The main elements of the Privacy Policy of this website are described below.
Personal data (‘Data’) can be defined as any information relating to an identified or identifiable natural person (e.g. personal data, telephone number and e-mail address, location data, characteristics relating to physical, physiological, genetic, mental, economic, cultural or social identity).

Any Data shall be processed only with the express consent of the user of the site at the time of the voluntary transmission thereof by the user, exclusively for the purposes set forth in this Policy, in an adequate, lawful, correct and transparent manner and, in any case, in compliance with the relevant Italian and European laws in force.

7 Seas Med srl (hereinafter, 7 Seas Med) manages the data provided by the users while browsing in compliance with the prescriptions of the European Regulation 2016/679 (hereinafter GDPR).

The management procedures of the website www.diventoenergia.it (reference website for the remote communication techniques offered by 7 Seas Med) in relation to the processing of website user personal data are described below. The Privacy Policy is relative only to this website and does not concern any other websites connected by links and visited by the user.

7 Seas Med informs the website user of the purposes of and procedures for processing of the personal data. If the user requests registration in reserved areas of this website, he/she will receive a further information notice in relation to processing of the data provided for said purpose.

1. Data Controller
   Data Controller is 7 Seas Med srl with its registered office in Corso Venezia 5, 20121 Milano. The Data Controller, without prejudice to its full responsibility towards the consumer, reserves the right to appoint one or more data processors to process consumers’ Data on its behalf. The Data Controller may appoint as data processor an entity that provides sufficient guarantees to implement technical and organisational measures to ensure the protection of the consumers’ rights. The Personal Data Protection Officer can be contacted at the following email address privacy@7seasmed.it
   
2. Sources and type of data processed
   We do not automatically collect any Data. Personal data held by 7 Seas Med are only collected from customers directly, including via the use of remote communication techniques (such as the website and the web services within it), or from third parties, for example General Government, Public Registers, Chambers of Commerce, Databases of private companies. If 7 Seas Med acquires data from external companies for the purposes of commercial information, market research, direct offers of products and services, an information notice will be provided when the data is registered, or, in any case, no later than the first communication.
   The data processed by 7 Seas Med can include personal information (first name, surname, date of birth, address, image, sex, marital status, tax identification no., etc.) and contact information. Moreover, the IT systems and software procedures responsible for the functioning of this website acquire some personal data during normal operation; the transmission of this data is implicit in the use of the Internet communication protocols.
   This information is not collected to be associated with identified data subjects but could, due to its very nature, by processing and associations with data held by third parties, allow identification of the users. This data category includes the IP addresses or the domain names of the computers used by the users who log on to the website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the dimension of the file obtained in response, the numeric code indicating the server response status (successful, error, etc.) and other parameters relative to the operating system and the user’s IT environment. Finally, in complying with specific requirements relative to the management of the business relationship (for example mandatory communications to the Authorities), and in the case of customer communications, 7 Seas Med may process particular categories of data in accordance with art. 9 GDPR and data relating to criminal convictions and offences in accordance with art. 10 of the GDPR.
   
3. Purpose and legal basis of the data processing
   Apart from what is specified for the browsing data, the user is free to decide whether or not to provide the personal data in the request forms. However, if the user does not provide said data, it may be impossible to satisfy the request. The personal data are processed within the scope of 7 seas Med ‘s normal activities, according to the following purposes.
   • a) Purposes strictly connected with and instrumental to the establishment and management of relations with the customers (e.g.: acquisition of information preliminary to the signing of a contract, execution of operations on the basis of the obligations
     arising from contracts signed by the customers, etc.) pursuant to art. 6 paragraph 1 letter b) GDPR.
   • b) Purposes deriving from legal obligations, regulations, EU law, provisions issued by authorities authorised for the purpose by the law or by supervisory and control bodies (in the case, for example, of the so-called “Money laundering” regulation which requires appropriate checks on the customers, compliance with the directives issued by the Bank of Italy in relation to credit
     activity) pursuant to art. 6 paragraph 1 letter c) GDPR
     Provision of the Data and of the consent to process them for the above purposesis necessary to finalise, carry out or continue the contract relationship with 7 seas Med.
   • c) Purposes related to 7 seas Med’s promotion and commercial information activities, for which the customer is entitled to provide or decline consent pursuant to art. 6 paragraph 1 letter a) GDPR.
     Provision of the Data and of the consent to process them for the purposes specified in point c) is optional and the relative processing is subject to prior express consent being provided. Failure to provide consent to the processing will impede the promotion activity in question but will not in any way be prejudicial to the Data Subject.
     
4. Data processing method
   In relation to the purposes specified, the Data are processed by means of IT and telematic instruments using logic appropriate for the purposes and, in any case, in order to guarantee the security and confidentiality of said data. Protection is also ensured in the presence of innovative instruments introduced by 7 seas Med.
   
5. Storage of personal data and duration
   Data will only be stored for the time necessary for the purposes for which they are collected, in accordance with the principle of minimisation pursuant to art. 5.1.c) GDPR and provided that such purposes do not cease to be lawful under applicable law.With reference to promotional and marketing purposes, for a period of time not exceeding 24 months. 7 seas Med may also store some data after the termination of the relationship, according to the time necessary for carrying out specific contractual or legal requirements and for administrative, fiscal and/or contributory purposes, for periods of time imposed by laws and regulations in force, and for the time necessary to assert any legal claims. In any case, the data are not only processed in compliance with the current law but also according to principles of confidentiality inherent in the performance of financial activity, on which 7 seas Med has always based its operations.. Any Data processed and collected will be kept in a private and protected server located in UE. The Data are processed in such a way as to guarantee adequate security and we adopt, for their protection, technical and organisational measures capable of preventing unauthorised or unlawful processing, loss, destruction or accidental damage to the Data.
   
6. Categories of entities with whom your data may be shared
   In the pursuit of the above purposes, 7 seas Med may share your personal data with third parties if said data communication operations are instrumental to the services requested and provided. Your data may be shared with managers of private credit information systems. Your data may also be shared with guarantors, if relevant to the existing guarantee relationship. Your data may also be shared with companies forming part of the group, for administrative and accounting purposes, and to third parties in compliance with legal requirements.
   Other than these cases, 7 seas Med needs to communicate your personal data to external parties in the following categories:
   • subsidiary or affiliate companies;
   • public or private subjects that take on financial risks for the purpose of prevention of insolvency risk as established by the law;
   • entities that carry out banking, financial and insurance services, including subjects involved in the management of payment systems, tax offices and treasuries;
   • entities that provide services for management of the IT system, including the Divento website, web applications and telecommunications networks (including email);
   • entities that carry out activities of transmission, enveloping, transport and handling of communications with the customers;
   • entities who carry out archiving and storage activities, including IT, of the documentation relative to relations with thecustomers;
   • credit collection companies;
   • persons, companies, associations or professional practices that provide services or assistance and consulting activities to 7 seas Med, with particular but not exclusive reference to accounting, administrative, legal, fiscal and financial questions;
   • entities who perform control, auditing and certification of the activities carried out by 7 seas Med also in the interests of the customers;
   • companies that organise securitisation operations pursuant to law n. 130/99, in all its aspects and operating phases
   • The entities belonging to the aforementioned categories perform the function of Data Supervisor or operate totally autonomously as distinct Data Controllers.
     
7. Transfer of data outside the EU
   With regard to any transfer of the Data to third countries, 7 seas Med will carry out the processing in accordance with the procedures permitted by the current law, such as consent of the Data Subject, adoption of standard clauses approved by the European Commission, selection of subjects adhering to international programmes for the free circulation of data (e.g. EU-USA Privacy Shield) or operating in countries considered safe by the European Commission. Further information can be obtained by explicit request to the Personal Data Protection Officer at the contacts indicated.
   
8. Disclosure of Data for security reasons
   We reserve the right to decrypt, store and disclose any information that we reasonably believe is necessary to (i) comply with requests from Public Authorities (ii) demonstrate the correct implementation of this Policy (iii) combat and prevent fraud or technical problems detrimental to security (iv) respond to requests for assistance sent by the user.
   
9. Change of ownership
   In the event of termination of the Data Controller or bankruptcy, transfer to a third party, change of corporate structure and/or ownership, the Data collected will be saved and protected in accordance with the terms of this Policy or deleted.
   
10. Rights of the Data Subject
    You are informed that art. 15-22 GDPR entitle the Data Subjects to exercise specific rights; the Data Subject can obtain from Divento: access, rectification, erasure, restriction of processing, withdrawal of consent, and portability of the data concerning him/her. The Data Subject also has the right to object to the processing. In the event of the right of objection being exercised, 7 Sea Med reserves the possibility of not following up the request, and therefore continuing the processing, if there are binding legal grounds for proceeding with the processing overriding the interests, rights and freedoms of the Data Subject.
    10.1 Knowledge of Data
    User has the right, at any time, to obtain confirmation of the existence or non-existence of Data concerning him/her, even if not yet recorded, and their communication in intelligible form. User also has the right to obtain the updating, rectification or, when he/she is interested, integration of the Data and to verify its accuracy and to know its content, origin and the duration of the Data storage period.
    10.2 Revocation of consent and deletion of Data
    User has, at any time, the right to request and obtain the cancellation of the Data and to revoke the consent previously given to their processing, without prejudice, in the latter case, to the lawfulness of the processing based on the consent before revocation. Requests for cancellation and revocation must be addressed to the Data Controller and must be able to be made as easily and by the same means by which the consent was given and the data were transmitted.
    10.3 Portability of Data
    The User has the right to receive in a structured, commonly used and machine-readable format the personal data that concern him/her and that have been provided to the Controller in the form and under the terms of this Privacy Policy.
    10.4 Complaint
    The User has the right to lodge a complaint with a supervisory authority if he/she believes that the Privacy Policy or applicable regulations have been infringed by the Data Controller. The above rights can be exercised by sending a request by post to 7 Seas Med srl., Corso Venezia 5, 20121 Milano, FaO. Personal Data Protection Officer, or by email directly to said Officer, via the contacts provided in point 1.
    
11. Data breach
    In the event of a Data breach, Data Controller shall notify the breach to the competent supervisory authority without undue delay and in any case within 72 hours of becoming aware of it. Similarly, if a controller has been appointed and the latter becomes aware of a data breach, it must inform the Controller without undue delay within 72 hours of becoming aware of it. Data Controller must inform the user of any breach in the event of a high risk to the rights and freedoms of natural persons.
    
12. Changes to the Privacy Policy
    We may make unilateral changes to this Privacy Policy if necessary and at any time. In any event, should this happen, you will be informed of any changes by appropriate publicity on this page.
    
13. Relevant legislation and applicable law
    This Privacy Policy complies with the provisions set forth by the relevant Italian law and European law (EU Reg. 679/2016 and in particular articles 13 and 14).
    
14. Contact
    If you have any questions or concerns regarding this Privacy Policy or its implementation, or if you wish to request changes to the collection and/or deletion of your Data, please contact us at privacy@7seasmed.it