HOME / COMPANY / ABOUT US / PRIVACY POLICY

PRIVACY POLICY

 

1. DATA CONTROLLER
EXERGY SPA, Via Degli Agresti 6, 40123 Bologna (Bo) info@exergy.it

2. PERSONAL DATA PROCESSED
a) Personal data processed for the purposes of Website operation
Information systems and software procedures used to operate the Website acquire, during the normal course of operation, some personal data whose transmission is implicit in the communication protocols of the Internet.
It concerns information that is not collected to be associated with specific individuals, but by their own very nature could, through the processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or domain names of computers used by users who connect to the Website and the App, URI addresses (Uniform Resource Identifier) of requested resources, the time of the request, the method utilized to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters related to the operating system and the users.
Information collected in this way could be used for ascertaining responsibility in case of any computer-related offences that damage the Website and the App.

b) Data provided by users directly
The optional, explicit and voluntary mailing of data as requested by the various sections of this Website and of the App are used for the purpose of processing the user’s requests (including but not limited to: cases in which information or clarification is requested by writing to the e-mail addresses found on the Website and on the App).
Specific summary information dedicated to particular services on request will be provided or displayed on the Website pages and on the App.

c) Cookie
The Website makes use of cookies and similar technologies to ensure the proper functioning of procedures and to improve the experience of online applications.
For the use of cookies, please read the complete information by clicking here.


3. DATA PROCESSING PURPOSE
Website functioning
Data collected during browsing are used in order to obtain anonymous statistical information on the use of the Website and to monitor its correct functioning.

a) Legal basis for data processing
Execution of the contract involving the data subject (Website use).
b) Data retention period
Throughout the session on the Website.

Contact purposes
The data provided directly by the user shall be applied to the latter's requests (e.g. registration on the website or contact request).


a) Legal basis for data processing
Execution of the contract involving the data subject (Website use).
b) Data retention period
As per the information provided upon data collection
After the above retention terms have expired, the Data will be destroyed, erased or anonymized, consistent with the technical procedures of erasure and backup.

4. DATA PROVISION COMPULSORINESS
Excluding the browsing data, required to implement IT protocols, the provision of personal data by users is free and optional. However, failing to provide such data will make it impossible to carry out the requests made or intended to by the user

5. DATA RECIPIENTS
Personal data may be communicated to parties acting as data controllers (such as supervisory bodies and authorities and public organisations authorised to request data) or processed on behalf of the Company by parties appointed as data processors, who are provided with suitable operating instructions. These parties include the following categories:
a) companies belonging to Maccaferri Group, working as data processors or for administrative and accounting purposes (e.g. purposes connected with internal, administrative, financial and accounting activities);
b) natural and/or legal persons providing different services to the Company (e.g. suppliers of services for the management of the Website, such as system outsourcers, companies that provide connectivity services to the Internet, etc.). Such parties may also work as Data Processors;
c) parties and/or public and private entities the data will be communicated to for the purposes of fulfilling or enforcing the fulfillment of specific obligations provided for by laws, regulations and EU legislation. These subjects will operate as autonomous Data Controllers or Data Processors.

6. PARTIES AUTHORISED TO PROCESS DATA
The data will be processed by employees, collaborators of the Company or external parties, in their capacity as processors and officers, performing on behalf of the Company technical and organizational tasks on the Website.

7. PERSONAL DATA TRANSFERS OUTSIDE THE EU
The data may be transferred to non-EU Countries, in particular to:
a) Extra UE Countries whose data protection level is deemed adequate by the European Commission in accordance with article 45 of the GDPR;
b) Extra UE Countries other than those referred to in the preceding paragraph a), after signing Standard Contractual Clauses adopted/approved by the European Commission in accordance with article 46, 2, letters c) and d) of the GDPR.

A copy of the above mentioned safeguards can be obtained sending a specific request to the Controller, according to the modalities specified in the following paragraph “Data Subject’s rights – Complaint to the Supervisory Authority”.

8. DATA SUBJECTS’ RIGHTS - COMPLAINT TO THE SUPERVISORY AUTHORITY
By contacting the Company via e-mail sent to info@exergy.it, data subjects can require the Controller to access personal data, as well as the correction or deletion of personal data, and are also entitled to restrict processing of such data in the cases set out in article 18 GDPR, and object the processing in case of legitimate interests of the Controller
Furthermore, in the case where processing is based on consent or a contract and carried out with automated tools, data subjects have the right to receive the personal data in a structured, commonly used and machine-readable format, and to transmit the data to another data Controller without obstruction.
Data subjects have the right to lodge a complaint to the competent Supervisory Authority in the member state where they are resident or where they work, or the member state where the alleged breach took place.