Disclosures - CPL Concordia

Information on the processing of personal data

The data, information and any personal data published on this site, can be freely used by those interested in the products of CPL CONCORDIA Soc. Coop.

Below are the main disclosures made pursuant to GDPR 679/2016 – European Data Protection Regulation.

01.

General and common elements of disclosures

Identity of the Holderstrong
The Holder of any processing carried out is CPL Concordia Soc. Coop., with registered and administrative office in Via A. Grandi 39 – 41033 Concordia sulla Secchia (MO), email address: gdpr@cpl.it.
The Data Controller guarantees the security, confidentiality and protection of the personal data in its possession, at any stage of the data processing process.

Data protection officer
The Data Controller has designated a Data Protection Officer under Article 37, domiciled for the purpose at the company’s registered office and reachable at dpo@cpl.it.

Transfer of data
under no circumstances does the Data Controller transfer personal data to third countries or international organizations.
In the case of using any cloud services, providers are selected from those with servers in Europe. In the event that it becomes necessary to transfer data outside the EU (e.g., in the case of a contract with a multinational company), CPL will verify that the suppliers provide adequate guarantees, as stipulated in Art. 46 GDPR 679/2016 and will update the disclosure.

Rights of the data subject
With reference to Articles 15 – right of access, 16 – right to rectification, 17 – right to erasure, 18 – right to restriction of processing, 20 – right to portability, 22 – right to object to automated decision making of GDPR 679/2016, data subjects – upon proof of identity – exercise their rights by writing to the Data Controller CPL Concordia Soc. Coop. to the above address, including by e-mail (gdpr@cpl.it), specifying the subject of the request, the right to be exercised.
Any useful information and forms are made available by the Data Controller at https://www.cpl.it/en/revocation-of-consent-and-exercise-of-data-subject-rights/
In particular, the Controller reminds that any data subject may exercise the right to object in the form and manner provided for in Art. 21 GDPR 679/2016.

Proposition of complaint
The data subject has the right to file a complaint with the supervisory authority of the state of residence. In the event that you believe that the processing has been carried out in violation of the legislation on the protection of personal data, you are granted the right to lodge a complaint with the Guarantor Authority for the Protection of Personal Data, Piazza Venezia, 11 – 00187 – Rome, through forms immediately available at the following link: https://www.garanteprivacy.it/modulistica-e-servizi-online/reclamo.

Automated decision-making processes
The Controller does not carry out processing that consists of automated decision-making on individuals’ data.

02.

Disclosure to customers, potential customers who are recipients of business information or proposals, business partners or in ATI, and workers employed by them

This information is provided to individuals acting on behalf of and for the customers of “CPL CONCORDIA Soc. Coop.” pursuant to Art. 13 e 14 GDPR 679/2016 “European Data Protection Regulation”.

Data source
The personal data processed are those provided by the data subject in connection with:

public source, online contact retrieval;
participation in events, seminars and conferences sponsored by CPL;
consent of the data subject (explicit or by unequivocal positive act, e.g. in case of exchange of business cards);
pre-contractual phase, requests for information and quotations, including by telephone and e-mail;
placing of orders, conclusion of contracts and related extensions;
performance of the contractual relationship and related activities;
transmissions and commercial activities following the order;
compliance with applicable regulations (e.g., on public procurement and health and safety in the workplace, data protection, tax, etc.);
participation in tenders;
receipt of communications via PEC;
requests for information on previous business activities;

or, alternatively, may be contact data of potential customers obtained from parties other than the data subject.

Categories of data processed
The data processed may be:

identifying biographical data, professional profile data, banking, economic data (property damages, compensation), salary data (compensation, remuneration), curricular data;
judicial data, self-certifications and statements regarding convictions;
other certifications, copies of identity documents;
images and videos;
all data contained in the company’s servers that are backed up;
log data, computer traffic, user id, authentication credentials;
data of family members (related parties).

With regard to processing carried out on the basis of the consent given by the data subject, it should be noted that the same is the subject of specific separate information.

Revocation of consent
With reference to Article 7 of GDPR 679/2016, the data subject may revoke any consent given at any time.
However, the processing operations covered by this notice that are based on a different legal basis are lawful and permitted even in the absence of consent, insofar as they are necessary for the performance of a contract to which the data subject is a party or for the fulfillment of his or her requests or from legal obligation.
Withdrawal of consent at any time does not affect the lawfulness of the processing based on the consent given before the withdrawal.

Refusal to provide data
Customers may not refuse to provide the Controller with personal data necessary to comply with legal regulations governing business activities and taxation.
The provision of further of their personal data may be necessary to improve the quality and efficiency of business activities.
Therefore, refusal to provide the data required by law or to execute the contract will prevent the fulfillment of orders; while failure to provide additional data may affect all or part of the fulfillment of other requests and the quality and efficiency of the business activity itself.

Recipients of the data
The personal data processed by the Data Controller will not be disseminated, i.e. they will not be disclosed to unspecified parties, in any possible form, including making them available or simple consultation. They may, on the other hand, be disclosed to the employees working in the employ of the Data Controller and to certain authorized external parties who collaborate with them and/or who are identified as Data Processors.
In particular, on the basis of the roles and work duties performed, the processing of personal data will be carried out by employees for the purpose expressly instructed and authorized to carry out specific processing operations.
They may also be communicated, to the extent strictly necessary, to parties who, for the purpose of fulfilling orders or other requests or services relating to the business activity or contractual relationship with the Data Controller, must supply goods and/or perform services or services on behalf of the Data Controller. Finally, they may be communicated to the Entities in charge in the case of fulfillments related to the regulations in force, as well as to subjects entitled to access them by virtue of provisions of the law, regulations, EU regulations.

DPO References

Tel: 0535.616.111
Mail: dpo@cpl.it

Who We Are

Governance

Supervisory Board

Reports

Solutions

Green Technology

Plant construction

Services to distribution

Energy Efficiency

IT Utility solutions

Network construction and maintenance

Sustainability

Social performance

Work with us

Media