Information on processing of personal data
Enel S.p.A., with registered office in Rome, Viale Regina Margherita no. 137, VAT code no. 15844561009 (hereinafter, “Enel” or the “Controller”), in its capacity as Controller, will process Personal Data (as defined hereinafter) in compliance with the provisions of the applicable laws on protection of personal data (articles 13 and 14 of the Regulation (EU) No. 679/2016 – “GDPR” and Legislative Decree no. 196 of June 30, 2003) as well as with this information.
Data Protection Officer (DPO)
The Controller appointed a DPO which can be reached at the following email address: firstname.lastname@example.org.
Object and Modalities of Processing
The Controller will process your identifier personal data (such as name, surname, residence) or the personal data concerning third parties (e.g., sub-delegated or substitutes of proxy holders) both provided by you (“Personal Data”) with respect to the right to attend the Securityholders’ Meeting (hereinafter, the “Meeting”), which is allowed exclusively by means of telecommunications, and to the further activities related to the latter, for example voting and intervening.
For the purposes of this notice, the processing of Personal Data means any operation or set of operations which is performed on Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Processing of Personal Data will be carried out manually and/or with the use of computerized mechanisms and by means of information technology systems.
Purposes and legal basis for processing
Enel will process Personal Data in relation to the proceedings of the Meeting with particular regard to the participation both directly and by proxy in the Meeting, the integration of the agenda and the formulation of questions before the Meeting.
The legal basis for the processing is represented by the Controller’s obligation deriving from the law to grant the exercise by You – also through proxy holders or sub-delegated – of the rights granted by the applicable law in relation to the attendance at the Meeting.
The transmission and the processing of the Personal Data are necessary for the abovementioned purposes. The failure to transmit such Personal Data determines the impossibility to give course to the request from time to time advanced.
Recipients of Personal Data
In compliance with the principle of data minimisation, the Personal Data, for the purposes described above, may be disclosed to:
a) employees and partners of the Controller which are authorised to process personal data before, during and after the Meeting;
b) third companies or other persons in their capacity as autonomous Controllers or that carry out activities on behalf of the Controller in their capacity as Processors.
Transfer of Personal Data
Personal Data will be processed within the European Union and stored on servers located within the European Union. The same data may be processed in countries outside the European Union, provided that an adequate level of protection is guaranteed, recognized by a specific adequacy decision of the European Commission.
Any transfer of Personal Data to non-EU countries, in the absence of an adequacy decision by the European Commission, will be possible only if adequate guarantees of a contractual or contractual nature are provided by the controllers and responsible subjects involved, including binding corporate rules ("Binding Corporate Rules") and standard contractual clauses on data protection.
The transfer of Personal Data to third countries outside the European Union, in the absence of an adequacy decision or other appropriate measures as described above, will be carried out only in the cases provided for by GDPR.
Period for which the Personal Data will be stored
The Personal Data provided will be stored pursuant to the proportionality principle until the purposes of the processing are pursued and, in any case, for a period not exceeding 10 years, and will not be communicated to third parties, except for the purpose of complying with the applicable laws or regulations. Such period, in addition to being consistent with the regulations on appeals against the resolutions of the Shareholders' Meetings, takes into account the provisions of the Issuers' Regulations approved by Consob with Resolution no. 11971 of 14 May 1999 concerning the publication of regulated information on the website of the issuers (see in particular art. 77, paragraph 1-bis, art. 84-quater, paragraph 1).
Rights of data subjects
Under articles 15-21 of GDPR, with reference to the Personal Data provided, it is possible to exercise the following rights:
(i) right to access to and obtain copy;
(ii) right to request rectification;
(iii) right to request erasure;
(iv) right to obtain the restriction of processing;
(v) right to object the processing;
(vi) right to receive the Personal Data in a structured, commonly used and machine-readable format and the right to transmit those data to another controller.
For the exercise of the above-mentioned rights please refer to the following email address email@example.com.
Please note that it is possible to obtain additional information on Personal Data by the Enel’s Data Protection Officer, as indicated above, indicating mandatorily in the subject “Securityholders’ Meeting of Enel S.p.A.”.
We remind You that the applicable laws provide for the right to lodge a complaint with the Italian Data Protection Authority, with registered office in Rome, Piazza Venezia no. 11; Tel. (+39) 06.696771, PEC: firstname.lastname@example.org.