Privacy policy

Privacy policy pursuant to Article 13 of Regulation (EU) 2016/679 (“GDPR”) and the Privacy Code

titolare-trattamento-dati-personali_48px
Data Controller

Enel S.p.A., with registered office at Viale Regina Margherita no. 137, 00198, Rome, VAT no. 15844561009, Tax Code 00811720580 (hereinafter, "Enel" or the "Data Controller"), as Data Controller, will process your Personal Data - provided through the site www.enel.com (hereinafter, the "Site") - in accordance with the provisions of the applicable data protection law and this Privacy Policy. When you subscribe to or access the various services, you will be informed of the names of any further data controllers and data processors.

data-protection-officer_48px
Data Protection Officer (DPO)

The Controller has appointed a DPO who can be contacted by clicking here.

fonte-dati-personali_48px
Processing purpose and method

The Controller will process your Personal Data, specifically contact data or navigation data ("Personal Data"), communicated by you or lawfully obtained by the Controller as described below:

  • Contact data: first name, last name, e-mail address, telephone number, the content of the message you send us and other personal data that you may have provided during your communications with us. We will process this Personal Data if you ask us questions, request information from us or send us communications of various kinds. The processing of this Personal Data is necessary for the purpose of replying to communications received or requests made by you. The provision of further personal data is optional.
  • Browsing data: in the course of their normal functioning, the computer and telematic systems and software procedures for the operation of the Site acquire certain data: for example, the date and time of access, the pages visited, the name of the Internet Service Provider and the Internet Protocol (IP) address through which you accessed the Internet, the Internet address from which you connected to our site, etc. The transmission of this data is implicit in the use of web communication protocols or is useful to improve the management and optimisation of the system for sending data and e-mails.

Processing of Personal Data for the purposes of this Policy means any operation or series of operations carried out with or without the assistance of automated processes and applied to Personal Data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Please note that such Personal Data will be processed manually and/or with the support of IT or data transmission devices.

The Controller has implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of the GDPR, aimed at preventing and counteracting the loss of Personal Data, as well as unlawful or incorrect use and unauthorized access.

finalita-base-giuridica-trattamento_48px
Processing purpose and legal basis

Enel will process your Personal Data for the achievement of specific purposes and only when there is an appropriate legal basis provided by the applicable data protection law. Specifically, Enel will process your Personal Data only when one or more of the following legal bases apply:

a) free, specific, informed, unequivocal and express consent to the processing,

b) performance of a contract to which you are a party, or the execution of pre-contractual measures adopted on your request;

c) legitimate interest of Enel;

d) a legal obligation to process Personal Data.

The following chart lists the purposes for which your Personal Data are processed by the Controller and the legal basis on which the processing is based. 

Purpose of processing Legal basis
Allowing the use of all functionalities of the Site
Enforcement of a contract
Monitoring the proper functioning of the Site
Enforcement of a contract


Ascertaining liability in the event of digital crimes to the damage of the Site; detecting, preventing, mitigating and ascertaining fraudulent or illegal activities in connection with the services provided on the Site; carrying out security checks required by law
Legitimate interest
Providing feedback on a question or request made by the data subject


Enforcement of pre-contractual measures adopted at the request of the data subject  Legitimate interest
Organising institutional-type events

Legitimate interest

The provision of your Personal Data is necessary in all cases where the processing is carried out on the basis of a legal obligation or in order to perform a contract to which you are a party, or the execution of pre-contractual measures adopted upon your request. Your refusal may imply that Enel may not be able to carry out the purpose for which your Personal Data is collected.

destinatari-dati-personali_48px
Recipients of Personal Data

Your Personal Data may be made accessible for the purposes mentioned above:

  • employees and contractors of Enel, in their capacity as persons authorised to process data for the performance of activities of an organisational, administrative, financial and accounting nature;
  • third-party companies or other entities who carry out outsourcing activities on behalf of Enel, in their capacity as data processors or autonomous data controllers. 

 

trasferimento-dati-personali_48px
Transfer of Personal Data

Your Personal Data will be processed within the European Union and stored on servers located within the European Union. The same data may be processed in countries outside the European Union, provided that an adequate level of protection is guaranteed, recognized by a specific adequacy decision of the European Commission.

Any transfers of Personal Data to non-EU countries, in the absence of a European Commission adequacy decision, will only be possible if Data Controllers and Data Processors involved provide adequate guarantees of contractual nature, including Binding Corporate Rules and Standard Contractual Clauses.

The transfer of your Personal Data to third countries outside the European Union, in the absence of an adequacy decision or other appropriate measures as described above, will be made only if you have explicitly consented to it or in the cases provided for by the GDPR and will be processed in your interest. In these cases, we inform you that, although the Enel Group adopts operating instructions common to all the countries in which it operates, the transfer of your Personal Data may be exposed to risks related to the peculiarities of local legislation regarding the processing of Personal Data.

periodo-conservazione-dati-personali_48px
Period of retention of Personal Data

The Personal Data being processed for the abovementioned purposes will be retained in compliance with the principles of proportionality and necessity and, in any case, until the purposes of the processing have been achieved. 

diritti-interessati_48px
Data Subject rights

Pursuant to Articles 15 to 22 of the GDPR, in relation to the Personal Data provided, you have the right to:

a) access them and request a copy;

b) request amendment;

c) request cancellation;

d) obtain processing limitation;

e) oppose processing;

f) receive your data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance, where technically feasible.

To withdraw your consent, and object the processing of your Personal Data carried out on the basis of your legitimate interest, in order to exercise your rights, as well as for further information concerning your Personal Data, you may contact Enel's Data Protection Officer, who can be reached by clicking here.

You also have the right to submit a complaint to the Italian Data Protection Authority. We would like to inform you that in Italy you may submit a complaint to the Italian Data Protection Authority (Garante per la protezione dei dati personali), using whichever of the following methods you deem most appropriate:

a) hand delivery to the offices of the Italian Data Protection Authority (at the address indicated below;

b) registered mail with return receipt addressed to: Garante per la protezione dei dati personali, Piazza Venezia, 11 - 00187 Roma;

c) certified electronic mail addressed to: protocollo@pec.gpdp.it