Privacy Policy


pursuant to Art. 13 of EU Regulation 679/2016

1.     Introduction

In accordance with the provisions on the processing of personal data set out in EU Regulation 679/2016 ("GDPR") and Legislative Decree No. 196/2003 as amended ("Privacy Code"), Eni S.p.A. provides the following information on the methods, purposes and scope of the processing of the personal data of those who interact with this website (“User” or “Users”) relating to the Ravenna Carbon Capture and Storage project (hereinafter, the "Website").

2.     Data Controller

The User's personal data are acquired and processed by Eni S.p.A. with registered office in 00144 Rome, Piazzale Enrico Mattei 1, email: info_ravenna_ccs@eni.com (hereinafter, “Eni” or the “Data Controller”).

3.     Type of personal data processed

Browsing data

The computer systems and software procedures used to operate the Website acquire, in the course of normal operation, certain personal data that are implicitly transmitted in the use of Internet communication protocols. This information is not collected in order to be associated with identified data subjects, but by its nature could, through processing and association with data held by third parties, allow Users to be identified.

This category of data includes the IP addresses or domain names of the computers used by Users connecting to the Website, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the User's operating system and computer environment.

Data provided voluntarily by the user

For the purposes set out below, the Data Controller may acquire personal data from the User such as personal details (e.g. first name, last name) and contact details (e.g. telephone number, email address).

4.     Purpose and legal basis of processing

a)    Proper functioning of the Website

Browsing data are used to enable navigation on the Website and to check its correct functioning (this processing is carried out pursuant to Art. 6, paragraph 1, letter b) of the GDPR).

b)    Interaction with the Data Controller

The User's personal data are processed by the Data Controller for the purpose of fulfilling requests for information or contact sent via the social network pages of Eni (such processing is carried out pursuant to Art. 6, paragraph 1, letter b) of the GDPR).

c)     Fulfilment of legal obligations

The User's personal data will be processed for purposes connected with the fulfilment of specific obligations provided for by laws, regulations, national and/or supranational sources, as well as by provisions of judicial and administrative authorities and supervisory and control bodies.  The User's personal data may also be processed to respond to requests from public authorities (such processing is carried out pursuant to Art. 6, paragraph 1, letter c) of the GDPR).

d)    Legitimate interest

The User's personal data may also be processed whenever it is necessary in order to ascertain, exercise or defend a right of the Data Controller or of third parties, including other companies of the Eni Group (such processing is in any case carried out pursuant to Article 6, paragraph 1, letter f) of the GDPR).

a)    Consent

the Data Controller will carry out analysis in aggregate form of the use of the services used through Cookies, in order to identify habits and propensities of the Users, to improve the services provided and to satisfy specific needs of the Users, or to prepare initiatives related to the improvement of the services provided (such processing is in any case carried out pursuant to Art. 6, paragraph 1, letter a) of the GDPR).

5.     Method of processing

The User's personal data are processed by the Data Controller with the aid of electronic tools with organisation and processing logics strictly related to the purposes themselves and, in any event, in such a way as to guarantee the security and confidentiality of the data. 

The User’s personal data may be processed, on the basis of the instructions provided by Eni, by suppliers appointed as external data processors. A detailed list of these parties is available on request. 

The processing of the User's personal data is carried out exclusively by authorised personnel, guaranteeing security and confidentiality.

6.     Disclosure of personal data

The Data Controller may disclose the User’s personal data to the following third parties for the purposes set out in Art. 4 of this Policy:

-          duly authorised collaborators and employees entrusted with specific processing activities;

-          parent companies, subsidiary, associated or affiliated companies of Eni if strictly necessary to follow up on contact requests sent through the Website;

-          third parties, appointed as external data processors, who provide services instrumental to the processing of personal data carried out by the Data Controller, such as, by way of example, IT service companies, consultancy firms, legal and accounting service providers;

-          public administrations, judicial authorities, administrative authorities, consultants and consultancy companies as well as law enforcement agencies, to fulfil specific legal obligations.

7.     Transfer of personal data outside the EU

For any of the purposes indicated under point 4, the User’s personal data may be transferred outside the European Economic Area, including through inclusion in shared databases managed by third party companies that may or may not fall within the scope of control of the Data Controller. The management of the database and the processing of such data shall be bound to the purposes for which the data was collected and take place in complete compliance with the standards of confidentiality and security pursuant to applicable personal data protection laws.

Each time the User’s personal data is transferred internationally, outside the European Economic Area, the Data Controller will take all contractual measures suitable and necessary to guarantee a suitable level of protection of the personal data, in accordance with that specified in this personal data processing disclosure, including, amongst others, the Standard Contractual Clauses approved by the European Commission.

8.     Retention of personal data

-          The Data Controller, in accordance with Art. 5 of the GDPR, retain the user's personal data for a period of time not exceeding the achievement of the purposes for which they were processed.

-          This is without prejudice to the right of the Data Controller to retain the User's personal data for a longer period of time if this is strictly necessary to protect the User's and the Data Controller’s rights, to fulfil legal obligations or to comply with orders from judicial, administrative or supervisory authorities.

9.     Rights of the Data Subject

The User has the right to access their data at any time by contacting Eni, at the addresses indicated in Art. 2 of the policy, or the Data Protection Officer, who can be contacted as indicated in Art. 9 of the policy. In particular, articles 13 - 21 of EU Regulation 2016/679 grant the data subject specific rights:

a.     to obtain from the Data Controller confirmation of the existence of personal data concerning them and that such data be made available to them in an intelligible form;  

b.     transmit such data to another data controller without hindrance (“data portability”); 

c.     to withdraw consent at any time without affecting the lawfulness of the processing based on the consent given before revocation, where applicable; 

d.     to know the origin of the data as well as the logic, purposes and methods on which the processing is based; 

e.     to know the categories of persons to whom they are disclosed, if any;  

f.      to obtain the cancellation (“right to be forgotten”), transformation into anonymous form or the blocking of data processed in breach of the law, as well as the updating, rectification or, if interested, the integration of data;  

g.     object, on legitimate grounds, to the processing even if only for certain purposes or in certain ways. 

Finally, it is the User's right to lodge a complaint with the Italian Data Protection Authority, the independent administrative authority that ensures the implementation in the Italian legal system of national and European legislation on the processing of personal data.

10.  Data Protection Officer

The Data Controller has appointed a Data Protection Officer to oversee the correct application of the legislation and to ensure respect for the rights of the data subject, who can be contacted at the following address: dpo@eni.com.  

Last updated: 23 October 2023