Privacy Policy

Pursuant to Regulation (EU) 2016/679 (“GDPR”), Eni S.p.A. (“Company” or “Controller”) provides the following information to enable users (“Data Subjects”) of the “Eni Corporate” app (“App”) to understand how their personal data is collected and processed in connection with the use of the App and the use of the services (“Services”) provided through it according to the Terms and Conditions of Use (“T&Cs”).

1. Data Controller

The Data Controller is Eni S.p.A., with registered office in Rome, Piazzale Enrico Mattei, 1, 00144, Italy.

2. Data Processor
The Company has appointed a Data Protection Officer (“DPO”), who can be contacted at the following e-mail address dpo@eni.com.

3. Categories of personal data processed
Computer systems, software procedures used to operate the App as well as tracking technologies installed in the App acquire, during normal operation, certain personal data that are implicitly transmitted in the use of Internet communication protocols. This is information that is not collected in order to be associated with identified Data Subjects, but which by its nature could, through processing and association with data held by third parties, make it possible to identify data subjects.
This category of data includes the IP addresses or domain names of the computers used by Data Subjects accessing the App, the screens of the App, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the computer environment of the Data Subjects (“Personal Data” or “Data”).

4. Purpose and legal basis of processing
The Personal Data is processed to:

• fulfil legal obligations and comply with requests from public authorities;
• allow the use of the App and to check its correct functioning;
• to follow up the request for Services by the Data Subjects. For the aforementioned purpose, Personal Data will also be processed within the context of the administration and management of the Services, support, as well as to comply with the obligations arising under the T&Cs, as well as to comply with specific requests of the Data Subjects;
• to perform, on an aggregate basis, analysis of the use of the App and the Services, in order to improve the App and the Services and meet specific needs of Data Subjects;
• as part of extraordinary mergers, the sale or transfer of business operations, to carry out activities preparatory to such operations, including due diligence;
• to ascertain, exercise, defend a right of the Data Controller and/or a third party including in court.

Processing of Personal Data for the purposes referred to in paragraph 4(a) is based on the provisions of applicable law or on a request by public authorities (Art. 6. par. 1(c) GDPR).

Personal Data processing for the purposes referred to in paragraph 4(b) and (c) is based on the need to fulfil the Data Subject’s request to use the App and receive the Services (Art. 6, par. 1(b) GDPR).

Personal Data processing for the purpose referred to in paragraph 4(d) is based on the legitimate interest of the Data Controller to continuously improve the efficiency and security of the App and their Services (Art. 6, par. 1(f) GDPR);

Personal Data processing for the purpose referred to in paragraph 4(e) is based on the legitimate interest of the Data Controller in the continuation of their business activities (Art. 6, par. 1(f) GDPR).

Personal Data processing for the purpose referred to in paragraph 4(f) is based on the legitimate interest of the Data Controller and/or third parties in protecting their rights (Art. 6, par. 1(f) GDPR).

5. Personal data processing methods
The Data may also be processed with the help of electronic or automated means, managed using tools that guarantee security and confidentiality, and will include any operation or set of operations necessary for its processing.

6. Personal data recipients
To pursue the purposes set out in point 4, the Data Controller may communicate Personal Data to third parties belonging to the following subjects or categories of subjects:

• police forces, armed forces and other public administrations to comply with obligations laid down by law, regulations or EU legislation;
• other subsidiaries of Eni S.p.A.;
• IT service providers.

The Data Controller guarantees it will act with the utmost care to ensure that the communication of your Personal Data to the aforementioned recipients only concerns the Data necessary to achieve the specific purposes they are intended for.
With regard to the Data communicated to them, the recipients belonging to the above categories may operate either as data controllers (in which case they will receive appropriate instructions from the Data Controller) or as independent data controllers, depending on the situation.
Finally, please note that Personal Data will not be circulated.

7. Transfer of personal data outside the EU
Whenever it is deemed instrumental to the pursuit of the purposes set forth in paragraph 4, the Data may also be sent abroad to companies located outside the European Economic Area (“EEA"). Some of the jurisdictions outside the EEA may not provide the same level of Data protection as that which is guaranteed within the EEA. In such a case, the Data Controller undertakes to process the Data with the utmost confidentiality by adopting the standard contractual clauses provided by the European Commission and any other necessary measures referred to in Art. 46 GDPR where it would not be possible to resort to one of the exceptions referred to in Art. 49 GDPR.

8. Data retention period
Personal Data will be kept on the Data Controller’s computer files and protected by the appropriate security measures for however long it takes to achieve the purposes set out in paragraph 4 above, and will then be deleted.
Personal Data may be kept for longer in the event of a possible litigation, requests by competent authorities or as per the applicable law.

9. Rights of Data Subjects
Where applicable and within the limits of the GDPR, the Data Subject has the right to:

• obtain confirmation from the Data Controller as to whether or not Personal Data is being processed and, if so, to obtain access to the information referred to in Art. 15 of the GDPR;
• obtain the rectification of inaccurate Data concerning them, or, taking into account the purposes of the processing, the integration of incomplete Personal Data pursuant to Art. 16 of the GDPR;
• obtain the deletion of Personal Data due to one of the reasons set out in Art. 17 of the GDPR;
• obtain restriction of the processing of Personal Data in the cases set out in Art. 18 of the GDPR;
• receive in a structured, commonly used and machine-readable format the Personal Data provided to the Data Controller concerning them, so that the latter may transmit them to another data controller without hindrance pursuant to Art. 20 of the GDPR;
• object to the processing of Personal Data for particular reasons unless there are compelling legitimate grounds for processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of a legal claim under Art. 21 of the GDPR.

These rights may be exercised by sending an e-mail to the DPO’s e-mail address: dpo@eni.com.
Without prejudice to any other administrative or jurisdictional recourse, you also have the right to lodge a complaint with the competent supervisory authority (for Italy: the Garante per la Protezione dei Dati Personali) if you consider that there has been a violation of your rights regarding the protection of Personal Data.

In accordance with Regulation (EU) 2016/679 (“GDPR”), Eni S.p.A., as data controller (“Data Controller”), provides below information regarding the processing of personal data carried out by means of the tracking technologies installed on the “Eni Corporate” app (“App”).

1. Adopted tracking technologies

When the user accesses or interacts with the App and uses the services provided by the Terms and Conditions of Use (“Services”), the Data Controller and the authorised third parties that provide the latter with technical and analytical support services process the user’s personal data collected through tracking technologies known as SDKs (Software Development Kits).

2. Software Development Kits (SDKs) – General information

Software Development Kits are software embedded in the App that enables the collection and processing of users’ personal data in order to (i) ensure the functioning of the App and its proper use; (ii) perform aggregate analysis on the use of the App.

3. SDKs installed on the App

Below is a list of the SDKs installed in the App, as well as the features of each of them.
The SDKs installed in the App are owned by authorised third parties that provide the Data Controller with technical and analytical support services.

For more information on the SDKs installed on the App, please click on the following links:

• Google Analytics 4

https://support.google.com/analytics/answer/6004245?hl=it&sjid=7228909913557186974-EU

• Crashlytics

https://firebase.google.com/support/privacy (see sections specifically dedicated to Crashlytics)