Privacy Policy in compliance with article 13 of EU Regulation 2016/679 (“GDPR”) and the Data Protection Code

Data Controller

The Data Controller, Enel S.p.A., which has its legal headquarters at Viale Regina Margherita no. 137, 00198, Rome, VAT no. 00934061003, tax no. 00811720580 (hereafter referred to as “Enel” or the “Controller”), will process your personal data in compliance with applicable current personal data protection legislation, and this privacy policy.

Data Protection Officer (DPO)

The Data Controller has appointed a Data Protection Officer (DPO) who can be contacted at the following email address:

Purpose and Method of Processing

The Controller will process personal data, such as emails, communicated by you or legitimately collected by the Controller as part of the Play Energy project. In the context of this privacy policy, Personal Data processing refers to any operation or group of operations carried out with or without the use of automated processes and applied to Personal Data, such as collection, recording, organising, structuring, storing, adapting or altering, extraction, consultation, use, communication through transmission, dissemination or any other available means, comparison and interconnection, restriction, erasure or destruction. Please be informed that these Personal Data will be processed manually and/or using computer or electronic means.

Purposes and legal basis of processing

Enel will process your Personal Data in order to provide you with the newsletter service and to keep you informed about initiatives relating to the Play Energy project. The legal basis for said processing is the contract i.e. the newsletter service you signed up for when you registered. Your Personal Data will be processed within the European Union and stored on servers located within the European Union. Said data may, however, be processed in non-EU countries on condition that a suitable level of data protection has been confirmed on the basis of a European Commission adequacy decision. Any potential transfers of Personal Data to non-EU countries without a European Commission adequacy decision will only be possible if the Controllers or DPOs can provide contractual guarantees, in the form of, among others, Binding Corporate Rules and standard data protection clauses. 

In the absence of an adequacy decision or the other suitable protection measures described above, your Personal Data will only be transferred to third countries outside the European Union if you give your explicit consent or in cases provided for under GDPR, and will be processed in your interest. In such cases, however, despite the fact that the Enel Group adopts operating instructions shared by all the Countries in which it operates, the transfer of your Personal Data may be subject to risks relating to local Data Protection legislation peculiarities.  

Personal Data Recipients

Your Personal Data may be made accessible for the aforementioned purposes, to: 

a)         the employees and collaborators of the Controller and to Enel Group companies located within the European Union;

b)        third party companies or other subjects (“Third Parties”) to which the Controller outsources work, in their role as external data processors, and to the physical persons charged with the processing.

Period for which your Personal Data will be held

Personal Data processed for the purposes described above will be held in compliance with the principles of proportionality and necessity, and, in all cases, until the purposes of the processing have been completed.

Rights of the Data Subject

Under articles 15 – 21 of EU Regulation 2016/679 (GDPR), you have the right in relation to the Personal Data you provide: to access and request a copy; to request rectification; to request erasure; to obtain restriction of data processing; to object to processing; to receive said data in a commonly used structured form readable on an automatic device.

To exercise your rights, please write to the Controller at this email address:

Please note that you have the right to make a complaint to the Italian Personal Data Authority, Piazza Venezia 11, Rome.