Privacy Notice Policy


(EU) REGULATION 2016/679

This notice is provided pursuant to Articles 13 and 14 of (EU) Regulation 2016/679 General Data Protection Regulation (hereinafter “GDPR”) to users interacting with the web services of the site (“Site”), (hereinafter “Data Subjects”).

The Data Controller is Astaris (before: Astaldi) with registered offices at Via G.V. Bona 65 – 00156, Rome (hereinafter the “Company” or the “Controller”).

Processing connected to the use of this Site is performed at the Controller’s registered offices or at the registered offices of the Provider hosting the Site - ENTER srl, Via Stefanardo da Vimercate 28, 20128 Milan – and is performed by personnel authorised by the Controller, or by the Provider, appointed Processor pursuant to Article 28 of the GDPR.


Personal data will be acquired directly from the interested party, by means of

- direct conferment of the same ("Data provided voluntarily by the user");

- automatic acquisition ("Navigation data" and "Cookies").


The optional and voluntary sending of data through the electronic mail system or through special forms involves the subsequent acquisition of the sender's address necessary to respond to requests, as well as any other personal data entered.

The user is free to provide or not to provide personal data or indicate them in order to solicit the sending of informative material or other communications. Failure to provide personal data may, however, make it impossible to obtain what has been requested.

Web navigation data

This refers to information not collected in order to be linked to identified subjects, but information the nature of which could allow users to be identified via processing and links with third-party data.

Data falling into this category include IP addresses or domain names of computers of users connecting to the Site, URIs of requested resources, times of request, method used to submit request to server, dimension of file obtained as reply, number code indicating status of reply provided by the server (success, error, etc.) and other parameters related to the user’s operating system and IT environment.

These data are used solely to check correct functioning of the Site and are maintained for period of time needed to achieve the purpose for which they are collected, except in the event of them being used to ascertain responsibility in the case of IT crimes against the Site. In this case, information shall be made available to authorities for the period of time needed to ensure the Company can exercise its rights of defence.

Data provided voluntarily by the user

Optional and voluntary sending of data via the email system entails subsequent acquisition of the sender’s address, needed to reply to the Data Subject’s request, and of any other personal data included.


As stated in the Personal Data Protection Authority Measure dated 8 May 2014 as well as in the Guide Lines on cookies and traceability systems dated 10 June 2021, cookies are small text files which the sites visited by the user send to its terminal (usually to the browser) where they are saved in order to be retransmitted to the same sites at the same user’s next visit. During site navigation, the user may also receive on its terminal cookies sent by other sites or web servers (‘‘third parties), which may include other elements (such as images, maps, sound files, specific links to pages of other domains) found on the site the user is visiting.

In the aforementioned measure, the Personal Data Protection Authority also states that cookies, usually found in a substantial number on users’ browsers and sometimes remaining stored for a long period, are used for different purposes: to perform IT authentication, session monitoring, saving of information on specific configurations concerning users accessing the server, etc.

Astaris (before: Astaldi) sites ( - use technical cookies only, in other words cookies which allow for site navigation and which allow users to make use of site functions.


Personal data are processed using automated instruments for the period of time strictly necessary to achieve the purpose for which they were collected. Specific security measures have been adopted to prevent the loss of data, illegal or incorrect use and unauthorised access. Without prejudice to the Company’s right to use collected data in order to ascertain responsibility in the event of IT crimes against the Site.

Without prejudice to specific provisions and disclosures for individual matters which entail the provision of specific personal data, published on the web Site as needed, Data are processed for the purpose of performing analysis regarding use of the Site by users.

Personal data provided by users forwarding requests for the sending of information are used for the sole purpose of providing the requested service, and may be disclosed to Company personnel and consultants, duly authorised by the Controller, as well as to third parties providing ancillary services or instrumental services for the Company’s business, appointed Processors for this purpose.

Apart from above cases, data shall not be disclosed unless necessary in order to fulfil requests made by the Personal Data Protection Authority. The data collected shall not be disclosed in any event. The data will not be transferred abroad.

The Data Subject is entitled to ask the Controller at any given time for access to Data and the amendment or deletion of data or limitation of processing or objection to processing and, in any case, may exercise all applicable rights as per Articles 15 et seq. of the GDPR, in the Controller’s regard.

The Data Subject also has the right to present a complaint to the Personal Data Protection Authority or to any other relevant data authority.

Any request related to Data processed by the Controller may be sent to the Controller at the following email address:

Last updated: Jul 29 2022