Pursuant to Article 13, European Regulation 679/2016 regarding not only personal data protection, but also the free circulation of that data (hereinafter the “Regulation” or “GDPR”), we wish to inform you that Bludigit S.p.A. (hereinafter “Company” or “Data Controller”), www.bludigit.com with registered office in Via Carlo Bo 11, 20143 Milan, is the Data Controller of any data provided by the user or otherwise obtained as a result of the use of its website with the URL
A link to this privacy policy in the page footer guarantees the user is on a genuine page of the Company website.

Types of data processed

Browser data

The normal functions of the IT systems and software procedures offered to use the Website acquire some personal data, the transmission of which is implicit in the use of the Internet communication protocols, or it is used to improve the quality of the service offered. This information is not collected to be associated with any identified data subjects. However, its very nature could enable users to be identified via processing and association.
This data category includes the IP addresses or domain names of the computers used by the users to connect to the Website, the URI (Uniform Resource Identifier) address of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file received in reply, the code number indicating the status of the request given by the server (successful, error, etc.) and other parameters of the user’s operative system and IT environment.
This data is used to extract anonymous, statistical information regarding the use of the Website and to check the IT systems are working correctly.
The data could also be used to ascertain liability in the event of possible IT offences or if the Company or any third party is subjected to damages.

Data provided voluntarily by the user

Users are not obliged to provide their personal data in order to visit the Website. However, contacts between the users and the company, via authentication to the Website services and by completing the contact forms, sending e-mails, messages or any other type of communication to the addresses indicated on the Website, involve the subsequent acquisition of common personal data, e.g. name, surname, address and telephone number, as well as any other personal data the user provides spontaneously by interacting with the Company via its Website.
Specific privacy policies will be provided or shown on the pages of websites offering special services.

Purposes and legal basis for the processing

Personal data may be processed for the following purposes:

a) to enable you to browse the website, to interact with the contents therein,
to register with and access the reserved areas of the portal so
the Company can provide the on-line services it offers;
b) to handle the user’s requests for information;
c) to fulfil the Company’s legal obligations,
including responding to any requests from the competent Authorities and
entities;
d). to collect information on the use of the Website (e.g. frequency of use, statistics, etc.) by using cookies (see the following section “Cookie Policy”);
e) possibly, to send questionnaires to the contact details provided when completing the on-line registration form so the Company can programme a suitable offer for its services.

For these purposes, the legal basis for the processing is the completion of a contract or pre-contractual measures used at your request (letters a, b), to fulfil the Company’s legal obligations (letter c), or to get consent (letters d, e).
As regards the purpose mentioned in the preceding points a), b) e c), any refusal to provide the data may make it impossible for the Company to provide the service you have requested, to fulfil its legal obligations and to provide or respond to users’ requests.
Provision of personal data via the contact forms on the Website is not a legal or contractual requisite. However, the fields marked with an asterisk are mandatory, as this information is required to respond to your request.

The processing of personal data for the purposes given in points d) and e) requires your consent; the provision of that data is optional and any refusal will not involve any consequence. Processing procedures and nature of the transfer Your personal data will be processed by persons authorised by the Company and/or by Persons in Charge, who the Data Controller may use to store, handle and transmit your data via hard copies, IT and telematic instruments according to legislative principles and to protect the data subject’s privacy and his/her rights by adopting suitable technical and organisational measures to guarantee an appropriate level of security for the risk.

Personal data storage time

Your data will be stored for the period of time required to fulfil the contractual and legal obligations
obligations in compliance with the principles of proportionality and necessity. The data storage time depends on the purposes for which it is being processed and therefore may vary.
The data storage time depends on the purposes for which it is being processed and therefore may vary.
The criteria used to calculate the applicable storage time are as follows: personal data storage according to this privacy policy will be for the time required (i) to manage the contractual relationship with the user, (ii) to manage any user claims or specific requests, (iii) to uphold rights in court and (iv) for the time established by applicable laws. The data collected by using cookies will be stored until the expiry date indicated in the table given at the end of this privacy policy. Data collected via questionnaires in order to develop the offer of services provided via the website will be erased after 24 months.

Registration and reserved area access data will be automatically erased one year after the final access. Personal data will, in any event, be stored for the time required to exercise your rights.

Data communication, circulation and transfer

Your personal data will not be circulated and may be communicated to other companies in the Italgas Group for administrative-accounting management and control purposes and to the competent Authorities or public or private entities to fulfil any legal obligations. The personal data collected may be processed by third party suppliers, as persons in charge of processing for the services provided on behalf of the Company according to contractual agreements, for possible occasional maintenance operations and for anything required to carry out specifically requested services.
The data will be processed within the European Union and stored on servers located within the European Union. Same data may be processed in countries outside the European Union provided an adequate level of protection is guaranteed and recognised by a special decision of the European Commission as being adequate. Any transfer of Personal Data to non-EU countries without the European Commission’s decision of adequacy will only be possible, if adequate guarantees of a contractual nature or agreements including “Binding Corporate Rules” and contractual clauses on data protection are provided by the Data Controllers and the Persons in Charge involved. If one of the above guarantees is used to transfer Personal Data to non-EU countries, an indication will be provided of how to obtain a copy of the guarantees used or the location in which the latter are available, pursuant to Chapter V of the GDPR.

Data subject’s rights

The data subject may exercise the rights regarding the data processing described herein envisaged by the Regulation (Articles 15-22 and 77),
including the right to:

– receive confirmation or not during the processing of his/her personal data and, in that case, to obtain access to the latter (right of access);
– update, amend and/or correct his/her personal data (right to rectify);
– request data processing is erased or restricted (right to be forgotten and right to restrict processing);
– oppose the processing of his/her personal data (right of opposition);
– withdraw consent, where given, without prejudice to the legality of the processing, based on the consent given prior to the withdrawal;
file a claim with the Authority controlling data processing;
receive an electronic copy of his/her data and request that data be sent to another Data Controller (right to data portability).

Applications to exercise the aforementioned rights can be sent to the Data Protection Officer (hereinafter just “Data Protection Officer” or for brevity “DPO”) by sending an e-mail to dpo.gdpr@italgas.it

Identity and contact details for the Data Controller and Persons in Charge of Processing and the contact details of the Data Protection Officer The Data Controller of your personal data is Italgas S.p.A., with registered office in via Carlo Bo 11, Milan.
The updated list of any persons in charge of processing is available at the Data Controller’s head office.

The Italgas Group has appointed a Data Protection Officer, who can be contacted at the following e-mail address: dpo.gdpr@italgas.it, or at the Company head office via ordinary mail.