The General Data Protection Regulation of the European Union ("GDPR"), in force since 25 May 2018, reinforces the rights of individuals with regard to their personal data and aims to standardise data protection rules in the various European countries.
Enel Energia has always cared about your privacy and the protection of your data, and wants you to feel secure in case you have provided us with personal information or decide to do so to take advantage of our services.
We work continuously to make processing and systems increasingly secure, and to meet the needs of our customers by making them aware of their rights.
For an even better service, update your contact details!
You can do it directly:
Find all relevant information on data protection in the dedicated section
Personal data is any information concerning an identified or natural person. The physical person to whom the personal data being processed refer is defined as the "data subject". An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity.
Personal data are, for example: identification or registry data (name, surname, tax code, address), contact details (email, telephone number), consumption or payment data.
Processing of personal data means any operation, or set of operations, which is performed on personal data or on sets of personal data, whether by automated means or not, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The policy is the communication that must always be made, orally or in writing, to the data subject, at the time the data are collected, to inform them of the purposes and methods of processing, the mandatory or optional nature of the provision of data and any consequences of the failure to provide them, the details of the Data Controller and any Data Processor, the subject, or categories of subjects, to whom the personal data may be communicated and the rights of the data subject.
On our website, in the Privacy section, you will find the information on the processing of personal data pursuant to art. 13 of EU Regulation 2016/679 (GDPR) as well as additional information related to the theme of cookies.
The legal basis of the processing is constituted by the contract that you have concluded and its execution, as well as by the express consent to the processing of the data expressed by you during the signing of the contract itself and/or access to the online services displayed on the websites of the Data Controller.
Consent is not necessary in the event that the processing of data is connected to the provision of services requested from Enel Energia, to perform obligations arising from a contract, to fulfil, before the conclusion of the contract, your specific requests or if necessary to fulfil an obligation under the law.
For the promotion of commercial or promotional offers by Enel Energia or third-party companies or for profiling (for example, consumption preferences), your consent is always required. In these cases, therefore, treatment is possible only if free, informed, specific and unequivocal consent has been given in advance.
It is possible at any time to revoke your consent, by sending a request to: firstname.lastname@example.org or by accessing the Reserved Area.
The Data Controller is the subject who bears the responsibility for the decisions regarding the purposes and methods of processing personal data; they are also required to implement the appropriate technical and organisational measures to ensure the protection of personal data. For Enel Energia, the Data Controller is Enel Energia SpA, with registered office in Viale Regina Margherita 125 - 00198 Rome.
The Data Processor: a natural or legal person, public authority, service or other body which processes personal data on behalf of the Data Controller.
The GDPR has expanded and strengthened the rights that the data subject may exercise in relation to their personal data. In particular, the data subject has the right to:
- access and request a copy;
- request correction;
- request cancellation;
- obtain a processing restriction;
- object to the processing;
- receive data in a format that is structured, commonly used and readable by an automatic device;
- not be subjected to a decision based solely on automated processing.
To exercise the rights provided by the GDPR it is possible to send a communication to the dedicated mailbox: email@example.com.
The GDPR has introduced a new figure to protect the rights of the data subject regarding the processing of personal data: the Data Protection Officer ("DPO") or Data Protection Manager ("DPM").
In order to offer you an easy point of contact, Enel Energia has appointed its own Data Protection Officer ("DPO"), who can be contacted at the email address: firstname.lastname@example.org, for all matters relating to the processing of your personal data and the exercising of your rights.
The Personal Data Protection Authority is an independent administrative authority established to ensure the protection of fundamental rights and freedoms and respect for dignity in the processing of personal data.
The Guarantor's task is to check that the processing of personal data complies with laws and regulations and, where appropriate, prescribe to the owners or managers the measures to be taken to correctly carry out the processing.
The data subject has the right to lodge a complaint with the Guarantor for the Protection of Personal Data, using the following methods: