In accordance with Regulation (EU) 2016/679 ("GDPR
"), Eni S.p.A. ("Company
" or "Controller
") provides the below information on the processing of your personal data in order to allow the users ("user
" or "users
") of the website http://www.multicard.eni.com/
Identity and contact details of the Controller
The Controller is Eni S.p.A., with registered office in Rome, Piazzale Enrico Mattei 1, which can be contacted via the following PEC address: firstname.lastname@example.org.
Contact details of the Data Protection Officer
The Company has appointed a Data Protection Officer, who can be contacted at the email address DPO@eni.com.
Purposes and legal basis of the processing
Necessary legal and contractual purposes – processing is necessary for compliance with a legal obligation to which the controller is subject or to execute a specific request of the data subject.
Your personal data may be processed without your consent in cases where this is necessary in order to comply with obligations deriving from laws, regulations, codes or procedures approved by authorities or other competent institutions.
Your personal data will also be processed for purposes relating and/or connected to the provision of services for the navigation of the Website through the Company, in particular:
- to provide the services requested by the user when navigating the website, including the collection, storage and processing of data when registering on the website and creating a user account and profile, in order to establish and manage, operatively, technically and administratively, this connection (and user’s profile and account);
- for service assistance and more generally, service management, such as communication regarding the employment of the services the user has registered for relation management with third party authorities and public bodies for scopes related to special requests, commitments or special procedures.
This data – which is required to deliver the service – will also be processed electronically, stored in specific databases, and used strictly and exclusively in relation to navigating the Website.
Given that providing your data for these purposes is necessary to maintain and deliver all the services connected to navigating the website, failure to provide such data will make it impossible to provide the specific services in question.
The website during its regular use by the users acquires through its own informatics systems and software procedures necessary for operation some personal data whose transmission is implied in the use of internet communication protocols.
This data group includes IP addresses or domain names of the PC and terminals used by the users, the URI/URL addresses (Uniform Resource Identifier/Locator) of the requested resources, the time of the request. The modality used for submitting the request to server, the dimension of the response file, the numeric code that states the response state sent by the server (correct, error, ecc) and other parameters related to the operating system and informatics setting of the user.
These data that are necessary for using the web services are processed also with the following scopes:
- to obtain statistics information on the use of the services (most visited pages, number of visitors during certain timeframe/day, geographic area ecc);
- to control the correct functioning of the services offered.
Defence of legal claims
In addition, your data will be processed whenever necessary in order to establish, exercise or defend the legal claims of the Controller or other companies under Eni’s control.
Controller’s legitimate interest
The Controller may process your personal data without your consent in the following circumstances:
- during mergers, disposals or transfers of business units, in order to carry out operations necessary for due diligence activities and in preparation for the transaction. It is understood that only the data necessary for the aforementioned purposes will be processed, in the most aggregate/anonymous form possible.
- for the aggregate and anonymous analysis of the use of the services accessed, to identify user habits and propensities, to improve the services provided and to meet specific user requirements, or to prepare initiatives for improving the services provided.
Recipients of the personal data
In pursuit of the purposes indicated in point 3 Controller may communicate your personal data to third parties, such as those belonging to the following organizations or categories of organizations:
- police forces, armed forces and other public authorities, to comply with obligations set out by law, regulations or EU legislation. In such cases, there is no obligation under applicable data protection legislation to obtain the data subject’s prior consent to these communications.
- companies, organizations or associations, or parent companies, subsidiaries or associates pursuant to Article 2359 of the Italian Civil Code, or between them and companies subject to joint control, as well as consortia, networks of companies and groupings and temporary associations of companies and entities belonging to them, limited to communications made for administrative and/or accounting purposes.
The Controller warrants that the utmost care will be taken to ensure that the communication of your personal data to the aforementioned recipients only involves the data necessary to achieve the specific purposes for which they are intended.
Your personal data is stored in the Controller’s database and will be processed exclusively by authorized personnel. Said personnel will be given specific instructions on the methods and purposes of the processing. The data will not be disclosed to third parties except as provided above and, in any case, within the indicated limits.
Finally, we remind you that your personal data will not be disseminated, except in the cases described above and/or the cases required by law.
Transfer of personal data outside the EU
As part of the contractual relations between Eni and its subsidiaries, and between said subsidiaries, for some of the purposes indicated in point 3, your personal data may be transferred outside the EU, including by means of their inclusion in shared databases managed by third-party companies that may or may not be under Eni’s control. The management of the database and the processing of this data is restricted to the purposes for which the data was collected and must be carried out in full compliance with the confidentiality and security standards set forth in applicable personal data protection laws.
In every instance when your personal data is transferred internationally outside of EU territory, the Controller will take all contractual measures necessary and suitable to ensure an adequate level of protection of your personal data, in accordance with that which is set forth in this notice on processing of personal data, including the Standard Contractual Clauses approved by the European Commission.
Data storage period
The data will be stored for a period not exceeding the time necessary to fulfil the purposes for which it was collected or subsequently processed in accordance with legal obligations.
Rights of data subjects
As a data subject, you have the following rights over the personal data collected and processed by the Controller for the purposes indicated in point 3: (i) the right of access, in particular to request at any time confirmation of the existence of your personal data in the Company’s archives and the making available of this information in a clear and intelligible form, and the right to know the origin, logic and purpose of the processing with express and specific indication of the data supervisors and processors and the third parties to which your data may be communicated; (ii) the right to have your data updated and rectified (except for subjective data), to have superfluous data erased or anonymized, and to block processing and to have your data definitively erased in the event of unlawful processing; and (iii) where the conditions are met, to restrict processing and data portability. The law also grants data subjects the right to complain to the Supervisory Authority for Personal Data Protection if you become aware of a violation of your rights under applicable personal data protection legislation.
You can exercise the above rights sending specific communication through PEC to: email@example.com, or contacting the Data Protection responsible at: firstname.lastname@example.org.