Privacy policy
1. Data Controller
1.1. 3Sun S.r.l., which has its legal headquarters at Contrada Blocco Torrazze no. snc, 95121, Catania - Italy, P. IVA 15844561009, (hereafter referred to as "3Sun" or the "Controller"), will process the personal data you provided through the www.3sun.com (hereafter “Website”) in compliance with applicable current privacy and personal data protection legislation, and this privacy policy.
1.2. More details on the processing activities carried out by other data controllers or processors will be given when subscribing to the various services or accessing them, the names of any additional data controllers and data processors will be communicated.
2. Data Protection Officer (DPO)
2.1. The Data Protection Officer (DPO) can be contacted at the following email address: dpoenelgreenpoweritalia@enel.com
3. Purpose and Method Of Processing
3.1. 3Sun will process the personal information you provide us, or legitimately collected by the Controller (“Personal Data”). More in detail, the following Personal Data will be processed:
3.1.1. Common, Personal and Contact Data: i.e., name, surname, email address, telephone number and content of the message you may sent and other Personal Data that you may have provided during the communication. We will process this Personal Data in case you request information or send us communications of any type. The processing of this Personal Data is necessary to reply to the request or communication received. The provision of any further Personal Data is completely optional..
3.1.2. Browsing data: the IT and telematic systems and software procedures used for the functioning and use of the Site made available by 3Sun, acquire, during their normal operation, certain data (e.g. the date and time of access, the pages visited, the name of the Internet Service Provider and the Internet Protocol (IP) address through which you access the Internet, the Internet address from which you connected to our Site, etc.), whose transmission is implicit in the use of web communication protocols or is useful for the better management and optimization of the data transmission and e-mail system. Further details on the procedures used to collect, through cookies and/or other tracking technologies, the information you provide while browsing the Site can be found in the cookie policy available on the Site itself.
3.2. For the purposes of this privacy policy, the processing of Personal Data means any operation or series of operations carried out on Personal Data, whether by automated means or not, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3.3. Please note that such Personal Data will be processed manually and/or with the support of IT or data transmission devices.
3.4. The Data Controller has adopted technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of the GDPR, aimed at preventing and counteracting the loss of Personal Data, as well as unlawful or incorrect use and unauthorized access.
4. Processing Purpose and Legal Basis
4.1. The Data Controller will process your Personal Data for the achievement of specific purposes and only when there is an appropriate legal basis provided by the applicable data protection law. In particular, the Data Controller will process your Personal Data only when one or more of the following legal bases apply:
- free, specific, informed, unambiguous and express consent to the processing;
- performance of a contract to which you are party or the execution of pre-contractual measures adopted at your request;
- legitimate interest of Data Controller, unless the interests or fundamental rights and freedoms of the data subject prevail;
- legal obligation to process Personal Data to which the Controller is bound.
4.2. The following table lists the purposes for which your Personal Data are processed by 3Sun and the legal basis on which the processing is based.
| Processing Purpose | Legal Basis |
|---|---|
| Allow the use of all the features and check the proper functioning of the Site | Performance of a contract |
| Execution of the security checks required by law and to ascertain responsibilities in the event of cybercrimes against the Site. Detection, prevention, mitigation, and assessment of fraudulent or illegal activities in relation to the services provided on the Site. | Legal obligation |
| Ascertain any responsibility in the event of cybercrimes against the Site; detect, prevent, mitigate and ascertain fraudulent or illegal activities in relation to the services provided on the Site; carry out the security checks required by law. | Legitimate Interest |
| Reply to questions or requests made by the data subject, also by filling in the forms available on the Site (so-called 'lead forms') | Execution of pre-contractual measures adopted at the request of the data subject |
| Sending communications relating to initiatives, projects and events promoted by the Data Controller, which is present in different Countries; depending on the scope of the initiatives carried out, your Personal Contact Data may be managed at central and/or local level. | Legitimate Interest |
4.3. The provision of your Personal Data is necessary in all instances in which processing is based upon legal obligation for the Controller or it is necessary for the performance of a contract to which you are a party, or for the execution of pre-contractual measures adopted at your request. Any refusal to provide your Personal Data may not allow the Controller to process your request.
4.4. The provision of your Personal Data, instead, is optional for any further purpose, and failure to give your consent in such cases will have no effect on the completion of the contract. The mandatory or optional nature of the provision of data will be specified at the moment of its collection.
5. Recipients of Personal Data
To pursue the purposes described in paragraph 4 of this Privacy policy, the Data Controller may need to communicate, in Italy and abroad, including countries not belonging to the European Union, its Personal Data to third parties, in order to execute the Contract, to fulfil legal obligations or to carry out activities instrumental to the provision of the requested services.
Your Personal Data may be made accessible for the abovementioned purposes, to:
a) to employees and contractors of 3Sun, as Authorized Persons to process personal data;
b) the companies of the Enel Group in their capacity as autonomous data controllers or data processors as well as their employees and collaborators specifically appointed as Authorized Persons;
c) third party companies that carry out activities in outsourcing on behalf of the Data Controller, in their capacity as data processors, as well as their employees and associates specifically appointed as Authorized Persons.
The Data Controller provides instructions to the Data Processors and Authorized Persons, if any, for the adoption of adequate security measures to guarantee the confidentiality, security and integrity of the data.
6. Transfer of Personal Data
6.1. Your Personal Data will be processed within the European Union and stored on servers located within the European Union. The same Personal Data may be processed in countries outside the European Union, provided that an adequate level of protection is ensured, as recognized by the European Commission's adequacy decision.
6.2. Any transfer of Personal Data to non-EU countries, in the absence of an adequacy decision by the European Commission, will only be possible if adequate contractual or pactual safeguards, including Binding Corporate Rules and standard contractual clauses, are provided by the data controllers and data processors involved.
6.3. The transfer of your Personal Data to third countries outside the European Union, in the absence of an adequacy decision or other appropriate measures as described above, will only be made where you have explicitly consented to it or in the cases provided for by the GDPR and will be processed in your interest. In these cases, we inform you that, although the Group adopts common operating instructions in all the countries in which it operates, the transfer of your Personal Data may be exposed to risks related to the peculiarities of local legislation on the processing of Personal Data.
7. Period of Retention of Personal Data
7.1. The Personal Data being processed for the abovementioned purposes will be conserved in observance of the principles of proportionality and necessity and, in any case, until the purposes of the processing have been achieved and in accordance with any legal obligations that may be provided for.
7.2. In case you have a contractual relationship with the Data Controller, Personal Data shall be stored and processed as long as there is such contractual relationship and, in any case, for a period of 10 years from the termination of the contractual relationship, after which they shall be deleted, without prejudice to the further storage of the same where necessary to comply with specific legal obligations, provisions of the Authority, for the collection of residual credits and for the management of disputes, complaints and legal actions.
8. Rights of the Data Subjects
8.1. Pursuant to articles 15 - 22 of the GDPR, in relation to the Personal Data communicated, you have the right, where applicable, to:
a) access and request a copy;
b) request any corrections;
c) request cancellation;
d) obtain limitations on the processing;
e) object to the processing;
f) receive such data in a structured, commonly used and machine-readable format and to transmit them without hindrance to another data controller; where technically feasible.
8.2. You also have the right not to be subjected to a decision based solely on automated processing unless the decision is necessary: a) for the conclusion or performance of a contract with the Data Controller; b) is authorized by law or c) is based on explicit consent. In cases a) and c) you have the right to express your opinion, dispute the decision and obtain human intervention by the Controller.
8.3. We inform you that you have the right to object at any time to the processing of Personal Data that concern you that may be carried out on the basis of the legitimate interest of Enel Green Power. In this case, the Data Controller shall refrain from further processing your Personal Data, unless it demonstrates the existence of compelling legitimate reasons to proceed with the processing, or for the ascertainment, exercise or defense of legal claims.
8.4. To exercise your rights and for further information regarding your Personal Data, you may contact the Data Protection Officer, who can be reached at the following e-mail address: dpoenelgreenpoweritalia@enel.com
8.5. Finally, we remind you that if you believe that the processing of your data has taken place in a manner that does not comply with European Regulation 679/2016 (GDPR), it is your right to lodge a complaint with the competent Supervisory Authority for the Protection of Personal Data. In Italy you can lodge your complaint before the Garante per la Protezione dei Dati Personali, by:
a) registered letter A/R addressed to Garante per la Protezione dei Dati Personali, Piazza Venezia, 11, 00187 Rome;
b) e-mail at: protocollo@gpdp.it, or protocollo@pec.gpdp.it.