Bandi di Gara

Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

LOG IN   |   CONTACTS   |   ITALIANO   |   FRANÇAIS

Servizi, Portale Trasporti Eccezionali

Privacy Policy

  /  Privacy Policy

Privacy

Privacy Policy for users registered to the Exceptional Transit Portal

in compliance with the obligations set forth by EU legislation (European Data Protection Regulation 679/2016) and national legislation (Italian Legislative Decree 196 of 30 June 2003, Personal Data Protection Code including subsequent amendments).

Dear user,

We hereby inform you that, pursuant to Articles 13 and 14 of EU Regulation 679/2016 on personal data protection (hereinafter referred to as the “GDPR”), the information and data collected by and/or communicated to SATAP S.p.A. (hereinafter also referred to as the “Company” and/or the “Data Controller”) will be processed in accordance with the aforementioned GDPR and Legislative Decree 196/2003 (Privacy Code), as most recently amended.

This notice is intended for all users interacting with the Company through the Exceptional Transit Portal and registering to manage the transit authorisations for exceptional transports or vehicles (in accordance with Articles 10 and 104 of Legislative Decree 285/1992) (the “Authorisations” or the “Authorisation”).

  1. Types of data collected

Through the Portal, SATAP processes the following data for itself and for the other motorway concessionaires as specified therein:

  • Applicant’s identification and contact data (company name, VAT number, registered office, e-mail, certified email (PEC), telephone)
  • Data of the legal representative and/or company contact persons (name, surname, email)
  • Data on vehicles, transports and routes requested
  • Technical and administrative documentation attached to the applications (including those relating to the vehicles subject of the authorisation request)

The user who registers through the Portal is responsible for the accuracy and truthfulness of all data, including that of third parties, provided through the website, relieving the Data Controller from any liability arising from inaccuracies in the data provided.

  1. Purpose of the processing

Personal data are processed for the following purposes:

  • Managing and issuing exceptional transit authorisation requests and all fulfilments directly related thereto, also on behalf of other motorway concessionaires with whom the Company has entered into special agreements and by whom it has been appointed Data Processor.
  • Verifying the technical and infrastructural compatibility of the routes requested.
  • Acting as coordinator between the motorway concessionaires participating in the Portal and the competent bodies.
  • Protecting the Company’s right to defend itself in the event of disputes with the Users.
  1. Legal bases for processing

The legal bases for processing are:

  • Legal obligation: the need to follow up/execute legal obligations as a motorway company (technical-administrative management and collection of Authorisation release procedural charges; requests from competent authorities; user requests/complaints; legal publications); pursuant to Article 6(1)(c) of the GDPR.
  • Legitimate interest: the need to pursue the legitimate interest of the Company of collecting Authorisation release procedural charges and using the motorway infrastructure it manages properly, pursuant to Article 6(1)(f) of the GDPR.
  1. Processing methods

Personal Data may be processed in a computerised and digital format and entered in the relevant databases that may be accessed and therefore become known by the Company employees, duly authorised and in charge of the processing, who work in compliance with the provisions of the law necessary to guarantee, among other things, the confidentiality and security of the data as well as their accuracy, updating and relevance to the stated purposes, in accordance with the applicable data protection legislation (including the GDPR and Legislative Decree 196/2003).

  1. Nature of data provision

Provision of data is: Mandatory for registration on the Portal and for handling authorisation requests.

Failure to do so will make it impossible to access the Portal services.

  1. Scope of data communication – No transfer to non-EU countries

Apart from specially appointed and authorised Company personnel, Personal Data may be disclosed, where necessary for the provision of the Service, to:

  • Parties in charge of processing the data on behalf of the Company for the same purposes stated above, appointed “Data Processors” for this purpose, pursuant to Article 28 of the GDPR.
  • The interconnected concessionary companies, which stipulated special agreements with the Company on the provision of the Authorisation management and issuance service through the Portal, and by which it has been appointed Data Processor pursuant to Article 28 of the GDPR.
  • Companies providing IT and system engineering services in connection with the activities performed, with which the Company has entered into special agreements on data processing.
  • The competent authorities, to comply with their requests and legal obligations, and to protect the Company.

The full list of entities designated as Data Processors pursuant to Article 28 of the GDPR can be requested from the Company by sending a formal request to the following email address: privacy@satapweb.it.

Personal Data shall not be disclosed or communicated to unauthorised third parties.

Personal Data shall be managed and stored on servers located in Italy or within the European Union and will not be transferred outside the European Union.

 

  1. Data retention period

The Personal Data collected, also taking into account any choices made by the data subjects regarding cancellation or revocation during the course of processing, will be processed for a period corresponding to the needs for which it was collected, in compliance with the applicable legal or regulatory provisions or for a period deemed appropriate to ensure the right of defence in the event of litigation or for tax obligations, in compliance with the principle of data minimisation set out in Article 5, paragraph 1, letter c) of the GDPR.

 

  1. Data Controller – DPO

The Data Controller is SATAP S.p.A., located in Turin, Via Bonzanigo 22 – 10144, and can be contacted at the following email address: privacy@satapweb.it.

The Data Controller has also appointed a Data Protection Officer (“DPO”), who can be contacted at the following email address: dpo@satapweb.it.

 

  1. Rights of the data subject

You may exercise your rights at any time as outlined by Article 13, letter b) and Articles 15, 16, 17, 18, and 20 of the GDPR by reaching out to the contact details provided in this privacy policy.

Specifically, as Data Subject, you have the right to know which personal data is being used, where it came from, to check its accuracy or to request that it be supplemented or updated, or corrected or restricted. You also have the right to request the deletion, transformation into anonymous form or blocking of data processed in breach of the law, as well as to object in any case, for legitimate reasons, to its processing and to modify or revoke previously given consents, without prejudice to the lawfulness of the processing based on the consent given before the revocation. Furthermore, we inform you that you have the right to object to the processing of your data at any time, in accordance with Article 21 of the GDPR, by sending an email to privacy@satapweb.it.

 

Furthermore, we inform you that you are entitled to lodge a complaint with the Data Protection Authority, whose contact details you will find at the following link www.garanteprivacy.it/

 

SATAP S.p.A.

Last updated: December 2025

Last update: 05/02/2026