Privacy Notice

01 Categories of data processed

a) Browsing data

The IT systems and software procedures used to operate this website acquire, in the course of their normal operation, certain data whose transmission is implicit in the use of Internet communication protocols: IP addresses, browser and device type, operating system, date and time of access, and pages visited. Such data is processed in aggregate form for the purposes of security and technical diagnostics.

b) Data voluntarily provided by the user

When the user completes the form to request the Investment Memorandum available on the website, the data entered is collected, in particular: first and last name, corporate role or function, organisation, type of party, email address, telephone number, language of the requested document, and any free-text message.

02 Purposes and legal basis of processing

Personal data is processed for the following purposes:

• Responding to requests and delivering the documentation (Investment Memorandum and related materials) — legal basis: performance of pre-contractual measures taken at the data subject's request (Art. 6.1.b GDPR) and consent given by the data subject (Art. 6.1.a) through the dedicated checkbox in the form.
• Technical management, operation and security of the website — legal basis: the legitimate interest of the Data Controller in providing and protecting the service (Art. 6.1.f GDPR).
• Compliance with obligations under laws or regulations — legal basis: legal obligation (Art. 6.1.c GDPR).

03 Methods of processing

Processing is carried out using IT and electronic tools, with logic strictly related to the purposes indicated and through the adoption of technical and organisational measures appropriate to ensure the security, confidentiality and integrity of the data. No automated decision-making and no profiling activity is carried out.

04 Recipients of the data and data processors

Personal data may be processed, on behalf of the Data Controller, by technology service providers appointed as Data Processors pursuant to Art. 28 GDPR. In particular:

• Hosting and form-management provider — the website is hosted and the data submitted through the form is collected and stored via Netlify, Inc. (United States).
• Web fonts provider — the website uses the «Google Fonts» typefaces served by Google's servers (Google Ireland Ltd. / Google LLC); to deliver these fonts, Google receives the user's IP address.

The data is not disseminated and is not transferred to third parties for marketing purposes. It may be disclosed to public authorities where required by law.

05 Transfer of data outside the EU

Some of the providers indicated above (in particular Netlify and Google) have their registered office or infrastructure in the United States of America. Any transfers of personal data outside the European Economic Area take place in compliance with Chapter V of the GDPR, on the basis of appropriate safeguards, such as the Standard Contractual Clauses adopted by the European Commission and/or the provider's adherence to the «EU-U.S. Data Privacy Framework».

06 Data retention period

Data provided through the form is retained for the time necessary to handle the request and any resulting contacts and, in any case, for a period not exceeding 24 months from the last meaningful contact, unless longer retention is required by legal obligations or is necessary to protect the rights of the Data Controller in contractual or judicial proceedings. Browsing data is retained for the strictly necessary technical period and in accordance with the terms set by the provider.

07 Nature of the data provision

The provision of browsing data is connected to the use of Internet communication protocols. The provision of data through the form is optional; however, failure to provide the data marked as mandatory, or failure to give consent where required, makes it impossible to fulfil the user's request.

08 Rights of the data subject

In relation to the data processed, the data subject may exercise at any time the rights set out in Articles 15-22 of the GDPR, and in particular:

• Access — obtain confirmation that processing is taking place and a copy of the data.
• Rectification — obtain the correction of inaccurate data or the completion of incomplete data.
• Erasure — obtain the deletion of the data in the cases provided for by the regulation.
• Restriction — obtain the restriction of processing in the cases provided for.
• Portability — receive the data provided in a structured format and transmit it to another controller.
• Objection — object to processing based on legitimate interest.
• Withdrawal of consent — withdraw at any time the consent given, without affecting the lawfulness of processing carried out before withdrawal.

To exercise these rights, you may write to deasolarconsulting@gmail.com or to the certified email address deasolarconsultingsrls@pec.it. The Data Controller will respond within the time limits provided for by the regulation.

09 Complaint to the supervisory authority

Without prejudice to any other administrative or judicial remedy, a data subject who believes that the processing of their data infringes the GDPR has the right to lodge a complaint with the competent supervisory authority. For Italy: the Italian Data Protection Authority (Garante per la protezione dei dati personali) — www.garanteprivacy.it.

10 Cookies and tracking tools

This website does not use profiling cookies, nor any statistical analytics or user-behaviour tracking tools, and does not install marketing cookies.

The website loads the «Google Fonts» typefaces directly from Google's servers: to deliver these fonts, the user's browser establishes a connection to Google's servers, which consequently receive the user's IP address. Any technical cookies used by the hosting provider serve the sole purpose of enabling the correct operation and security of the website and do not require the user's consent.

11 Changes to this notice

The Data Controller reserves the right to amend or update this notice, including as a result of regulatory or organisational changes. The updated version is published on this page, indicating the date of the last update. Users are invited to consult this page periodically.