Privacy Policy

INFORMATION NOTE ON THE PROCESSING OF PERSONAL DATA

Fondazione Edison

Fondazione Edison (hereinafter referred to as “the Fondazione”), informs that, pursuant to Articles 13 and 14 of the European Regulation on Data Protection, n 2016/279 (“Regulation” or “GDPR” General Data Protection Regulation), and to Article 13 of Italian Legislative Decree 196/03 (“Privacy Code”), the personal data provided by the subjects indicated below in this text, with regard to the purposes of Processing under point 4 below, will be processed in compliance with the provisions set forth in the Regulation.

1. Source of data

The personal data subject to the processing are directly collected from data subjects, from the restricted area of the Fondazione Edison’s website, or from external Entities or Public Institutions.

2. Recipients of the information note

This information note applies to:

• All natural persons registered to the mailing list of the Fondazione.

In the following part of the note, the above-mentioned natural persons are referred to as “data subjects” of the processing of personal data.

3. Categories of data processed

Data subject to processing are personal data (biographical and contact data, address, company and entities to which data subjects belong, professional qualification).

4. Purposes, legal foundation of Processing and data retention period

The personal data collected will be processed to allow the Fondazione to perform its institutional activities:

1. Purposes of processing, whose legal foundation rests on the Data Controller’s legitimate interest
   • To organize events, conferences, seminars
   • To send papers, publications and newsletters

For the above-mentioned purposes, each category of processing will be subject to a specific data retention period of 10 years since the date of the acquisition or update of said data.

5. Processing methods

With regard to the purposes described above, data will be either digitized (IT and telecommunications tools) or processed on hard copy; in any case adequate tools will be used to guarantee safety, confidentiality, integrity and availability of the same data according to the requirements under the Regulation.

6. Categories of Data Recipients

Personal data of the Data Subject will only be disclosed to people who have been authorized and duly instructed by the Data Controller or Data Processors. Furthermore, the following third parties may receive personal data: service providers, volunteers, consultants and employees of other Edison Group companies who perform activities on behalf of the Fondazione.

7. Dissemination of data

The personal data of the Data Subject will under no circumstances be disseminated without her/his consent, except as provided for under national law.

8. Data Controller and Data Processor

The Data Controller, namely the subject determining the purposes of processing, is Fondazione Edison, whose legal headquarters are in Foro Buonaparte 31, 20121 Milan.

The Data Processor, namely the subject processing data on behalf of the Data Controller, are Edison Group companies as well as service providers who have been appointed by the Data Controller pursuant to Regulation 2016/679.

9. Data Protection Officer

The Data Protection Officer, who shall ensure the rights of data subjects Pursuant to the Regulation, has been chosen to be a common reference point for all companies which are managed, coordinated or controlled by Edison Spa or by other companies within its corporate scope, and avail themselves of service agreements with Edison Spa or with other Group companies regarding Human Resources activities. The contact details of the DPO can be found below in this note (article 10).

10. Exercise of rights

Pursuant to Regulation 2016/679, the data subject shall be granted in any moment full access to his/her personal data, shall receive confirmation of their existence, have full knowledge of their content, origin, location, and shall be able to request a copy.

Furthermore, the data subject shall have the right to verify their accuracy, or to have incomplete personal data completed, updated or rectified; to the restriction, erasure, transformation into anonymous form of processed data, as well as to the erasure if personal data have unlawfully been processed or to object to their processing. The data subject shall also have the right to data portability and to lodge a complaint to a supervisory Authority.

The data subject can exercise his/her rights by contacting the Data Protection Officer (DPO)at the following email address: privacy@edison.it, or by fax at +3902 6222.9105 or to the following mail address: Fondazione Edison, Foro Buonaparte 31, 20121 Milano MI.

In addition, key information on the Processing of Personal Data, the processing methods adopted by Edison, the corporate system in charge of the protection of personal data and the Data Protection Officer is available under the Privacy section of the Company’s website.