Privacy Policy

PRIVACY POLICY PURSUANT TO ART. 13 AND 14 OF REGULATION (EU) 679/2016 ON THE PROCESSING OF PERSONAL DATA (GDPR – GENERAL DATA PROTECTION REGULATION)

This privacy policy is intended to offer all useful information to ensure correct and transparent processing of the personal data of users of the RECON application (Renewable Energy Community ecONomic simulator) of ENEA in compliance with the European Regulation. no. 2016/679 of 27 April 2016, relating to the protection of individuals with regard to the processing of personal data and the free circulation of such data (hereinafter GDPR).

Identity of data controller

The Data Controller is ENEA – National Agency for New Technologies, Energy and Sustainable Economic Development (hereinafter “ENEA” or “Controller”) based in Rome, Lungotevere Thaon di Revel, 76 – 00196. You can contact the Data Controller by writing to the above address, or by sending an e-mail to the following certified e-mail address: enea@cert.enea.it.

Responsible for data protection

The Data Protection Officer (DPO) for ENEA was appointed with Provision no. 34/2020/PRES of 6 February 2020. For communications relating exclusively to the processing of personal data, he can be contacted at the following e-mail address: uver.dpo@enea.it.

Purpose and method of treatment

ENEA’s RECON application is dedicated to a preliminary energy and economic assessment of the configurations of renewable energy communities or jointly acting renewables self-consumers according to Art. 42 bis of the Decree Law 30 December 2019, no. 162, converted into Law 28 February 2020, no. 8; it is therefore a tool aimed to support preliminary studies or for initial assessments of the technical-economic convenience of energy communities on the basis of the Italian legislation in force. It allows the user to create the account required to use the application by means of IDP (see below), and to manage the same account, and to enter the data necessary for estimating energy yield, self-consumption and sharing of energy, and economic and financial indicators.

The services are available through the application on the site https://recon.smartenergycommunity.enea.it/, and they are provided only to registered users.

For registration, a redirection is made to the Identity Provider (IDP – https://idp.smartcityplatform.enea.it/), a service developed by ENEA that allows a unified access to the applications compliant with this type of access.

A valid e-mail address must be provided for registration with IDP. The e-mail address used for registration may be further processed by the Data Controller in order to:

  1. Allow the recovery of credentials in case of loss;
  2. Manage the user authentication procedure as a userID in case of subsequent access;
  3. Allow the sending of communications regarding training and information events and newsletters.

After registering, the user will be able to access either the section where the evaluation forms previously created by him are collected or the section for entering data in  case of first access. In the section where the evaluation forms are collected, the user can open, duplicate and edit the forms already created, view the results of the completed forms or delete the forms.

Nature of data provisioning

The provision of personal data, through the registration form and the sending of communications to the project e-mail address for the request for information, is optional; however, in the event of failure to provide the requested data, ENEA will not be able to provide the User with the requested service. For the purposes of Point 3 in the previous Chapter, the user can at any time communicate that he no longer wishes to be contacted by writing to the e-mail address present on the contact page.

Legal basis of the processing

The processing of personal data is carried out by the Data Controller as part of the execution of its public interest tasks pursuant to Art. 6, paragraph 1, lett. e) of the GDPR and, in particular, for the realization of the purposes of research and technological innovation in the energy, environment and sustainable economic development sectors, in compliance with the founding regulation of ENEA (Art. 37 of Law 23 July 2009, no. 99, as amended by Art. 4 of Law no. 221/2015) with reference to the “Electric System Research” program. The “Electric System Research” is a program that includes a set of research and development activities aimed at reducing the cost of electricity for end users, improving the reliability of the system and the quality of the service, reducing the impact of the electricity system on the environment, allow the rational use of energy resources and ensure the conditions for sustainable development for the Country.

Specifically, personal data will be processed without the need for consent (Art. 6, paragraph 1, letter e) of the GDPR), for the exercise of the institutional tasks assigned to ENEA and, in particular, for the realization of the purposes of public interest relating to research and technological innovation in the energy sector.

Types of data processed

The processing operations are carried out with reference only to the personal data necessary for the use of the application and its functions. The types of data subject to processing include, in particular:

  1. navigation data

During the user’s navigation through the application, the computer systems responsible for its operation automatically acquire some information whose transmission is implicit in the use of Internet communication protocols. The navigation data are collected in aggregate form (and, therefore, do not allow the identification of the user) in order to ensure the correct functionality of the site and the usability of its services.

This category of data includes IP addresses or domain names of computers and terminals used, URI / URL (Uniform Resource Identifier / Locator) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters relating to the operating system and the user’s IT environment.

  1. data processed for the registration procedure: mandatory in order to complete the registration procedure: first name, surname, e-mail address, password; optional: address, telephone number and organization used to contact the user as an alternative to email (which is the default communication channel).
  2. energy, environmental and consumption data.

Recipients of personal data

Personal data may be communicated exclusively to authorized subjects, who operate under the direct authority and according to the instructions given by the Data Controller, for the execution of the necessary activities.

Personal data will not be disseminated, however, if necessary, they may be disclosed:

  • To subjects to whom the communication of data must be carried out in fulfillment of an obligation established by law, by a regulation or by the legislation of the European Union, or to fulfill an order of the Judicial Authority;
  • To any other third parties, such as public bodies or institutional authorities, in the cases expressly provided for by law, or even if the communication is necessary for the protection of ENEA in court, in compliance with the current provisions on data protection personal.

Data retention period

The data being processed will be kept for as long as necessary to ensure the functionality of the requested service, the achievement of the design purposes and the analysis purposes carried out by the Data Controller. The expected retention period for personal data is 5 years.

The data may be kept for a further duration pursuant to Art. no. 99 of the Privacy Code and may be shared with public and private bodies and with the scientific community in the form of aggregate data, statistics,i or analysis results. These results may be used anonymously for scientific dissemination in various forms, and for the purposes of the research program. In particular, the results of the experimentation may subsequently be disclosed anonymously, on the occasion of congresses, scientific meetings and publications.

Rights of the data subjects

The data subject has the right to request:

  • confirmation as to whether or not personal data is being processed and, in this case, to obtain access (right of access);
  • the correction of inaccurate personal data, or the integration of incomplete personal data (right of rectification);
  • deletion of data, if one of the reasons provided for by the Regulation exists (right to be forgotten);
  • the limitation of data processing when one of the hypotheses provided for by the Regulation occurs (right of limitation);
  • to receive the data in a structured format, commonly used and readable by an automatic device and to transmit, where technically possible, such data to another data controller (right to portability);
  • the right to withdraw consent to the processing of data, at any time, without prejudice to the lawfulness of the processing based on the consent given before the revocation, and to oppose the processing at any time for marketing purposes or other additional purposes (right to object);
  • the right to object, for legitimate reasons, to the processing of data even if pertinent to the purpose of the collection;
  • the right not to be subjected to a decision based solely on the automated processing of personal data that produce legal effects concerning or significantly affect the person concerned in a similar way.

The user can exercise the rights mentioned above at any time by sending a simple request to the email address privacy@enea.it, indicating “RECON” in the subject line. The interested party will be contacted and informed as soon as possible and, in any case, within 30 (thirty) days from the date of the request.

If the personal data protection legislation is deemed to be violated with regard to processing, the data subject has the right to lodge a complaint to the local Data Protection Authority.

Update of the privacy policy

Any changes, additions, variations or updates to this privacy policy may be necessary in terms of regulatory compliance and / or with respect to any technical changes made to the application and / or any changes in the purposes or methods of data processing. Each updated version will be published on the application website and will become effective for users immediately after its publication. It is always possible to contact the Data Controller by sending an email to the address: privacy@enea.it.

Updated on December 15th, 2021