Privacy policy

1.1. The Data Controller, Enel X Romania S.R.L., with headquarters in Bucharest, Bd. Mircea Voda no.30, room 4.11, floor 4, phone +40 372 115 694, Unique registration code RO40645170, Unique registration code J40/1952/ 15.02.2019/ Enel X Mobility România, with headquarters in Bucharest, Bd. Mircea Voda no.30, floor 4, room 4.7, Unique registration code 40645073, Unique registration code J40/1951/15.02.2019 hereafter referred to as “Enel” or the “Controller” will process the personal data you provided through the www.enelx.com/ro/ro/ website (hereafter the “Website”) in compliance with applicable current privacy and personal data protection legislation, and this privacy policy.

1.2. When you subscribe to the various services or to gain access to the aforementioned, you will be given the names of any further Data Controllers or Data Processors. 

2.1. The Data Controller has appointed a Data Protection Officer (DPO) who can be contacted at the following email address dpoenelx.ro@enel.com

3.1. Enel will process the personal information you provide us or which has been legitimately collected by the Controller (“Personal Data”). The following Personal Data in particular will be processed:  

3.1.1. Navigation data: the IT and electronic communications systems and software procedures put in place to allow the Website to function, will, in the course of their normal work, collect certain data (e.g. access date and time, pages visited, name of the Internet Service Provider and Internet Protocol (IP) address you use to access the internet, the internet address from which you connect to our Website, etc.), the transmission of which is implicit in the use of web communications protocols or is pertinent to effective management or optimisation of the data or email sending system. 

3.2. In the context of this privacy policy, Personal Data processing refers to any operation or group of operations carried out using automated processes and applied to Personal Data, such as collection, recording, organisation, structuring, conservation, adaptation or modification, extraction, consultation, use, communication through transmission, dissemination or any other available means, comparison or interconnection, restriction, erasure or destruction.   

3.3. Please be informed that this Personal Data will be processed manually and/or using IT or electronic support.

4.1. Enel will process your Personal Data for very specific purposes and only if there is a specific legal basis provided for under applicable personal data protection and privacy legislation. Specifically, Enel will process your Personal Data only when one or more of the following legal requirements has been met:

•  you have freely given your specific, informed, unambiguous and affirmative consent to the processing of said data;
•  the processing is necessary to the performance of a contract to which you are a party or to take pre-contractual measures at your request;
•  for the purposes of the pursuit of Enel’s legitimate interests;
•  Enel has a legal obligation to process said Personal Data.  

4.2. The following table lists the purposes for which your Personal Data can be processed by the Controller and the legal bases for said processing.

4.3. The provision of your Personal Data is necessary in all instances in which processing is a legal requirement or necessary to the performance of a contract to which you are a party or to the implementation of pre-contractual measures adopted at your request. Excepting your refusal regarding the marketing agreement, a refusal on your behalf to make available your personal data mentioned at the 3.1.1 section may make it impossible for Enel to perform the task for which your Personal Data has been collected.

4.4. The provision of your Personal Data, however, for direct marketing processing activities, is voluntary and failure to give your consent in such cases will have no effect on the completion of the contract.  The obligatory or optional nature of the provision of data will be specified at the moment of its collection.

5.1. Your Personal Data may be made accessible for the abovementioned purposes, to:  

a) employees and staff of the Controller who, for that purpose, have been tasked with data processing, or to Enel Group companies in the European Union for the implementation of organisational, administrative, financial and accounting activities.

b) to third party companies or other subjects to which the Controller outsources work required  to allow the Website to function,  in their role as external data processors.

6.1. Your Personal Data will be processed within the European Union and stored on servers located within the European Union. The same data may be processed in countries outside the European Union, provided that an adequate level of protection is guaranteed, recognized by a specific adequacy decision of the European Commission.

Any transfers of Personal Data to non-EU countries, in the absence of a European Commission adequacy decision, will only be possible if the authorized persons and/or Operators involved provide adequate guarantees of contractual nature, including Binding Corporate Rules and Standard Contractual Clauses.

The transfer of your Personal Data to third countries outside the European Union, in the absence of an adequacy decision or other appropriate measures as described above, will be made only if you have explicitly consented to it or in the cases provided for by the GDPR and will be processed in your interest. In these cases, we inform you that, although the Enel Group adopts operating instructions common to all the countries in which it operates, the transfer of your Personal Data may be exposed to risks related to the peculiarities of local legislation regarding the processing of Personal Data.

7.1. Personal Data processed for the purposes described above will be held in compliance with the principles of proportionality and necessity, and, in all cases, until the purposes of the processing have been completed.

7.2. Your Personal Data is legally required to be kept until you withdraw your consent but, in all instances, will be automatically erased after 12 months.  

8.1. Under articles 15 – 21 of EU Regulation 2016/679 (GDPR), you have the right in relation to the Personal Data you provide:  

a) To access and request a copy;

b) To request rectification;

c) To request erasure;

d) To obtain restriction of data processing;

e) To object to the processing;

f) To receive in a commonly-used structured form readable on an automatic device and to transmit without impediment said data to another Data Controller in the case that this is technically feasible.  

8.2. Please be informed that you have the right to object at any time to the processing of Personal Data relating to you that is carried out in the pursuit of Enel’s legitimate interests.  

8.3. When you object to the processing of your Personal Data as per article 8.2, the Controller will refrain from further processing your Personal Data, except where convincing legitimate reasons for continuing with the processing have been established or for the verification, exercising or defence of a right in a court of law.

8.4. To exercise your rights and withdraw your consent, please write to this email address: dataprotectionenelx.ro@enel.com.

8.5. For further information relating to your Personal Data, you can contact Enel’s Personal Data Protection Officer at this email address dpoenelx.ro@enel.com. It is essential to insert the following subject line  “Privacy” also.

8.6. Please note that you have the right to make a complaint to the relevant Personal Data protection authority.  You can find a list of Supervisory Authorities in the EU at: https://edpb.europa.eu/about-edpb/board/members_en