicated to the following subjects/categories of subjects, in other words they could be communicated to companies and/or individuals, in Italy or abroad, which offer services – including external services – on behalf of the Controller. Among which*, for clarity’s sake, consider:
• companies which collaborate with AST Controller;
• companies which are associated with/connected to AST;
• financial administrations and other companies or public bodies in accordance with legal requirements;
• qualified authorities and/or supervisory bodies in the implementation of legal requirements;
• companies and law offices for the protection of contractual rights;
• for aims n. 3, 4, 5 e 6 the data could be communicated to qualified persons who operate for the undersigned, as well as contracted companies, freelance workers and commissioning companies;
• is provided for the transmission of personal data to countries outside the EU and Extra EU.
 (*) the list of External Processors, including other data useful for their identification, is available from the Data Processor.

The Data Subject’s rights
With reference to the above mentioned data processing, the data subject can exercise the rights described in art. 15-22 of European Regulation n° 679/2016 and these are:
A data subject shall have the right to obtain confirmation as to whether or not personal data concerning him exist;
He can find out the source of the personal data; of the purposes and methods of the processing; of the logic applied to the processing;
Obtain the erasure, anonymization or blocking of data that have been processed unlawfully, the updating, rectification or integration of the data;
To object on legitimate grounds, to the processing of the personal data collected in respect of the limits and the conditions described in articles 8, 9 and 10 of European Regulation n° 679/2016, by contacting AST, at the Headquarter in Cornaredo (MI), via Raffaele Merendi n°40 - 20010, telephoning +39.02.934848.1, sending a fax to +39 02.9362248  or an email to the address: This email address is being protected from spambots. You need JavaScript enabled to view it. .
Further information on the processing and communication of data, either directly or acquired by other means, can be requested by applying to the person in charge of the processing of personal data, with reference to Finance Area. This information does not exclude the possibility for oral communication of other details at the moment of data collection. Seeing this communication implies the expression of agreement to the processing of your personal data in accordance with European Regulation n° 679/2016.

It is understood that this agreement is covered by the legislation in force which will be respected at all times.

Further information on the processing of personal data can also be communicated verbally.

Data Acquisition and Management

AST do not process data using automated decision-making method, your prior acceptance should always been required.
The Company moreover clarifies that all data collected for each processing phase is grounded on a solid and appropriate legal basis.

AST does not and will not transfer data towards third Countries.

AST clarifies that all data collected will be kept and retained only for the time necessary to carry out  the operations for which data have been acquired.    
The retention period will be determined on the basis of the assessment of the individual transaction and it will be in compliance with the principles of necessity, purpose, relevance and non-excess sanctioned pursuant to the Regulation.

Last  document update: 23 May 2018
A.S.T. Spa