The Controller has appointed a DPO who can be contacted by clicking here.
The Controller will process your Personal Data, specifically contact data or navigation data ("Personal Data"), communicated by you or lawfully obtained by the Controller as described below:
- Contact data: first name, last name, e-mail address, telephone number, the content of the message you send us and other personal data that you may have provided during your communications with us. We will process this Personal Data if you ask us questions, request information from us or send us communications of various kinds. The processing of this Personal Data is necessary for the purpose of replying to communications received or requests made by you. The provision of further personal data is optional.
- Browsing data: in the course of their normal functioning, the computer and telematic systems and software procedures for the operation of the Site acquire certain data: for example, the date and time of access, the pages visited, the name of the Internet Service Provider and the Internet Protocol (IP) address through which you accessed the Internet, the Internet address from which you connected to our site, etc. The transmission of this data is implicit in the use of web communication protocols or is useful to improve the management and optimisation of the system for sending data and e-mails.
Processing of Personal Data for the purposes of this Policy means any operation or series of operations carried out with or without the assistance of automated processes and applied to Personal Data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Please note that such Personal Data will be processed manually and/or with the support of IT or data transmission devices.
The Controller has implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of the GDPR, aimed at preventing and counteracting the loss of Personal Data, as well as unlawful or incorrect use and unauthorized access.
Enel will process your Personal Data for the achievement of specific purposes and only when there is an appropriate legal basis provided by the applicable data protection law. Specifically, Enel will process your Personal Data only when one or more of the following legal bases apply:
a) free, specific, informed, unequivocal and express consent to the processing,
b) performance of a contract to which you are a party, or the execution of pre-contractual measures adopted on your request;
c) legitimate interest of Enel;
d) a legal obligation to process Personal Data.
The following chart lists the purposes for which your Personal Data are processed by the Controller and the legal basis on which the processing is based.
|Purpose of processing
Allowing the use of all functionalities of the Site
Enforcement of a contract
Monitoring the proper functioning of the Site
Enforcement of a contract
Ascertaining liability in the event of digital crimes to the damage of the Site; detecting, preventing, mitigating and ascertaining fraudulent or illegal activities in connection with the services provided on the Site; carrying out security checks required by law
Providing feedback on a question or request made by the data subject
Enforcement of pre-contractual measures adopted at the request of the data subject
Organising institutional-type events