Privacy policy

Privacy notice pursuant to Art. 13 of EU Regulation No. 679/2016 


Atlantia S.p.A (hereinafter "Atlantia" or the "Company"), its registered office at Piazza San Silvestro 8, 00187 Roma, as Data Controller, will process the Personal Data provided by you for investor relations communication.

This information is provided by Atlantia S.p.A., pursuant to art. 13 et seq. of EU Regulation 679/2016 (hereinafter the "Regulation" or "GDPR") and in compliance with Legislative Decree 196/2003 as amended (hereinafter the "Privacy Code") and applicable legislation.

Type of data processed

Atlantia will collect and use the following categories of personal data voluntarily provided by you:

  • personal and contact data (e.g. name, surname, e-mail, company, country, etc.). 

In compliance with the principle of data minimisation, Atlantia only collects data that are adequate, relevant, and limited to the minimum necessary in relation to the purposes for which they are processed. 

Purpose and legal basis of processing

Atlantia shall process personal data to manage institutional and periodic communications on the corporate performance of the Company and the Group (financial statements, stock’s performance, renewal of corporate bodies, etc.), as well as for the invitation to corporate events. The processing of your data is optional and based on your consent (Article 6, paragraph 1, GDPR). We remind you, however, that in the absence of your consent we will not be able to guarantee the service requested.

Atlantia will not use your personal data for purposes incompatible with those mentioned above, unless required or authorised to do so by law.

How data is processed and security measures

Data may be processed by technological and/or paper methods and through suitable IT tools (e.g. software, hardware, applications, etc.). In this regard, Atlantia has controls and procedures in place to ensure the confidentiality of your data, and is constantly committed to adopting, pursuant to art. 32 of the GDPR, specific technological and organisational measures to protect data against the risk of loss, unlawful or incorrect use and unauthorised access. 

Data retention

Your data will be kept for the period necessary in relation to the purposes for which they were collected or subsequently processed, in accordance with legal obligations. In particular, they may be retained for a period of 48 months from the date of registration or if you withdraw your consent.

In the event of litigation or for the exercise of the right of defence in court, the above retention periods shall be suspended until such time as the parties have fully resolved on the matter. 

Disclosure of personal data

Your personal data may be accessed by Company’s authorized individuals, as well as communicated in accordance with the requirements of the law, regulations or contracts, always in compliance with the principles expressed in Article 5 of the Regulations, to third parties such as:

  • providers of services related to communications management;
  • providers of IT services;
  • competent authorities and/or public bodies to comply with statutory requirements.

Third parties to whom personal data may be communicated may act as independent Data Controllers or Data Processors, undertaking in both cases to protect the confidentiality and security of personal data in accordance with the applicable legislation.  

Under no circumstances will your personal data be disseminated.

Transfer of data outside EU

In the event that it is necessary to transfer your data to third parties located outside the European Economic Area (EEA) for specific purposes, such transfer will only take place where the European Commission has confirmed an appropriate level of data protection in the third country (Commission's decision on adequacy) or where there are adequate data protection safeguards in place (e.g. EU standard contractual clauses for the transfer of data to third countries). 

Data subject rights 

For legitimate and well-founded reasons and in accordance with any existing legal and contractual obligations of the Data Controller, you may exercise the rights recognised by Articles 15 et seq. of the GDPR.

In particular, we would like to remind you that, in accordance with current legislation, you have the right to:

  • request the updating, rectification, integration, cancellation, transformation into anonymous form, blocking of data processed in violation of the law, including those no longer necessary for the purposes for which they were collected;
  • have information about the logic, methods and purposes of the processing;
  • receive the data in a structured, commonly used and machine-readable format;
  • revoke your consent to the processing of your data at any time and object, in whole or in part, to the use of your data;
  • to lodge a complaint with a Supervisory Authority, as well as to exercise the other rights recognised to you by the legislation in force.


Atlantia reserves the right to assess the applicability, with respect to the processing of your personal data, of one or more of the above rights.

The above rights may be exercised by sending an email to or by writing to the Data Protection Officer at the following address: Piazza S. Silvestro n. 8 - 00187 Rome.

Data Protection Officer 

Pursuant to articles 37-39 of the GDPR, Atlantia has appointed a Data Protection Officer, and may be contacted at the email address 

Changes to the policy 

Atlantia reserves the right to amend and update this policy over time.