Xilema sas, with registered office in Via Igna, 27/A - 36010 Carrè (VI), VAT IT03422900245 (hereinafter "Xilema"), as data controller, informs you pursuant to art. 13 D.Lgs. 30.6.2003 n. 196 (hereinafter, "Privacy Code") and art. 13 EU Regulation n. 2016/679 (hereinafter, "GDPR") that your data will be processed in the following ways and for the following purposes:

1. Object of processing
Xilema processes personal, identifying data (for example, name, surname, company name, address, telephone, e-mail, bank and payment references - later, "personal data" or even "data") by you communicated on the occasion of the conclusion of contracts for the services of Xilema.

2. Purpose of processing
Your personal data are processed without your express consent (art. 24 lett. a), b), c) Privacy Code and art. 6 lett. b), e) GDPR), for the following Service Purposes:
- conclude contracts for Xilema’s services;
- fulfil pre-contractual, contractual and fiscal obligations arising from existing relationships with you;
- fulfil the obligations laid down by law, regulation, Community legislation or an order of the Authority (such as anti-money laundering);
- exercise the rights of Xilema, for example the right of defence in court.

3. Method of treatment
The processing of your personal data is carried out through the operations indicated in art. 4 Privacy Code and art. 4 n. 2) GDPR and precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of data. Your personal data are subject to both paper and electronic and/or automated processing. Xilema will process personal data for the time necessary to fulfill the above purposes and in any case for no more than 10 years from the termination of the relationship for the Service Purposes.

4. Access to data
Your data may be made accessible for the purposes referred to in art. 2:
- employees and collaborators of Xilema, in their capacity as persons in charge and/or internal data processors and/or system administrators;
- to third-party companies or other entities (as an indication, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.) that carry out outsourcing activities on behalf of Xilema, as external data controllers.

5. Data communication
Without the need of an express consent (ex art. 24 lett. a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR), Xilema may communicate your data for the purposes referred to in art. 2 a Supervisory bodies (such as IVASS), Judicial authorities, insurance companies for the provision of insurance services, and to those subjects to whom the communication is mandatory by law for the fulfilment of the aforementioned purposes. These parties will process the data as independent data controllers. Your data will not be disseminated.

6. Safety
The data are stored and controlled through the adoption of appropriate preventive security measures, aimed at minimizing the risks of loss and destruction, unauthorized access, unauthorized processing and different from the purposes for which the processing is carried out.

7. Data transfer
The management and storage of personal data will take place within the European Union.

8. Rights of the data subject
In your capacity as data subject, you have the right pursuant to art. 15 GDPR and precisely the rights to: i. obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet recorded, and their communication in an intelligible form; ii. obtain the indication: a) of the origin of the personal data; b) of the purposes and methods of processing; c) of the logic applied in the case of processing carried out with the help of electronic tools; d) of the data controller’s identification details, the responsible persons and the appointed representative pursuant to art. 5, paragraph 2 Privacy Code and art. 3, paragraph 1, GDPR; e) the persons or categories of persons to whom personal data may be disclosed or who may become aware of them in their capacity as designated representatives in the territory of the State, as data processors or persons in charge; iii. obtain: a) the update, correction or integration of data; b) the deletion, transformation into anonymous form or blocking of data processed in violation of the law, including those whose storage is not necessary in relation to the purposes for which the data were collected or subsequently processed; c) proof that the operations referred to in paragraphs a) and b) have been brought to the attention, including as regards their content, of those to whom the data have been communicated or disseminated, except where such compliance proves impossible or involves the use of means manifestly disproportionate to the protected right; iv. object, in whole or in part on legitimate grounds, to the processing of personal data concerning you, even if it is relevant to the purpose of the collection. Where applicable, you also have the rights referred to in art. 16-21 GDPR (Right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right to complain to the Data Protection Authority.

9. How to exercise your rights
You can exercise your rights at any time by sending a communication: 1. via e-mail to: or by mail A.R., to: Xilema sas, Via Igna, 27/A - 36010 Carrè (VI)

10. Owner, manager and appointees
The Data Controller is Xilema sas. The updated list of data processors and data processors is kept and can be consulted at the headquarters of the Data Controller.