This policy describes the purposes and methods of processing personal data carried out by Ni.Sa. Enginering S.r.l. for users who access and visit the website at https://www.nisaenginering.it. Ni.Sa. Enginering S.r.l. is a website that allows users to carry out all activities related to energy requalification, property renovation, and system refurbishment, including preliminary and executive design activities aimed at obtaining certifications that determine the suitability of the property. This privacy policy applies only to the Ni.Sa. Enginering website and not to other websites that the user may visit via external links, in compliance with Regulation (EU) 2016/679, Directive 2002/58/EC, and Legislative Decree 196/03. The Data Controller is Ni.Sa. Enginering S.r.l., with registered office in Nola (NA), Foggia, Italy. Personal Data Collection and Processing We collect and process personal data in various ways through our website: Personal Data voluntarily provided by the user: We collect the user's personal data when they actively provide it, such as when contacting us to inquire about our services or when submitting a CV to participate in our recruitment process. Personal Data related to the creation of a personal profile: For users who wish to create a personal profile, the Company may process the following data: personal details (name, surname, date of birth), contact information (email address, phone number, residential or home address). Personal Data collected through the use of the Website: We automatically collect some personal data during the user's navigation and use of the Website. In the case of cookies, when tracking is not strictly necessary for the operation of the Website, Ni.Sa. Enginering S.r.l. will request the user's prior consent. Types of Processed Personal Data User Information: If a user requests information about the services offered, we may use their data to recontact and respond. In these cases, we may process personal and contact information (e.g., name, surname, email address, and phone number voluntarily provided). Location Data: We may estimate the user's location based on their IP address. Site Management Data: We may receive user tracking information through cookies installed on our website. If such information is not essential for the functioning of the site, we will request prior consent. Automatically Collected Information When a user visits our website using a smartphone, computer, or mobile device, we may automatically collect information about how the site is accessed and used, as well as data about the user’s device. This helps improve user experience and allows us to monitor and update the site. This data may be collected using various tracking technologies including cookies, pixels, web beacons, embedded scripts, location identification tools, and similar technologies. Users can accept or decline these technologies by changing their browser's privacy settings. Automatically collected data may be combined with personal data directly provided by users. Automatically collected data includes: Personal data related to user interactions with the site Information about devices used to access and interact with Ni.Sa. Enginering S.r.l. We do not collect or process the following special categories of personal data: Racial or ethnic origin Political opinions Religious or philosophical beliefs Health or medical conditions Criminal background Trade union membership Genetic or biometric data Sexual life or orientation Purposes of Data Processing User data is processed through our website for the following purposes: a. To allow users to request a quote To enable users to request a quote via the forms on the site. Legal basis: pre-contractual measures upon user request. b. To provide the Company’s services User data may be processed to deliver the contractual services offered, such as estimates, property appraisals, consultancy, and other services provided via the website. Legal basis: performance of contractual obligations or pre-contractual measures. c. Work with us To allow users to submit spontaneous applications or apply for open positions. We may also involve recruiting agencies or professionals acting as independent data controllers. Legal basis: pre-contractual measures. We advise users to submit only the data essential for the selection process. The Data Controller does not collect special categories of data at this stage. In the case of membership in protected categories, only indicate that fact, without additional details. d. To ensure the website’s technical functionality We collect and use user data to technically manage and ensure the correct operation of our website. Personal data may also be used to respond to technical complaints or reports. Legal basis: our legitimate interest in maintaining the site's proper technical operation. With explicit user consent, data may be shared with our business partners. e. To inform users of changes to the website’s terms and this Privacy Policy We may send updates on changes to the website's terms of use and provide this privacy policy. Legal basis: our legitimate interest in informing users of relevant changes in advance. f. Compliance with legal obligations To comply with legal obligations, including orders from government authorities, even outside the user's country of residence, when such disclosure is legally required. Legal basis: compliance with legal obligations. g. To prevent fraud and abuse We use information about fraudulent or criminal activity in relation to the use of our services to detect and prevent such misconduct. Legal basis: our legitimate interest in protecting our organization from fraud. h. Legal protection of our interests To protect our business operations, rights, and the security of personal data processed through the site, and to pursue legal remedies or limit liability. Legal basis: our legitimate interest in protecting our business. Transfer of Personal Data In addition to authorized personnel, personal data may, where necessary, be shared with: Our partners and professionals who support us in technical or legal matters (e.g., law firms, IT companies, consultants in administrative, commercial, and accounting fields) Competent public and judicial authorities for the prevention of fraud or illegal acts User data may also be shared with other companies in the Renovars group acting as joint controllers for commercial and marketing purposes, or for service provision under intra-group agreements. A detailed list of recipients is available upon request by sending an email to the address provided in this privacy policy. User Rights Regarding Personal Data Under Articles 15 and 16 of the GDPR, users have the right to: Access: Obtain confirmation of the existence of personal data and access related information Data portability: Receive personal data in a commonly used format and transfer it to another data controller Rectification: Correct inaccurate or incomplete personal data without undue delay Under Articles 17, 18, and 21 of the GDPR, users also have the right to: Erasure: Request deletion of personal data in specific circumstances Restriction: Limit data processing where applicable Objection: Object to data processing for legitimate reasons Anonymization: Request anonymization or blocking of unlawfully processed data