Privacy Policy

Atlante S.r.l. (VAT 12023950962), with a sole shareholder, registered office in Piazzale Lodi 3, 20137 Milan, registration number of Registro delle Imprese of Milan Monza Brianza Lodi, CF and VAT no. 12023950962, REA no. MI-2635708, share capital Euro 12,000,000.00 i.v., subject to management and coordination of NHOA S.A. (“Atlante”), undertakes to protect the online privacy of the users of its web site: and provides you with this Privacy Policy for the purpose of informing you, pursuant to Article 13 of Regulation (EU) 2016/679 (“GDPR“), about the processing of your personal data (“Personal Data“) while using this website of Atlante (hereinafter “Site“), either by simple consultation or by using specific services made available through the Site.

In general, any information or Personal Data that you provide to Atlante through the Site, or that is otherwise collected through the Site, in the context of the use of the services offered by Atlante (the “Services“), as better defined in the paragraph on purposes of processing below, shall be processed in compliance with the internationally recognised principles of lawfulness, fairness, transparency, purpose limitation and retention, data minimization, accuracy, integrity and confidentiality.

Identity and contact details of the data controller

The data controller of the Data processed in the context of the use of the Services (the “Processing“) is Atlante, reachable:

  • by ordinary mail, to the above-mentioned registered office address;
  • by e-mail, at the following address:

Categories and source of Data processed

As part of your use of the Site (hereinafter also “Processing“), Atlante will process your Personal Data, which may consist – depending also on your decisions on how to use the Services – of an identifier such as your name and/or any personal or contact details you may have provided.

Your Personal Data may be collected either because you voluntarily provide them (e.g., by subscribing to the newsletter, submitting a request, etc.), or because they are automatically collected during your use of the Site.

The Personal Data processed through the Site are the following:

  1. Navigation data 

The computer systems and software procedures used to run the Site acquire certain Personal Data whose transmission is implicit in the use of Internet communication protocols. By its very nature, this information could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the Site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site, to check its correct functioning and to identify anomalies and/or abuses, and are deleted immediately after processing.

Such data, in addition to enabling the autonomous verification of any suspicious accesses to the Site, could be used by Atlante to assess liability in the event of hypothetical computer crimes against the Site or third parties.

  1. Data provided voluntarily by the data subject and third-party data

Without prejudice to the reference to specific information on the processing of personal data and/or any requests for consent (where required by law) that will be progressively reported or displayed on the pages of the Site set up for particular Services, this Privacy Policy shall also apply to the processing of data that you voluntarily enter in the forms contained within the Site, such as, for example, the information request form in the “Become a Partner” section, through which you will be asked, for instance but not limited to, to enter information such as your name, company, e-mail address, telephone number, city, country, as well as to make a specific request, which may contain further Personal Data. With regard to the content of such a request, we invite you to enter in the form only the Personal Data strictly necessary for the purposes of processing your request, excluding, therefore, irrelevant information and/or information that may fall within the category of special categories of personal data referred to in Article 9 of the GDPR (“personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data intended to uniquely identify a natural person, data concerning a person’s health or sexual life or sexual orientation“). Furthermore, in order to subscribe and receive the newsletter, in the Homepage, Partners Section, Drivers and About of the Site it is necessary to provide, as a mandatory field, the first name, last name, and e-mail address to which you intend to receive communications. Finally, regarding the “Become a Partner” Section of the Site, it is necessary to release, as a mandatory field, the first name, last name, the e-mail address to which you intend to receive communications, the city, the country of reference and the number of Sites of interest.


Definitions, characteristics and enforcement

Cookies are text files that sites you visit send and store on your computer or mobile device, to be transmitted back to the same sites the next time you visit. It is precisely thanks to cookies that a site remembers the user’s actions and preferences (such as, for example, login data, chosen language, font size, other display settings, etc.) so that they do not have to be indicated again when the user returns to that site or navigates from one page to another of it. Cookies, therefore, are used to perform computer authentication, session monitoring and storage of information regarding the activities of users accessing a site, and may also contain a unique identification code that allows tracking of the user’s navigation within the Site itself for statistical purposes.

Certain operations could not be carried out without the use of cookies, which in certain cases are therefore technically necessary for the operation of the Site. For further information on the types of cookies used on the Site, please refer to the Cookie Policy.

Personal data collected through the social media pages used by Atlante

Atlante may also collect some of your Personal Data when you interact with the social pages. Certain information is communicated to Atlante directly by you, when you decide to share – through your profile – images published on our social pages, comment on our posts and/or express your appreciation of one of our services, initiatives or events by selecting the appropriate buttons, as well as when you decide to write us a message using the private chat or other channels made available on the various social media.

We may also become aware of certain information that is indirectly collected as a consequence of your interaction with our social pages; for example, we may know the time and day when you express your liking to one of our post or send a request through a mail message. A lot of your personal information may depend on your chosen social media settings and the content you choose to make public. This information may include your first name, last name, some contact details, and the image associated with your social profile. We therefore remind you that some of your information are accessible to Atlante once you decide to follow our social pages. For this reason we invite you to read the privacy policy of the various social media and check the privacy settings.

Purposes of processing

Atlante will use your Personal Data, as collected through the Site, for the following purposes:

  • allow browsing through the Site, interaction with the content therein, and the provision of all other services made available by Atlante, including the management of the security of the Site (“Provision of the Service“);
  • managing and answering specific requests addressed to Atlante, such as requests submitted by filling in the form in the “Become a Partner” section of the Site (“Managing Requests“);
  • to carry out marketing activities by sending newsletters and promotional communications (including market research and analysis) by the use of automated tools (e-mail, SMS, push notification, automated telephone calls, instant messaging) and traditional tools (paper mail, telephone with operator) (“Marketing”);
  • to fulfil any obligations under applicable laws, regulations or EU legislation, or to comply with requests from authorities (“Compliance”);
  • to perform any defence needs that may arise in connection with the detection, prevention, mitigation and investigation of fraudulent or illegal activities in relation to the services provided on the Site (“Abuse/Fraud“).

Legal basis of the processing

The legal bases used by Atlante to process your Personal Data, in accordance with the purposes set out in the previous paragraph, are the following:

  • Provision of the Service: the legal basis of the processing of Personal Data for this purpose is the performance of a contract to which the data subject is a party or the performance of pre-contractual measures taken at the data subject’s request pursuant to Article 6(1)(b) of the GDPR, as the processing is necessary for the provision of the services requested by you. The collection and provision of Personal Data for these purposes is optional, but without them it will be impossible to provide the services requested.
  • Managing Requests: the legal basis of the processing of Personal Data for this purpose is the performance of a contract to which the data subject is party or the performance of pre-contractual measures taken at the data subject’s request pursuant to Article 6(1)(b) of the GDPR, as the processing is necessary for the provision of the services requested by you. The collection and provision of Personal Data for these purposes is optional, but without them it will be impossible to handle your requests.
  • Marketing: the legal basis for the processing of Personal Data for this purpose is the data subject’s express consent, pursuant to Article 6(1)(a) of the GDPR. The collection and provision of Personal Data for this purpose is optional, however, should you decide not to give your consent to the processing, this would preclude us from involving you in our promotional initiatives, such as periodic updates via the newsletter service.
  • Compliance: processing for this purpose is necessary for Atlante in order to fulfill any legal obligations under Article 6(1)(c) of the GDPR. When you provide Personal Data to Atlante, they will be processed in compliance with the applicable law, which may involve its storage and disclosure to the Authorities to fulfill accounting, tax or other obligations.
  • Abuse/Fraud: the information collected for this purpose will be used exclusively to prevent and/or identify any fraudulent activity or abuse in the use of the Site, as well as to allow Atlante to protect its interests and rights in extrajudicial and/or judicial proceedings. The legal basis for this processing is therefore the pursuit of a legitimate interest of Atlante in compliance with Article 6(1)(f) of the GDPR.

Categories of data recipients

Your Personal Data may be shared with the entities listed below (the “Recipients”):

  • persons authorised by Atlante to process personal data in compliance with Article 29 of the GDPR (e.g. Site management staff, information systems management, etc.);
  • third parties who, when providing services (by way of example: hosting providers or parties delegated to perform technical maintenance activities), typically act as data processors pursuant to Article 28 of the GDPR. Atlante keeps an up-to-date list of the appointed data processors and guarantees that the data subject may view it at the offices indicated above or upon request addressed to the addresses indicated above;
  • companies of the NHOA’s Group, as autonomous data controllers for administrative purposes on the basis of legitimate interest pursuant to Article 6.1.f) and Recitals 47 and 48 of the GDPR;
  • persons, entities or authorities to whom it is mandatory to disclose your Personal Data for the purposes of Compliance, Abuse/Fraud, or by order of the authorities;
  • Digital platforms (including Meta) as independent data controllers or joint data controllers (with Atlante), as part of marketing campaigns based on tracking user activity (e.g. retargeting and prospecting).

persons, entities or authorities to whom it is mandatory to disclose your Personal Data for the purposes of Compliance, Abuse/Fraud, or by order of the authorities.

Transfers of Personal Data

Some of your Personal Data are shared with Recipients, both internal and external to the NHOA’s Group, who may be located outside the EEA. Atlante ensures that the processing of your Personal Data by these Recipients is carried out in compliance with the applicable law. Indeed, transfers are carried out by means of appropriate safeguards, such as adequacy decisions, Standard Contractual Clauses approved by the European Commission or other safeguards considered adequate. More information are available by writing to the Controller at the following e-mail address:

Data retention period

The Personal Data processed for the purpose of Provision of the Service and Managing Requests shall be stored by Atlante for as long as is strictly necessary to achieve the aforesaid purposes. However, since these Personal Data are processed in order to provide you with the Services, Atlante may store such Personal Data for a longer period, in particular as may be necessary to protect Atlante’s interests against possible claims related to the Services.

Personal Data collected for Marketing purposes will be processed by Atlante for 24 (twenty-four) months.

Personal Data processed for Compliance purposes will be retained by Atlante for the period required by specific legal obligations or applicable legislation.

Personal Data processed for the purpose of preventing Abuse/Fraud shall be stored by Atlante for as long as it is strictly necessary for such purpose and therefore until the moment when Atlante is obliged to store them for the purposes of extrajudicial and/or judicial protection or to communicate such data to the competent Authorities. 

Your rights

You have the right to request from Atlante, at any time:

  • to withdrawal of the consent that may have been given, without any prejudice to the lawfulness of the processing carried out prior to the withdrawal;
  • access to your Personal Data, (or a copy of such Personal Data), as well as further information on the processing of your Personal Data;
  • the rectification or updating of your Personal Data processed by Atlante, where they are incomplete or not updated;
  • to delete your Personal Data stored in the Atlante’s databases;
  • the restriction of the processing of your Personal Data by Atlante;
  • to obtain Personal Data concerning you in a structured, commonly used and machine-readable format;

as well as you can:

  • object to the processing of your Personal Data by Atlante.

However, you always have the right to lodge a complaint with the competent Supervisory Authority or to appeal to the Judicial Authority if you consider that the processing of your Personal Data is in breach of the applicable legislation.

This privacy policy is in force from 31/07/2023. Atlante reserves the right to modify or simply update its content, in part or completely, also due to changes in the applicable legislation. Atlante shall inform you of such changes as soon as they are introduced and they shall be binding as soon as they are published on the Site. Atlante therefore invites you to visit this section regularly in order to be aware of the most recent and updated version of the privacy policy, so that you may be kept informed about the data collected and how they are processed by Atlante.


The icons in this notice have been developed by the Maastricht European Centre on Privacy and Cybersecurity – ECPC, whose graphic design was one of the winners of the “Informative Clarity” contest promoted by the Garante per la Protezione dei Dati Personali. Use of the icons is subject to the terms of the CC BY 4.0 licence.