Extended cookie information notice

EU Regulation 2016/679
On 25 May 2018, the EU General Data Protection Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data (hereinafter GDPR or the Regulation) came into effect. 
The use of cookies on this site is governed by the privacy laws and regulations in force, for the purpose of implementing the technical and organizational measures adopted by the data controller for the protection of the rights and the liberties of the data subject.
This notice is provided pursuant to and for the purposes of the laws in force and the provisions of the Italian Data Protection Authority Decision “Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies - 8 May 2014” (hereinafter the “Decision”).
 
Data controller
The data controller is GEOENERGIE SPA, having its registered office at Via Verdi, 11 - 24121 Bergamo, C.F. 00998130165 / P.IVA 02384370165.
 
Data collection and purpose of data processing
During browsing, the personal data of the users will not be collected or processed with the exception of cookies and data related to browsing.
The mere consultation of the website in itself does not entail the collection or the processing of user personal data, except for navigation data and cookies:
 
a) Navigation data
During normal operation, the computer systems and software procedures controlling the functioning of the website acquire some data that are transmitted as an intrinsic part of the internet communication protocols. This kind of information is not acquired for purposes directly linked to identifiable data subjects but could, by virtue of its very nature, be processed and aggregated with the data held by third parties, in such a way as to make user identification possible. Such data include: IP addresses, domain names of user computers connected to the site, the URI addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file received in response to the request, the numeric code indicating the status of the server’s response (success, error, etc.) and other parameters pertaining to the operating system and the computer environment of the user.
This data will not be disseminated but used solely for the purpose of accumulating anonymous statistics regarding site usage and for monitoring correct site operation; it is retained for the time period established by the applicable laws and regulations. This notwithstanding, the data could be used to investigate and determine responsibility in the event of cybercrimes against the site.

Period of navigation data retention
The data collected by the site during operation will be stored for the time strictly necessary to perform the activities requested. At the end of the session, the data will be erased or anonymized, provided there are no other purposes warranting further retention of the data. 

b) Cookies:
  • Controller cookies 
This site uses cookies, small text files that are sent to the user’s terminal equipment and allow the information stored on the user’s computer to be accessed. Cookies enable retention of data on visitor’s preferences and are used to monitor the correct operation of the site, to improve the site’s functionalities, by tailoring page content to the browser used, to simplify navigation activities by automating certain procedures (e.g., Login, site language) and, finally, to analyse site usage by visitors.  
This website uses the following types of cookies:
   - Technical cookies: these are used solely for the purpose of carrying out the transmission of an electronic communication and to ensure proper page display and proper navigation of the site itself. Furthermore, they allow for differentiating among the various users connected at any time for site security considerations and for the purpose of ensuring that the requested service is provided to the right user (Login). Some of these cookies are deleted upon browser closing (session cookies). Other cookies of this type have a longer expiry period (e.g., the cookies needed to store the user’s consent to the use of cookies have a 1-year expiry date). The use of technical cookies does not require user consent.  Some of the technical cookies are referred to as essential or “strictly necessary”, in that they enable functions without which full operation of the website would not be possible. These cookies are used solely by the data controller and are stored on the user’s computer for the duration of the running session of the browser.
Essential cookies cannot be disabled by using the functions of this site.
   - Analytics cookies: these are cookies directly used by the site manager for the purpose of collecting data, in aggregated form, on the number of site visitors and the way they browse the website. They are equated to technical cookies when the service is anonymous. They are used solely for the purpose of gathering statistical data (but not marketing or profiling information).
Analytics cookies can be blocked and/or eliminated through the browser settings.
Google analytic cookies with limited identifying potential. To revoke your consent for their installation and disable them, click Opt-Out (Enabled) To activate these cookies and give your consent for their installation, click Opt-In (Disabled)
 
    - Profiling and marketing cookies: these are cookies used to gather information on the behaviour of users when they navigate the site and on their interests and consumption habits, in order to send them targeted advertising, among other objectives.
Third-party profiling cookies. To revoke your consent for their installation and disable them, click Opt-Out (Enabled) To activate these cookies and give your consent for their installation, click Opt-In (Disabled)
 
The list below shows the name, purpose and expiry time of the cookies used by the Controller.
 
Cookie NAme Purpose Expiry time
ckp Used to save the user’s consent to the cookies policy. Session
_ga Used by Google Analytics to store a unique client ID for the purpose of collecting statistics on how the user surfs the internet. 2 years
_gat Used to throttle the request rate. 1 minute
_gid Used by Google Analytics to store a unique client ID for the purpose of collecting statistical data on how the user surfs the internet. 24 hours
 
  • Third-party cookies
This site acts as a technical intermediary for third-party cookies (such as social network buttons) used to provide additional services and functions to users, to simplify the navigation of the website itself, or to send targeted advertising.
During site navigation, the user may receive cookies from other websites or web servers on his/her terminal equipment. This happens because the visited website may contain items, such as images, maps, audio files and links to individual web pages on different domains, that are located on servers other than the one where the requested page is stored. In other words, such cookies are loaded directly by the managers of other websites or servers.
This website has no control over these cookies, which are entirely managed by third parties, and has no access to the information collected by means of these cookies. Any information on the use of such cookies and their purposes and on how to disable them is given directly by the third party in question at the links shown below.
It should be noted that visitor tracking does not generally entail the identification of the visitor himself, unless the latter is logged into the service as a registered user, in which case it is understood that the user already gave his/her consent directly to the third party when he registered for the service in question (e.g., Facebook).  
The user can deny his/her consent to the use of third-party cookies, in which case only the site functionalities that do not require such cookies will be available for use.
 
To revoke your consent for the installation of all cookies and disable them, click Opt-Out
To give your consent for the installation of all cookies and enable them, click Opt-In

The list below shows the name and purpose of the third-party cookies present on our site, as well as the third-party name and the website link where the user can find more information.
 
Cookie Name Purpose Third party storing user information Link where third-party privacy information notice can be viewed
Google Analytics A web service provided by Google to track and analyse website traffic, compile reports and share them with other services developed by Google.
Google may use personal data to contextualise and personalize advertisements on its own advertising network.
Google https://policies.google.com/privacy
Google Analytics Demographics and Interest Reporting To profile users anonymously. Google https://policies.google.com/privacy
Google: +1 button and social widgets A web service provided by Google to track and analyse website traffic, compile reports and share them with other services developed by Google.
Google may use personal data to contextualise and personalize advertisements on its own advertising network.
Google https://policies.google.com/privacy
YouTube Video
A web service provided by Google to track and analyse website traffic, compile reports and share them with other services developed by Google.
Google may use personal data to contextualise and personalize advertisements on its own advertising network.
Google https://policies.google.com/privacy
Vimeo Video The Vimeo Privacy Policy details which data Vimeo collects when a user utilizes its products and services, how the collected data are used and with whom they may be shared. Vimeo LLC https://vimeo.com/privacy
Facebook: LIKE button and social widgets A service provided to track and analyse the use of Facebook, Instagram, Messenger and other products and services provided by Facebook.
Facebook may use personal data to contextualise and personalize advertisements on its own advertising network.
Facebook Inc. https://www.facebook.com/privacy/explanation
Twitter: Tweet button and social widgets A service provided to track and analyse the use of Twitter. 
Twitter may use personal data to contextualise and personalize advertisements on its own advertising network.
Twitter Inc. https://twitter.com/en/privacy
LinkedIn: LinkedIn button and social widgets  The LinkedIn Privacy Policy details how and when cookies are used. The same cookie policy applies to all products and services provided by LinkedIn. LinkedIn Corporation https://www.linkedin.com/legal/privacy-policy
Instagram A service provided to track and analyse the use of Facebook, Instagram, Messenger and other products and services provided by Facebook.
Facebook may use personal data to contextualise and personalize advertisements on its own advertising network.
Facebook Inc. https://www.facebook.com/privacy/explanation
 
General information on the different types of cookies is available in the “Privacy Policy” posted on our site.
 
Social Network Plugins
This site also has embedded plugins and/or buttons that make it easy for the user to share the content of his/her favourite social networks. When a user visits a page of our website with embedded plugins, the browser directly connects to the social network server from which the code is downloaded. The latter server can track the user’s visits to our website and, as the case may be, associate the user’s visits to his/her social account, particularly if the user is connected at the time of the visit or has recently navigated to one of our websites with embedded social plugins. If the user does not wish for the social network to keep a record of his/her visits to our website, the user should exit the social account and delete any cookies that the social network has installed in his/her browser. 
The plugins installed on this website have advanced user privacy protection features, which do not send cookies or activate the cookies installed in the user’s browser upon page opening. The user needs to click on the plugins to activate the cookies.
 
The collection and use of the information by third parties are governed by the respective privacy policies, to which you are kindly referred:

Data processing procedures
Data processing will be carried out by electronic, or in any case automated, computer and communication networks in a logical manner strictly related to the purposes stated above and by adopting procedures that ensure the security and confidentiality of the data in compliance with the law.
Specific security measures are followed in order to prevent the loss of the data and any unlawful or improper use and unauthorized access of the same.
 
Security measures
The data controller handles the data concerning visitors/users in a fair and lawful manner and implements security measures to prevent unauthorized access, disclosure, alteration or unauthorized destruction of data.
Data processing will be carried out by computer and/or communication networks, with organizational resources and in a manner strictly related to the purposes indicated. There may be cases where certain persons, other than the Controller, such as persons in charge of setting up the website or external parties (third-party suppliers of technical services and hosting providers), may have access to the data.
 
Consent
The reasons for the user’s consent to the installation of cookies depend on the purposes for which the cookies are used:
- Technical cookies do not require the user’s consent.
- Profiling and marketing cookies, on the other hand, may be installed on the user’s terminal equipment only if the user gives his/her explicit consent.
Cookie consent is obtained through the cookie consent banner displayed at the bottom of the page. The consent is also considered given if the user browses or navigates the site. Site navigation on the part of the user will be considered as conduct implying consent. By using or browsing the site, visitors and users give their approval to this notice, as well as their consent to the processing of their personal data in the ways and for the purposes described herein, including the disclosure to third parties, if such disclosure is required for the provision of the service.
   
The provision of personal data and thus the provision of consent to personal data collection and processing are optional. Thus, the user may deny his/her consent and can revoke a previously given consent. However, failure to provide consent could make it impossible to provide certain services and may impair the user’s site navigation experience.
 
Managing cookies in a browser
The user can, at any time, deny the use of cookies and revoke a previously given consent. Since cookies are stored by the browser, they can be directly disabled in the browser itself. 
Disabling cookies could prevent the proper working of some of the functionalities provided by the site. In particular, disabling cookies may make it impossible to access certain services provided by third parties or even to display them on the user’s terminal equipment.   
Here are the instructions on how to disable cookies:
  • Internet Explorer: Select the Tools button / Select Internet options / Select the Privacy Tab / Under Settings select Advanced / Choose the desired level of privacy.
  • Google Chrome: At the top right, click More > Settings / At the bottom, click Advanced / Under “Privacy and security”, click Content settings / Turn “Allow sites to save and read cookie data” to OFF
  • Firefox: Click the menu button and choose Options (Preferences on the Mac) / Select the Privacy (Privacy & Security on the Mac) panel / Under History, choose Use custom settings for history / To deactivate cookies, uncheckmark Accept cookies from sites
  • Safari: Choose Safari > Preferences / Click the Privacy panel / Select Block all cookies and choose one of the options: “Always allow”, “Allow from websites I visit”, ”Allow from current website only”, or “Always block”.
If the user blocks or deletes the cookies, it may become impossible to restore his/her preferences or settings.
 
Scope of data disclosure
The personal data provided by users will be processed by GEOENERGIE SPA. or by entities appointed by the company as data processors or persons in charge of processing. The data may be disclosed to third parties responsible for providing services related to website activities and tied to the performance of the contractual obligations undertaken in carrying out such activities. Said third parties will also be responsible for storing and processing the personal data needed for the execution of the services assigned to each one of them. More specifically, the third parties in question may be suppliers of technological and networking services, suppliers of logistics services or managers of payment systems and services.
 
Rights of the data subject
Pursuant to the provisions of Articles 15-22 of the GDPR, the data subject has, at any time, the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed and, if that is the case, to obtain access to the personal data; to request information on the purposes of processing, the categories of personal data concerned, the recipients to whom personal data will be disclosed and the period of retention of the data; to ask for rectification and erasure, restriction on processing and data portability, as well as the right to object. 
 
Specifically, the data subject will have the following rights:
  • Right of access and right to rectification (GDPR, Articles 15 and 16): the right to obtain from the Controller confirmation as to whether or not his/her personal data is being processed, and, where that is the case, to access the personal data; the right to rectification of inaccurate personal data; and the right to have incomplete personal data completed. 
  • Right to erasure (GDPR, Article 17): the right to obtain from the Controller the erasure of his/her personal data in the cases established by the law and the regulations in force (e.g., the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed, the data subject withdraws consent, the personal data has been unlawfully processed, etc.). 
  • Right to restriction of processing (GDPR, Article 18): the right to obtain from the controller a restriction on the processing of personal data in the cases established by the law and regulations in force (the personal data is not accurate, the processing of the personal data is unlawful, etc.).
  • Right to data portability (GDPR, Article 20): the right to receive his/her personal data in a structured, commonly used and machine-readable format and the right to transmit the data to another Controller. 
  • Right to object (GDPR, Article 21): the right to object, at any time, to the processing of his/her personal data which is based on points (e) and (f) of Article 6(1) of the Regulations, including profiling.  
The data subject may exercise his/her rights referred to above by written notice addressed to 
GEOENERGIE SPA., having its registered office at Via Verdi, 11 - 24121 Bergamo or to the email address: privacy@radicigroup.com.
 
Filing a complaint with the Italian Data Protection Authority
In case of infringement of the data subject’s right to protection of personal data, the data subject may lodge a complaint with the Italian Data Protection Authority in accordance with the procedures and requirements posted on the site of the Italian Data Protection Authority (https://www.garanteprivacy.it).
 
COMPANIES
GEOENERGIE SPA
Registro Imprese di Bergamo Nr. 00998130165
Capitale Sociale: € 12.600.000 I.V.
R.E.A. BG 284774 – C.F. 00998130165 / P.IVA 02384370165

GEOGREEN SPA
Registro Imprese di Bergamo Nr. 01833520164
Capitale Sociale: € 22.000.000 I.V.
R.E.A. BG 325684 – C.F. 01833520164 / P.IVA 00826610305