Information notice pursuant to Art. 13 of EU Regulation 2016/679 - GDPR
Information for processing personal data collected from the data subject
This policy is not to be considered valid for sites that may be consultable through links present on the internet site and on the Duferco Mobility App in the domain of the controller, who is not to be considered in any way liable for the internet sites of third parties.
KEY DATA PROTECTION ROLES
DATA CONTROLLER, pursuant to act. 4 and 24 of EU Reg. 2016/679 is DUFERCO ENERGIA S.p.A., with registered office in Via Imperiale n. 4, 16126 Stradario 31820 Genoa, as pro tempore legal representative.
Data Protection Officer (DPO), pursuant to art. 37 – 39 of EU Reg. 2016/679 is identified within the organization and the relative contact data are tel.: +39 010 275 601 e-mail firstname.lastname@example.org.
TYPES OF DATA PROCESSED
Personal data any information regarding a data subject, with particular reference to identification such as the name, an identification number, data relative to the location, an online identification or one or more items characteristic of his/her physical, physiological, genetic, psychic, economic, cultural or social identity – cf. art. 4, c. 1, n. 1 GDPR.
PURPOSES AND LAWFULNESS OF THE PROCESSING
The personal data supplied shall be processed in accordance with the requirements for the lawfulness of processing set forth by Art. 6 of EU Regulation 2016/679 for the following purposes:
to complete the registration, in order to access the Mobility services offered by the portal, which do not necessitate a specific contract (for example: spot charging) (art. 6 let. b));
eventual request for supply and/or further products using the dedicated form and subsequent sending by the Controller of the contractual documentation and related administrative accounting activities (art. 6 let. b));
for the issuing of comments, notifications, request for assistance using the form (e.g. to request a FLAT and Pay-As-You-Go contract or give feedback) or calling one of the freephone/contact numbers found on the website (art. 6 let. b));
prior consent and until objection from the Client, for direct marketing activities from the Controller, with the sending of advertising/promotional material, direct sale of new products and services and/or feedback questionnaires – via email, telefax, MMS, SMS or other types of messages, as well as via telephone calls with operators and regular mail. (art. 6 let. a)). In order to compare and eventually improve the results of the communications, the Controller shall use systems for the sending of newsletters and promotional communications with reports. Thanks to the reports, the Controller will be able to know, for example, the number of readers, openings, individual “clickers” and clicks; the devices and the operating systems used for reading the communications; the detail on the activity of the single users; the detail of the emails sent, emails delivered and undelivered, and those forwarded. All this data is utilized for the purposes of comparing and eventually improving the results of the communications;
prior consent and until objection from the Client, his/her data will be treated for the purposes of profiling on the basis of consumption levels and habits in order to receive offers of services in line with his/her interests (art.6 let. a));
RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA
Personal data provided by the User may be communicated to recipients who shall process the data as Processors and/or persons acting under the authority of the Controller and the Processor, or who operate in complete autonomy as a separate Data Controller, in order to comply with contracts or related purposes. The list of designated Data Processors is constantly updated and is available in the head office of Duferco Energia S.p.A. The data may be communicated to recipients belonging to the following categories: - Parent companies and subsidiaries and/or related to Duferco Energia S.p.A.; - Persons supplying services for the management of the information system and the communication networks of Duferco Energia S.p.A. (including email) and the telecommunications and APP development networks; - Companies providing assistance and consultancy for the management of the APP; - Competent authorities for compliance with legal obligations and/or provisions of public bodies, upon request.
DATA TRANSFER TO A THIRD COUNTRY AND/OR INTERNATIONAL ORGANIZATION
Personal data supplied may be transferred to a third Country within or outside the European Union, subject to the limits and conditions set forth by art. 44 and subsequent articles of the EU Regulation 2016/679, in order to comply with purposes related to the transfer. Specifically, the data which will be transferred to the host company of the GoDaddy Operating Company, LLC are guaranteed by the Privacy Shield certification of the company.
DATA RETENTION PERIOD OR RELEVANT CRITERIA
The processing shall be carried out in automated and/or manual manner, with methods and tools aimed at ensuring the utmost security and confidentiality, by persons specifically appointed to do so.
According to the provisions set forth in art. 5 par. 1 let. e) of EU Regulation 2016/679, personal data collected to enable browsing shall be kept in a form that permits identification of data subjects for the duration of the session (technical cookies). In the case where a supply contract is stipulated, the personal data collected for administrative and accounting purposes shall be retained for a period equal to the duration of the supply contract in place between the parties for a further 10 years. In the case where he/she requests to be contacted for an offer or uses one of the services offered on forms or contacts found on the website, the personal data shall be retained for the time necessary to complete the request. For direct marketing purposes, the data will be retained until the objection of the Client, whilst for the purposes of profiling, the data shall be retained for one year from the acquisition of the consent.
Furthermore, always in respect of what is set forth in art. 5 paragraph 1, let. e of EU Reg. 2016/679, the personal data collected for the creation of an account shall me retained in a form which enables the identification of the data subjects for a period equal to the usage time of the APP or the WEB service and for the following 10 years; the data processed for the issuing of comments or notifications, per requests for assistance or information shall be retained in a form which enables the identification of the data subjects for 2 years.
NATURE OF UNDERWRITING AND REFUSAL
The provision of personal data for purpose A) is necessary to be able to use the WEB services (browsing or APP). In the case of non-submittal, it will not be possible to utilize the functions offered. With regard to the purposes of B), C) and D) related to the use of mobility products, issuing feedback, notifications and requests for supply, the provision is necessary for the execution of pre-contractual measures. Non-submittal of personal data will make it impossible to use these products/services. The provision of data for the purposes of E), F) and G) is optional; in the absence of this, the Client can in any case use the Web and supply services of the Controller.
DATA SUBJECT’S RIGHTS
You may exercise your rights pursuant to art. 15 of EU Regulation 2016/679, by contacting the data Controller, by writing to email@example.com. You have the right, at any time, to request the data Controller to access, rectify, cancel your personal data or limit their processing. Furthermore, you have the right to object, at any time, to the processing of your data (including automated processing, e.g. profiling) and to the portability of your data. Without prejudice to any other administrative and judicial appeal, if you believe that the processing of your data violates the provisions of EU Regulation 2016/679, pursuant to art. 15 let. f) of the aforementioned EU Regulation 2016/679, you have the right to lodge a complaint with the Data Protection Authority and, with reference to art. 6 paragraph 1, letter a) and art. 9 paragraph 2, letter a), you have the right to withdraw the consent given at any time. In the case of request of data portability, the Controller shall provide you with your personal data in a structured, commonly used and machine-readable format, subject to the provisions set forth in paragraphs 3 and 4 of art. 20 of EU Regulation 2016/679.
Date of Update: 19/12/2018