Privacy Policy


1. Name and contact details of the Data Controller

The Data Controller is the company: ABP Nocivelli S.p.a. with registered office at Via Padana Superiore no. 67, in Castegnato (Bs), VAT No.: 00303020176.

2. Contact details of the Data Protection Officer

The Company has appointed a Data Protection Officer, who may be contacted at the following email address

3. Purpose and legal basis of processing

Data is processed in compliance with the applicable privacy regulations. This processing is based on the principles of correctness, legality and transparency and carried out in compliance with the principles of relevance, completeness and non-excessiveness.

  1. Necessary legal purposes for the provision of services – processing necessary to fulfil a contractual or legal obligation to which the Data Controller is subject or to carry out a specific request from the data subject – The User’s personal data may be processed, without the need for his/her consent, where required to fulfil obligations arising from legal provisions or from standards, codes or procedures approved by Authorities or other competent Institutions.
  2. For the proper performance of institutional activities and/or those provided for in the corporate purpose set out in the Company’s Ordinary Business Certificate;
  3. For requirements related to the conclusion of contracts and assignments and the execution, amendment or variation of them and any obligation required to fulfil them.
  4. For operational, organizational, management, tax, financial, insurance and accounting needs related to contractual and/or pre-contractual relationships.
  5. To fulfil any type of legal, regulatory or EU obligation.
  6. To prepare, manage and preserve the history of orders, commissions or events resulting from participation in tenders.
  7. To monitor needs related to product/service delivery methods, supplier relationship performance, and analysis and management of risks related to the contractual relationship.

Commercial purposes – consent

The User’s personal data may also be processed, with their consent, for the following additional purposes that form part of the Controller’s business or that of a third party:

  • marketing of the Controller’s services and/or those of a third party, distribution of informational material;
  • customer satisfaction surveys regarding the quality of services provided.

Consent to data processing and communication to the following parties for the above purposes is optional and may be revoked at any time by writing to

4.Judicial defence of a right

The User’s personal data will also be processed whenever this is necessary in order to ascertain, exercise or defend in court a right of the Data Controller or other companies within the scope of control of ABP Nocivelli S.p.A.

5. Legitimate interest of the Controller

The Controller may process personal data collected in the following cases without the User’s consent:

  • in the event of corporate merger, sale or business transfer, to enable the execution of due diligence and other operations required for the transaction. It remains understood that only necessary data will be processed for the aforementioned purposes, in the most aggregate/anonymous form possible.
  • • analysis – in an anonymous and aggregate form – of service usage, to identify user habits and propensities, to improve the services provided and to meet specific user needs, or for preparation of initiatives related to service improvements.
  • analysis of ABP Nocivelli S.p.A.’s online brand positioning and reputation. Specifically, this includes identifying and evaluating what is being said on the Internet – in publicly available content – about ABP Nocivelli S.p.A. and its activities/customers, in order to record the opinions, intentions, moods, market trends and needs of ABP Nocivelli S.p.A.’s stakeholders so that the services offered by the Company may be improved. This is carried out through keyword searches, without identifying users.

6. Recipients of personal data

In pursuit of the purposes set out in Section 3, the Controller may disclose the User’s personal data to third parties, such as, for example, those belonging to the following entities or categories of entities:

  • police forces, armed forces and other public administrations, for the fulfilment of legal, regulatory or EU obligations. In such cases, under the applicable data protection regulations, there is no obligation to acquire the prior consent of the data subject for these communications;
  • companies, entities or associations, or parent, subsidiary or associated companies pursuant to Article 2359 of the Civil Code, those associated with the latter, those subject to common control, those linked as part of consortia, business networks and temporary business groupings and associations and their members. Such disclosures are limited to communications made for administrative and/or accounting purposes;
  • IT service providers, consultants – designated outsourced data processors

The Data Controller guarantees maximum care to ensure that the User’s data is communicated to the aforementioned recipients to the extent strictly necessary to satisfy the specific reasons for its maintenance. The User’s personal data are stored in the Controller’s databases and will be processed by authorized personnel only, who are given special instructions on the means and purpose of processing. who are given special instructions on the means and purpose of processing. These data will also not be disclosed to third parties, except as described above and, in any case, within the limits stated therein.

Finally, the User’s personal data will not be disclosed, except in the cases described above and/or as required by law.

7. Transfer of personal data outside the EU

The User’s personal data will not be transferred outside the EU.

The management of the database and the processing of this data are limited to the purposes for which they were collected and are carried out in strict compliance with the confidentiality and security standards as per applicable data protection laws.

Whenever the User’s personal data is subject to international transfer outside the EU, the Controller will take all appropriate and necessary contractual measures to ensure adequate protection of personal data in accordance with the provisions set out in this Privacy Policy, including, among others, the Standard Contractual Clauses approved by the European Commission.

8. Data retention period

Data will be retained for a period of time no longer than necessary for the purposes for which they were collected or subsequently processed in accordance with legal obligations.

9. Rights of Data Subjects

As a data subject, the User is granted the following rights in relation to the personal data collected and processed by the Data Controller for the purposes described in Section 3:

  • the right of access, specifically by requesting, at any time, confirmation of the existence of the User’s personal data in the Company’s records and the provision of such information in a clear and intelligible manner; the right to know the origin, logic and purpose of the processing with express and specific indication of the persons in charge and responsible for the processing and of any third parties to whom the User’s personal data may be communicated;
  • the right to update and rectify data (except evaluative data), delete redundant data or convert it into anonymous form, and block processing and definitively delete data in the event of unlawful processing; and
  • where the conditions are met, restriction of processing and portability of data.

The law also recognizes that data subjects have the right to lodge a complaint with the Data Protection Authority, should the User identify a violation of their rights under applicable data protection regulations.

The User may exercise the above rights by writing to the Data Protection Officer at



Date of last change: 22.06.2022