In accordance with Regulation (EU) 2016/679 (“GDPR”), Eni S.p.A. (“Company” or the “Owner”) is providing the following information regarding the processing of personal data collected or provided by the User when using the services of the website www.esupplier.eni.com ("Website").
1. Identity and contact details of the Processing Owner
The Processing Owner is Eni S.p.A., with registered office in Rome, Piazzale Enrico Mattei, 1 and offices in San Donato Milanese (Milan), 20097, Via Emilia, 1.
2. Contact details of the Data Protection Officer
The Company has appointed a Data Protection Officer, who can be contacted at the following email address: firstname.lastname@example.org.
3. Purposes of the processing and legal basis of the processing
a. Legal and contractual purposes - processing required to fulfil a contractual or legal obligation to which the Processing Owner is subject or to execute a specific request from the party involved
The User's personal data may be processed, without the need for his consent, in cases where this is necessary to fulfil obligations deriving from legal provisions, as well as rules, codes or procedures approved by Authorities and other competent Institutions.
The User's personal data will also be processed for the purposes related to and/or associated with the provision of services by the Company in the context of browsing the Website, such as:
These data - whose provision is necessary for the operational execution of the Services - will also be processed with electronic tools, registered in special databases, and used strictly and exclusively in the context of browsing the Website. Since the communication of personal data of the User for the aforementioned purposes is necessary for the maintenance and provision of the Services, failure to communicate will make it impossible to provide to the User the specific Services in question.
b. Purposes based on the legitimate interest of the Owner
The Owner may process the User's personal data based on his own legitimate interest in order to improve the Services and protect his business, in the following cases:
4. Recipients of the personal data
For the pursuit of the purposes indicated in point 3, the Owner may communicate the personal data of the User to third parties, such as, for example, those pertaining to the following individuals or categories of individuals:
The Owner guarantees the utmost care to ensure that the communication of the User’s personal data to the aforementioned recipients only concerns the data necessary to achieve the specific purposes for which they are intended.
The User's personal data is stored in the Owner’s databases and will be processed exclusively by authorised personnel. The latter will be provided with specific instructions on the methods and purposes of the processing. Furthermore, these data will not be disclosed to third parties, except as provided above and, in any case, within the limits indicated therein.
Finally, we remind you that the User’s personal data will not be disseminated, except in the cases described above and/or required by law.
5. Transfer of personal data outside the European Economic Area
For some of the purposes set out in point 3, the personal data of the User may be transferred outside the European Economic Area (“EEA”). The management of the database and the processing of such data are bound to the purposes for which they were collected and are carried out in full compliance with the privacy and security standards set out in the applicable personal data protection laws.
Whenever the User's personal data are to be transferred internationally outside the territory of the EEA, the Owner will take all appropriate contractual measures necessary to guarantee an adequate level of personal data protection in accordance with that stated within the present information document on the processing of personal data, including, among others, the Standard Contractual Clauses approved by the European Commission.
6. Data-retention period
The data will be stored for a period of time not exceeding that necessary for the purposes for which they were collected or subsequently processed in accordance with the provisions of the legal obligations.
7. Rights of the interested parties
As an interested party, the User is granted the following rights to the personal data collected and processed by the Owner for the purposes indicated in point 3: (i) the right to access, in particular requesting, at any time, confirmation of the existence of personal data of the User in the Company’s archives and the provision of such information in a clear and intelligible way, as well as the right to know the origin, logic and purpose of the processing with express and specific indication of the persons in charge and responsible for the processing and third parties to whom the User’s personal data may be disclosed; (ii) the right to obtain, update and rectify data, the deletion of superfluous data or the transformation into anonymous form, as well as the obstruction of processing and definitive cancellation in case of unlawful processing; (iii) if these prerequisites are not satisfied, the restriction of the processing and the portability of data; and (iv) the right to object, for reasons related to a particular situation, to the processing of data (including profiling) carried out on the basis of the legitimate interest of the Owner or the need for the same processing for the execution of a public interest task .
The law also recognises the right of the User to make a complaint to the Data Protection Authority, should the User discern a violation of his rights in accordance with applicable legislation regarding the protection of personal data.
The User may exercise the rights listed above by writing to the data protection Officer at: email@example.com.