INFORMATION FOR THE PROCESSING OF PERSONAL DATA
This information note contains the information required pursuant to art. 13 and 14 of Regulation (EU) 2016/679, concerning the protection of natural persons with regard to the processing of personal data (hereinafter "GDPR"), which came into force on 24 May 2016 and is applicable from 25 May 2018, without prejudice to the modifications and adaptations that become necessary as a result of the repeal, as of May 25, 2018, of the Privacy Code, as well as of European or national legislative measures and / or provisions of the Supervisory Authorities subsequent to the publication of this.
Who is the data controller?
The Data Controller is Enerhub S.r.l., subsequently called "Enerhub" with registered office in via del Carrozzaio 3, 40138 Bologna (BO) - Italy, with which you have stipulated and / or may enter into a service contract (hereinafter the "Holder"). The Owner is reachable through the contacts listed on the website www.enerhub.it as well as at the e-mail address clienti@Enerhub.it
What are the purposes of the treatment?
The Owner processes personal data (hereinafter, "personal data" or even "data") communicated by the Customer:
A. without having to obtain his express consent, for the following purposes:
• pre-contractual due diligence activities;
• formulation of offers and other activities aimed at establishing the contractual relationship for the provision of the services of the Data Controller;
• fulfill the pre-contractual, contractual and tax obligations deriving from ongoing relations with her;
• fulfill the obligations established by law or by an order of the competent Authority;
• exercise the rights of the owner, for example the right to defense in court;
B. only with specific consent, for the following promotional purposes:
• send them by e-mail, mail and / or sms and / or telephone contacts, newsletters, commercial communications and / or advertising material, possibly attached to the documentation delivered during the contractual relationship regarding products or services offered by the Owner and survey of the degree satisfaction on the quality of services
• Sending of promotional communications by e-mail, text messages, telephone contacts for marketing purposes concerning prize competitions and extractions
• Sending communications via e-mail, text message, mail, calls aimed at cross-selling products or services offered by Enerhub.
What are the methods of treatment?
Personal data are processed by the Data Controller in compliance with the principles of lawfulness, correctness and transparency.
The processing of your personal data is carried out by means of the following operations: collection, registration, organization, structuring, storage, consultation, adaptation or modification, use, communication, extraction, comparison, interconnection, limitation, cancellation and destruction of data, and will take place through appropriate technical and organizational measures, as far as is reasonable and to the state of the art, to guarantee security and confidentiality through the use of appropriate procedures that avoid the risk of loss, unauthorized access, illicit use and dissemination.
Your personal data are subjected to both paper and electronic processing.
The Data Controller will process personal data for the time necessary to fulfill the aforementioned purposes and in any case no later than 10 years from the termination of the contractual relationship and no later than 2 years from the collection of data for purposes of
• management and monitoring of customer records
• cross selling
• management of prize competitions
After this deadline, the Data will be destroyed or made anonymous.
If the Data Controller has documented the need to keep the data for a period exceeding 10 years (for example, if the cancellation could compromise its legitimate right of defense or, in general, for the protection of its corporate assets), the further preservation may occur by limiting access to data only to the person in charge of the legal function, to guarantee the legitimate exercise of the right of defense of the Data Controller.
Who are the recipients of the treatment data?
Your data may be made accessible for the purposes mentioned above to the following recipients:
• to associated or controlled companies, in Italy, to the extent necessary to perform the treatment, in compliance with the binding corporate rules
• to companies or other third parties (credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, statutory auditors, supervisory institutions, marketing and communication companies, etc.) who carry out activities in outsourcing on behalf of the owner;
• to public entities, for the fulfillment of legal obligations.
Without the need for its express consent, the Data Controller may communicate its data for the purposes referred to in point A to supervisory bodies, judicial authorities, insurance companies for the provision of insurance services, as well as to those subjects to whom the communication is mandatory by law for the accomplishment of the said purposes.
Where does the data reside and where are they transferred?
Personal data is stored on servers located within the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to move the servers even outside the EU. In this case, the Data Controller ensures that the transfer of non-EU data will take place in compliance with the applicable legal provisions, also through the provision of standard contractual clauses provided by the European Commission and the adoption of binding corporate rules. .
Is the provision of data mandatory?
The provision of data and the related processing for the purposes referred to in point A is necessary to guarantee the services of the owner you requested and to implement the contract and any pre-contractual obligations. Any refusal will result in the impossibility on the part of the Owner to perform the services covered by the contract.
The provision of data for the purposes referred to in point B is, instead, optional. It may, therefore, decide not to give any data or subsequently deny the possibility of processing data already provided: any refusal to consent to processing will have the sole consequence of the inability to receive newsletters, commercial communications and advertising material related to the services offered from the owner. However, you will continue to be entitled to the services referred to in point A.
What are my rights?
As an interested party, you have the right to:
• obtain confirmation of the existence or otherwise of the processing of personal data concerning them, as well as obtaining a copy of the aforesaid data;
• obtain the indication: a) of the origin of personal data; b) of the purposes and methods of the processing; c) of the logic applied in case of treatment carried out with the aid of electronic instruments; d) the identification details of the data controller, data processors and data protection officer; e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it in their capacity as designated representative in the territory of the State, managers or agents;
• obtain: a) updating, rectification or integration of data; b) cancellation, transformation into anonymous form or limitation of data processed in violation of the law; c) the attestation that the operations referred to in letters a) and b) have been notified, also with regard to their content, of those to whom the data have been communicated or disseminated, unless this proves impossible or involves an effort disproportionate; d) obtain from the Owner in a structured, commonly used and intelligible format the personal data concerning him and, where technically feasible, obtain the direct transmission of the aforesaid data from one owner to another;
• oppose a) the processing of your personal data, even if pertinent to the purpose of the collection; b) to the processing of your personal data for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by means of and -mail and / or through traditional marketing methods by telephone and / or paper mail. The right of opposition can be exercised even only partially, thus allowing the person to choose to receive only communications using traditional methods or only automated communications or none of the two types of communication.
• Therefore, in your capacity as an interested party you have the rights set forth in art. 15 - 21 of Reg. UE / 679/2016, as well as the right to lodge a complaint with the competent Authority pursuant to art. 77 GDPR.
What is the procedure for exercising rights and communications?
The Owner has defined an internal organizational model in the data protection area with an area dedicated to privacy and data protection of the data subject, which can be contacted for all matters relating to the processing of personal data and the exercise of related rights.
Therefore, you may at any time contact the Data Controller or Data Protection Officer in the following ways:
• sending a registered letter to Enerhub S.r.l., via del Carrozzaio 3, 40138 Bologna (BO) - Italia
• sending an e-mail message to clienti@Enerhub.it
Alternatively, you have the right to contact the competent authority for the protection of personal data. To this end, we inform you that our competent authority for the protection of personal data is the Guarantor for the protection of personal data located in Piazza di Monte Citorio n. 121 - 00186 Rome.
Please note that you have the right to revoke your consent at any time by writing to clienti@Enerhub.it