Skip to Content

Privacy policy

1. Data controller

1.1. The Data Controller, PPC Advanced Energy Services România S.R.L., with headquarters in Bucharest, Bd. Mircea Voda no.30, room 4.11, floor 4, phone +40 372 115 694, fiscal registration code RO40645170, unique registration number J40/1952/ 15.02.2019hereafter referred to as “PPC” or the “Controller” will process the personal data you provided through the www.enelx.com/ro/ website (hereafter the “Website”) in compliance with applicable current privacy and personal data protection legislation, and this privacy policy.


PPC Advanced Energy Services Romania S.R.L. is actively engaged in a continuous activity of updating the content of this website. Should any of the texts, information, data published and links to other sites prove to be inaccurate, incomplete or out of date, readers are informed that this content exists for information purposes only and has no official value.


PPC Advanced Energy Services Romania S.R.L. is not liable for errors or omissions of any kind or for any direct, indirect or incidental damages that may arise from accessing or using the information published on the site or from accessing or using any material found on other sites. 


1.2. When you subscribe to the various services or to gain access to the aforementioned, you will be given the names of any further Data Controllers or Data Processors. 


2. Data protection officer (DPO)

2.1. The Data Controller has appointed a Data Protection Officer (DPO) who can be contacted at the following email address dpoenelx.ro@enel.com.



3. Purpose and method of processing

3.1. Enel will process the personal information you provide us or which has been legitimately collected by the Controller (“Personal Data”). The following Personal Data in particular will be processed:  


3.1.1. Navigation data: the IT and electronic communications systems and software procedures put in place to allow the Website to function, will, in the course of their normal work, collect certain data (e.g. access date and time, pages visited, name of the Internet Service Provider and Internet Protocol (IP) address you use to access the internet, the internet address from which you connect to our Website, etc.), the transmission of which is implicit in the use of web communications protocols or is pertinent to effective management or optimisation of the data or email sending system. 


3.2. In the context of this privacy policy, Personal Data processing refers to any operation or group of operations carried out using automated processes and applied to Personal Data, such as collection, recording, organisation, structuring, conservation, adaptation or modification, extraction, consultation, use, communication through transmission, dissemination or any other available means, comparison or interconnection, restriction, erasure or destruction.   


3.3. Please be informed that this Personal Data will be processed manually and/or using IT or electronic support.


4. Purpose and legal bases of precessing


4.1. Enel will process your Personal Data for very specific purposes and only if there is a specific legal basis provided for under applicable personal data protection and privacy legislation. Specifically, Enel will process your Personal Data only when one or more of the following legal requirements has been met:

  •  you have freely given your specific, informed, unambiguous and affirmative consent to the processing of said data;

  •  the processing is necessary to the performance of a contract to which you are a party or to take pre-contractual measures at your request;

  •  for the purposes of the pursuit of Enel’s legitimate interests;

  •  Enel has a legal obligation to process said Personal Data.  


4.2. The following table lists the purposes for which your Personal Data can be processed by the Controller and the legal bases for said processing.


Purpose of Processing

Legal basis

To allow you to use all of the Website’s functionalities
Performance of a contract
To check that the Website is functioning correctly.
Legitimate interest
To establish responsibility in the case of cyber crime that has caused damage to the Website; the detection, prevention, mitigation or verification of fraudulent or illegal activities relating to the services provided on the Website; the performance of security controls required under law.
Legitimate interest
To respond to a query or a request from the Data Subject
Implementation of pre-contractual measures adopted at the request of the Data Subject
Direct marketing
Consentment of the Data Subject


4.3. The provision of your Personal Data is necessary in all instances in which processing is a legal requirement or necessary to the performance of a contract to which you are a party or to the implementation of pre-contractual measures adopted at your request. Excepting your refusal regarding the marketing agreement, a refusal on your behalf to make available your personal data mentioned at the 3.1.1 section may make it impossible for Enel to perform the task for which your Personal Data has been collected.


4.4. The provision of your Personal Data, however, for direct marketing processing activities, is voluntary and failure to give your consent in such cases will have no effect on the completion of the contract.  The obligatory or optional nature of the provision of data will be specified at the moment of its collection.


5. Personal data recipients

5.1. Your Personal Data may be made accessible for the abovementioned purposes, to:  


a) employees and staff of the Controller who, for that purpose, have been tasked with data processing, or of the company for the implementation of organisational, administrative, financial and accounting activities.


b) to third party companies or other subjects to which the Controller outsources work required  to allow the Website to function,  in their role as external data processors.


b) to third party companies or other subjects to which the Controller outsources work required  to allow the Website to function,  in their role as external data processors.

6. Transfer of personal data

6.1. Your Personal Data will be processed within the European Union and stored on servers located within the European Union. The same data may be processed in countries outside the European Union, provided that an adequate level of protection is guaranteed, recognized by a specific adequacy decision of the European Commission.


Any transfers of Personal Data to non-EU countries, in the absence of a European Commission adequacy decision, will only be possible if the authorized persons and/or Operators involved provide adequate guarantees of contractual nature, including Binding Corporate Rules and Standard Contractual Clauses.


The transfer of your Personal Data to third countries outside the European Union, in the absence of an adequacy decision or other appropriate measures as described above, will be made only if you have explicitly consented to it or in the cases provided for by the GDPR and will be processed in your interest. In these cases, we inform you that the transfer of your Personal Data may be exposed to risks related to the peculiarities of local legislation regarding the processing of Personal Data.


7. Period for wich your data will be held

7.1. Personal Data processed for the purposes described above will be held in compliance with the principles of proportionality and necessity, and, in all cases, until the purposes of the processing have been completed.


7.2. Your Personal Data is legally required to be kept until you withdraw your consent but, in all instances, will be automatically erased after 12 months.  


8. Rights of the data subject

8.1. Under articles 15 – 21 of EU Regulation 2016/679 (GDPR), you have the right in relation to the Personal Data you provide:  

a) To access and request a copy;

b) To request rectification;

c) To request erasure;

d) To obtain restriction of data processing;

e) To object to the processing;

f) To receive in a commonly-used structured form readable on an automatic device and to transmit without impediment said data to another Data Controller in the case that this is technically feasible.  


8.2. Please be informed that you have the right to object at any time to the processing of Personal Data relating to you that is carried out in the pursuit of Enel’s legitimate interests.  


8.3. When you object to the processing of your Personal Data as per article 8.2, the Controller will refrain from further processing your Personal Data, except where convincing legitimate reasons for continuing with the processing have been established or for the verification, exercising or defence of a right in a court of law.


8.4. To exercise your rights and withdraw your consent, please write to this email address: dataprotectionenelx.ro@enel.com.


8.5. For further information relating to your Personal Data, you can contact PPC’s Personal Data Protection Officer at this email address dpoenelx.ro@enel.com. 


8.6. Please note that you have the right to make a complaint to the relevant Personal Data protection authority.  You can find a list of Supervisory Authorities in the EU at: https://edpb.europa.eu/about-edpb/board/members_en


Information notice for candidates issued under Art. 13 of the EU Regulation 2016/679


Information note on personal data processing

DOWNLOADDownload icon