In accordance with Regulation (EU) 2016/679 (“GDPR”), Eni S.p.A. (“Company” or the “Owner”) is providing the following information regarding the processing of personal data to inform users ("User" or "Users") of the eni.com website ("Website") of its policy regarding the protection of personal data and how the personal information of Users is collected and managed during navigation on the Website and for the use of its services.
Identity and contact details of the Processing Owner
The Processing Owner is Eni S.p.A., with registered office in Rome, Piazzale Enrico Mattei, 1 which can be contacted through the Contacts section.
Contact details of the Data Protection Officer
The Company has appointed a Data Protection Officer, who can be contacted at the following email address email@example.com.
Purposes of the processing and legal basis of the processing
a) The finalities legally necessary for the provision of services - processing required to fulfil a contractual or legal obligation to which the Processing Owner is subject to execute a specific request from the party involved
The User's personal data may be processed, without the need for their consent, in cases where this is necessary to fulfil obligations deriving from legal provisions, as well as rules, codes or procedures approved by Authorities and other competent Institutions.
The User's personal data will also be processed for the purposes related to and / or associated with the provision of services by the Company in the context of browsing the Website, such as:
- for the provision of the services requested by the User while browsing the Website including the collection, storage and development of data for the purpose of establishing successive operational and technical management. Specifically, subscription to the Newsletter and Mail Alert services whereby forms are filled out on the Website, which require the acquisition of user contact data for the distribution of the requested service.
Moreover, participation to live or on-demand financial events (“Financial Events”) is subject to registration, by filling out the form on the Website, and it requires the collection of the personal data specified in the form, for the service requested to be provided;
- management of relations with third-party authorities and public bodies for purposes related to particular requests, fulfilment of legal obligations or particular procedures.
These data, whose provision is necessary for the operational execution of the service, will also be processed with electronic tools, registered in special databases, and used strictly and exclusively in the context of browsing the Website.
Since the communication of personal data of the User for the aforementioned purposes is necessary for the maintenance and provision of all services related to navigation on the Website, failure to communicate will make it impossible to provide the specific services in question.
b) Commercial and marketing purposes – consent
The User's personal data may also be processed, subject to their consent, for the following additional purposes functional to the activity of the Owner or of a third party:
- market research, economic and statistical analyses;
- marketing of the services of the Owner and / or of a third party, sending of material for advertising / informative / promotional purposes and participation in initiatives and offers aimed at rewarding the Customers of the Owner;
- surveys of customer satisfaction on the quality of services provided.
These activities may concern the products and services of the Owner, as well as of companies controlled by Eni S.p.A. or their business partners and may also be carried out through an automated call system, without the intervention of an operator, including electronic mail, and SMS (Short Message Service) messages.
Consent to the processing of data and communication on the below-mentioned topics for the aforesaid purposes is optional and may be revoked at any time through the Contacts section
c) Defence of a right in court
In addition, the User's personal data will be processed whenever necessary for the purpose of ascertaining, exercising or defending a right in court of the Owner or of other companies falling within the sphere of control of Eni S.p.A.
d) Legitimate interest of the Owner
The Owner may process, without the User's consent, the personal data collected in the following cases:
- in the case of extraordinary operations of merger, transfer or the transfer of a business unit, in order to allow the performance of the operations necessary for the due diligence and preparatory activity relating to the transfer. It is understood that the data exclusively necessary for the aforementioned purposes will be processed in the most aggregate/anonymous form possible.
- Analysis in aggregate and anonymous form, of the services used, to identify user habits and propensities, to improve the services provided, to meet specific user requirements, and for initiatives aimed at improving the services provided. With exclusive reference to the Financial Events live and on-demand, such analysis might took place also in a non-anonymous form (during such service, only the following data will be processes: personal and contact info, company, city);
- anonymous and aggregated analysis of the use of the services used, to identify Users’ habits and inclinations, to improve the services provided and to meet specific User needs, or to set up initiatives connected to the improvement of the services provided;
- Eni’s brand and reputation positioning analysis on the web (web listening). This includes, in particular, identifying and assessing what is being said about Eni and its activities/clients on the publicly accessible websites to understand the sentiment, intent, mood and trends of the market and the needs of Eni’s stakeholders’ and thereby improving the services offered by the Company. The above is done through key-word searches, without identifying the Users.
Recipients of the personal data
For the pursuit of the purposes indicated in point 3, the Owner may communicate the personal data of the User to third parties, such as, for example, those pertaining to the following topics or categories of topics:
- police forces, armed forces and other public administrations, for the fulfilment of obligations under the law, regulations or community legislation. In such cases, according to the applicable legislation on data protection, the obligation to acquire the prior consent of the person regarding such communications is excluded;
- companies, bodies or associations, or parent companies, subsidiaries or affiliated companies pursuant to Article 2359 of the Italian Civil Code, or between them and companies subject to joint control, as well as consortia, networks of companies and groupings and temporary associations of companies and entities linked to them, limited to communications made for administrative and/or accounting purposes;
- IT service providers.
The Owner guarantees the utmost care to ensure that the communication of the User’s personal data to the aforementioned recipients only concerns the data necessary to achieve the specific purposes for which they are intended.
The User's personal data is stored in the Owner’s databases and will be processed exclusively by authorised personnel. The latter will be provided with specific instructions on the methods and purposes of the processing. Furthermore, these data will not be disclosed to third parties, except as provided above and, in any case, within the limits indicated therein.
Finally, we remind you that the User’s personal data will not be disseminated, except in the cases described above and/or required by law.
Transfer of personal data outside the EU
For some of the purposes set out in point 3, the personal data of the User may be transferred outside the EU, including through inclusion in shared databases and managed by third parties belonging or not to Eni S.p.A.’s sphere of control. The management of the database and the processing of such data are bound to the purposes for which they were collected and are carried out in full compliance with the privacy and security standards set out in the applicable personal data protection laws.
Whenever the User's personal data are to be transferred internationally outside the territory of the EU, the Owner will take all appropriate contractual measures necessary to guarantee an adequate level of personal data protection in accordance with that stated within the present information document on the processing of personal data, including, among others, the Standard Contractual Clauses approved by the European Commission
The data will be stored for a period of time not exceeding that necessary for the purposes for which they were collected or subsequently processed in accordance with the provisions of the legal obligations.
Rights of the data subject
As data subject, the User is granted the following rights to the personal data collected and processed by the Owner for the purposes indicated in point 3: (i) the right of access, in particular requesting, at any time, confirmation of the existence of personal data of the User in the Company’s archives and the provision of such information in a clear and intelligible way, as well as the right to know the origin, logic and purpose of the processing with express and specific indication of the persons in charge and responsible for the processing and third parties to whom the User’s personal data may be disclosed; (ii) the right to obtain, update and rectify data (except for evaluation data), deletion of superfluous data or transformation into an unrecognisable form, as well as the obstruction of processing and definitive cancellation in case of unlawful processing; and (iii) if these prerequisites are not satisfied, the restriction of the processing and the portability of data. The law also recognises the right of the data subjects to make a complaint to the Guarantor for the protection of the personal data, should the User discern a violation of their rights in accordance with applicable legislation regarding the protection of personal data.