1. Processing of Personal Information
1.1 Enel X Australia PTY LTD and Enel X New Zealand Limited, with registered offices at Level 18, 535 Bourke Street, Melbourne, VIC 3000 and Level 8, 15-17 Murphy Street, Thorndon, Wellington, New Zealand with business registry 49 104 710 278 and 9429034154472, respectively (hereinafter the "Controllers", “our”, "we" or "us") process personal information in accordance with the provisions of the applicable legislation on privacy and the protection of personal information and this policy (“Privacy Policy”).
1.2 This Privacy Policy explains how the Controllers manage personal information which they collect about you and how to contact the Controllers if you have any queries about the management of your personal information.
1.3 Additional information for individuals located in the European Union is set out in section 11 below.
2. Privacy Officer
2.1 The Controllers have appointed a Data Protection Officer (“DPO”) and a contact for privacy matters in Australia and New Zealand, respectively, who can be contacted at the following e-mail addresses: dpo.enelx@enel.com, comms.enelxapac@enel.com.
3. The kinds of personal information the Controllers collect and hold
3.1 The kinds of personal information the Controllers collect and hold about you will depend on the nature of your dealings with the Controllers and the circumstances of collection. If you deal with the Controllers as a customer, supplier or contractor or you contact them through their website www.enelx.com/au they may collect your name, telephone number, email address and location. If you deal with the Controllers in some other capacity, they may collect your name and contact details and any other information you choose to provide to them. The Controllers may also collect details of the interactions they have with you.
3.2 The Controllers do not generally collect sensitive information (such as health information), and will only collect sensitive information about you with your consent (unless they are otherwise required or authorised by or under law to do so).
4. How the Controllers collect and hold personal information
4.1 The Controllers generally collect personal information about you directly from you, such as when you visit them or interact with them in writing, electronically or by telephone, or when you communicate with them through their website’s contact information field, and such information is stored electronically in a safe and secure manner.
4.2 Sometimes, the Controllers may collect your personal information from third parties. For example, the Controllers may collect personal information about job applicants from third party recruiters.
4.3 The Controllers generally hold personal information in computer systems, including computer systems operated for them by service providers. They take reasonable steps to protect the personal information they hold from misuse, interference and loss, and from unauthorised access, use, modification or disclosure. This includes taking appropriate security measures to protect electronic materials, and requiring their service providers to do so.
4.4 The Controllers take reasonable steps to ensure the personal information they collect, use and disclose is accurate, complete, up to date and relevant. You can help by letting them know about any changes to your personal information, such as changes to your address and phone number.
5. The purposes for which the Controllers collect, hold, use and disclose personal information
5.1 The Controllers collect, hold, use and disclose personal information for a range of purposes, including:
- to respond to inquiries about the products and services they offer
- to supply their products and services
- to manage their relationships with their customers, contractors and suppliers
- for their administrative purposes and internal record keeping
- to provide customer service or technical support, and deal with any complaints or feedback
- to perform research and analysis
5.2 The Controllers may use or disclose your information for other purposes required or authorised by or under law (including purposes for which you have provided your consent).
5.3 The Controllers may use your personal information to contact you with news and information about their products and services. You can let them know at any time if you no longer wish to receive these communications from them, by contacting comms.enelxapac@enel.com or using the opt-out/unsubscribe facility in their communications. Your consent will be deemed if you do not opt out when they offer you the opportunity to do so, and will remain current until you advise them otherwise.
5.4 If the Controllers are unable to collect personal information from or about you, they may not be able to respond to your requests or enquiries or engage in other dealings with you.
5.5 The Controllers may use cookies and analytical tools to collect information about your activities in relation to the Controllers’ respective websites. For more information, please refer to our Cookies Policy.
6. Disclosure of personal information to third parties
6.1 In conducting their businesses, the Controllers may for the purposes outlined above share personal information with each other or disclose personal information to other third parties. These include, where appropriate:
- other related companies of the Controllers
- energy industry regulators
- Transpower, the System Operator
- Electricity Authority
- the Controllers' contracted service providers, including:
- information technology service providers
- marketing and communications agencies
- external business and financial advisors (such as auditors and lawyers).
7. Disclosure of personal information outside Australia and/or New Zealand
7.1 If the Controllers share personal information with each other, that information may be transferred between Australian and New Zealand. Personal information may also be disclosed to other related companies of the Controllers located in other countries, including the US, Canada, India, the UK, Ireland, Poland and Italy.
7.2 The Controllers may also use service providers located overseas to store or process data which includes personal information.
8. Accessing and correcting your personal information
8.1 If you would like to access or correct the personal information the Controllers hold about you, please contact the Data Protection Officer (using the contact details in section 2 above). The Controllers will generally provide you with access to your personal information (subject to some exceptions permitted by law), but may charge an access fee to cover the cost of retrieving the information and supplying it to you.
9. Complaints
9.1 Please contact the Controllers (using the contact details in section 2 above) if you have any concerns or complaints about the manner in which the Controllers have collected or handled your personal information. The Controllers will inquire into your complaint and respond to you in writing within 20 working days. We remind you that it is your right to lodge a complaint before the Competent Data Protection Authority. In Australia, this is the Office of the Australian Information Commissioner (www.oaic.gov.au). In New Zealand, this is the Office of the Privacy Commissioner (https://www.privacy.org.nz/).
10. Additional information
10.1 For further information regarding the management of your Personal Information, please contact the Controllers (using the contact details in section 2 above).
11. Additional information for individuals located in the European Union
11.1 This section 11 applies if either Controller processes your personal data through their website www.enelx.com/au. and you are located in the European Union.
11.2 The Controller, as Data Controller, will process your personal data in accordance with the provisions of the applicable legislation on privacy and the protection of personal data and this section 11.
11.3 When registering for various services or accessing them, the names of any other data controllers and managers will be communicated.
11.4 The Controller has appointed a Data Protection Officer (“DPO”) who can be contacted at the following e-mail addresses: dpo.enelx@enel.com, comms.enelxapac@enel.com.
12. Processing Subject and Methods
12.1 The Controller will process the personal data you have communicated or it has legitimately obtained ("Personal Data"). In particular, the following Personal Data is processed:
§ Contact data: name, surname, e-mail address, telephone number and the content of the message you have sent, and other Personal Data that may have been provided to us during communications. We will process this Personal Data if you ask us questions, request information or send us communications of various kinds.
§ Browsing data: the IT and telematic systems and software procedures used to operate the Site acquire, during their normal operation, certain data (e.g. the date and time of access, the pages visited, the name of the Internet Service Provider and the Internet Protocol (IP) address through which you access the Internet, the Internet address from which you connected to our Site, etc.), whose transmission is implicit in the use of web communication protocols or is useful for the better management and optimisation of the data transmission and e-mail system.
12.2 For the purposes of this Privacy Policy, the processing of Personal Data is intended as any operation or set of operations performed with the aid of automated processes and applied to Personal Data, such as the collection, registration, organisation, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of provision, comparison or interconnection, limitation, cancellation or destruction.
12.3 We inform you that this Personal Data will be processed manually and/or with the aid of computerised and/or telematic means.
13. Purpose and legal basis of the processing
13.1 The Controller will process your Personal Data for the achievement of specific purposes and only in the presence of a specific legal basis provided for by the applicable law on privacy and protection of personal data. Specifically, the Controller will process your Personal Data only when one or more of the following legal bases occurs:
- you have given your free, specific, informed, unequivocal and express consent to the processing;
- the processing is necessary for the execution of a contract of which you are a party or for the execution of pre-contractual measures adopted at your request;
- in the presence of a legitimate interest of the Controller;
- the Controller is bound by a legal obligation to process Personal Data.
13.2 The following table lists the purposes for which your Personal Data is processed by the Data Controller and the legal basis of such processing.