E ENERECO Supplier Workspace
Privacy Notice

Supplier Portal Privacy Notice

Information notice for users and supplier contacts who request access to, or use, the Enereco Supplier Portal.

Version 1 - 05 May 2026

1. Data controller

Enereco S.p.A., with registered office at Via Divisione Carpazi 14, 61032 Fano (PU), Italy, VAT no. IT01099200410, is the data controller for the processing described in this notice.

For privacy or supplier portal requests, contact support@enereco.zendesk.com.

2. Data processed

The portal may process identification and contact data, business and fiscal information, supplier qualification information, QHSE and Engineering questionnaire answers, document metadata, access request history, approval history, notification records, and technical logs necessary to operate the portal.

3. Purposes and legal basis

Data is processed to evaluate supplier onboarding requests, administer user access, manage supplier profiles, review QHSE and Engineering documentation, communicate with users, maintain audit records, and support supplier relationship management.

The legal bases may include pre-contractual or contractual measures, Enereco's legitimate interest in supplier qualification and portal security, and compliance with legal or administrative obligations.

4. Recipients

Data may be accessed by authorized Enereco personnel and by service providers supporting hosting, authentication, email, maintenance, and portal operations, under appropriate confidentiality and data protection obligations.

5. International transfers

If service providers process data outside the European Economic Area, Enereco will use appropriate safeguards required by applicable data protection law, such as adequacy decisions or standard contractual clauses.

6. Retention

Data is retained for the time necessary to manage access, supplier qualification, approvals, audit evidence, and legal or contractual obligations. Rejected, obsolete, or inactive requests are retained only as long as needed for these purposes and then deleted or anonymized according to Enereco retention rules.

7. Rights

Where applicable, data subjects may request access, rectification, erasure, restriction, portability, or object to processing. Data subjects may also lodge a complaint with the competent data protection supervisory authority.

8. Mandatory data

Some data is necessary to evaluate and administer supplier access. If required information is not provided, Enereco may be unable to process the access request or provide supplier portal services.