Privacy Policy

Pursuant to Regulation (EU) 2016/679 (“GDPR”), and the Personal Information Protection Law of the People’s Republic of China and relevant laws and regulations (“PlPL”), Eni S.p.A. (“Company” or “Controller”) provides users ("Users") of this website ("Website") with the following information about the processing of their personal data.

1. Identity and contact details of the Controller

Controller is Eni S.p.A., with registered office in Rome, Piazzale Enrico Mattei, 1, 00144.

2. Contact details of the Data Protection Officer

Company has appointed a Data Protection Officer (“DPO”), who can be contacted at the following email address:

3. Categories of personal data processed

Controller processes personal data (“Personal Data” or “Data”) gathered through computer systems, cookies and software procedures used to operate the Website which acquire, in the course of normal operation, certain Personal Data that are transmitted implicitly in the use of internet communication protocols.

This category of Data includes, by way of example, the IP addresses or domain names of the computers used by Users who connect to the Website, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the User's operating system and computer environment.

4. Purposes and legal basis of personal data processing

Controller processes Personal Data for:

a)     fulfilling legal obligations and complying with requests from public authorities; (this personal data processing is carried out pursuant to article 6, paragraph 1, letter c) of GDPR or article 13, letter (3) of PIPL);

b)     enabling navigation on Website and checking its correct functioning (this personal data processing is carried out pursuant to article 6, paragraph 1, letter b) of GDPR or article 13, letter (2) of PIPL);

c)     carrying out anonymous and aggregated analysis related to the use of Website (this personal data processing is carried out pursuant to article 6, paragraph 1, letter f) of GDPR);

d)     ascertaining, exercising, defending its rights or its subsidiaries’ and third parties’ rights (this personal data processing is carried out pursuant to article 6, paragraph 1, letter f) of GDPR).

5. Personal data processing methods

Data processing may be carried out by using with electronic or automated means and implementing instruments which guarantee security and confidentiality and will include any operation or set of operations necessary for the processing itself.

6. Recipients of the personal data

For pursuing the purposes outlined in paragraph 4, Controller may communicate Personal Data to:

·       police forces, armed forces and other public administrations, for the fulfilment of obligations under the law, regulations or community legislation.

·       Eni S.p.A. and its subsidiaries;

·       IT service providers.

Controller guarantees the utmost care to ensure that the communication of Personal Data to the aforementioned recipients only concerns Data necessary to achieve the specific purposes for which such Data was collected. The recipients belonging to the above categories may operate, as the case may be, either as data processors (in which case they will receive appropriate instructions from Controller) or as autonomous data controllers.

Personal Data will not be disseminated, except required by law.

7. Transfer of personal data outside the European Economic Area

Should it be necessary to achieve the purposes set out in paragraph 4, Data may also be transferred abroad to companies located outside the European Economic Area ("EEA"). Some jurisdictions outside the EEA may not provide the same level of Data protection as within the EEA. In this case, Controller undertakes to ensure that Data is processed with the utmost confidentiality by adopting the standard contractual clauses provided by the European Commission and any other necessary safeguards pursuant to article 46 of GDPR if one of the derogations set out in Article 49 GDPR cannot be invoked.

8. Data retention

Personal Data will be stored in Controller's computer archives and protected by appropriate security measures for the time necessary to achieve the purposes set out in paragraph 4 above and will subsequently be deleted. Personal Data may be stored for a later period in the event of possible litigation, requests from pubic authorities or legal obligations.

9. Rights of the data subject

To the extend applicable and within the limits of GDPR, User, as data subject, is granted the right to:

- obtain from the Controller confirmation as to whether or not his/her Personal Data is being processed and, if so, to obtain access to the information referred to in article 15 of the GDPR;

- access or make copies of their personal information from the Controller pursuant to article 45 of PIPL;

- obtain the rectification of inaccurate Personal Data concerning him/her, or, considering the purposes of the processing, the integration of incomplete Personal Data pursuant to article 16 of GDPR or article 46 of PIPL;

- obtain the erase of his/her Personal Data, in the presence of one of the reasons referred to in article 17 of the GDPR or article 47 of PIPL;

- obtain the restriction of the processing of his/her Personal Data pursuant to article 18 of GDPR or article 44 of PIPL;

- receive in a structured, commonly used and readable format the Personal Data processed under the contract with him/her, as well as the right to transmit such Personal Data to another data controller without hindrance pursuant to article 20 of GDPR.

- object to the processing of his/her Personal Data for particular reasons where there are no compelling legitimate interests of the Controller pursuant to article 21 of GDPR or article 44 of PIPL;

Such rights can be exercised by sending an e-mail to the DPO's email address (


Without prejudice to any other administrative or jurisdictional remedy, User also has the right to lodge a complaint with the competent supervisory authority if he/she considers that there has been a violation of his/her data protection rights.