EU Regulation 2016/679
On 25 May 2018, the EU General Data Protection Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data (hereinafter
GDPR or the
Regulation) came into effect.
The processing of personal data collected by this site and the use of cookies are governed by the privacy laws and regulations in force, for the purpose of implementing the technical and organizational measures adopted by the data controller for the protection of the rights and the liberties of the data subject.
For more information on the types of personal data processed, the procedures and purposes of the processing and how the data subject can exercise his/her rights spelled out in the GDPR, we invite users to read the relevant Privacy Information Notice posted on this site.
For information on the use of cookies, we invite users to view the Extended Cookie Information Notice posted on this site (
Cookie Policy) which is provided pursuant to and for the purposes of the provisions of the Italian Data Protection Authority Decision “Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies - 8 May 2014”.
Definitions
- Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction and erasure or destruction.
- Data controller: the natural or legal person, public authority, agency or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
- Personal data: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Consent of the data subject: any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of his/her personal data.
- Recipient: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of that data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
- Third party: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
- Profiling: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
- Cookies: small text files that are sent to and stored on the user’s terminal equipment by the websites visited by the user. They are sent back to the originating websites on each subsequent visit by the user.
- Technical cookies: these cookies can be grouped into navigation and session cookies. They allow the user to navigate and use the functionalities of the website (for instance, make an online purchase or authenticate himself/herself to gain access to a reserved area). They are used for navigation purposes and for the provision of the services requested by the user. They are not used for other purposes and are usually directly installed by the website’s data controller. Without the use of this type of cookies, certain operations would either be impossible to perform or would be more complicated and/or less safe (for example, they allow and make possible session-based user authentication).
- Analytics cookies: these cookies are tools providing website analytical services that anonymously and in aggregate report on the way users use the website, how web traffic arrives to the site, and the number of visits and their duration. These cookies are not necessary for optimal use of the website and thus can be disabled.
The Italian Data Protection Authority has established (see Decision of 8 May 2014) that analytics cookies can be equated to technical cookies insofar as they are used directly by the website controller to collect aggregate information on the number of visitors and the pattern of visits to the website. Under these conditions, the same rules apply to the analytics cookies and the technical cookies as far as notice to the user and user consent are concerned.
- Third party cookies: cookies installed by a website other than the one the user is visiting. This happens because the visited website may contain items, such as images, maps, audio files and links to individual web pages on different domains, that are located on servers other than the one where the visited site is hosted.
- Profiling cookies: these are cookies used to track the net navigation pattern of the user and create user profiles on user tastes, habits, choices, etc. These cookies can be used to send advertising messages in line with the user’s online navigation preferences.
Data Controller
The data controller is GEOENERGIE SPA, having its registered office at Via Verdi, 11 - 24121 Bergamo, C.F. 00998130165 / P.IVA 02384370165
Data processed
Personal data collected: User name, Email address.
These data are collected at the moment of user registration on the website and can be processed for the following purposes:
a) to allow the user to access the website, for purposes strictly connected to the provision of online services, and, in particular, respond to the user’s request for information material, price quotes or sales proposals.
b) with the user’s consent, to effectively establish and manage business relationships, with particular reference to business promotion, advertising, enticement to purchase, market research, surveys, and statistical and marketing analysis.
The purposes defined in point b) can also be achieved using cookies, but always with the user’s consent.
Personal data collected: Name, Surname. Address, Country, Email address, Academic degree. The user applies by filling out an application form and providing his/her personal data directly on the site. The data collected for the application will be stored for a period of two years and then deleted.
Personal data collected: User name, Email address.
When a user registers to receive the newsletter, his/her name is added to a list of contacts, to whom the site will send email messages with information related to this website, including business and promotional information. The email address can also be added to this list of contacts as a result of the user’s registering or making a purchase on this website.
Personal data collected: Name, Surname, Email address, Position
The user registers by filling out a sponsorship request and providing his/her personal data directly to the site.
- Radici Connect (Sales Net and Worldwide)
Personal data collected: Sender, Email address
The user contacts the Group and provides his/her personal data directly on the site.
If the data provided by the user includes data concerning third parties, the user vouches to the controller that the consent of the interested third parties has been obtained for the collection and the processing of their data.
The mere consultation of the website itself does not entail the collection or the processing of user personal data, except for navigation data and cookies, whose relevance for privacy will be discussed in the following sections of this privacy policy.
During normal operation, the computer systems and software procedures controlling the functioning of the website acquire some data that are transmitted as an intrinsic part of the internet communication protocols. This kind of information is not acquired for purposes directly linked to identifiable data subjects but could, by virtue of its very nature, be processed and aggregated with the data held by third parties, in such a way as to make user identification possible. Such data include: IP addresses, domain names of user computers connected to the site, the URI addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file received in response to the request, the numeric code indicating the status of the server’s response (success, error, etc.) and other parameters pertaining to the operating system and the computer environment of the user.
This data will not be disseminated but used solely for the purpose of accumulating anonymous statistics regarding site usage and for monitoring correct site operation; it is retained for the time period established by the applicable laws and regulations. This notwithstanding, the data could be used to investigate and determine responsibility in the event of cybercrimes against the site.
Purposes of processing
Personal data will be processed for the purposes identified in the cookie information notice.
Cookies can be used for authentication services, monitoring of browsing sessions, storage of information, storage of specific information (preferences) on user configurations when accessing a given server, etc (
Cookie Policy).
A cookie cannot read data off the user’s hard disk, carry viruses or collect email addresses. Each cookie is unique to the user’s browser.
Processing procedures
Data processing will be carried out by means of tools and procedures which are adequate to ensure the security and confidentiality of the data, in compliance with the law, and will be performed both online and offline.
Specific security measures are followed in order to prevent the loss of data and any unlawful or improper use and unauthorized access.
Consent
At the time of registration, the user will be invited to read the information notice provided pursuant Article 13 of the Regulation and to confirm his/her consent to the processing of the data for the intended purposes described. Consent will be necessary for the sending of promotional and/or informational material concerning Radici Partecipazioni S.p.A. activities and services. However, failure to give consent will not prevent the user from using the services connected with registration.
The need for user consent to the use of cookies depends on the purposes for which the cookies are used:
- Technical cookies do not require the user’s consent, but the site must provide the user with the Extended Cookie Information Notice pursuant to Article 13 of the EU Regulation (Cookie Policy).
- Profiling and marketing cookies, on the other hand, may be installed on the user’s terminal equipment only if the user gives his/her explicit consent.
When a user visits this website, a cookie consent banner is displayed inviting him/her to click on the link to the Extended Cookie Information Notice, where he/she can change previously given consent for the use of cookies and choose which cookies to give consent to. The user is also informed that if he/she decides to continue to navigate by scrolling the homepage or by clicking any element on the page, he/she gives consent to the use of such cookies by this website.
Withdrawal of consent
The user will have the right to withdraw any previously given consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent given prior to the withdrawal. To revoke consent or request further clarification, send an email to
privacy@radicigroup.com.
Managing cookies in a browser
The user can, at any time, deny the use of cookies and revoke a previously given consent. Since cookies are linked to the browser, they can be directly disabled in the browser itself.
Disabling cookies could prevent the proper working of some of the functionalities provided by the site. In particular, disabling cookies may make it impossible to access certain services provided by third parties or even to display them on the user’s terminal equipment.
Here are the instructions on how to disable cookies:
- Internet Explorer: Select the Tools button / Select Internet options / Select the Privacy Tab / Under Settings select Advanced / Choose the desired level of privacy.
- Google Chrome: At the top right, click More > Settings / At the bottom, click Advanced / Under “Privacy and security”, click Content settings / Turn “Allow sites to save and read cookie data” to OFF.
- Firefox: Click the menu button and choose Options (Preferences on the Mac) / Select the Privacy (Privacy & Security on the Mac) panel / Under History, choose Use custom settings for history / To deactivate cookies, uncheckmark Accept cookies from sites.
- Safari: Choose Safari > Preferences / Click the Privacy panel / Select Block all cookies and choose one of the options: “Always allow”, “Allow from websites I visit”, ”Allow from current website only”, or “Always block”.
If the user blocks or deletes the cookies, it may become impossible to restore his/her preferences or settings.
Scope of data disclosure
The personal data provided by users will be processed by Radici Partecipazioni S.p.A. or by entities appointed by the company as data processors or persons in charge of processing. The data may be disclosed to third parties responsible for providing services related to website activities and tied to the performance of the contractual obligations undertaken in carrying out such activities. Said third parties will also be responsible for storing and processing the personal data needed for the execution of the services assigned to each one of them. More specifically, the third parties in question may be suppliers of technological and networking services, suppliers of logistics services or managers of payment systems and services.
Data retention period
The personal data will be retained only for the time needed to achieve the intended purposes based on the type of processing. Then, the data will be deleted.
The personal data collected from an application form sent to the site will be retained only for two years, after which they will be deleted.
Cookie duration
Cookies can be:
- Temporary or session cookies: these cookies are used to store temporary information. They allow linking the actions performed during a browser session. They remain active until the browser is closed or until logout.
- Persistent cookies: these are used to store information, such as name and password, so as to avoid the need for the user to input it each time he/she visits a specific site. These cookies are saved on the user’s device and “survive” the closing of the browser. They will become available on any subsequent user visit. The duration of persistent cookies is established by the server at the time they are created. In some cases, an expiry date is set, while in other cases the cookie duration is unlimited.
Rights of the data subject
Pursuant to the provisions of Articles 15-22 of the GDPR, the data subject has, at any time, the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed and, if that is the case, to obtain access to the personal data; to request information on the purposes of processing, the categories of personal data concerned, the recipients to whom personal data will be disclosed and the period of retention of the data; to ask for rectification and erasure, restriction on processing and data portability, as well as the right to object.
Specifically, the data subject will have the following rights:
- Right of access and right to rectification (GDPR, Articles 15 and 16): the right to obtain from the Controller confirmation as to whether or not his/her personal data is being processed, and, where that is the case, to access the personal data; the right to rectification of inaccurate personal data; and the right to have incomplete personal data completed.
- Right to erasure (GDPR, Article 17): the right to obtain from the Controller the erasure of his/her personal data in the cases established by the law and the regulations in force (e.g., the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed, the data subject withdraws consent, the personal data has been unlawfully processed, etc.).
- Right to restriction of processing (GDPR, Article 18): the right to obtain from the controller a restriction on the processing of personal data in the cases established by the law and regulations in force (the personal data is not accurate, the processing of the personal data is unlawful, etc.).
- Right to data portability (GDPR, Article 20): the right to receive his/her personal data in a structured, commonly used and machine-readable format and the right to transmit the data to another Controller.
- Right to object (GDPR, Article 21): the right to object, at any time, to the processing of his/her personal data which is based on points (e) and (f) of Article 6(1) of the Regulations, including profiling. The data subject may exercise his/her rights referred to above by written notice addressed to GEOENERGIE SPA, having its registered office at Via Verdi, 11 - 24121 Bergamo or to the email address privacy@radicigroup.com.
Filing a complaint with the Italian Data Protection Authority
In case of infringement of the data subject’s right to protection of personal data, the data subject may lodge a complaint with the Italian Data Protection Authority in accordance with the procedures and requirements posted on the site of the Italian Data Protection Authority (
https://www.garanteprivacy.it).
Third-party cookies
While visiting a site, the user may receive cookies from both the site he/she is currently visiting and other sites managed by other organizations, called “third parties”.
The managers and editors of this site are not responsible for the content of third-party sites, either directly or indirectly connected through links.
Given below is a list of the third-party cookies:
Google+: +1 button and social widgets
Google +1 button and social widgets are services provided by Google Inc. for interaction with the Google+ social network.
Personal data collected: Cookies and usage data.
Place of processing: USA –
Privacy Policy
YouTube Video
YouTube is a service provided by Google Inc., which allows users to view video content embedded in the web pages of this site.
Personal data collected: Cookies and usage data.
Place of processing: USA –
Privacy Policy
Vimeo Video
Vimeo is a service provided by Vimeo, LLC, which allows users to view video content embedded in the web pages of this site.
Personal data collected: Cookies and usage data.
Place of processing: USA –
Privacy Policy
Facebook: LIKE button and social widgets
The Facebook LIKE button and social widgets are services provided by Facebook, Inc., for interaction with the Facebook social network.
Personal data collected: Cookies and usage data.
Place of processing: USA –
Privacy Policy
Twitter: Tweet button and social widgets
The Tweet button and Twitter social widgets are services provided by Twitter Inc. for interaction with the Facebook social network.
Personal data collected: Cookies and usage data.
Place of processing: USA –
Privacy Policy
LinkedIn: LinkedIn button and social widgets
The LinkedIn button and LinkedIn social widgets are services provided by the LinkedIn Corporation for interaction with the LinkedIn platform.
Personal data collected: Cookies and usage data.
Place of processing: USA –
Privacy Policy
COMPANIES
GEOENERGIE SPA
Registro Imprese di Bergamo Nr. 00998130165
Capitale Sociale: € 12.600.000 I.V.
R.E.A. BG 284774 – C.F. 00998130165 / P.IVA 02384370165
GEOGREEN SPA
Registro Imprese di Bergamo Nr. 01833520164
Capitale Sociale: € 22.000.000 I.V.
R.E.A. BG 325684 – C.F. 01833520164 / P.IVA 00826610305