Energia

E-mobility

Efficienza

Consulenza

Noi

Informazioni e servizi

Privacy policy

pursuant to articles 13 and 14 of EU Reg. No. 679/2016

Dear Sir, Dear Madam,
The Client/Buyer, in its capacity as data controller (hereinafter the "Data Controller"), informs you that, pursuant to art. 13 and 14 of EU Reg. no. 679/2016 (hereinafter "GDPR"), processes your personal data, in compliance with current regulations and as better specified below.

  1. OBJECT OF THE PROCESSING AND CATEGORIES OF DATA PROCESSED
    The Data Controller processes personal data collected from you when you fill in and sign the Contract (or formalize/execute a purchase order) or collected from third parties (by way of example but not limited to: private databases, other companies of the Repower Group, etc.), due to the activity carried out by the Data Controller. By way of example, such data may include personal data (e.g. name, surname, address, date, place of birth), contact data (e.g. telephone numbers or e-mail addresses, etc.), financial information (e.g. bank details, etc.), image data (e.g. photo on identity card, etc.).
    The Data Controller does not knowingly collect data from persons under the age of 18.

  2. PURPOSE, LEGAL BASIS OF THE PROCESSING AND CONSEQUENCES OF FAILURE TO PROVIDE DATA
    Your Data will be processed for the purposes described below.

    1. Need to carry out pre-contractual activities and perform the Contract
      This activity includes the execution of administrative-accounting obligations (e.g. accounting records, historical archives, treasury management, etc.), as well as the identification of the Supplier (e.g. financial reliability, IT security measures adopted, etc.).
      The provision of such data represents a contractual obligation or a requirement necessary for the conclusion of the Contract and failure to provide them could prevent the establishment of the contractual relationship or its execution.

    2. Need to comply with legal obligations
      This activity includes the fulfilment of legal, accounting, fiscal, administrative and contractual obligations related to the contractual relationship and the correct management of relations with authorities, control bodies and public bodies. To this end, the Data Controller may also have to process "judicial" data pursuant to Article 10 of the GDPR (e.g. in the case of participation in public tenders).
      The provision of the data necessary for these purposes is a legal obligation and failure to provide them could prevent the establishment of the contractual relationship and oblige the Data Controller to make a report.

  3. METHODS OF PROCESSING
    The processing of your Data is carried out by means of the operations indicated in art. 4 no. 2) GDPR and by paper, electronic and/or automated means. The processing is carried out in full compliance with the law, as well as the principles of lawfulness, fairness, transparency, non-excessiveness and protection of your privacy and your rights.

  4. DATA RETENTION PERIOD
    The Data you provide will be kept for a period not exceeding ten years, starting from the termination of the contract stipulated between the parties. At the end of this retention period, the Data Controller will proceed to delete your personal data. For more information on the document retention policy, please consult the data retention policy on Personal Data of the Data Controller is available at this link.

  5. CATEGORIES OF RECIPIENTS OF PERSONAL DATA
    Your Data may be made accessible for the purposes described above:

    • to employees and collaborators of the Data Controller in Italy and - in some cases - also abroad, as persons authorised to process or duly appointed data processors;

    • to other companies of the Repower Group (parent companies, subsidiaries and/or associates) in Italy and abroad, as well as to their employees and collaborators;

    • to third parties who carry out outsourced activities on behalf of the Data Controller, duly appointed as data processors pursuant to Article 28 of the GDPR;

    • local authorities, law enforcement agencies (e.g. police forces) and other public administrations, for the fulfilment of obligations provided for by law, regulations or EU legislation.

  6. DATA TRANSFER
    The Data are stored on servers and storage tools located within the European Union. In any case, it is understood that the Data Controller, if necessary, has the right to transfer the data to the Swiss Parent Company Repower AG and to process your personal data outside the European Economic Area, provided that an adequate level of protection exists according to the European Commission or provided that the Data Controller has implemented appropriate safeguards to preserve the confidentiality of such information.

  7. RIGHTS OF THE DATA SUBJECT AND METHODS OF EXERCISE
    As a data subject, you may exercise the rights referred to in art. 16 - 21 GDPR (right of access, right to rectification, right to be forgotten, right to restriction, right to data portability, right to object), as well as you may lodge a complaint with the Data Protection Authority and revoke any consent given at any time.
    You may exercise your rights or make a request at any time by sending a registered letter with return receipt to the registered office of the Data Controller or by e-mail to privacy.it@repower.com.

  8. DATA CONTROLLER, DATA PROTECTION OFFICER AND CATEGORIES OF DATA PROCESSORS
    The Client/Buyer is the Data Controller, in the person of its legal representative p.t. The Data Protection Officer can be contacted at the following e-mail address: privacy.it@repower.com.
    The list of categories of Data Processors is kept at the registered office of the Data Controller.