- Data Controller and useful definitions for an informed reading. 2
- Data Processor 2
- Legal Basis of the Processing. 2
- Data Processing. 2
4.1. Automatic collection of certain Data. 3
4.2. Purposes of the Processing. 3
4.3. Sharing of Personal Data with third parties 3
4.5. Data Security. Where Personal Data are stored and processed. 4
4.6. How long do we store your Data? 4
4.7. Do we process your Data through an automated process? 4
1. Data Controller and useful definitions for an informed reading
Green Arrow Power Spain S.L. or “E-GAP” (tax identification number B16796476) with registered office at Calle Fuencarral, 139 – Planta 2, Puerta C – 28010 Madrid is a subsidiary of the Italian company E-GAP S.r.l. Società Benefit, registered under the following VAT/CF number: 14253861000 and with registered office at Via Flavia, 3 – 00187 Roma.
E-GAP (External Data Processor) collects your Personal Data on behalf of E-GAP S.r.l. Società Benefit (Data Controller), within the meaning of the GDPR.
When we speak of “Customer” or “User” we refer to you as the recipient of our services.
With the term “Services” and / or “Products” we mean all the products and services that we offer and that you can purchase through the E-GAP application, or through the Web platforms that we make available to you.
When we refer to “Devices” or “Computers” we mean any technological device, connected to the Net, through which you interact with Us.
Finally, when we speak of “Personal Data” or “Data” we refer both to the data that You provide us directly for the use of our services and to the data that are automatically collected, relative to Your interaction with our website and with our App.
When we refer to “Processing” we are referring to the processing of your Personal Data.
2. Data Processor
E-GAP has appointed a Data Protection Officer who can be contacted at the following e-mail address: firstname.lastname@example.org.
3. Legal Basis of the Processing
As provided for by Article 6 of the GDPR, E-GAP processes your Personal Data only if there is a suitable legal basis provided by the applicable law and for the achievement of specific purposes. In particular, the legal basis that legitimizes the Processing of Personal Data provided by you may be:
- your explicit, free, specific, informed and unambiguous consent to the Processing;
- the execution of a contract to which you are party, or the execution of pre-contractual measures taken at your request;
- the pursuit of our legitimate interests; or
- to comply with legal obligations.
You are under no obligation, either by law or by contract, to provide us with your Personal Data. However, for the provision of all our Services and “additional services” that we may offer you, your failure to provide and/or consent to the provision of our Services will make it impossible for us to provide the requested service, as it is dependent on the knowledge of some of your Personal Data, such as, for example, your first and last name, your e-mail address and telephone number and your location.
Where the lack of providing certain Personal Data makes it impossible for us to provide the Service or to provide you with the information you request, the Data that you will have to provide will be marked as mandatory (*Required field).
4. Data Processing
We receive and store any Data you provide to us in an informed, unambiguous, specific and free manner in connection with the Services we offer. You may choose not to provide certain Data but, if you do, you might not be able to use some of our Services.
The Personal Data you provide us through interaction with your Device on our Website or App are:
- your name, your e-mail address and your telephone number;
- your profession and position;
- Documents relating to your identity and possibly your company;
- the email addresses of your friends and other people you think may be interested in our Services;
- the contents of reviews and emails sent to us;
- the log and configuration files of your Device, including your wi-fi credentials, if you choose to automatically synchronise them with your other Devices;
- Data required to make payments for any Services you have requested;
- your applications.
Please note that all the Data listed will be required to enable us to provide the Services, only if you request them.
4.1. Automatic collection of certain Data
The Personal Data we collect and use automatically are:
- your Internet Protocol (IP) address;
- information about your Computer, your Device and your connection, such as the applications on your Device or the type and version of your browser, operating system or time zone you have set;
- the location of your Device or Computer when you request our Service (geolocation);
- the telephone numbers you use to call us and your interaction with the content on our website.
4.2. Purposes of the Processing
Personal Data will be collected and processed by us for the following purposes:
- to receive and process your requests, provide you with our Products and Services, and communicate with you about Products, Services and any promotional offers;
- to provide the Services you have requested by registering on the Website and creating your account;
- to provide specific “additional services”, including through the assistance and/or collaboration of third party suppliers;
- to provide you with assistance when you request it by contacting us via e-mail, chat or telephone;
- to adapt content and resources to your preferences and the preferences of other Users;
- to communicate with you, respond to your requests or questions by phone, chat or email;
- to send you other information and e-mail communications that may be of interest to you;
- to create, publish and improve content that is most relevant to you and other Customers;
- to ensure that the content provided through our website is presented in the most effective way for you, based on your Device;
- to allow you to participate in interactive features of the website, if you wish so;
- to send push notifications directly to your Device;
- to further develop the Website and our systems to provide you with a better Service;
- for marketing purposes (such as newsletters, sending information, market researches, satisfaction surveys) if you choose to and, therefore, with your express consent.
4.3. Sharing of Personal Data with third parties
We do not sell your Personal Data to third parties.
However, E-GAP may disclose your Information to E-GAP’s group companies or subsidiaries, which are subject either to this Policy or to procedures that provide protections similar to those described in this Policy.
To facilitate the efficient use of information and to provide Users with content and/or resources, the information may be disclosed to third parties.
In cases other than those listed above, Your Personal Data will only be shared with third parties with Your explicit consent and You will have the opportunity to choose whether or not to allow further third party communications.
Your Data may then be processed by E-GAP’s technical service providers, in particular by:
4.4. Transfer of Data
We do not sell your Personal Data to third parties and process them primarily within the European Union.
We process your Personal Data primarily within the European Union. If Personal Data are transferred outside the European Union, we will ensure that they are transferred in accordance with this Policy, applicable regulations and to a country that provides a level of protection at least equivalent to that provided by the GDPR.
In the course of E-GAP’s development, we may sell or buy other companies or services. In this case, E-GAP is committed to ensuring the protection of your Personal Data and includes compliance with this Policy in the conditions of implementation of the planned transaction.
4.5. Data Security. Where Personal Data are stored and processed
As explained in section “4.3 Sharing of Personal Data with third parties”, we do share your Data with third party suppliers, contractors or agents, but – even when we use them – your Personal Data will remain under our control and we will ensure that they are adequately protected.
E-GAP has designed all systems through which your Personal Data are collected, stored and processed according to the highest security standards to ensure that your privacy is respected.
The software we use are Salesforce and – with respect to the methods and payment of our Services and, therefore, the management of your Credit Card Information – we use Stripe. However, despite the continuous updating of this software, nothing is absolutely impenetrable and we cannot guarantee the inviolability of its security.
4.6. How long do we store your Data?
We retain your Personal Data for a period of time not exceeding that necessary for the purposes for which they have been collected and, in any case, not longer than 10 years from the termination of the contractual relationship, after which they will be irreversibly deleted or anonymised.
Payment Data are retained for a maximum of 12 months from the date of collection.
We need to keep your Data to enable you to use the Services you have requested on an ongoing basis, but also for tax and accounting purposes or – subject to your consent – for commercial purposes.
We may also need to retain your Data for a longer period if we are required to comply with legal obligations or to deal with any complaints or legal disputes or to defend ourselves against claims regarding our contractual relationship and to comply with the express provisions of this Policy.
4.7. Do we process your Data through an automated process?
E-GAP may process your Data through automated systems/processes and automated decision making (such as profiling) to provide you and our Customers with the Services you have requested in the best possible way. For example, in order to implement the Services in the areas with the highest demand for our intervention, we may carry out an automated profiling process to identify the areas where we should focus our efforts.
5. Processing of Application Data sent to E-GAP
All the provisions of this Policy also apply if you would like to work with us, either by applying by e-mail or on our website in the “careers” section.
We retain the Data you send us with your application in order to assess compatibility with any job openings at E-GAP; however, without your consent to the Processing, we cannot consider any application and will not be allowed to contact you, conduct interviews or check the references you provide.
Depending on the vacancy you apply for and the different countries where E-GAP operates, your Data may be transferred to other companies in the E-GAP group who will treat your Data in accordance with this Policy and applicable laws.
We may eventually use dedicated digital platforms and technology service providers who, with your consent, will be able to access your Data in order to manage the selection process of your application.
Without prejudice to the rights set out in paragraph 6 of this Policy, we will retain your Application Data throughout the selection process and may, if unsuccessful, retain it for up to one year after the selection process has been completed.
In the context of our recruitment and depending on the job offer you are applying for and the different countries in which E-GAP operates, your Data may be transferred to other companies of the E-GAP group, in compliance with our Policy.
6. User rights
Pursuant to Articles 15-22 of the GDPR, to which we refer for further details, you have the right to:
- access and obtain a copy of your Personal Data;
- request the updating and/or rectification of your Personal Data;
- request erasure of your Personal Data, i.e. benefit from the “right to be forgotten”, however, this right is subject to legal obligations that may require us to retain the Data;
- obtain the restriction of the processing of your Personal Data;
- obtain the Personal Data you provide in a structured, commonly used and electronically readable format, so that we can transmit it to a different data processor if necessary;
- object to the processing.
To the extent that the Processing of Personal Data is based on your consent, you also have the right to withdraw your consent at any time. Withdrawal of consent shall not affect the lawfulness of any Processing based on consent given prior to such withdrawal.
With regard to direct marketing and prospecting messages, you may at any time request that these communications be discontinued by unsubscribing, via the systematic link provided in these messages.
You may also lodge a complaint regarding the processing of your Personal Data with your local Data Protection Authority.
Any material changes to this Policy will be made by posting a notice on our website or by contacting you through other channels.
Questions, comments and requests regarding this Policy are welcome and should be addressed at the following e-mail address: email@example.com.