Data processing and the art. 28 DPA.
Roles
For the operation of this website and the registration and management of the contractual relationship with its Users, ReNow Energy s.r.l. acts as Data Controller. Full details are set out in the Privacy Policy.
Where the use of the Platform entails the processing of personal data contained in documents and data rooms uploaded by the User (e.g. counterparties, landowners, signatories), ReNow processes such data on behalf of the User as Data Processor pursuant to art. 28 GDPR, under the terms of the Adhesion Agreement and the Data Processing Agreement.
Art. 28 commitments
The Data Processing Agreement reflects the obligations required by art. 28(3) GDPR, including:
- processing personal data only on the documented instructions of the User, including with regard to transfers outside the EU/EEA;
- ensuring that persons authorised to process the data are bound by confidentiality obligations;
- implementing appropriate technical and organisational measures — sensitive data is masked on ingestion and never exposed to the AI models, and every output cites its source;
- engaging sub-processors (e.g. hosting, e-signature, payments, AI tools) only under obligations of equivalent protection; the up-to-date list is available on request;
- carrying out transfers outside the EU only with adequate safeguards (art. 44 et seq. GDPR);
- assisting the User in responding to data-subject requests and in complying with security, breach-notification and DPIA obligations;
- notifying personal-data breaches without undue delay;
- deleting or returning personal data at the end of the services, save statutory retention obligations;
- making available the information necessary to demonstrate compliance and contributing to audits.
Requesting the DPA
The signable Data Processing Agreement (art. 28 GDPR) and the current list of sub-processors are available on request by writing to info@renowenergy.com or by PEC to renowenergy.srl@pec.it.