02.03.2026 | NHOA Energy announces Two Major MACSE Battery Projects
Footer Menu Bar - Figma Specs
Technology Delivery Service Contact us
Contact us

PRIVACY POLICY FOR EXTERNAL VISITORS TO COMPANY OFFICES

  1. PURPOSE

The following Privacy Policy – according to Article 13 of General Data Protection Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as “GDPR”) – aims to inform how personal data of external visitors accessing the Company’s premises are processed.

  1. DATA CONTROLLER

The Data Controller is NHOA Energy S.r.l. (hereinafter referred to as “NHOA” or the “Company”) subject to the direction and coordination of NHOA S.A., with registered office in Milan, Piazzale Lodi, 3 – 20137, Tax Code and VAT No. 09315030966.

You can obtain more information about the data processing by contacting the Ethics & Compliance Officer, writing to the following email address privacy@nhoa.energy.

  1. CATEGORIES OF PERSONAL DATA PROCESSED

When accessing the Company premises, the following personal data may be collected and processed:

  • Identification data: name, surname, organisation/company of origin, host/contact;
  • Access data: date and time of entry and exit;
  • Images captured by CCTV systems, if installed and appropriately signposted.

No special categories of personal data (Article 9 GDPR) are processed, unless required by law in exceptional cases.

  1. PURPOSE OF THE DATA PROCESSING

Purpose

Legal Basis

Managing physical access to the Company’s buildings and registering visitors

Legitimate interest of the Controller in ensuring security (Art. 6(1)(f) GDPR)

Compliance with health and safety obligations in the workplace

Legal obligation (Art. 6(1)(c) GDPR)

Protection of people, assets, and property through CCTV systems

Legitimate interest (Art. 6(1)(f) GDPR)

Organisation of meetings, visits, and business appointments

Legitimate interest (Art. 6(1)(f)) or performance of pre-contractual measures (Art. 6(1)(b)), depending on the context

  1. METHODS OF PROCESSING

Data are processed using electronic and/or manual tools and in accordance with principles of lawfulness, fairness, transparency and data minimisation.

No automated decision-making or profiling is carried out.

  1. DATA RETENTION

NHOA ENERGY will store your personal data in accordance with the provisions of the relevant legislation in force as long as necessary to perform the purpose for which the data are collected, also by taking into account legal obligations, legitimate interests and limitation periods.

At the end of the storage period, the data will be deleted, anonymized or aggregated in such a way that the user cannot be identified.

However, the data may be retained for a later period in the event of possible litigation, requests by the competent authorities or pursuant to applicable legislation.

When applicable, CCTV recordings will be retained up to 72hours, unless required for investigations of legal obligations.

  1. DATA RECIPIENTS

NHOA could authorize internal or external parties to perform the processing of the personal data described above for the purposes therein. The internal parties are “people in charge of data processing” involved in the business organization. Moreover, NHOA can disclose the personal data to these following categories of third parties:

  • where requested, public authorities and entities;
  • other companies of the group;

All these entities act as autonomous data controllers or have been authorised by the Data Controller where they act on its behalf (as data processors).

  1. DATA TRANSFERS

NHOA also reserves the right to transfer your personal data to third countries. Transfers of data outside the European Economic Area are subject to a special regime under the GDPR, and will only be made to countries that ensure an adequate level of protection of personal data, on the basis of an adequacy decision by the Commission or where adequate safeguards have been adopted (including the standard contractual conditions provided by the European Commission), provided that the data subjects have effective rights of action and remedies.

  1. DATA SUBJECTS RIGHTS

NHOA shall provide you with the exercise of the following rights:

  • confirmation as to whether or not your personal data is being processed, and, where that is the case, access to the personal data, as provided by Article 15 of the GDPR (Right to access);
  • rectification of your inaccurate personal data or integration of incomplete personal data (Right to rectification);
  • erasure of your personal data, in accordance with the reasons described in Article 17 of the GDPR (Right to erasure);
  • restriction of processing, when one or more of the cases provided by Article 18 of the GDPR (Right to restriction);
  • receive your personal data, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller (Right to data portability);
  • object, on grounds relating to your particular situation, at any time to processing of personal data concerning you (Right to object).

To exercise your rights, you can send an email with the following subject “PRIVACY”, to privacy@nhoa.energy.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

The exercise the rights referred above can be delayed, limited or excluded if this could result in some limited circumstances. Such reasonable delay, limitation or exclusion must be communicated to the relevant data subject without undue delay, unless such communication might jeopardise the purpose of the limitation, for the time and within the limits in which this constitutes a necessary and proportionate measure, considering the fundamental rights and legitimate interests of the data subject. In such cases, the data subject’s rights may also be exercised through the Garante per la Protezione dei Dati Personali (namely, the Italian Data Protection Supervisory Authority) pursuant to Article 160 of the Personal Data Protection Code (namely, Legislative Decree no. 196/2003). In such cases, the Garante per la Protezione dei Dati Personali shall inform the data subject that the necessary checks or a specific review has been carried out, as well as of the data subject’s right to lodge a judicial remedy.

Without prejudice to any other administrative or judicial appeal, you shall also have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement (as for Italy, the supervisory authority is Garante per la protezione dei dati personali – further information is available on the website http://www.garanteprivacy.it), if you consider that the processing concerning your data is done in violation of the GDPR. Further information about the supervisory authorities is available on the website https://edpb.europa.eu/about-edpb/about-edpb/members_en.

In any case, NHOA is interested in being informed of any grounds for complaint and invites you to use the above-mentioned contact channels before referring to a supervisory authority, so as to be able to prevent and resolve any disputes in a friendly and timely manner, with the utmost courtesy, seriousness and discretion.

UPDATED DECEMBER 2025