– Directive 2002/58/EC – on the “processing of personal data and the protection of privacy in the electronic communications sector” (“e-Privacy Directive”).
– Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”).
Hereinafter, together with the e-Privacy Directive and the GDPR, the “Applicable Legislation”.
THE DATA CONTROLLER
Galileo Green Energy GmbH Usteristrasse 12, CH 8001 Zürich
Email address of the Controller: [email protected]
Registered in the Company Register of Zurich
VAT number CH-020.4.069.175-2
PERSONAL DATA PROCESSED, PURPOSES AND LEGAL BASIS OF THE PROCESSING
During your browsing within the Site, personal data are processed. Personal data may consist of an identifier such as your name, an identification number, an online identifier or one or more characteristic elements of your identity capable of making you identified or identifiable (hereinafter only “Personal Data”). The Personal Data processed through the Site are the following:
The computer systems and software procedures used to operate this Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes IP addresses or domain names of the computers and terminals used by users, URI/URL (Uniform Resource Identifier/Locator) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the reply given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s computer environment.
These data, necessary for the use of web services, are also processed for the purpose of:
– obtaining statistical information on the use of the services (most visited pages, number of visitors per time slot or day, geographical areas of origin, etc.);
– checking the correct functioning of the services offered.
Browsing data are not stored for more than seven days (except for any need to ascertain crimes by the Judicial Authority). The possible and limited processing of Personal Data collected for the pursuit of such purposes is necessary for the pursuit of the legitimate interest of the Data Controller (Art. 6 par. 1 letter f) of GDPR).
Data provided voluntarily by the user
The optional, explicit and voluntary sending of messages to the addresses of the Data Controller, as well as the forwarding of the forms and the filling in of the contact forms on the Site, involve the acquisition of all Personal Data included in the communications.
The processing of such Personal Data is necessary in order to be able to respond to requests and messages via the data subject’s form, therefore the legal basis is to execute any contract to which the data subject is a party or to carry out pre-contractual measures adopted at the request of the data subject (Art. 6 par.1 letter b) of GDPR).
Specific information will be published on the pages of the Site prepared for the provision of certain services.
Anonymous or aggregated data
Anonymisation is a processing operation whose purpose is to prevent the identification of the data subject. Data rendered anonymous do not fall within the scope of data protection legislation. Aggregated data may derive from Personal Data provided by the user but are not considered Personal Data since, as specified, they do not allow either directly or indirectly the identification of the data subject.
OPTIONALITY OF DATA CONFERMENT
Apart from what has been specified for navigation data, the user is free to provide his Personal Data. However, failure to provide them may make it impossible to obtain what has been requested.
METHODS OF TREATMENT AND DATA RETENTION
Personal Data are processed, also with the aid of automated tools. Specific security measures are observed to prevent the loss of data, unlawful or incorrect use and unauthorized access. The Data Controller has adopted all the minimum-security measures required by law and, taking inspiration from the main international standards, has also adopted additional security measures to minimise the risks relating to the confidentiality, availability and integrity of the personal data collected and processed.
Data processing connected to web services is carried out only by personnel expressly authorized by the Data Controller.
DATA SHARING, COMMUNICATION AND DISSEMINATION
The Personal Data collected may be transferred or communicated:
TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
Some of the user’s Personal Data may be transferred to Recipients who are established outside the European Economic Area. Should this be the case, the Data Controller declares and guarantees to comply with the provisions of Articles 44 et seq. of the GDPR.
FURTHER INFORMATION ON DATA PROCESSING AND EXERCISE OF RIGHTS
For further information on the processing of Personal Data as well as to obtain, in the cases provided for by GDPR, access to their personal data and the rectification or cancellation of the same or the limitation of the processing that concerns them or to oppose the processing (Articles 15 et seq. of GDPR), any data subject may contact the Data Controller by sending an e-mail to [email protected].energy
RIGHT OF COMPLAINT
Data subjects who believe that the processing of their Personal Data carried out through this Site is in violation of the provisions of the GDPR have the right to lodge a complaint with the Data Protection Authority, as provided for in art. 77 of the GDPR itself, or to take appropriate legal action (art. 79 of the GDPR).
CHANGES TO THESE PRIVACY POLICIES