- Directive 2002/58/EC – on the “processing of personal data and the protection of privacy in the electronic communications sector”.
- Legislative Decree no. 196 of 30 June 2003 – “Personal Data Protection Code” as amended by Legislative Decree 101/2018.
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General data Protection Regulation – GDPR).
THE DATA CONTROLLER
Galileo Green Energy Management Services S.r.l., Bastioni di Porta Nuova 21 – 20121 Milan, Italy
Email address: [email protected]
VAT number IT11082940963
TYPES OF DATA PROCESSED, PURPOSES AND LEGAL BASIS OF THE PROCESSING
The computer systems and software procedures used to operate this site acquire, as part of their normal operation, some personal data of which transmission is implicit via the use of internet communication protocols.
This category of data includes IP addresses or domain names of the computers and terminals used by users, URI/URL (Uniform Resource Identifier/Locator) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the reply given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s computer environment.
These types of data, which are necessary for the use of web services, are also processed for the purpose of:
- obtaining statistical information on the use of the services (i.e. most visited pages, number of visitors per time slot or day, geographical areas of origin, etc.);
- checking the correct functioning of the services offered.
Browsing data is not stored for more than seven days (except in the case of necessity to ascertain crimes by the Judicial Authority). The potential limited processing of personal data collected for the pursuit of said purposes is necessary for the pursuit of the legitimate interest of the Data Controller (Art. 6 par. 1 letter f) of GDPR).
Data provided voluntarily by the user
The optional, explicit and voluntary sending of messages to the addresses of the Data Controller, as well as the forwarding of the forms and the filling in of the contact forms on the site, involve the acquisition of all personal data included in the communications.
Depending on the purposes pursued, the processing of such data may therefore be carried out with the consent as freely provided by the data subject (Art. 6 par.1 letter a) of the GDPR), to execute any contract to which the data subject is a party to, or to carry out pre-contractual measures adopted at the request of the data subject (Art. 6 par.1 letter b) of the GDPR); for the pursuit of a legitimate interest of the Data Controller (Art. 6 par.1 letter f) of the GDPR).
Specific information will be published on the pages of the site prepared for the provision of certain services.
Anonymous or aggregated data
Anonymization is a processing operation which has the purpose of preventing the identification of the data subject. Data rendered anonymous do not fall within the scope of the data protection legislation. Aggregated data may derive from personal data being provided by the user however it is not fall under the category of personal data as defined under the law since, as previously mentioned, it does not allow for the identification of the data subject either directly or indirectly.
OPTIONALITY OF DATA CONFERMENT
Apart from what has been specified in the case of navigation data, each user is free to provide his/her personal data. However, failure to provide said data may render it impossible to obtain what has been requested.
METHODS OF PROCESSING and DATA RETENTION
Personal data is processed, also with the aid of automated tools. Specific security measures are observed to prevent the loss of data, its unlawful or incorrect use and any unauthorized access. The Data Controller has adopted all the minimum-security measures as required by the law and, taking inspiration from the main international standards, has also adopted additional security measures to minimise the risks relating to the confidentiality, availability and integrity of the personal data collected and processed.
DATA SHARING, COMMUNICATION AND DISSEMINATION
The personal data collected may be transferred or communicated to other companies for activities strictly connected and instrumental to the operation of the service, such as the management of the computer system. The personal data provided by users who submit requests, is used for the sole purpose of following up with them and is communicated to third parties only if necessary for this purpose. Outside of these cases, personal data will not be communicated unless provided for by contract or law, or unless specific consent is requested from the interested party.
In this case, personal data may be transmitted to third parties, but only and exclusively in the case in which:
- there is explicit consent to share the data with third parties;
- there is a need to share the information with third parties in order to provide the requested service;
- this is necessary to comply with requests from the Judicial or Public Security Authorities.
No data deriving from web services is disclosed.
TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
Personal data will not be transferred to third countries, meaning countries not belonging to the European Union or the European Economic Area. In the exceptional situation in which it may be the case, the Data Controller declares and guarantees to do so complying with the provisions of Articles 44 et seq. of the GDPR.
FURTHER INFORMATION ON DATA PROCESSING AND EXERCISE OF RIGHTS
For further information on the processing of personal data as well as to obtain, in the cases provided for by GDPR, access to their personal data and the rectification or cancellation of the same or the limitation of the processing that concerns them or to oppose the processing (Articles 15 et seq. of GDPR), any interested party may contact the Data Controller by writing to Galileo Green Energy Management Services Srl, Bastioni di Porta Nuova 21 – 20121 Milan or by sending an e-mail to [email protected] .
CHANGES TO THESE PRIVACY POLICIES
The Data Controller periodically checks its privacy and security policy and, if necessary, revises it in relation to regulatory, organizational or technological changes. In the case of policy changes, the new version will be published on this page of the site.
RIGHT OF COMPLAINT
Data subjects who believe that the processing of their personal data carried out through this site is in violation of the provisions of the GDPR have the right to lodge a complaint with the Data Protection Authority, as provided for in art. 77 of the GDPR itself, or to take appropriate legal action (art. 79 of the GDPR).