1. Premise

Erion Energy (hereinafter “Erion”) with registered and operating offices in Via A. Scarsellini 14, 20161 Milan – Italy, registered in Milan Register of Companies under VAT and Tax Code No. 11277910961 (hereinafter the “Data Controller” or “ERION”), considers  the protection of Personal Data of its and/or potential users of fundamental importance, ensuring that the processing of Personal Data, carried out by any means, both automated and manual, takes place in full compliance with the protections and rights recognized by the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of Personal Data, as well as on the free movement of such data (hereinafter the “Regulation”) and the other applicable regulations regarding the protection of Personal Data.

This information notice (hereinafter the “Privacy Policy”) has the purpose of describing the management methods of the website (hereinafter the “Website”) in reference to the processing of Personal Data of users/visitors who access it pursuant to the Regulation.

Unless otherwise specified and regulated by a specific notice pursuant to Article 13 of the Regulation, this Privacy Policy must also be considered as a document aimed at providing the information referred to in Articles 13 and 14 of the Regulation to those browsing the Website and interact with the Data Controller through the services offered by the Website.

Please note that this Privacy Policy is only applicable to this Website and not to any other websites possibly accessed by the user through links and/or banners on the Website.

2. Data controller

The company that will process your Personal Data for the purposes referred to in point 3 of this Privacy Policy and which will act as Data Controller is:

Erion Energy with registered office in Via A. Scarsellini 14, 20161 Milan – Italy, recorded in Milan’s Register of Companies under VAT and Tax Code No. 11277910961 (hereinafter the “Data Controller”).

For some processing related to direct marketing purposes (understood as all the activities performed by the co-controllers for promoting products, services, initiatives, provided by the co-controllers on the basis of their legitimate interest in pursuing their business purpose, alongside the Data Controller will operate in its capacity as co-controller:

Erion Compliance Organization S.C.A R.L. (hereinafter “ECO”), with registered office in Via A. Scarsellini 14, 20161 Milan – Italy, VAT and Tax Code No. 11344540965.

(Hereinafter the Data Controller and ECO may be jointly referred to as “Joint Controllers”)

The Joint Controllers have entered into an arrangement between themselves in accordance with Article 26 of the Regulation, with which they have undertaken to:

  • jointly determine some purposes and methods of processing your Personal Data;
  • jointly determine, in a clear and transparent manner, the procedures for providing prompt feedback should the interested party wish to exercise his/her rights, as provided for by Articles 15, 16, 17, 18 and 21 of the Regulation as well as in cases of portability of Personal Data provided for by Article 20 of the Regulation as better described hereunder;
  • jointly define this Privacy Notice, indicating all the information required by the Regulation.

3. Type of data processed, purposes and legal basis of the processing.

The Website offers informative and, sometimes, interactive content. During site navigation, information regarding the user may be acquired by ERION as follows:

  • Navigation data

During normal operation, the IT systems and software procedures used to run the Website collect some Personal Data, which are implicitly transmitted through the use of internet communication protocols.

This information may include, for example: IP addresses, browser type, operating system, domain name and website referring or exit pages, information on the pages visited by the user within the Website, access time, navigation length on each page, clickstream analysis and other parameters regarding the operating system and the user IT environment.

These technical/IT data are collected and used exclusively on an aggregated and anonymous basis and may be used to ascertain liability in the event of hypothetical cybercrimes to the detriment of the Website.

  • Data voluntarily provided by the user/visitor

This is the Personal Data freely provided by the visitor to the Website in order, for example, to register and/or access a reserved area, use a form to request information about a specific service, write to an email address or call for a direct contact with an ERION officer, take advantage of tools that provide specific services, register for an event, seminar or course organized by ERION, receive ERION newsletters or other communications on its activities or activities of the group to which the Joint Controllers belong. The legal basis for the processing of such data is laid down in Article 6(b) and (c) of the Regulation and is based on the pre-contractual or contractual relationship that arises with the interested party at the time of requesting a service, or also for direct marketing activities, on the basis of legitimate interest of the Joint Controllers in pursuing their business purpose, regardless of the consent of the interested parties and without prejudice to their right to object as explained in point 7 below.

However, in some cases, your Personal Data may be processed through cookies. The processing of such Personal Data will be carried out based on the indications within each cookie policy present on the Website in the specific Cookie Policy section.

4. Data processing methods

The data processing will be performed through automated means using electronic procedures for the time strictly necessary and in compliance with Article 5 of the Regulation.

Your Personal Data will be processed by the Data Controller exclusively for achieving the purposes for which the data were collected. In particular, your Personal Data will be processed for a period of time equal to the minimum necessary, as indicated in Recital 39 of the Regulation, i.e. until the termination of the contractual relationship between the data subject and Data Controller, without prejudice to an additional retention period that may be imposed by law as also provided for by Recital 65 of the Regulation.

5. Recipients of Personal Data

The Personal Data collected by the Website may be disclosed to specific subjects considered recipients of such Personal Data. According to Article 4(9) of the Regulation “recipient” means “a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not” (hereinafter “Recipients”).

With this in mind, in order to correctly perform all the processing activities necessary to pursue the purposes set out in this Privacy Policy, the following Recipients may be in a position to process your Personal Data:

  • third parties who perform part of the processing activities and/or related and instrumental activities on behalf of the Data Controller. These parties will be appointed as data processors, defined by Article 4(8) of the Regulation as “any natural or legal person, public authority, agency or other body that processes personal data on behalf of the Data Controller” (hereinafter the “Data Processor”);
  • individuals, employees and/or collaborators of the Data Controller, who have been entrusted with specific and/or more processing activities. These individuals have been given appropriate instructions on the safety and correct use of Personal Data and are defined, in accordance with  Article 4(10) of the Regulation, “persons who, under the direct authority of the controller or processor, are authorized to process personal data” (hereinafter “Authorized Persons”);
  • if required by law or to prevent or suppress the commission of a crime, your Personal Data may be disclosed to public bodies or to the judicial authority without being defined as Recipients. In fact, in accordance with Article 4(9) of the Regulation, “public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients”.

The updated list of Recipients is available on request by writing to

6. Redirect to external websites

The Website could use social plug-ins. Social plug-ins are special tools that enable the incorporation of social network features directly into the Website (e.g. the “like” function of Facebook).

If social plug-ins are present on the Website, they are marked with the social network’s property logos.

When surfing a Website page, by interacting with the social plug-in (e.g. by clicking on the “like” button) or leaving a comment, the information will be directly transferred from the browser to the social network.

For further information about Personal Data’s purposes, the type and the means of collecting it, the processing, the use and the storage methods of your Personal Data by the social network platform, as well as the modalities through which exercise your rights, please consult the social network’s privacy policy.

7. Rights of the interested party

The data subject has the right to be informed, at any time, regarding which data are available to the Data Controller and how such data are used. Furthermore, he/she has the right to have such data updated, supplemented, corrected or erased, request their portability or restriction of processing in the cases provided for by the law and oppose their processing unless the Data Controller demonstrates compelling legitimate grounds for their processing. For exercising such rights, as well as for more detailed information about the subjects or categories of subjects to whom the data are communicated and/or transferred or who become aware of the data as controllers or processors, each interested party may write to: Erion Energy, Via A. Scarsellini 14, 20161 Milan – Italy, email data subject may at any time revoke the consent already given, without prejudice to the lawfulness of the processing based on consent given before the revocation. Lastly, we remind you that you have the right to lodge a complaint with the competent Data Protection Authority if you consider that your rights have been infringed or if you had not received acknowledgment to your requests according to law.

8. Privacy Policy changes

This Privacy Policy is applicable to the Website from its publication. The possible entry into force of new sector regulations, as well as the constant review and updating of the general conditions of use of the Website, may lead to the need to change these modalities. It is therefore possible that this Privacy Policy may undergo changes over time, for which the user/visitor is invited to periodically consult this page.

Thank you for your attention!

Last update 22/03/2023