The controller of the personal data is Gridspertise S.r.l., with its registered office in via Ombrone 2, 00198 Rome, Italy VAT no. 15844561009, tax no. 16073691004 (“Gridspertise”).

Gridspertise has appointed a Data Protection Officer (DPO) who can be contacted at the following e-mail address: dpo@gridspertise.com

Gridspertise will process the personal data required for the standard management of business-to-business (“B2B”) relations and in particular those necessary for the conclusion and management of contracts and commercial communications, such as the identification and contact data of legal representatives, employees and internal contacts, which are communicated by the individuals involved or by the company with whom the relevant contract is concluded or the business exchange carried out. 

The provision of personal data is required for the conclusion and execution of the contract; therefore, the refusal of such data may cause the impossibility for Gridspertise to enter into the contract or to do business with the reference company.

The following table lists the purposes for which the personal data will be collected and processed by Gridspertise, as well as the legal basis of processing:

The provision of personal data is necessary in all cases where the processing is carried out on the basis of a legal obligation, in order to perform a contract or the execution of pre-contractual measures adopted at request. The refusal to provide personal data may make it impossible for Gridspertise to process the request or enter into the contract.

The provision of personal data is voluntary for the pursuit of additional purposes, and the failure to provide your consent in relation to them will have no consequences on the conclusion of the contract. 

Your personal data can be communicated or made accessible:

1. To subjects which shall receive such data on the basis of the fiscal and accounting regulation in force;

2. To employees and contractors of other companies or other subjects which carry out outsourcing activities on behalf of Gridspertise (ex. management of IT systems), in their capacity as data Processors.

Your personal data will be processed and stored within the European Union. The same data may be processed in countries outside the European Union, provided that an adequate level of protection is guaranteed, recognized by a specific adequacy decision of the European Commission.

Any transfers of Personal Data to non-EU countries, in the absence of a European Commission adequacy decision, will only be possible if data Controllers and data Processors involved provide adequate guarantees of contractual nature, including Binding Corporate Rules and Standard Contractual Clauses.

The transfer of your personal data to third countries outside the European Union, in the absence of an adequacy decision or other appropriate measures as described above, will be made only if you have explicitly consented to it or in the cases provided for by the applicable data protection law and will be processed in your interest. In these cases, we inform you that, although Gridspertise adopts measures common to all the countries in which it operates, the transfer of your personal data may be exposed to risks related to the peculiarities of local legislation regarding the processing of personal data.

The personal data processed for the above-mentioned purposes will be retained in compliance with the principles of proportionality and necessity and, in any case, not more than 10 years after the end of the contractual relationship, notwithstanding any further processing necessary to defend Gridspertise’s rights and legitimate interests.

In case your consent is required for any processing, the related data will be stored until the fulfillment of the purposes of processing, or until the withdrawal of the consent.

Pursuant to the data protection law, you have the following rights on your personal data:

1. to request access and a copy of your data
2. to request rectification
3. to request erasure
4. to obtain restriction of processing
5. to object to the processing
6. to receive the personal data in a structured, commonly used, and machine-readable format

Some rights may not apply in relation to the specific processing. In any case, you have the right, at any time, to object to the processing of your personal data for the purpose of pursuing Gridspertise’s legitimate interests. In this case, the processing will be stopped, except where Gridspertise’s legitimate interests prevail on the interests of the data subject.

To exercise your rights, or withdraw any consent given for the processing of personal data, you can write an e-mail to dpo@gridspertise.com specifying in the subject of the request “Gridspertise – Data subject’s rights”.

Right to lodge a complaint

It is your right to submit a complaint to the competent data protection Authority, which in Italy is the Garante per la Protezione dei Dati Personali. For more information you can visit the Authority’s website at the following address: https://www.garanteprivacy.it/