Privacy notice regarding the processing of personal data

Edison Regea S.r.l. ("Edison Regea", the "Company", or the "Controller"), a company controlled by Edison S.p.A., as Data Controller, informs you, pursuant to Article 13 of the European General Data Protection Regulation No. 2016/679 (“Regulation” or “GDPR”), that the personal data provided by the individuals referred to below are processed in accordance with this privacy notice, in compliance with the provisions of the Regulation and solely for the purposes specified herein.
 
This notice applies to users of Edison Regea’s website (hereinafter, the “Site”) during navigation of the same (jointly referred to as the “Data Subjects” or, in the singular, “Data Subject”), in order to access the information and services provided online by the Controller, related to testing, analysis, and environmental remediation activities.

The categories of personal data (hereinafter collectively referred to as "Data") being processed are:
 

• Browsing data;
• Common personal data, including identification data, contact details (e.g., telephone number, landline or mobile, email address), and company affiliation.

 
Except for browsing data, which are governed by the cookie policy, the Data are provided voluntarily by the Data Subject during navigation of the Site, including by completing the appropriate forms available thereon.

The collected Data are processed for the following purposes:
 
i. Processing based on contractual/pre-contractual relationships with Data Subjects

• To respond to the Data Subject in relation to specific services following a request made via the relevant forms.

 
ii. Processing based on legal obligations

• To fulfill obligations imposed on the Controller by laws, regulations, EU legislation, or by legitimate requests/orders from Authorities and/or Supervisory and Control Bodies;
• To carry out any other activity required for compliance with sector regulations, including EU regulations and ordinary laws.

 
iii. Processing based on the legitimate interest of the Controller

• To allow the defense of rights in the course of judicial, administrative, or extrajudicial proceedings, and in disputes related to the services offered.

In relation to the above purposes, your Data will be processed both through electronic tools and paper-based systems, using methods suitable to guarantee their security, confidentiality, integrity, and availability, through the adoption of appropriate security measures, as required by the Regulation.

The processed Data are retained:
 

• For the time necessary to provide the requested response and in any case no longer than 3 months from collection;
• For the time strictly necessary to protect rights, especially during litigation and until the expiration of legal time limits for legal action or appeal;
• For the time strictly necessary to comply with legal obligations binding on Edison Regea and/or to meet requests from competent Authorities.

Your Data may be accessed, within the limits of the above purposes, by individuals authorized and properly trained by the Controller.
 
Additionally, your Data may be accessed by the Controller’s subsidiaries, parent companies, or affiliates; by assignees of the business or business units; by companies resulting from mergers, demergers, or other corporate transformations; by external entities—appointed, if necessary, as data processors—including providers of technical, technological, or website maintenance services; and by public safety authorities or judicial authorities, as independent data controllers.
 
In any case, the collected Data will be processed within the European Union (EU) and the European Economic Area (EEA), and stored on servers located within these territories. If it becomes necessary to transfer your Data outside the EU/EEA, such transfer will be carried out in compliance with Chapter V of Regulation (EU) 2016/679.
 
Your Data will not be disseminated outside the corporate perimeter or published on the Company's website without your explicit prior consent, unless otherwise required by law.

This role, required by the Regulation, has been designated as a shared point of contact for the Edison Group companies under the management and coordination or control of Edison S.p.A. Contact details for the DPO are provided below.

Pursuant to Articles 15 to 22 of the GDPR, you have the right to obtain from the Controller access to your Data, their rectification, integration, or deletion (so-called "right to be forgotten"), their portability, and the right to restrict or object to their processing.
 
You can exercise your rights by writing to the Data Protection Officer (DPO) at: privacy@edison.it, or by sending a registered letter with return receipt to: EDISON S.p.A., Foro Buonaparte 31 – 20121, Milan, Italy.
 
In addition, if you believe the processing of your Data violates Regulation (EU) No. 2016/679, you have the right to lodge a complaint with the Italian Data Protection Authority, as outlined at www.garanteprivacy.it, and to take legal action where appropriate.