Privacy Policy

Privacy Policy

Pursuant to and as an effect of Art. 13 of Regulation (EU) No. 2016/679 of the European Parliament and of the Council of 27 April 2016 concerning the protection of individuals with regard to the processing of Personal Data, as well as the free movement of such Data (hereinafter referred to as the "Regulation" or "GDPR") Users are hereby advised that their Personal Data will be processed in compliance with the current legislation regarding the protection of Personal Data and what is specified below.

Definitions

  • Electronic authentication, the set of electronic tools and procedures for the indirect verification of identity, such as, but not limited to, the User's registration procedures based on input of the username and password.
  • Authorised Data Processors, natural persons authorised to perform processing operations by the Data Controller or the Data Processor, pursuant to Art. 29 of the Regulation.
  • Communication, provision of knowledge of Personal Data to one or more specific subjects other than the User, by the representative of the Data Controller in the territory of the State, the Manager and the Authorised Data Processors, in any form, including by making said Personal Data available or by consulting.
  • Contract, the terms and conditions governing the use of this Site and, in particular, the services and/or features that the User may employ.
  • Content, any and all information, data, software, music, sound, photography, image, video, message, opinion, comment or other material uploaded, posted or in any way present, transmitted or disseminated on this Site.
  • Authentication Credentials, Personal Data and devices, in possession of a User, known or uniquely related to it, used for Electronic Authentication.
  • Contact Data, Personal Data that allow the Data Controller to contact the User, such as, by way of example, address, email, telephone, or PEC.
  • Browsing Data, Personal Data processed automatically by the Site including: IP addresses or domain names of the computers employed by Users making connections through the Application, the time of connection request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (success, error, etc.), the country of origin.
  • Identifying Data, Personal Data that allow for direct identification of the User, for example, such as name, surname, tax code, date and place of birth.
  • Personal Data or Data, any information relating to a natural person, identified or identifiable, even indirectly, by reference to any other information, with particular reference to an identifier such as the name, an identification number, location data, an identifier online or one or more characteristic features of its physical, physiological, genetic, psychological, economic, cultural or social identity.
  • Dissemination, providing knowledge of Personal Data to undetermined subjects, in any form, including through their availability or consultation.
  • Guarantor, the supervisory authority pursuant to Art. 51 of the Regulation.
  • Information or Privacy Policy, this document.
  • Security Measures, the set of technical, IT, organisational, logistical and procedural measures adopted by the Data Controller to guarantee a level of security appropriate to the risk of the processing, pursuant to Art. 32 of the Regulation.
  • Data Processors, the natural person or legal entity, public authority, service or other body that processes Personal Data on behalf of the Data Controller.
  • Person in Charge of Data Protection, the natural person or legal entity that assists the Data Controller or the Person in Charge of fulfilling the obligations set forth in the Regulation, acts as a point of contact for the supervisory authority and cooperates with the latter, provides, if requested, an opinion on impact assessment pursuant to Art. 35 of the Regulation, and supervises the observance of the Regulation by the Data Controller or the Manager.
  • Website, the internet site, available at edf-re.it
  • Internet Traffic Monitoring Tools, proprietary and/or third-party tools through which the Data Controller is able to verify and/or monitor the use of the Website. By way of example, Internet Traffic Monitoring Tools could be used to determine the most viewed pages, the most used keywords in search engines, etc.
  • Third parties, subjects that offer services directly or indirectly to the User.
  • Data Controller, the natural person or legal entity, public authority, service or other body which, individually or together with others, determines the purposes and means of the processing of Personal Data; when the purposes and means of such processing are determined by EU or Member State law, the Data Controller or specific criteria applicable to its designation may be established by Union or Member State law.
  • Processing, any operation or set of operations, performed with or without the aid of automated processes and applied to Personal Data or sets of Personal Data, such as collection, registration, organisation, structuring, preservation, adaptation or modification, extraction, consultation, use, Communication by transmission, Dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction.
  • User, the natural person who makes one or more connections to the Website and uses the services and features provided by the Site Owner.

Information on the Processing of Personal Data

Types of data processed

  1. Data processed automatically by the Site, understood as those Data processed automatically by the computer systems used to operate the Site, the transmission of which is implicit in the use of Internet communication protocols. This category includes, for example, the IP addresses of the devices employed by the Users who connect to the Site, the URI addresses of the requested resources, the time of the request, the method used when submitting the request to the server, the numerical code of the reply provided by the server, and a number of parameters related to the User's operating system and IT environment.
  2. Data provided directly by the User, understood as those Data provided voluntarily by the User during regular browsing on the Site or to request certain services from the Owner, for example, such as, the name, surname and email address, the telephone, the country of origin and any data contained in the messages sent. These Data are collected through the various contact forms on the Site to request information from the Owner or to send a spontaneous application (through the "Work with us" section).
  3. Cookies, understood as those small text strings that the Site may send to the User's terminal (usually to the browser), where they are stored before being re-transmitted to the Website during the next visit by the same User, to ensure correct operation of the Site’s services or to enhance User experience. For further information, the User is invited to consult the Cookie Policy.

 

Purposes of processing

Purposes of processing Legal basis
The User's Personal Data is processed to ensure the proper functioning of the Site, to prevent fraud and to obtain anonymous statistics on the use of the Site. The processing performed for these purposes is carried out on the basis of a legitimate interest of the Data Controller.
The User's Personal Data are processed in order to comply with the legal obligations of the Data Controller (e.g. accounting, administrative and tax obligations concerning the management and invoicing of training courses provided by the Data Controller). The processing performed for these purposes is carried out on the basis of a legal obligation to which the Data Controller is subject and does not require the specific consent of the User.  
The User's Personal Data are processed in order to process the requests of the latter (e.g. reply to a request for information on the services provided by the Data Controller). The processing performed for these purposes is necessary for the fulfillment of contractual obligations or to perform pre-contractual measures requested by the User and does not require specific consent from the latter.
The User's Personal Data is processed in order to allow the User to send a spontaneous application via the Site and to process the application. The processing performed for these purposes is necessary for the fulfillment of contractual obligations or to perform pre-contractual measures requested by the User and does not require specific consent from the latter.

 

Processing Methods and Categories of Recipients

  1. 1. Unless otherwise expressly provided for herein, the User shall be informed that the processing of his/her Personal Data is to be carried out using manual and/or computer systems, computerized or automated, in compliance with the principles of relevance, lawfulness, correctness and purposes envisaged in the Regulation.
  2. The Data Controller shall process the User's Personal Data by adopting the appropriate Security Measures aimed at minimizing the risks of unauthorized access, Dissemination, loss and destruction of the aforementioned Data, pursuant to the Regulation.
  3. The User is also hereby informed that the Processing of Personal Data for the performance of the above purposes, as well as for activities related to the maintenance of the technological part of the Site, may be carried out by the Data Controller directly or through the collaboration of other subjects , such as Data Processors or Authorised Data Processors (for example, employees and/or collaborators of the Data Controller). In particular, Personal Data may be disclosed to the following categories of Persons in Data Processors:

 

    • External companies, professionals or consultants and IT (information technology) assistance
    • Managers of email services (e.g. aruba mail, gmail, etc.)
    • Third Parties through which specific services are provided to Site Users
    • Social network service managers
  • The list of Managers can be consulted at any time, by submitting a request to the following email address: segreteria@edf-re.it.
  • In any case, the User is invited to consult the analytical list of Third Party services used by this Site, provided that such services could, however, become aware of some of the User’s Personal Data.

Data transfer

  1. The User is hereby informed that the Personal Data processed by the Data Controller may be transferred to other countries belonging to the European Union.
  2. The User is also hereby informed that the Personal Data processed by the Data Controller may be transferred to other countries outside the European Union, for which there is an adequacy decision of the Commission.

Data Storage Period

  1. The Personal Data processed by the Data Controller will be processed for the entire duration of the contractual relationship, for the execution of the obligations related to said relationship and which may ensure from it, as well as for defensive purposes until the expiration of the applicable statutory limitation period.
  2. The Data Controller hereby reserves the right to process some Personal Data even for a longer period of time, where required by specific laws (e.g. invoicing and related obligations).

The User’s Rights

  1. The User shall be engtitled to exercise at any time the rights specified in the Regulation pursuant to articles 15-22, in particular:
    • The User has the right to request the Data Controller to access Personal Data, pursuant to and within the limits set forth in Art. 15 of the Regulation.
    • The User has the right to request the Data Controller to rectify any and all inaccurate Personal Data, pursuant to and within the limits of Art. 16 of the Regulation.
    • The User has the right to ask the Data Controller to delete the Personal Data, pursuant to and within the limits set forth in Art. 17 of the Regulation.
    • The User has the right to request the Data Controller to limit the processing of personal data, pursuant to and within the limits of Art. 18 of the Regulation.
    • The User has the right to request the Data Controller to communicate his Personal Data in a structured and readable form by an automatic device, pursuant to and within the limits of Art. 20 of the Regulation.
    • The User has the right to object to processing by the Data Controller, pursuant to and within the limits set forth in Art. 21 of the Regulation.
    • The User has the right to lodge a complaint with the supervisory authority.
    • The User has the right to revoke his/her consent to the processing, with reference to Processing that is based on the legal basis referred to in Art. 6.1. a) of the Regulation. Pursuant to Art. 7, paragraph 3 and of the Art. 13, paragraph 2 c) of the Regulation we inform the User that, in any case, the revocation of his/her consent does not affect the lawfulness of Processing based on consent prior to said revocation.

 

Data Controller

  1. For the purposes specified herein, the Data Controller shall mean: EDF EN Italia S.p.A, with headquarters in 00187 Rome (RM), Via Sardegna, 40, C.F / P.IVA 07224181003.

Revisions to this Privacy Policy

  1. The Data Controller hereby reserves the right to make revisions to this Privacy Policy at any time, by giving notice to Users on this page or by mail.
  2. Users are therefore invited to consult this page frequently, referring to the date of the last revision indicated at the bottom.
  3. In case of non-acceptance of the revisions made to this Privacy Policy within the terms that will be communicated from time to time, the User is required to no longer use the services and/or features made available by the Site.
  4. Otherwise specified and without prejudice to the rights referred to in Articles 15-22 of the Regulation, the previous Privacy Policy shall continue to apply to Personal Data collected up to that moment and/or acquired.

 

This notice was posted on 18 September 2018.

 

  • LIST OF THIRD-PARTY SERVICES USED

 

This section indicates some of the Third-Party services, which may be used to carry out some of the processing referred to in the aformentioned notice.