Privacy Policy

 

Information pursuant to art. 13 of EU Regulation 2016/679 (GDPR)

Greenergy S.r.l. (hereinafter "Greenergy") protects the confidentiality of personal data and guarantees them the necessary protection from any
event that could put them at risk of violation.

As required by EU Regulation 2016/679 ("GDPR"), and in particular by art. 13, below we provide the user ("Interested") with the information required by law relating to the processing of personal data.

Personal data will be processed according to the principles of correctness, lawfulness and transparency both in paper and electronic form. The availability, management, access, storage and usability of data are guaranteed by the adoption of technical and organizational measures deemed adequate by the Data Controller to ensure adequate levels of security pursuant to articles 25 and 32 of EU Regulation 2016/679.

With reference to the personal data that will be processed, the Data Controller provides visitors to its website, in the capacity of interested parties, with the following information:

1. Personal Information of Data Crotroller and contacts details:

Greenergy S.r.l., in the person of its legal representative on a temporary basis, with registered office in Castellaneta (TA), Via Stazione snc, who can be contacted at direzione@greenergy.it.

2. Data category and content.

The processing concerns the personal data provided by the interested party to the Data Controller, with particular reference to:

  • personal personal data, address of residence or domicile, contact details (telephone, e-mail address);
  • data relating to utilities and consumption (through the utility bill).

3. Purpose of the treatment.

The data will be processed for the following purposes:

  • to elaborate and send proposals for the requested services;
  • to fulfill the obligation to execute the contract and purposes strictly connected, related and functional to it;
  • subject to the express consent of the interested party, for marketing purposes connected to the promotion of the activities of the Data Controller. For this purpose, only personal data will be processed, with the explicit exclusion of particular data.

4. Duration of treatment.

The treatment will last for the following periods of time:

  • as long as necessary for the provision of the services requested by the interested party;
  • limited to personal data, for the ten (10) years following the request;
  • for the exercise of the right of defence, for a maximum period of ten (10) years following the provision of the services, a period equal to that
    established by law for the forfeiture of the exercise of ordinary action;
  • limited to personal data and for marketing purposes only for a period of two (2) years.

5. Provision of data and consent to treatment. Terms of licence.

The provision of personal and contact data of the interested party is necessary to provide the requests received through the website and for any legal obligations deriving from it. The treatments are indicated in point 3. Any refusal will prevent the Data Controller from carrying out the service/provision/information requested through the website.

The consent to the processing of data for marketing purposes is, however, optional.

6. Communication to third parties and categories of recipients.

The data may be processed by internal and external managers or by subjects authorized for processing by the Data Controller. The complete and updated list of data processors and authorized subjects is available at the registered office of the Data Controller. By way of non-exhaustive example, the data may be communicated for the performance of the activities inherent to the established relationship and to respond to certain legal obligations to:

 

Categories of recipients Purposes
External professionals/consultants and consulting firms Consultants for specialized professional activities.
Third Party Suppliers Service delivery.
Financial administration, public organizations, judicial authorities, supervisory and control authorities Fulfillment of legal obligations, defense of rights, lists and registers kept by public authorities or similar bodies on the basis of specific legislation, in relation to the contractual performance.

 

The Data Controller requires its third-party suppliers and Data Processors to comply with security measures equal to those adopted in relation to the Data Subject, restricting the scope of action to the treatments connected to the requested service.

The Data Controller does not transfer personal data to countries where the GDPR is not applied (non-EU).

If the interested party has given his consent to the processing of his personal data for marketing purposes, these may be communicated to those responsible and authorized for processing, in charge of managing marketing services such as, for example, the sending of newsletters, informative SMS, etc.

In no other case will the data of the interested party be communicated or disclosed to third parties.

7. Rights of the interested party.

The interested party may exercise, at any time, the rights recognized by the GDPR. They are:.

  • right to receive confirmation of the existence of the Data and access their content (access rights);
  • right to update, modify and/or correct the Data (right to rectification);
  • right to request the deletion of data processed unlawfully including data whose retention is unnecessary for the purposes for which the data were collected or otherwise processed (right to cancellation or oblivion);
  • right to limit the treatment of Data processed unlawfully including data whose retention is unnecessary for the purposes for which the Data
    were collected or otherwise treated (right to limitation);
  • right to object at any time, for reasons related to his particular situation, to the processing of personal data concerning him, including
    profiling on the basis of these provisions (right to object);
  • right to receive an electronic copy of the Data concerning him as an interested party, when such Data has been returned in the context of the contract and to request that such Data be transmitted to another data controller (right to data portability).

The interested party may exercise his rights by submitting an informal request to the Data Controller, who will respond within thirty (30) days of its receipt. This deadline may be extended by a further sixty (60) days if fulfilling the request is particularly onerous for the Data Controller.

If the interested party wishes to obtain a written response, he must explicitly indicate this in the request. The interested party will not be able to
obtain non-definitive data or data in the process of processing referable to him, nor can he obtain a correction of the evaluative ones.
Furthermore, the right of access can be exercised only for treatments in progress and not for those already concluded.

Interested parties are informed that, in the event that they do not receive a response within the terms indicated or that this does not satisfy them, or, again, they believe that there has been a violation of their rights, they may lodge a complaint with the Guarantor for the Protection of Personal Data according to the methods indicated on the Guarantor's website, accessible at the address: http://www.gpdp.it.

The exercise of the rights of the interested party is free, unless the Data Controller has to bear too onerous costs.