Dear Client,
In compliance with the dictates of the new General European Regulation on Protection EU 2016/679 relative to Art. 13, we provide information relative to the personal data that will be the subject of our processing.
The Data Controller is the AITHERCO2 spa company with registered office in Via Antonio Tolomeo Trivulzio 3, Milan, VAT and Tax Code 07156640968, PEC [Certified e-mail address], , pursuant to Art. 4 paragraph 1 no. 7) of EU Reg. 2016/679.
The Data Processor in charge, Mr Sergio Carloni, can be contacted via e- mail at
In accordance with the legislation, this processing will be guided by the principles of correctness, lawfulness, transparency and protection of your confidentiality and your rights.
Pursuant to article 13 of the GDPR 2016/679, therefore, we provide the following information:

  • The personal data (first name, last name, identification document details and a copy of it, telephone, e-mail address, etc.), will be provided at the time of application depending on the type of service requested. The personal data provided will be processed relative to:
    • Contractual obligations
    • Obligations required by the rules of law, regulations, European Community, statutory and fiscal legislation
    • The sending of commercial information pertaining to our activity;
    • possible outside professional cooperation, also to fulfil legal obligations
    • Protection of the contractual rights,

Information provided voluntarily by the user

The information that you will communicate through e-mail, post, PEC, fax or on other technological mediums will be acquired, processed and used for the development of the request that you forwarded. The optional, explicit and voluntary forwarding of electronic mail, post, PEC, fax to the addresses listed above in this document will entail the subsequent acquisition of the address of the sender as well as possible other personal data included in the letter, necessary also for responding to the requests.

We wish to inform you that, considering the purposes of the processing as explained above, the contribution of the data is compulsory and the failure to provide it, or the partial or incorrect contribution may make it impossible to carry out the assignment activity taken and precludes the possibility of our fulfilling the contractual obligations as provided by the contract.

Should the subject providing the data be under 16 years of age, the processing will only be lawful if and to the extent that consent is provided or authorised by the person with parental responsibility whose identification information and a copy of the identification documents have been acquired.

The processing will be performed both manually and/or electronically with logics of organisation and processing strictly correlated to the actual purposes and in any case in such a manner as to guarantee the security, integrity and confidentiality of the data in compliance with the organisational, physical and logic measure anticipated by the provisions in force.

Please note that the Client’s data, as interested party, (of the associate and/or the principal) and the information relative to the activities performed for the legal obligations or for your interests in the implementation of the assignment, is communicated, with suitable procedures, to companies, users or service providers, operating with it or as instructed by you.

In order to permit a correct fulfilment of the processing of the personal data, it must be known that, the information already in our possession must be updated by the deadlines and in the manner anticipated by the new GDPR legislation. Therefore, in the event of personal data provided to the company and not collected by us directly from the interested party, you must forward to us the disclosure that it was correctly acquired. It must be provided within a reasonable period of time not to exceed 1 month from the collection of the data or from the moment of the communication (not the registration) of the data (to third parties or the interested party).

Legal basis of the processing:
obligations of a contractual nature (points no. 1, 3, 5) legal obligations (points no. 2, 4)
Processing methods:

The processing is done both with computer and electronic instruments and in paper format.

The data controller establishes appropriate safety measures to prevent unauthorised access to the personal data, their disclosure, modification, destruction.

In addition to the data controller, other subjects of our organisation (accounting personnel, administrative personnel, suppliers of technical services, software and hardware) may have access to the data, including sensitive data, who operate in compliance with the requirements anticipated by the GDPR 679/2016.

The personal data, including the “sensitive” data, may be communicated as provided by the regulations in force, also in compliance with the legal obligations, to the addressee subjects and/or assigned to its fiscal, tax, contribution, accounting/administrative control such as Inland Revenue Agency, Collection Agency, Local Agency, INAIL, INPS and other social security and welfare institutes, Register of Companies, Municipalities and other local Institutions, Banks, Chambers of Commerce, Organisations, intermediaries authorised for the implementation and professionals and third party subjects to whom the data must be communicated in order to carry out the assignment given the data controller (e.g. notaries, lawyers, etc…).

All the data processed may be communicated for purposes of filing/storage/management of the service also through clouding services to outside subjects appointed, if necessary, Data Processors by the Data Controller and who therefore operate in compliance with the requirements of the new Regulation – GDPR.

As protection of the interests of the data controller, the data may be communicated to credit collection organisations and/or legal protection as necessary.

You may ask the Data Controller for the list, which can be different for every Client and every assignment. Enter list mode

All processing is done in compliance with the methods listed in articles 6 and 32 of the GDPR and by adopting the adequate anticipated safety measures.

  • Communication: Your data will be communicated exclusively to competent subjects duly appointed by the Data Controller to carry out the services necessary to correctly manage the relationship, guaranteeing the protection of the interested party’s rights.
    The third parties who may process the personal data on behalf of the Data Controller in the capacity of “Outside Processing Managers” may learn the personal data of the Users such as, for example, suppliers of computer and logistic services functional to the operations of the Site, suppliers of outsourcing or cloud computing services, professionals and consultants.
    The Users have the right to obtain a list of the possible processing managers appointed by the Data Controller, by requesting it from the Data Controller as indicated in the following paragraph 4, section 3.
  • Circulation: Your personal data will not be circulated in any manner.
  • Storage Period: We wish to inform you that, in compliance with the principles of lawfulness limitation of the purposes and minimization of the data pursuant to article, advertising material or direct sales or for the fulfilment of the art. 5 of the GDPR, the storage period of your personal data is three years following the termination/cancellation. If necessary, the documents will be retained needed to guarantee the fulfilment of legal obligations and fulfilment for a longer period not to exceed 10 years.

You may, at the time, under the terms of the EU Regulation 2016/679 (Articles 15, 16, 17, 18, 19, 20, 21, 22 – Rights of the interested party), exercise the following rights:

access to the personal data; obtain their correction or cancellation or the limitation of the processing that concern them; object to the processing; request the portability of the data; revoke the consent, where anticipated (the revocation of the consent does not prejudice the lawfulness of the processing based on the consent given before the revocation); to file complaint with the control authority (Privacy Guarantor). In particular:

1.The interested party has the right to obtain the confirmation of the existence or otherwise of their personal information, even if not yet registered, and their communication in intelligible format.

2.The interested party has the right to obtain the information:

  • on the origin of the personal data;
  • on the purposes and methods of the processing;
  • On the logic applied in the event of processing carried out with the use of electronic instruments;
  • Of the identification details of the data controller, the data processors and the designated representative pursuant to article 5, paragraph 2;
  • Of the subjects or categories of subjects to whom the personal data may be communicated or which they may learn as designated representative in the territory of the State, of managers or employees.

3.The interested party has the right to obtain:

  • the update, correction or, if relevant, the integration of the data; the cancellation, the transformation into anonymous format or the blocking of the data processed in violation of the law, including the data which does not have to be stored relative to the purposes for which the data was collected or subsequently processed;
  • the certification that the operations listed in letters a) and b) were brought to the attention, also as regards their content, to those to whom the data was communicated or circulated, except if that fulfilment is impossible or involves the use of manifestly disproportionate means compared to the right being protected;
  • portability of the data.

4. The interested party has the right to object, in all or in part:

  • for legitimate reasons to the processing of the personal data that concerns him, even though pertinent to the purpose of the collection;
  • the processing of the personal data that concerns him for purposes of sending market research or commercial communication. You may exercise your rights, pursuant to art.12 and/or the request for the data of the subjects that process you data by sending a request to the Data Controller, the Data Processor via registered letter with return receipt at the registered office or by sending the communication to the PEC address,