• Reporting

    Reporting on the processing of personal data pursuant to art. 13-14 Regulation (EU) 2016/679

Interested subjects: customers, potential customers, suppliers, potential suppliers, contact persons/employees in customer and supplier companies, consultants and freelancers, including associates, agents and representatives


AEP TICKETING SOLUTIONS SRL as Controller of Your personal data processing, pursuant to and for the effects of EU Reg. 2016/679 hereafter referred to as ‘GDPR’, hereby informs You that the aforementioned law provides for the protection of concerned parties regarding the personal data processing and that this processing will be based on the principles of correctness, lawfulness, transparency and protection of Your privacy and Your rights.

Your personal data will be processed in accordance with the legislative provisions of the aforementioned law and the confidentiality obligations set forth therein.

Purpose and legal basis of processing: in particular, Your data will be processed for the following purposes related to the implementation of requirements related to legislative obligations:

  • mandatory requirements by law in the field of taxation and accounting;
  • customs activities and controls;
  • accounting or treasury management;
  • litigation management;
  • obligations under the applicable laws.

Your data will also be used for the following purposes related to the execution of measures related to contractual or pre-contractual obligations:

  • after-sales assistance;
  • supplier management;
  • management of relations during purchase operations;
  • management of relations during sales operations;
  • customer management;
  • quality management;
  • fees management;
  • transport operations;
  • activity planning;
  • historical customer invoicing;
  • historical orders supplies.

Your data will also be used for the following purposes necessary for the pursuit of the legitimate interest of the owner:

  • VIDEO SURVEILLANCE: the video surveillance system is introduced as a complementary measure aimed at improving safety inside or outside buildings where productive, industrial, commercial or service activities are carried out, or whose purpose is to facilitate any exercise, in civil or criminal proceedings, of right of defence of the processing controller or of third parties on the basis of images useful in case of unlawful acts.

Processing method. Your personal data may be processed in the following ways:

  • assignment to third parties of processing operations;
  • processing by electronic calculators;
  • manual treatment through paper archives.

Each treatment is carried out in compliance with the methods set out in articles. 6, 32 of the GDPR and through the adoption of the appropriate security measures.
Communication: your data will be communicated exclusively to competent and duly appointed persons for the performance of the services necessary for a correct management of the relationship, with a guarantee of protection of the rights of the interested party.
Only personnel expressly authorized by the Owner and, in particular, by the following categories of employees, will process your data:

  • Software/hardware/network assistance staff;
  • administrative, technical and commercial staff.

Your data may be communicated to third parties duly appointed Processors Supervisors, in particular at:

  • banks and credit institutions;
  • customers, suppliers, subcontractors;
  • legal communication concerning anti-money laundering legislation (law July 5, 1991, No. 197 and subsequent amendments, Legislative Decree 20 February 2004, n. 56; Law of 25 January 2006, n. 29; D.D. M.M. 3 February 2006, n.n. 141, 142 and 143; UIC ruling (Italian Exchange Office) 24 February 2006);
  • consultants and freelancers, also in associated form;
  • social security and welfare institutions;
  • as part of public and / or private subjects for which the communication of data is mandatory or necessary in compliance with legal obligations or it is in any case functional to the administration of the relationship;
  • armed forces;
  • police forces;
  • insurance companies;
  • shippers, transporters, landlords, post offices, companies for logistics.

Dissemination: Your personal data will not be distributed in any way.
Your personal data may also be transferred, limited to the purposes set out above, in the following states:

  • EU countries;
  • Extra EU countries with adequate guarantees (Article 46 – 47 GDPR);
  • Extra EU countries without adequate guarantees (Article 48 GDPR) after specific consent;
  • Extra EU safe countries.

Storage period. Please note that, in compliance with the principles of lawfulness, purpose limitation and data minimization, pursuant to art. 5 of the GDPR, the storage period of Your personal data is:

  • In any case for 10 years after the termination of the contract (beyond any further term for the conclusion of tax assessments);
  • established for a period of time not exceeding the achievement of the purposes for which they are collected and processed for the execution and completion of the contractual purposes;
  • established for a period of time not exceeding the achievement of the purposes for which they are collected and processed and in compliance with the mandatory time limits prescribed by law.

Controller: the Data Controller, according to the Law, is AEP TICKETING SOLUTIONS SRL (Via dei Colli 240 50058 Signa (FI); e-mail: gdpr@aep-italia.it; phone: +39 055 8732606) in the person of its legal representative pro tempore.

You have the right to obtain from the Controller the cancellation (right to be forgotten), limitation, updating, correction, portability, opposition to the processing of personal data concerning you, as well as in general can exercise all the rights provided from the articles 15, 16, 17, 18, 19, 20, 21, 22 of GDPR.



UE Reg. 2016/679: Art. 15, 16, 17, 18, 19, 20, 21, 22 – Rights of the interested party


  1. The interested party has the right to obtain confirmation of the existence or not of personal data concerning him/her, even if not yet registered, and their communication in intelligible form.
  2. The interested party has the right to obtain the indication:
    • of the origin of personal data;
    • of the purposes and methods of processing;
    • of the logic applied in case of treatment carried out with the aid of electronic instruments;
    • of the identifying details of the Controller, of the responsible and of the designated representative according to article 5, paragraph 2;
    • the subjects or the categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the territory of the State, managers or agents.
  3. The interested party has the right to obtain:
    • to updating, rectification or, when interested, integration of data;
    • the cancellation, transformation into anonymous form or data blocks processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;
    • the attestation that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfilment is impossible o involves a use of means manifestly disproportionate to the protected right;
    • data portability.
  4. The interested party has the right to object, in whole or in part:
    • for legitimate reasons, to the processing of personal data concerning him/her, even if pertinent to the purpose of the collection;
    • to the processing of personal data concerning him/her for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication.
  5. The interested party has the right to lodge a complaint as specified below: Right to propose a complaint to the supervisory authority: propose a claim to the Competition Authority for the protection of personal data, Piazza di Montecitorio n. 121, 00186, Roma (RM) – www.garanteprivacy.it.

You can exercise these rights by simply sending a request by e-mail or paper to the following addresses: AEP TICKETING SOLUTIONS SRL, Via dei Colli 240 – 50058 Signa (FI); e-mail: gdpr@aep-italia.it; phone: +39 055 8732606, Fax: +39 055 8735926

Data Protection Officer 
Consistent with GDPR’s rules, (DPO – art. 37 and following GDPR’s articles), AEP Ticketing Solutions has appointed as Data Protection Officer Mr. Alessandro Agostini.
Below his references:
Alessandro Agostini
Tel. +39 0744 945 006 – +39 339 439 5621
(Referent of Macroazienda Innovazione e Sviluppo Srl – Via Sistina 121, 00187 Roma)