- Identity and contact details of the Controller
- Contact details of the Data Protection Officer
- Purposes and legal basis of the processing
- Necessary legal and contractual purposes – processing is necessary for compliance with a legal obligation to which the controller is subject or to execute a specific request of the data subject
User’s personal data will also be processed for purposes relating and/or connected to the provision by the Company of services for the navigation of the Website, and specifically:
- to provide the services requested by the User when navigating the Website;
- to manage relations with third-party authorities and public bodies for purposes related to particular requests, compliance with legal obligations or particular procedures.
Given that providing data for these purposes is necessary to maintain and deliver all the services connected to navigating the Website, failure to provide such data will make it impossible to provide the specific services in question.
During normal use by Users, the Website acquires through its IT systems and software procedures for the functioning some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes IP addresses or domain names of computers and terminals used by users, URI/URL (Uniform Resource Identifier/Locator) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters relating to the operating system and computer environment.
These data, necessary for the use of web services, are also processed for the purpose of:
- obtain statistical information on the use of the services (most visited pages, number of visitors per time slot or day, geographical areas of origin, etc.);
- check the correct functioning of the services offered.
- Defence of legal claims
- Controller’s legitimate interest
- during mergers, disposals or transfers of business units, in order to carry out operations necessary for due diligence activities and in preparation for the transaction. It is understood that only the data necessary for the aforementioned purposes will be processed, in the most aggregate/anonymous form possible.
- for the aggregate and anonymous analysis of the use of the services accessed, to identify user habits and propensities, to improve the services provided and to meet specific user requirements, or to prepare initiatives for improving the services provided.
- Recipients of the personal data
- police forces, armed forces and other public authorities, to comply with obligations set out by law, regulations or EU legislation. In such cases, there is no obligation under applicable data protection legislation to obtain the data subject’s prior consent to these communications.
- companies, organisations or associations, or parent companies, subsidiaries or associates, or between them and companies subject to joint control, as well as consortia, networks of companies and groupings and temporary associations of companies and entities belonging to them, limited to communications made for administrative and/or accounting purposes;
- other companies contractually linked to the Data Controller that provide consultancy, support for the provision of services, etc.
User’s personal data is stored in the Controller’s database and will be processed exclusively by authorised personnel. Said personnel will be given specific instructions on the methods and purposes of the processing. The data will not be disclosed to third parties except as provided above and, in any case, within the indicated limits.
Finally, we remind that User’s personal data will not be disseminated, except in the cases described above and/or the cases required by law.
- Transfer of personal data outside the EU
In every instance when User’s personal data is transferred internationally outside of EU territory, the Controller will take all contractual measures necessary and suitable to ensure an adequate level of protection of User’s personal data, in accordance with that which is set forth in this notice on processing of personal data, including the Standard Contractual Clauses approved by the European Commission.
- Data storage period
- Rights of data subjects
Users can exercise the above rights by sending an e-mail to lubesapac@eni.com or by contacting the data protection officer at DPO@eni.com.