Privacy policy regarding data collected through the Website
(Pursuant to Article 13 of the European Regulation 2016/679 (“General Data Protection Regulation”))

Pursuant to the European Regulation 2016/679 (General Data Protection Regulation) and the national legislation in force, Autostrade Tech S.p.A., hereinafter referred to as “MOVYON” provides the information relating to the processing of data of users/visitors browsing the Website (hereinafter referred to as “Website”) and access the web services provided. To this end, the following describes the Website management related to the individuals who visit it.



The data controller is Autostrade Tech S.p.A., a company subject to management and coordination by Autostrade per l’Italia S.p.A., with a registered office in Rome, Via A. Bergamini 50, 00159, tax code, registration number with the Rome Companies Register, and VAT number 09743081003.

Autostrade Tech S.p.A. has appointed a Data Protection Officer (DPO) whom users can contact at the following e-mail address:



No personal data is acquired by the Website unless voluntarily provided by the User. Should the users/visitors connecting to the Website send their personal data and contact details to access certain services or make requests, these will be processed exclusively to provide the requested service.

The optional, explicit, and voluntary sending of e-mail messages by the User through the web channels made available by the Website (by way of example, but not limited to: the “Contact Us” section of the Website), to make communications and/or requests, entails the filling in of a form with the consequent acquisition of the sender’s e-mail address, as well as any other personal data included in the communication, necessary to respond to the communications/requests. The processing of such personal data aims to enable the Data Controller to respond to questions and requests for clarification, receive suggestions from Users, or manage communications. The legal basis for such processing is the express consent of the User.

Exclusively with your express consent, MOVYON may also use the same personal data collected for the following marketing purposes:

  1. to send – to the e-mail address indicated during registration or subsequently – commercial information and newsletters relating to events, as well as products and services similar to those already marketed to the User, or for which information has already been requested;
  2. to send advertising material and carry out promotional, marketing and/or direct sales activities for products and/or services sold and/or provided by the Controller;
  3. to carry out profiling activities, i.e., evaluating the User’s preferences on the services offered, the company/professional role covered, the business of the company to which the User belongs, also by inviting the User to participate in market research, for the subsequent sending of profiled marketing communications.

Concerning the purpose stated in point (a), the User may oppose, at any time, receiving such communications by unsubscribing through the link at the bottom of the e-mail or contacting the Data Controller’s DPO at the address indicated in par. 1.

Direct marketing and profiling activities may be performed through automated (by e-mail, text message, other bulk messaging tools, etc.) and traditional (telephone contacts and mailings) contact methods. In any case, the User may revoke their consent, even partially, i.e., by only authorizing conventional contact methods.

By providing consent to the profiling indicated in point (c) the User will be automatically placed in a category of subjects with homogeneous characteristics (in terms of purchasing preferences, services, professional/company role, the business of the company they belong to, etc.). The said category is automatically generated based on the users’ previous purchasing experiences and preferences as expressed in market analyses in which they may have participated.

The legal basis for the processes mentioned above is the consent of the Users; pursuant to Article 7 of the GDPR – General Data Protection Regulation (EU/2016/679), the User is required to give consent to the processing of personal data provided during registration through the form, by placing a flag where required (acknowledgment of privacy policy) with which they also declare to have read and accepted this policy.



The personal data, provided as indicated in point 2 above, will be processed, in compliance with the regulations in force, using IT and telematic tools and logic strictly related to the purposes indicated above to ensure confidentiality and security of the data.



The personal data of users/visitors processed for the purposes described in par. 2 “Types of data voluntarily provided by users/visitors, purposes,” will be stored only for the time required to carry out the purposes of their collection following the principle of minimization under Article 5.1.c) of the GDPR; or, in any case, the storage will last until the User’s account is deleted or the deletion of the data has been expressly requested.

In any case, the data will not be processed in the event of opposition, or the absence or subsequent revocation of consent, except in the exceptional need for the Data Controller to retain the data to defend its rights in relation to disputes existing at the time of the request, or on the instructions of public authorities.

The data will be stored on servers located in the European Union.



The personal data provided within MOVYON may be disclosed only to those in charge of the processing, as appointed by the Data Controller and authorized to carry out the processing operations within the scope of the abovementioned activities.

The data mentioned above may be disclosed to third parties (parent companies/subsidiaries involved or third-party companies) required to process the information for the same purposes as in paragraph 2 above, which are, for this purpose, appointed “Data Processors”. The complete list of the persons appointed as Data Processors is available from the DPO.

Under no circumstances shall the personal data of users/visitors be disseminated or transferred outside the European Union.



Please note that Articles 15-22 GDPR give data subjects the possibility to exercise specific rights; the data subject may obtain from the Data Controller: access, rectification, erasure, restriction of processing, revocation of consent, and the portability of data concerning them.

The data subject also has the right to object to the processing. Should the right to object be exercised, the Data Controller reserves the right not to process the request and continue the processing if there are compelling legitimate reasons to proceed with the processing that prevail over the data’s interests, rights, and freedoms subject.

The interested party may exercise the above rights by making a request to the Data Protection Officer at the following PEC address, using the forms available at this link.