Privacy Policy

Last updated: March 14, 2026

1. Introduction and Data Controller

Bolin is a comparison and supplier-switching service for the Italian free energy market (electricity and gas). This document describes how we collect, use and protect your personal data, in accordance with Regulation (EU) 2016/679 (GDPR) and Italian Legislative Decree 196/2003 as amended. The data controller is Bolin, reachable at [email protected].

2. Data We Collect

We collect the following categories of personal data:

  • Identity data: first name, last name, email address, phone number.
  • Contract data: POD code (electricity) or PDR code (gas), current supplier, annual historical consumption, recent bill amounts.
  • Supply data: supply address, residency status, contracted power.
  • Navigation data: IP address, pages visited, session duration, device and browser type.

3. How We Use Your Data

The data collected is used for the following purposes:

  • Bill analysis and calculation of potential savings compared to available market offers.
  • Management of the supplier-switching process, including communication with the new supplier and transmission of required technical data.
  • Sending communications about the status of your application and offer updates (with consent for marketing purposes).
  • Platform improvement through aggregated and anonymised usage analytics.
  • Compliance with legal and accounting obligations.

4. Legal Basis for Processing (GDPR Art. 6)

The processing of your personal data is based on the following legal grounds:

  • Performance of a contract (Art. 6.1.b): for bill analysis and supplier switching requested by the user.
  • Consent (Art. 6.1.a): for sending commercial and marketing communications, revocable at any time.
  • Legitimate interest (Art. 6.1.f): for platform improvement and fraud prevention.
  • Legal obligation (Art. 6.1.c): for retention of accounting records and regulatory compliance.

5. Your Rights (GDPR Arts. 15–22)

As a data subject, you have the right to:

  • Access: obtain confirmation that your personal data is being processed and request a copy.
  • Rectification: request correction of inaccurate or incomplete data.
  • Erasure (right to be forgotten): request deletion of your data, subject to legal retention obligations.
  • Portability: receive your data in a structured, machine-readable format.
  • Objection: object to processing for marketing purposes or based on legitimate interest.
  • Restriction: request restriction of processing in certain cases.
  • Lodge a complaint: file a complaint with the Italian Data Protection Authority (Garante) at www.garanteprivacy.it.

6. Disclosure to Third Parties

Your personal data may be disclosed, strictly to the extent necessary, to the following categories of recipients:

  • Selected energy suppliers: only upon your explicit request to switch, for the purpose of managing the contract application.
  • Technical service providers: hosting, cloud infrastructure, analytics — all operating as Data Processors under GDPR Art. 28.
  • Competent authorities: where required by law or by judicial or administrative authority.

7. Data Retention

Data is retained for the minimum time necessary for the purposes for which it was collected:

  • Contract and fiscal data: 10 years from the last transaction (statutory requirement).
  • Supplier-switching application data: 5 years from the completion of the application.
  • Marketing data: until consent is withdrawn by the user.
  • Navigation data: 12 months from collection.

8. Contact & DPO

To exercise your rights or for any questions regarding the processing of your personal data, please contact us at [email protected]. We will respond to your request within 30 days of receipt, as required by GDPR.