Greenergy S.r.l. (hereinafter "Greenergy") protects the confidentiality of personal data and guarantees them the necessary protection from any
event that could put them at risk of violation.
As required by EU Regulation 2016/679 ("GDPR"), and in particular by art. 13, below we provide the user ("Interested") with the information required by law relating to the processing of personal data.
Personal data will be processed according to the principles of correctness, lawfulness and transparency both in paper and electronic form. The availability, management, access, storage and usability of data are guaranteed by the adoption of technical and organizational measures deemed adequate by the Data Controller to ensure adequate levels of security pursuant to articles 25 and 32 of EU Regulation 2016/679.
With reference to the personal data that will be processed, the Data Controller provides visitors to its website, in the capacity of interested parties, with the following information:
Greenergy S.r.l., in the person of its legal representative on a temporary basis, with registered office in Castellaneta (TA), Via Stazione snc, who can be contacted at firstname.lastname@example.org.
The processing concerns the personal data provided by the interested party to the Data Controller, with particular reference to:
The data will be processed for the following purposes:
The treatment will last for the following periods of time:
The provision of personal and contact data of the interested party is necessary to provide the requests received through the website and for any legal obligations deriving from it. The treatments are indicated in point 3. Any refusal will prevent the Data Controller from carrying out the service/provision/information requested through the website.
The consent to the processing of data for marketing purposes is, however, optional.
The data may be processed by internal and external managers or by subjects authorized for processing by the Data Controller. The complete and updated list of data processors and authorized subjects is available at the registered office of the Data Controller. By way of non-exhaustive example, the data may be communicated for the performance of the activities inherent to the established relationship and to respond to certain legal obligations to:
|Categories of recipients||Purposes|
|External professionals/consultants and consulting firms||Consultants for specialized professional activities.|
|Third Party Suppliers||Service delivery.|
|Financial administration, public organizations, judicial authorities, supervisory and control authorities||Fulfillment of legal obligations, defense of rights, lists and registers kept by public authorities or similar bodies on the basis of specific legislation, in relation to the contractual performance.|
The Data Controller requires its third-party suppliers and Data Processors to comply with security measures equal to those adopted in relation to the Data Subject, restricting the scope of action to the treatments connected to the requested service.
The Data Controller does not transfer personal data to countries where the GDPR is not applied (non-EU).
If the interested party has given his consent to the processing of his personal data for marketing purposes, these may be communicated to those responsible and authorized for processing, in charge of managing marketing services such as, for example, the sending of newsletters, informative SMS, etc.
In no other case will the data of the interested party be communicated or disclosed to third parties.
The interested party may exercise, at any time, the rights recognized by the GDPR. They are:.
The interested party may exercise his rights by submitting an informal request to the Data Controller, who will respond within thirty (30) days of its receipt. This deadline may be extended by a further sixty (60) days if fulfilling the request is particularly onerous for the Data Controller.
If the interested party wishes to obtain a written response, he must explicitly indicate this in the request. The interested party will not be able to
obtain non-definitive data or data in the process of processing referable to him, nor can he obtain a correction of the evaluative ones.
Furthermore, the right of access can be exercised only for treatments in progress and not for those already concluded.
Interested parties are informed that, in the event that they do not receive a response within the terms indicated or that this does not satisfy them, or, again, they believe that there has been a violation of their rights, they may lodge a complaint with the Guarantor for the Protection of Personal Data according to the methods indicated on the Guarantor's website, accessible at the address: http://www.gpdp.it.
The exercise of the rights of the interested party is free, unless the Data Controller has to bear too onerous costs.