Share |




In respect of the provisions of EU Reg. 2016/679 (General Data Protection Regulation - GDPR), we hereby provide you with the due information on the processing of any personal data you may provide.

This privacy notice is rendered in accordance with Art. 13 GDPR and it is also based upon the provisions of Directive 2002/58/EC (Directive on privacy and electronic communications), as updated by Directive2009/136/EC.

The information in this privacy notice describes the methods applied with regard to the processing of personal data.

This Privacy notice is provided only for this website and not for other websites that may be consulted by the User through links.

1. Processing Entities.

TheData Processing Controller, pursuant articles 4 and 24 of EU Reg. 2016/679, is Athena S.p.A., with its registered office in Via delle Albere, 13, 36045, Alonte (VI) –Italy, VAT 00589040242, REA VI-139951; Tel. +39 (0)444 727272; Fax +39 (0)444 727222; e-mail:

Athena S.p.A. informs the User that it has appointed an Internal Data Processorwhose name, along with an updated list of the Internal Privacy Function Managers, is available by sending an email to the Controller.

The Internal Data Processor governs the necessary processing of personal data and coordinates the privacy function managers, in relation to the various company functions represented by specific processing areas.

To exercise the rights indicated in Art. 7 of Italian Legislative Decree 196/2003 and in Art. 15 to 22 of the GDPR 2016/679 (detailed below) or to obtain any additional privacy information, you may contact the Controller at the following details: e-mail:; tel: +39 (0)444 727272; fax: +39 (0)444 727222.


2. Personal Data.

Pursuant to Art. 2 of Italian Legislative Decree n. 196/2003 (Privacy Code) and pursuant to Art. 4 GDPR, personal data are specific information regarding personal or factual characteristics that an identified or identifiable natural person (‘data subject’).

That category includes information such as your personal name, your address, your telephone number, email, tax code, bank details etc … . Information that cannot be connected directly to you - for example, favourite websites or number of users of a certain website - is not considered personal data.


3. Types of data processed and processing purposes.

Pursuant to art. 6 GDPR, Athena S.p.A. will process personal data provided voluntarily by the user lawfully for the following purposes:

  1. to allow user registration to the site: in order to be able to forward requests for offers to the Data Controller, the site allows access to protected areas with registration and authentication of the user.The Data Controller informs the user that the access and the browsing of the Site are free, but the possibility to forward requests for offers are allowed only after registration of the user. The legal basis for the processing described above is, pursuant the Art. 6 para. 1, lett. a) GDPR, the user’s consent to registration.
  2. to pursue pre-contractual and contractual purposes such as: to respond to specific requests from the user, to fulfil any contractual obligations, to provide support and technical information on the products and services relating to the contractual relationship. The processing, pursuant to art. 6, para. 1 lett. b) GDPR, is necessary for the performance of a contract to which the user is party or in order to take steps at the request of the user prior to entering into a contract.
  3. to fulfil the obligations established by law, EU regulations or legislations, to prevent or discover fraudulent activities or malicious activities harmful to the site, for the protection of the legitimate interest of the Data Controller or third parties, unless interests, rights and fundamental freedom of the user should not prevail, and to resolve any complaints and/or disputes. Pursuant to the art. 6, para. 1 lett. c) – f) of GDPR,  it’s not necessary the express consent.
  4. to pursue promotional, advertising and marketing purposes such as sending newsletters, market research and statistical analysis. Pursuant to art. 23 and 130 of Italian Legislative Decree 196/2003 and pursuant to art. 7 GDPR, the user will be asked to give a separate and express consent.


4. Recipients or Categories of Recipients of Data.

Personal data provided may be communicated to employees or collaborators of the Controller who, acting under the direct authority of the latter, process data and are appointed as internal processors or processing officers or System Administrators and they will receive in that regard adequate operating instructions from the Controller; the same will occur - by the Processors appointed by the Controller - in relation to employees or collaborators of the Processors.

Personal Data may also be brought to the attention of external Processors of the Controller, appointed pursuant to Art. 28 GDPR, such as third party companies or other entities that perform outsourced activities on behalf of Athena S.p.A.

Categories of External Processors: a) third party suppliers, manufacturers, distributors, retailers and commercial partners of Athena S.p.A.; b) persons, companies or professional firms, providing activity of support, consultancy or collaboration to Athena S.p.A. on accounting, administrative, legal, tax and financial matters; c) credit institutions for profiles relating to the fulfilment of receipts and payments; d) companies that perform on behalf of Athena S.p.A. outsourced activities therein including IT technicians who manage the websites and respective electronic communication infrastructures required for that purpose; e) external suppliers who provide to Athena S.p.A. support services; f) agents.

The list of appointed Processors is constantly updated and available at the office of Athena S.p.A. and can be consulted by sending an e-mail to the following address:


5. Possible filling-in by the interested subject by using third parties’ personal data.

The user acknowledges that any indication (for example in the filling-in electronic modules on the site) of personal data and contact information of any third party represents a processing of personal data against which the user acts as Data Controller, thus assuming all the obligations and responsibilities of the law. In this sense, the user guarantees Athena S.p.A. that any third party data will be so designated by the user (and that will consequently be processed as if the third party had provided their informed consent to the processing) has provided the user with their full consent full compliance with the Data Protection Code. The user confers indemnification with respect to any dispute, claims of damage from handling, etc. that could reach Athena S.p.A. from any third parties concerned as a result of the data provided by the user in breach of the applicable personal protection data laws.


6. Place, Method of Processing and Data Storage Period.

Personal Data are processed mainly at the office of the Controller and in the locations in which the External Processors are located. For further information, contact the Controller.

Personal Data will be processed with electronic/automated media and on paper medium by means of operations of collection, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, block, communication, erasure and destruction of the data.

The processing will be performed using methods and instruments aimed at guaranteeing the maximum security and confidentiality, by entities specifically instructed for that purpose.

In respect of the provisions of Art. 5 paragraph 1 letter e) of EU Reg. 2016/679 the personal data collected will be stored in a form that allows for the data subjects to be identified for a period of time not exceeding the achievement of the purposes for which the personal data are processed, and in any case erased without unjustified delay.

To find out about the criteria at the basis of the data storage period, write to

The data will not be in any way disseminated or communicated to external entities, without prejudice to legal obligations in that sense.


7. Transfer of Data to a Third Country and/or International Organisations.

Athena S.p.A. does not share, sell, transfer or otherwise disseminate your personal data to third parties located in a third country and/or to international organisations and it will continue not to do so in future, subject to legal obligations, unless this is necessary for the purposes laid down by the contract or if you have provided your explicit consent to that processing.

For requirements strictly linked to the implementation of the contract and the provision of the services, some of your personal data may be communicated to other Group companies, based in non-European third countries.

To enhance the protection of the personal data transferred by Athena S.p.A. based in a State of the European Economic Area (EEA) to a company of the Athena Group in a State outside the EEA, the Athena Group has decided to adopt the Privacy Group Guidelines for all companies that guarantee an adequate level of protection of personal data confidentiality.

In case you have given your consent for the purposes related to marketing activities and for the purposes connected to recording and image processing, your data may be transferred to non-EU Countries (more specifically in the USA) to be stored on the servers of electronic platforms (eg Google). The transfer is carried out by Athena S.p.A., following the stipulation of Standard Contractual Clauses with the providers of servers and/or services entrusted to third parties, or verification of compliance with the system called "Privacy Shield”.

8. Changes to this Privacy Notice.

Privacy laws and regulations are constantly evolving. As a result, it is possible that this Privacy Notice may be updated. We therefore invite you to consult this page to view our latest version periodically. The continued use of the Website, after a new version of the Privacy Notice has been uploaded on the site, will indicate the approval and consent of the user to the new version.


9. Third-Party Links.

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

10.Rights of Data Subjects.

You have the right to invoke the rights as expressed by Articles 15, 16, 17, 18, 19, 20, 21, 22 of EU Regulation 2016/679, by contacting the Controller, by writing to the address

You may at any time exercise the rights referred to in Article 7 of Legislative Decree 196/2003 by sending a written notice to the address indicated at For your convenience we reproduce in full the aforementioned Article 7.

You have the right, at any time, to ask the Controller for access to your personal data, to the rectification and erasure of the same and to the restriction on processing. In addition, you have the right to object, at any time, to the processing of your data (including automated processing, e.g. profiling) as well as to the portability of your data.

Without prejudice to any other administrative and jurisdictional recourse, if you believe that the processing of data relating to you violates the provisions of EU Reg. 2016/679, in accordance with Art. 15 letter f) of the aforementioned GDPR, you have the right to make a complaint to the Data Protection Supervisor and, with reference to Art. 6 para. 1, letter a) GDPR and Art. 9, para. 2, letter a) GDPR, you have the right to revoke at any time the consent provided.


Art. 7 of Italian Legislative Decree 196/2003- Right to access personal data and other rights

The interested party has the right to obtain confirmation of whether or not personal data concerning him, even if not yet recorded and their communication in intelligible form.

The interested party has the right to obtain information on:

a) origin of personal data;

b) purposes and methods of processing;

c) the logic applied in case of processing with the aid of electronic instruments

d) the identity of the owner, manager and the representatives appointed under article 5, comma 2;

e) on subjects or categories of persons to whom the data may be communicated to or who can learn about them as appointed representative in the State, territory  as managers or agents.

The interested party has the right to obtain:

a) An updating, rectification or, when interested, an integration of data;

b) the cancellation, the  transformation into an anonymous form or blocking of data unlawfully processed, including those that do not need to be kept for the purposes for which the data was collected or subsequently processed;

c) certification that the operations noted in letters a) and b), have been brought to knowledge  in regards to their contents, to those whom the data has been  communicated or disseminated, except where this requirement proves impossible or involves a manifestly disproportionate to the protected right.

The interested part has the right to oppose in whole or in part:

a) for legitimate reasons of the processing of personal data, pertinent to the purpose of the collection;

b) the processing of personal data for purposes of sending advertising materials or direct sales or for carrying out market surveys or commercial communications.”

ATHENA SpA – via delle Albere, 13 36045 Alonte – Vicenza (Italy) – VAT Number 00589040245
Corporation Stock €10.000.000 I.V. – REA VI: 139951 – Registro imprese di VI: 00589040245