Privacy Policy - NVA Renewables

PRIVACY POLICY OF NVA SRL

This privacy policy is provided pursuant to Article 13 of the EU Regulation 2016/679 (the “Regulation”) and refers to any visitor or user of the website https://www.nvarenewables.com/ (the “Website”).
In accordance with the principles of the Regulation, users’ personal data processing will be carried out in accordance with the principles of lawfulness, fairness, transparency, purpose and storage limitation, minimization and confidentiality, as well as the principle of accountability referred to in Article 5 of the Regulation. This privacy policy does not apply to data processing activities carried out by owners of websites or platforms to which the Website may refer. Please refer to the privacy policy provided by the respective owners for information regarding the processing of personal data carried out by them.

1. Who is the data controller?
The Data Controller is NVA S.r.l., with registered office in Via Lepetit, 8 – 20045 Lainate (MI), C.F./P. VAT IT10935300961 (the “Data Controller” or “NVA”).
The Data Controller can be addressed at any time with reference to this privacy policy and for any question regarding data processing by sending an email to the following email address: info@nvarenewables.com.

2. Which personal data are processed?
Browsing data
The software used to operate the Website acquires, during its normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to identify the data subjects, but by its very nature could, through processing and association with data held by third parties, allow users identification. This category of data includes the IP addresses or domain names of the devices used by users connecting to the Website, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment. These data are generally used in order to obtain anonymous statistical information on the use of the Website or to check its correct functioning, to identify anomalies and/or abuses. Browsing data could be used to ascertain responsibility in case of hypothetical crimes against the Website or third parties.
Data voluntarily provided, directly or indirectly, by the user
Without prejudice to the reference to specific disclosures contained therein, this privacy policy also refers to the processing of data voluntarily provided by the user in information request forms and contact communications.

3. What is the purpose of the processing of personal data? Is the data processing lawful?
User’s personal data will be processed for the following purposes.
a) To ensure the usability of the Website: to allow users to visit the Website and manage the security of the Website, to handle specific users’ requests; the legal basis for these data processing activities is Article 6(1)(b) of the Regulation as they are instrumental to offering a service to the user or to respond to a user request;
b) Fulfilling legal obligations: fulfill any obligations under applicable laws and regulations or to comply with requests from authorities pursuant to Art. 6(1)(c) of the Regulation;
c) Sending emails about the services of the Data Controller: to carry out marketing activities via email for services similar to those users requested. This data processing will be carried out pursuant to Article 130, paragraph 4 of Legislative Decree No. 196/2003, unless users expressly refuse to receive such communications ;
d) Sending communications related to the Data Controller’s activity also through other means of communication: for the communication of services offered by the Data Controller to customers via email, or also for sending advertising material and commercial communications by automated means, such as SMS, telephone calls without operator, messages through web applications, mail or telephone calls through operator. This processing activity is carried out subject to the consent given by the data subject pursuant to Article 6(1)(a) of the Regulation;
e) Statistical purposes: for statistical purposes, without being able to trace back to the identity of the user, so it is not under the scope of the Regulation. Specific security measures are observed to prevent data loss, unlawful or incorrect use and unauthorized access in accordance with Article 32 of the Regulation.

4. Are the data disclosed to any third party?
For the above-mentioned purposes, personal data may be disclosed to the following category of recipients (the “Recipients”):
(i) parties typically acting as data processors pursuant to Article 28 of the Regulation, namely: i) persons, companies or professional firms providing assistance and consulting services to the Data Controller;
(ii) subjects delegated to carry out technical maintenance activities of the Website and the IT system; (iii) providers of the service that the Data Controller uses to achieve the purposes indicated above (e.g. Website developers and server hosting providers; mailing list sending, electronic communication systems); always in compliance with the principle of minimization by limiting the data processing to only personal data strictly necessary to achieve the specific purpose;
(ii) persons, entities or authorities to which we are under the legal obligation to communicate your personal data under applicable laws or court order;
(iii) persons authorized by the Data Controller, pursuant to Article 29 of the Regulation, who have committed to confidentiality or have an appropriate legal obligation of confidentiality.
Personal data will not be shared with entities outside the European Economic Area. Should it be necessary to transfer personal data to Recipients outside the European Economic Area, the transfer will take place in accordance with Articles 44 – 49 of the Regulation.

5. For how long will the data be retained?
Personal data processed to Ensure the usability of the Website will be retained for as long as is strictly necessary to achieve said purposes of secure browsing and to handle the requests for information.
Personal data processed to Fulfill legal obligations will be retained for as long as required by the specific applicable legal obligation or rule.
To Send emails about the services of the Data Controller, the user’s personal data will be processed until the user has objected to the data processing.
For Sending communications related to the company’s business including through other means of communication, the user’s personal data will be processed until the user withdraws the consent.
This is without prejudice, in any case, to the possibility for the Data Controller to retain personal data for the period of time provided for and permitted by Italian law to protect its interests (Art. 2947(1)(3) c.c.).

6. Which are the rights of the data subjects?
Pursuant to Articles 15 to 22 of the Regulation, the user has the right at any time to withdraw the consent given without prejudice to the lawfulness of the processing carried out before the withdrawal, to obtain confirmation of the existence or non-existence of the personal data processing and to have access to the personal data, verify their accuracy or request their integration or update, or rectification; to request the erasure of personal data in the cases provided for by Art. 17 of the Regulation; the user has the right to request the limitation of processing in the cases provided for by art. 18 of the Regulation, where technically possible; to obtain in a structured, commonly used and machine-readable format, the personal data concerning the user, in the cases provided for by art. 20 of the Regulation; as well as to oppose their processing in the cases provided for by articles 21 and 22 of the Regulation.
In any case, the user always has the right to lodge a complaint with the competent supervisory authority (Garante per la protezione dei dati personali), pursuant to art. 77 of the Regulation, if he or she believes that the processing of his or her personal data is contrary to the legislation in force.

7. Amendments
The Data Controller reserves the right to change or update this privacy policy, including due to changes in applicable legislation.
The Data Controller therefore invites users to visit this section regularly to read the updated version of the privacy policy.