Privacy policy

1. DATA CONTROLLER

The Data Controller Renantis Solutions – with registered office at Viale Monza, 259 – 20126 Milano, , Italy, VAT no. 10420860966 (the “Controller”, “we/us”, “our”), pursuant to Article 13 of the General Data Protection Regulation (EU) 2016/679 (the “Regulation”), hereby informs you that your personal data will be processed for the purposes and via the methods indicated below.

This privacy policy (the “Policy”) refers to processing performed by the Controller of the personal data of users who, like you, interact, register or request the services offered by the website www.falckrenewables-next.com (the “Website”).

You are invited to carefully read this Policy and the additional privacy notices present on the Website, before using our services.

2. PURPOSES AND LEGAL BASIS FOR PROCESSING

In accordance with the Regulation, the processing described below is governed by principles of legality, correctness, transparency, limitation of purposes and storage, as well as minimisation, precision, completeness and confidentiality of data.

2.1 MAIN PURPOSES

The Controller processes your personal data for the following main reasons:

  • for performance of a contract of which you are a party or to carry out pre-contractual activity at your request (for example: to provide the requested service/product, provide the related pre/post-sales customer service, also via email/telephone, examine your CV in the case of sending via the section “Work with us”, as well as to perform all related operational, administrative and management activities);
  • to fulfil obligations defined by laws, regulations or national/EU legislation, including, for example, obligations defined by the judicial authority and other competent authorities;
  • to pursue our legitimate interests to protect our rights, to utilise or defend these rights in the relevant contexts (for example: judicial, arbitral or administrative), to safeguard our assets, prevent fraud, manage any special corporate operations, and to improve the services offered on the Website.

Provision of personal data for the purposes a), b) and c) is mandatory to finalise a contract with us, to allow us to provide the service/product requested or to respond to your requests, as well as to allow us to examine your CV if it was sent using the “Work with us” section or to fulfil the legal obligations connected with finalisation of the contract. In the case of a failure to provide your personal data, the Controller will be unable to establish a contract relationship with you, fulfil the contract and/or the aforementioned obligations or perform the aforementioned actions.

2.2 OTHER PURPOSES

Subject to your free and optional consent, the Controller processes your personal data also for the following additional purposes:

  • to send commercial communications regarding products, services, events and promotions of the Controller, including market research, statistical analysis and qualitative surveys, through automated telephone calls and similar means, including email, as well as traditional methods such as paper materials sent via post and telephone calls by human operators (“marketing purposes”)
  • to send your personal data to other companies of the Controller’s group operating in the energy sector in order for sending of commercial communications regarding products, services, events and promotions of these third-party companies, including market research, statistical analysis and qualitative surveys, through automated telephone calls and similar means, including email, as well as traditional methods such as paper materials sent via post and telephone calls by human operators (“sending to third parties for marketing purposes”)

Provision of personal data for marketing purposes and sending to third parties for marketing purposes is optional. In the case of a failure to provide the data, we will be unable to send commercial and/or promotional communications or send your personal data to Group companies or third parties as indicated above, but there will be no negative consequences for you.

In any case, if consent is provided, you may withdraw your consent for marketing purposes and sending to third parties for marketing purposes at any time and, with specific reference to marketing purposes, you may withdraw your consent for all methods of communication or just for some, using the methods indicated below or those indicated within each communication.

If you are already our customer or have already used services offered by the Controller, communicating your email address to us in the context of the sale of a service or product, we will send you commercial communications via email regarding products and services of the Controller similar to the product or service sold, on the basis of our legitimate interest in performing promotional activity. It is understood that, also in this case, you may object at any time to the sending of commercial communications via the methods indicated below or those indicated within each communication.

3. CATEGORIES OF PERSONAL DATA PROCESSED

The Controller processes the following personal data using electronic tools, including automatic processes and manual processes with procedures and logics designed to pursue the aforementioned purposes:

  • data provided by you voluntarily including your name, surname, email, telephone number, data regarding your working role (cases in which you communicate your personal data to us, for example, to register on the Website, request a service or product, register for the newsletter), as well as data contained within your CV if it is sent using the “Work with us” section;
  • browsing data acquired by the IT systems that make the Website function, the transmission of which is implicit in use of Internet communication protocols (information that is not gathered to be associated with identified data subjects but which due to its nature could, through processing and association with data held by third parties, allow identification of the users — this category of data includes IP addresses, browser type, operating system, domain name and addresses of sites which have been visited or left, information on pages visited by users within the Website, time of access, time spent on a single page, analysis of internal route and other parameters regarding the operating system and computing environment of the user. This data is gathered and used in aggregate and anonymous form for the sole purpose of improving the quality of services offered by the Website, optimising Website functionality and compiling statistical information concerning use of the Website);
  • data gathered by cookies (as the Website uses cookies that gather personal data of users, you are invited to view the Cookie Policy that describes the cookies used by the Website and the purposes of their use).

The Controller does not process personal data belonging to special categories of personal data (e.g. health data). By browsing, interacting, registering or requesting services offered by the Website, you confirm that you are older than 16 years of age.

If you provide us with personal data of third parties, you are processing data in the capacity of an independent data controller and should take all necessary steps to ensure that such communication and our subsequent use for the purposes indicated in each case are compliant with applicable legislation (e.g. before providing us with personal data of third parties, you should obtain their prior informed consent, if required by applicable legislation). In any case, you undertake to release the Controller from liability in the context of any dispute, claim or request from any data subject that may arise due to provision of personal data to the Controller in breach of applicable legislation.

4. STORAGE OF PERSONAL DATA

Regarding purposes a), b) and c) above, the Controller stores your personal data for the period of time strictly necessary for the purposes indicated above (e.g. where the user has an account, until closure of the account), observing the civil and fiscal obligations for storage of data and the limits established by law. More specifically, data processed to fulfil any contractual obligation with you may be stored for the entire duration of the contract and for 10 years following the end of the tax year following the year where tax was applicable, for the purposes of any checks and/or disputes of a fiscal nature. In the event that it is necessary to defend ourselves or take action or submit a claim in your regard or in regard to third parties, we may store personal data that we consider reasonably necessary to process for these purposes, for the period of time for which such a claim may continue.

If a CV is sent via the “Work with us” section, the data may be stored up to the end of the selection process and, in the case of cold application, for up to 12 months, with the exception of possible extension subject to your prior consent.

Regarding processing of your personal data for marketing purposes, personal data shall be stored for no longer than 24 months from when they are gathered, unless you withdraw consent beforehand or in the event of possible extension subject to your prior consent.

Browsing data will be stored at the office of the Controller for the periods of time defined by applicable legislation, in accordance with the principle of proportionality, and limited to the period necessary for the purposes for which the data was gathered.

At the end of the established period for storage, the personal data will be deleted or converted to anonymous form, except where further processing is necessary for other legitimate purposes of the Controller (e.g. resolution of pre-litigation procedures or litigation procedures launched previously, the need to follow-up on investigations by the judicial authority or other competent authorities launched prior to the expiry of the period for storage).

5. GATHERING AND COMMUNICATION OF DATA

Personal data in the possession of the Controller are gathered directly from you. For the purposes indicated above, your personal data are accessible to the personnel of the Controller, including consultants, duly authorised and trained in the processing of personal data and to third parties (e.g. suppliers of technical, management and organisational services to which the Controller has outsourced certain activities for greater efficiency) which have signed a specific agreement with the Controller and act in the capacity of data processors. These parties are only provided with the personal data required for performance of their respective duties and they undertake to use the personal data solely for the purposes indicated above, maintain data confidentiality and act in accordance with applicable legislation.

For the purposes indicated above, it may be necessary that Controller shares your personal data with the following categories of recipients:

  • companies of the Controller’s Group, in order to fulfil legal obligations or to provide the services/product requested (e.g. if you request information regarding a service/product offered by other group companies, we will share your data with these companies in order to allow them to respond to your questions and send you the information requested);
  • third-party companies that provide accounting, administrative, legal and tax services to the Controller or that operate as banking, financial and insurance intermediaries, including parties involved in various ways in processes for the supply of the product/service requested or in subsequent phases (e.g. customer services, shipping and postal services and credit-recovery companies);
  • third-party companies operating in the support and consulting field or in the provision of other services to the Controller, also in the case of corporate mergers, sales or transfers of business units, in order to allow performance of such operations, as well as third-party companies involved in such operations;
  • third-party companies that perform audit, revision and certification of Controller activities;
  • judicial authorities and other competent authorities/public offices.

You may request an updated list of the data processors and recipients of your data by contacting the Controller, using the methods described below.

The Controller specifies that some of the parties indicated above may be located abroad, also in countries outside the European Economic Area which may not guarantee an adequate level of protection of personal data. In such cases, the Controller allows access to personal data for the aforementioned purposes only after adopting the necessary precautions established by the Regulation for a legitimate transfer (e.g. following signing of standard contractual clauses of the European Commission for the transfer of personal data abroad).

6. DATA SUBJECT’S RIGHTS

You may exercise the following rights at any time:

  • right to access to personal data and the following information: purposes of data processing, categories of personal data in question, recipients or categories of recipients to which your personal data may be sent, period of storage of personal data (where possible), and, where personal data where not gathered from you, all information available regarding their origin, pursuant to Art. 15 of the Regulation;
  • right to rectification of incorrect personal data pursuant to Art. 16 of the Regulation;
  • right to erasure of personal data concerning you, where the grounds exist pursuant to Art. 17 of the Regulation;
  • right to restriction of processing, where the grounds exist pursuant to Art. 18 of the Regulation;
  • right to receive or request transfer of personal data concerning you in the possession of the Controller in a structured, commonly used, readable format, for further personal use or for provision to another data controller, where the grounds exist pursuant to Art. 20 of the Regulation;
  • right to object to processing, where the grounds exist pursuant to Art. 21 of the Regulation;
  • personal data, where applicable, which produces legal effects concerning you or which significantly affects you, where the grounds exist pursuant to Art. 22 of the Regulation;
  • right to withdraw your consent, also for the purposes connected to sending commercial communications (with effect only going forward).

The Controller reminds you that the rights above may be limited where exercising them could lead effectively and tangibly to undermining the legitimate interests of the Controller.

Exercising these rights carries no cost but the Controller reserves the right to ask for a fee in the event that requests are evidently unfounded or excessive.

Finally, the Controller reminds you that you always have the right to lodge a complaint with the Italian Data Protection Authority according to the methods indicated on the website www.garanteprivacy.it.

To exercise the above rights or for any request regarding processing of personal data by the Controller, you may contact the Controller without procedural formalities at the following email address:  privacyexpert@nadara.com.

7. THIRD-PARTY WEBSITES

As the Website may allow access to websites owned and operated by third parties, we hereby specify that the Policy does not apply to such third-party websites and the Controller is not responsible for processing of personal data by such third parties operating as independent data controllers. In such cases, we suggest carefully reading the privacy policies of the third-party websites.

8. CHANGES AND UPDATES

The Controller reserves the right to entirely or partially change or update the contents of the Policy (also following changes to applicable regulations). Changes will be published on the Website and, if significant, communicated to you via email. The Controller therefore invites you to regularly visit this section to remain up to date on the methods employed by the Controller to process your personal data. Previous versions of the Policy may be requested from the Controller by the methods indicated above.


Version updated in July 2024