INFORMATION ON THE PROCESSING OF THE PERSONAL DATA OF WEBSITE USERS
in accordance with art. 13 of EU Regulation 2016/679
The Group is particularly committed to protecting your personal data.
For this reason, we wish to offer Users who interact with the Services accessible via the address: www.agnenergia.com, a clear, transparent overview of the information we collect during navigation of the website and of the protection measures put in place by the Controller, in compliance with the General Data Protection Regulation 2016/679 (hereinafter GDPR or Regulation) on the protection of individuals with regard to the processing of personal data
Each Group company has implemented the technical and organisational measures and best practices to guarantee an appropriate level of security and confidentiality with regard to personal data.
WHO IS the Data Controller of your data?
The companies Quiris Sapa; Autogas Nord Spa; GTS Spa; Verdenergia Srl; Autogas Riviera Srl; Ecoclima Srl; Chiurlo Gas Srl; Gruppo Energia Italia Srl, Splendrogas Srl, represented by the pro tempore legal representative, with registered offices provided in the “contacts” section of the website, with which you entered into and/or may enter into a Services and/or work contract, is the Data Controller (hereinafter the Controller).
Each company in the Group is an independent Data Controller, but each has adopted the same technical and organisational measures and best practices in matters of personal data protection. The Controller can be contacted by writing to the e-mail address: firstname.lastname@example.org, email@example.com or by calling the telephone numbers given in the “contacts” section. The Data Protection Officer (DPO) can also be contacted at the following e-mail address: firstname.lastname@example.org.
What does personal data mean and WHAT DATA do we process?
“Personal data” means any information that may identify, directly or indirectly, a natural person, in this case you (data subject), the user of the website, who surfs the web.
Customers and potential Customers
In particular, we collect and process the personal data (hereinafter also just “data”) of Customers and those who may potentially use the many Services offered by the Group and become our Customers:
- identification data: name and surname of the User, province of residence;
- contact data: e-mail address, telephone number(s);
We collect and process the personal data of Users who apply for a position within the Group by sending their curriculum vitae:
- identification and personal data of the applicant (for example name, surname, date and place of birth, tax code),
- contact data (for example town, province, landline and mobile telephone numbers, e-mail address);
- any “particular categories of personal data”, i.e. «personal data that reveal the racial or ethnic origin, religious or philosophical beliefs, trade union membership, as well as genetic information, biometric data for the purpose of uniquely identifying a natural person, data concerning health or sex life or sexual orientation of the person» and in particular “data concerning health, i.e. «personal data relating to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health», only where strictly necessary for the correct classification of the resource (possible belonging of data subjects to “special categories”), therefore it is forbidden for data subjects to add further data regarding the aforementioned special categories into their curricula (including data concerning health, political and religious opinions and those regarding trade unions);
- any other data or information added to the curriculum vitae.
Users of the website
We collect and process the data regarding all website Users:
• data collected via "cookies".
Cookies are small text files that the websites visited by the User (“Data Subject” according to the GDPR) send to their terminals via the browser used to open and consult the web pages, where they are stored ready to be retransmitted to the same websites when the same user visits the site again. When browsing a website, the User may also receive on his or her terminal cookies sent from different websites or web servers (so-called “third parties”) on which certain elements (such as, for example, images, maps, sounds, specific links to pages of other domains) present on the website being visited may reside.
What are the PURPOSES and LEGAL BASES of the processing?
The Controller collects and processes the personal data supplied by Users when they fill in appropriate sections of the website, which is subsequently communicated:
A. to respond to information and contact requests concerning the Services offered by the Group Companies;
The conferral of your personal data for purpose A is essential to be able to follow up your requests for information and does not need your prior consent. Your refusal to provide the foregoing data, in fact, although legitimate, would compromise the ability of the Companies of the Group to answer your requests. The processing of your data for purpose A is instrumental for implementing the pre-contractual measures adopted at your request and to the legitimate interest of the Controller to answer your requests for contact and information.
B. For the purposes of selection and recruitment of employees of the Controller. In particular, to follow up the application for a position by you, i.e. for the recruitment and selection of staff for the companies of the Group; for planning activities, for internal control services by means of processing, including electronic processing, of professional profiles, as well as for consultation and comparison of the same.
The conferral of your personal data for purpose B is optional, however a failure to confer such data means that the Group would not be able to make the checks envisaged by current internal procedures and, as a result, would make it impossible to perform the activities necessary to select staff and subsequently recruit the Applicant.
The conditions of lawfulness of the processing of your Personal data for the purposes pursuant to letter B are the implementation of the pre-contractual measures adopted at the request of the data subject, as well as the legitimate interest of the Controller for organisational and productive needs.
C. To permit website navigation (in reference to cookies). Processing is necessary to pursue the legitimate interest of the Controller with regard to the ordinary management and maintenance of the website in question.
D. For commercial promotion and marketing purposes. In particular, with a view to continuously improve the Customer Experience and for the purpose of offering “tailor-made” services, we will process your data to:
- send you e-mails, mail and/or SMSes and/or telephone contacts, newsletters, commercial communications and/or advertising material regarding the products and/or services offered by the Controller, or to invite you to events and trade fairs at which the Controller is participating to promote its Services.
The conferral of your personal data for purpose D is optional and therefore your prior and specific consent is required, which must be given in writing and can be withdrawn at any moment. Failure to give consent to the processing of your personal data for the purposes pursuant letter D will not compromise or limit in any way processing for the purposes pursuant to letters A, B and C.
What are the METHODS of processing?
The companies of the Group, as Data Controllers, collect your personal data directly when you register/fill in the Forms present on the website.
The processing of data for the purposes stated will take place using both automated methods, on electronic or magnetic media, and non-automated methods, on hard copy, in compliance with the rules of confidentiality and security provided by art. 32 of the Regulation,subsequent regulations and internal provisions.
For HOW LONG and WHERE to we keep your personal data?
We retain your data only for the time necessary to process such data for the aforementioned purposes.
In particular, for the purposes pursuant to letter A, we will process your data for the time necessary to respond to your request and, in any case, for no longer than 24 months from the last contact request.
For the purposes of selection and recruitment of employees pursuant to letter B, we will retain your data for up to 1 year from collection. In any case, curricula voluntarily submitted, if deemed not to be of interest to the Company, will be destroyed if in paper format, and deleted from electronic media.
For the purposes of commercial promotion and marketing pursuant to letter D, collected with your explicit written consent, we will retain your data for a maximum period of 2 years from collection, at the end of which the data will be automatically erased or anonymised in a permanent and non-reversible way, without prejudice to you withdrawing your consent expressed previously.
TO WHOM do we communicate your personal data?
We communicate your data only to parties (our employees and partners authorised to perform processing, external Processors especially appointed or recipients due to legal requirements) used by us to conclude the activities necessary to fulfil the aforementioned purposes and to perform the Services requested by you, in particular:
- to parties involved in the organisation of websites (for example administrative, commercial, marketing, legal staff, system administrators);
- to external parties (such third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies);
- to subsidiary or associated companies of the Group, wherever necessary to pursue the purposes described above.
WHERE do we transfer your data?
As a rule we do not transfer your data outside the European Union. In any case, the Controller points out that, whenever it is deemed necessary to transfer your data outside the EU, processing will take place in compliance with applicable laws, even by preparing standard contractual clauses as envisaged by the European Commission or by adopting BCRs (binding corporate rules).
What are your RIGHTS as Data Subject?
In relation to the aforementioned processing, you may exercise the rights pursuant to articles 15 to 22 of EU Regulation 2016/679.
In particular, in the cases set out in the Regulation, the data subject has the right to request from the Data Controller access to his/her data, rectification or erasure of the same, the right to object to processing or to request restriction of the processing and to obtain his/her data in a structured, commonly used and machine-readable format. The data subject may also, at any time, withdraw his/her consent given in accordance with art. 7 of the Regulation.
The aforementioned rights may be exercised towards the Controller by writing to the e-mail addresses email@example.com - firstname.lastname@example.org or by contacting the Controller at the telephone numbers given in the “contacts” section. You may also contact the Data Protection Officer (DPO) at the following e-mail address: email@example.com
In accordance with applicable legislation, the data subject may also make a claim to the Italian Data Protection Authority (Garante) in compliance with art. 77 of the Regulation whenever it is deemed that the processing of your Personal Data is contrary to legislation in force.
The Data Controller reserves the right to amend and/or implement this policy even if as a result of legislative amendments made after the pre-contractual or contractual relationships were established with you, or if due to recommendations, general authorisations, guidelines, further guarantee measures indicated by the Italian or European Data Protection Authority, but always for the purpose of providing greater protection of your personal data during processing. The policy is available on the website in an updated version as at the date given below.
Version updated October 2020