Suppliers Consumer protection

Governance Investors Careers

IT EN

Our business is closely involved in people lives.

We ensure residents receive essential services for their daily life.

At your side in your community

Managing your water services. Distributing energy. Selling electricity and gas. Recycling waste. Our one objective: to create value for the people and the community in which we operate.

Nowadays, innovation is at everyone's fingertips.

Acea sees innovation as the driving force to become more efficient, to raise the quality of life for our customers, to improve services for the residents and the community. Acea has used all this to create a new culture of innovation: an open culture, which everyone can share and take part in.

Our Group serves local communities and their citizens.

We are fully aware of our role of responsibility towards our stakeholders for our major economic, social and environmental impact. This is why our Sustainability Plan is part and parcel of our Business Plan.

The latest news from the Acea world

Stay up to date with the latest news, read the press releases, discover the events and follow us on our social network pages.

Our stories

Technology, sustainability, and talent development: we tell the story of Acea through our people, projects, and initiatives for the local communities.

Compliance Privacy

Considering the regulatory trend with regard to personal data processing, the Acea Group has undertaken to develop and implement effective policies to protect the personal data of employees, customers, suppliers, shareholders, stakeholders, partners, as well as any persons whose personal data, for whatsoever reason, are processed by the Company, adopting a Privacy Governance Model, in accordance with Regulation (EU) 2016/679 on data protection (GDPR).

The indications issued by the Italian Data Protection Authority are always enforced, wherever applicable, and privacy-related training sessions are periodically carried out, as well as supplier checks, with the aim of not only fulfilling the direction and control obligations as regards personal data processing performed by third parties on behalf of the Acea Group, but also having a constant view of the entire reference scenario. Moreover, a second-level governance and monitoring system has been developed, comprising a series of controls consistent with privacy and data protection risks.

Privacy Governance Model

On 14 March 2022 Acea SpA’s Board of Directors adopted the Privacy Governance Guideline, setting out the essential elements of the Acea Privacy Governance Model, together with the related interpretation, within the Group, of the compliance framework.

The Guideline forms part of the integrated framework adopted by the Acea Group for the application of Regulation (EU) 2016/679 (“General Data Protection Regulation”, hereinafter “GDPR”) regarding the protection of natural persons and the processing of personal data.

The objectives of the Guideline are as follows:

to regulate Acea SpA’s direction and control initiatives and explain objectives, principles and activities pertaining to Privacy issues;
to define the general rules for transverse actions involving the Privacy Governance Model.

More specifically, the Group’s Privacy Governance framework pursues the following purposes:

to ensure observance of current legislation with regard to data processing;
to define roles and responsibilities of the persons involved in the application of Acea’s “Privacy Organisational Model” as shown below, and to explain the latter’s role of direction and control within the Group;
to define the data protection principles that must be implemented and effectively enforced;
to define the framework of security controls that must be analysed and explained in the dealings with parties (legal entities or natural persons) who process data on behalf of Acea;
to define the activities to be carried out in order to analyse areas that may potentially impact data protection;
to assess the risk and impact on the rights and freedoms of natural persons in connection with the processing of personal data;
to explain disclosure requirements;
to implement the actions necessary for protecting the rights of the parties concerned, ensuring the correctness of the handling process and response to their requests;
to define the requirements of privacy reports and personal data processing registers;
to describe the functional architecture of the automatic privacy system management tools in the companies.

Acea therefore presides over all the key areas envisaged by the GDPR, such as:

Roles and responsibilities
Training
Third party management
Privacy by design and by default
Register of processing operations
Risk analysis
Data Breach Management
Cross-border transfer of data
Data retention

Furthermore, Acea always pays attention to the various areas emerging that have an impact on privacy, such as the safe handling of data with respect to the new technologies and the new work tools.

The Data Protection Officer (DPO) of Acea SpA and other companies can be contacted at the following address privacy@aceaspa.it.

Compliance Privacy

Privacy Governance Model

Related content

Highlights