0. INTRODUCTION

Nadara Limited – a company with registered office at with registered office in Fourth Floor, 12 Blenheim Place, Edinburgh, Scotland, EH7 5JH (hereinafter referred to as the “Company” or “Data Controller”) and with the following email address [email protected] – in its capacity as data controller, informs you that the personal information of users accessing its website www.nadara.com (the “Site”) or the information of any other person referred to in these personal data (the “User” or “You”) will be processed in accordance with this privacy policy on the processing of personal data.

1. DATA CONTROLLER

The Company acts as data controller of processed personal data. An exhaustive list of those designated by the Company to supervise the processing of data is available by sending a request to the Company, using the address mentioned in paragraph 9 of this privacy policy.

2. TYPES OF PROCESSED PERSONAL DATA

The Company collects and processes personal data provided by the User (hereinafter referred to as “Personal Data”). These data include identification data and information about the nationality and surfing data about the use of the services offered via the Site. This data is collected using cookies, in accordance with the Company’s cookie notice, available at the following link.

Information regarding the User’s occupation and phone numbers is also processed, if the User chooses to share this information.

Health data and special categories of personal data, as per article 9 of the Regulation (EU) 2016/679 on personal data protection and UK GDPR (the “Privacy Law”) are not processed.

The above-mentioned Personal Data are processed only in so far as is necessary to fulfil the purposes described in paragraph 4 of this privacy policy.

3. MAIN PURPOSES

The Company processes the User’s Personal Data using manual or electronic tools, for the following purposes:

– to allow the User to use the Site, its services and its features, including processing User’s requests, answering User’s questions, providing the User with the requested services, as well as managing User’s application and processing User’s personal data included in the CV to pursue recruiting and staff selection activities (the “Contractual Purposes”);

– compliance with obligations from laws and regulations (hereinafter referred to as “Legal Obligation Purposes”);

– with the User’s prior consent, sending newsletters and communications via email regarding the potential publication of press releases, balance sheets, reports and communications intended for analysts, as well as the promotion and/or sale of products and/or services sold by the Company (“Marketing Purposes”)

– subject to the User’s prior consent to communicate your Personal Data to the companies in the Data Controller’s corporate group operating in the following renewable energy sector to send newsletters, commercial communications and invitations to events, by email in relation to their products and services, through the means of communication referred to in the previous point (“Third Party Marketing Purposes”);

– carrying out activities about the sale of the company and branches of the business, acquisitions, mergers, de-mergers or other operations; to assert and defend these rights against the User and third parties (“Business Legitimate Interest Purposes”);

– to pursue the legitimate interests of protecting the Company’s rights, to enforce or defend such rights in the competent courts (judicial, arbitration, administrative, etc.), to protect the Company’s assets and prevent fraud (for example: the Company processes Personal Data to ensure that the Site is updated and meets the needs of users, to analyze, review and improve the services and/or products offered on the Site) (“Purposes of Protecting Rights)

– to carry out activities functional to business and branch transfers, acquisitions, mergers, demergers or other transformations and to carry out such operations and to enforce and defend rights against the interested party and third parties (“Purpose of Legitimate Interest in Corporate Transactions”).

4. LEGAL BASIS OF THE PROCESSING

Data processing is compulsory in accordance with the Contractual Purposes and the Legal Obligation Purposes. Should the User object to the processing of their Personal Data in accordance with these purposes, they will not be able to use the Company’s services.

Processing Personal Data for Marketing Purposes is optional and subject to the User’s prior consent. If the latter deny their consent, the Company will not be able to keep the User updated regarding new products or services, special deals, personalized offers, or carry out market surveys and send communications or other materials containing information that could be in line with their interests.

Processing Personal Data for Business Legitimate Interest is not compulsory but is based on the Company’s legitimate interest in carrying out these operations. Users may object to the data processing for this purpose. In this case, their Personal Data will not be used for these purposes, unless the Company is able to identify an overriding legitimate interest.

5. DISCLOSURE OF PERSONAL DATA

The Personal Data held by the Data Controller are collected directly from You. In order to pursue the aforementioned purposes, your personal data are accessible to the Data Controller’s personnel, including consultants, duly authorised and trained in the processing of personal data, and to third parties (e.g. suppliers of technical, managerial, organisational services to whom the Data Controller has outsourced certain activities for reasons of efficiency) who have signed a special agreement with the Data Controller and act as data processors. These subjects are provided only with the Personal Data necessary to perform their functions and they undertake to use the personal data received only for the processing purposes indicated above, to keep them confidential and secure and to act in compliance with the applicable legislation.

In order to pursue the above purposes, it may be necessary for the Data Controller to disclose your personal data to the following categories of recipients

– companies in the Data Controller’s corporate group and their personnel, in order to comply with legal obligations or to provide the requested service/product (for example, if you request information about services/products offered by other companies in the group, we will communicate your data to these companies to enable them to answer your questions and send You the requested information)

– third party companies that provide accounting, administrative, legal and tax services to the Data Controller or that act as banking, financial and insurance intermediaries, including parties that intervene in various ways in the processes of supplying the requested service/product, or in subsequent phases (for example: customer service, courier and postal services, credit recovery companies)

– third party companies operating in the context of assistance and consultancy relationships or the supply of other services provided to the Data Controller, including in the case of extraordinary corporate operations of merger, sale or transfer of a business unit, in order to allow the operations to be carried out, as well as third party companies involved in such operations

– third party companies carrying out control, audit and certification of the activities carried out by the Controller;

– judicial authorities and other competent public authorities/offices.

6. TRANSFERS OF PERSONAL DATA

The transfer of the User’s Personal Data will be carried out to the United Kingdom (UK) or to the European Economic Area (EEA). Any transfer of the User’s Personal Data to countries outside the European Union, and, specifically, to countries in which subsidiary companies of Nadara operate, may take place where necessary for Contractual Purposes or Business Legitimate Interest Purposes, or for example, if the Data controller decides to set up its servers or company databases outside the UK or EEA, or to outsource services to entities established abroad. In any event, such a transfer will take place in compliance with the guarantees provided by the applicable regulations and in compliance with the provisions of article 44 and subsequent articles of the Privacy Law.

The User has the right to obtain a copy of the guarantees based on which the Data is transferred and to be made aware of the location where these Data were made available. You may do so by sending a request to the Data Controller at the address mentioned in paragraph 9 of this privacy policy.

7. DATA PROTECTION RIGHTS

With regard to their Personal Data, the Users may at any time exercise their right to (a) obtain the confirmation of the existence of Personal Data concerning them and receive copies of such data; (b) find out where the Personal Data come from, the purposes for which data were processed, and the methods used, as well as the logic behind processing carried out by electronic means; (c) request that the Personal Data are updated, accurate and – if they want – complete; (d) obtain the erasure, transformation into anonymous format or blocking of data processed in violation of the law, as well as object to the processing on legitimate grounds; (e) withdraw consent to the processing of their Personal Data, without prejudice to the lawfulness of the processing which occurred before consent was withdrawn; (f) request that the Company restrict the scope of the data processing; (g) object to the processing of their Personal Data; (h) request that their Personal Data are erased, without undue delay, and (i) obtain a portable version of their Personal Data. These rights are exercised by sending a letter to the address mentioned in paragraph 9.

You will have the right to file a complaint with the supervisory authority, where permitted.

You can find the contact details of your local authority here https://www.edpb.europa.eu/about-edpb/about-edpb/members_en if you are in the EU or EEA. In the UK, this is the Information Commissioner’s Office https://ico.org.uk/

8. DATA CONTROLLER’S CONTACT DETAILS

Should the Users have doubts about this privacy policy, or should they want to exercise one of the data protection rights contained in this privacy policy, they may contact the Company at the following address [email protected]

9. PERSONAL DATA STORAGE PERIOD

The Company will process the Personal Data for a period which is considered necessary in order to satisfy the purposes for which they were collected, as per paragraph 3 above. In any event, the following storage periods apply to the processing of Personal Data as follows, in accordance with the aims pursued:

  • data collected for Contractual Purposes are kept for the whole duration of the contract entered into with the Company and/or whilst the Company’s services are being used, and for a further 10 years after the termination of the contract and/or the termination of the service for the purposes of the defence of a right and/or to exercise a right of the Company in court and/or out of court, in the event of disputes relating to the execution of the contract and/or the performance of the service;
  • data collected for Legal Obligation Purposes are kept for a period that is equal to the duration prescribed by law for each type of data;
  • data collected for Marketing Purposes are kept for a period equal to the entire duration of the service, as well as for the 2 years following the termination of the service;
  • data collected for Business Legitimate Interest Purposes are kept for 10 years from the time of collection.
  • data collected for recruiting and staff selection purposes will be processed for the time necessary to handle User’s application and stored up to a maximum of 12 months.

10. MINORS

The Site should not be used by minors. If the User is a minor, they are not allowed to continue browsing and using the Site.

11. THIRD PARTY WEBSITES

Since the Site may allow access to sites owned and operated by third parties, we point out that the Privacy Policy does not apply to such third party websites and the Data Controller is not responsible for the personal data processing activities carried out by said third parties who act as autonomous data controllers. In these cases, we suggest that you carefully read the privacy policies of said third party sites.

12. MODIFICATIONS AND UPDATES

This privacy policy enters into force on the date mentioned above. However, the Company may – with prior notice – make changes and/or additions to the privacy policy, also because of the potential ulterior legal modifications and/or additions. The changes will be published on the Site and, if substantial, communicated to you by e-mail. The Company therefore invites you to visit this section regularly.

13. ADDITIONALS

To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents, we use the consent tool “Real Cookie Banner”. Details on how “Real Cookie Banner” works can be found at https://devowl.io/rcb/data-processing/.

The legal basis for the processing of personal data in this context is Art. 6 (1) lit. c GDPR and Art. 6 (1) lit. f GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.

The provision of personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide personal data. If you do not provide the personal data, we will not be able to manage your consents

This privacy policy is effective as of July 2024.

GDPR Cookie Consent with Real Cookie Banner