This Privacy Policy describes the methods of managing the website https://www.ama.it/ and the subdomains associated with it, with reference to the processing of personal data of users who consult it.
The information is provided pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafter “GDPR”) to those who interact with the web services of AMA S.p.A.

  1. Data Controller

The Data Controller of personal data is AMA S.p.A., with registered office at Via Puccini, 28 – 42018 San Martino in Rio (RE), Italy.

  1. Types of Data Collected

Data voluntarily provided by the user
The optional, explicit, and voluntary submission of personal data through the forms available on the website (e.g., contact form, request for information, “Work with us,” registration to the reserved area and/or e-commerce) entails the subsequent acquisition of the sender’s data, necessary to respond to the requests, as well as any other personal data included.

In particular, the following data may be collected:

  • Personal and contact details: first name, last name, email address, telephone number, residence/domicile address.
  • Professional data: in the event of an application through the “Work with us” section, the data contained in the curriculum vitae will be collected (e.g., educational background, work experience).
  • Data for registration and online purchases: username, password, shipping and billing address, data relating to orders placed. Payment data (e.g., credit card number) will not be processed directly by the Data Controller but by third-party payment service providers.

Browsing data
The computer systems and software procedures used to operate this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified data subjects, but, by its very nature, could, through processing and association with data held by third parties, allow users to be identified.

This category of data includes IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (successful outcome, error, etc.), and other parameters relating to the user’s operating system and IT environment.

Cookies
For detailed information on the cookies used by this website, please refer to the dedicated Cookie Policy.

  1. Purposes and Legal Basis of Processing

Personal data are processed for the following purposes:

  1. Responding to user requests: to manage and reply to requests for information, contact, or quotations submitted through the relevant forms.
  • Legal basis: the performance of pre-contractual measures adopted at the request of the data subject (Art. 6, para. 1, letter b) GDPR).
  1. Management of the reserved area and online purchases: to allow registration to the reserved area, management of the account, and fulfillment of orders placed through the e-commerce platform.
  • Legal basis: the performance of a contract to which the data subject is a party (Art. 6, para. 1, letter GDPR).
  1. Compliance with legal obligations: to fulfill obligations established by law, regulation, EU legislation, or an order of the Authority (e.g., in tax and accounting matters).
  • Legal basis: compliance with a legal obligation to which the Data Controller is subject (Art. 6, para. 1, letter c) GDPR).
  1. Sending of commercial communications and newsletters (Marketing): subject to specific and optional consent, to send promotional communications, newsletters, and updates on AMA S.p.A. products and services by email.
  • Legal basis: the consent of the data subject (Art. 6, para. 1, letter a) GDPR).
  1. Website operation and statistical analysis: to ensure the proper functioning of the website and to collect aggregated and anonymous information on the number of users and how they visit the website.
  • Legal basis: the legitimate interest of the Data Controller (Art. 6, para. 1, letter f) GDPR).
  1. Retention Period of Data
    Personal data will be stored for the time strictly necessary to achieve the purposes for which they were collected and, in any case, in compliance with legal requirements. In particular:
  • Data collected for the purposes referred to in points 3a) and 3b) will be stored for the time necessary to handle the requests and for the entire duration of the contractual relationship, and subsequently for 10 years for civil and tax compliance.
  • Data collected for the purpose referred to in point 3d) (marketing) will be stored until the withdrawal of consent by the data subject.
  1. Methods of Processing and Security Measures

The processing of personal data is carried out by means of the operations indicated in Art. 4 no. 2) GDPR, namely: collection, recording, organization, storage, consultation, processing, modification, selection, retrieval, comparison, use, interconnection, blocking, communication, erasure, and destruction of data.

Your personal data are processed both in paper form and electronically and/or through automated means. The Data Controller has adopted appropriate security measures to protect your data against the risk of loss, misuse, or alteration.

  1. Disclosure to Third Parties and Data Transfer

Your data may be made accessible, for the purposes mentioned above, to:

  • Employees and collaborators of the Data Controller, in their capacity as authorized persons and/or internal processors.
  • Third-party companies or other entities carrying out outsourced activities on behalf of the Data Controller (e.g., technical service providers, hosting providers, IT companies, communication agencies).
  • Public authorities, where required by law.

Personal data will not be disseminated. The management and storage of personal data will take place on servers located within the European Union.

  1. Rights of the Data Subject

As a data subject, you have the rights provided for in Articles 15–22 GDPR, namely the rights to:

  • Access: obtain confirmation as to whether or not personal data concerning you exist and receive such data in an intelligible form.
  • Rectification: obtain the updating, rectification, or, when interested, the integration of data.
  • Erasure (right to be forgotten): obtain the deletion of personal data concerning you.
  • Restriction of processing: obtain the restriction of the processing of your data.
  • Data portability: receive in a structured, commonly used, and machine-readable format the personal data concerning you and transmit those data to another controller.
  • Objection: object, in whole or in part, on legitimate grounds, to the processing of personal data concerning you.
  • Withdrawal of consent: withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
  • Lodge a complaint: lodge a complaint with the Supervisory Authority (Data Protection Authority).

You may exercise your rights at any time by sending a communication to the following email address: privacy@ama.it.

  1. Amendments to this Privacy Policy
    The Data Controller reserves the right to make changes to this privacy policy at any time by giving notice to users on this page. Please therefore consult this page frequently, referring to the date of the last modification indicated at the bottom.

Last update: 24 September 2025