Privacy Policy

Pursuant to Regulation (EU) 2016/679 ("GDPR"), Eni gas e luce S.p.A. ("Company" or the "Data holder") provides here below information regarding the processing of personal data to allow Users (“User” or “Users”) of the website www.enigaseluce.brightidea.com (“Website”) to be aware of the policy with regards to the protection of personal data and to understand how personal information is collected and handled during the navigation on the Website and for the use of the services of it.

IDENTITY AND CONTACT DETAILS OF THE DATA HOLDER

The Data holder is Eni gas e luce S.p.A., registered in the office in San Donato Milanese, Piazza Vanoni, 1 that can be contacted writing an email at the following address openinnovation@team.enigaseluce.com.

CONTACT DETAILS OF THE DATA PROTECTION OFFICER

The Company has appointed a Data Protection Officer, who can be contacted at the following email address dpo@eni.com.

PURPOSE OF THE PROCESSING AND LEGAL BASIS OF THE PROCESSING

a. Purpose of law and necessary for the delivery of the services– the necessary treatment to fulfil a contractual or legal obligation to which the data holder is subject to

The User’s personal data may be processed, without the need of the User’s consent, in cases where this is necessary to fulfil obligations deriving from legal provisions, as well as rules, codes or procedures approved by Authorities and other competent Institutions.

The User’s personal data will also be processed for the purposes related and / or linked to the provision of services by the Company in the context of browsing the Website, such as:

for the provision of the services requested by the User while browsing the Website, registering on the Website and creating the User’s account and profile including the collection, storage and processing of data for the purpose of establishing and subsequent operational, technical and administrative management of the relationship (and of the account and profile created by the User), for assistance with the use of services and, in general, management of services, including, as an example, sending of communications relating to the methods of use of the services to which the User has registered to; 

- management of relations with third-party authorities and public entities for purposes related to particular requests, compliance with legal obligations or particular procedures.

These data - the provision of which is necessary for the operational execution of the services provided in the context of browsing the Website - will be processed electronically, recorded in special databases, and used strictly and exclusively in the context of browsing the Website.

Since the communication of personal data of the User for the aforementioned purposes is necessary for the maintenance and provision of services related to navigation on the Website, failure to communicate will make it impossible to provide the specific services in question.

The Website, in the course of normal use by Users, acquires some personal data through its IT systems and software procedures used for the operation, the transmission of which is implicit in the use of Internet communication protocols.

This category of data includes IP addresses or domain names of computers and terminals used by Users, addresses in URI / URL notation (Uniform Resource Identifier / Locator) of the requested resources, the time of the request, the method used in the submit the request to the server, the file size obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters related to the operating system and the User's computer environment.

These data, necessary for the use of web services, are also processed for the purpose of:

- obtaining statistical information on the use of services (most visited pages, number of visitors per hour or day, geographical areas of origin, etc.);
- check the correct functioning of the services offered.

 

b. Defence of a right in court

In addition, the User’s personal data will be processed whenever necessary for the purpose of ascertaining, exercising or defending a right of the owner or other companies falling within the scope of Eni S.p.A. control in court.

 

c. Legitimate interest of the owner

The Data Controller may process, without the consent of the User, the personal data collected in the following cases:

- in the case of extraordinary operations of merger, transfer or transfer of a business unit, in order to allow the realization of the operations necessary for the due diligence activity and upcoming to the sale. It is understood that the data exclusively for the aforementioned purposes will be processed for the aforementioned purposes, in the most aggregate / anonymous form possible;

- anonymous and aggregate analysis of the use of the services used, to identify Users' habits and inclinations, to improve the services provided and to meet specific User needs, or to set up initiatives connected to the improvement of the services provided.

RECIPIENTS OF PERSONAL DATA

 

For the pursuit of the purposes indicated in point 3, the Data holder may communicate the User’s personal data to third parties, such as, for example, those belonging to the following subjects or categories of subjects:

- police, armed forces and other public administrations, for the fulfilment of obligations under the law, regulations or community legislation. In such cases, according to the applicable legislation on data protection, the obligation to acquire the prior consent of the person concerned to such communications is excluded;

- companies, bodies or associations, or parent companies, subsidiaries or affiliated companies pursuant to Article 2359 of the Italian Civil Code, or between these and companies subject to joint control, as well as consortiums, networks of companies and groupings and temporary associations of companies and with the subjects adhering to them, limited to communications made for administrative and / or accounting purposes;

- other companies contractually linked to the Owner who perform, by way of example, consulting activities, support for the provision of services, etc.

The Data holder guarantees the utmost care to ensure that the communication of the User’s personal data to the aforementioned recipients regards only the data necessary to achieve the specific purposes for which they are intended.

The User’s personal data is stored in the database of the Data holder and will be processed exclusively by authorized personnel. These, will be provided with specific instructions on the methods and purposes of the treatment. This data will not be disclosed to third parties, except as when shown as above and, in any case, within the limits indicated therein.

Finally, we remind that the User’s personal data will not be disseminated, except in the cases described above and / or required by law.

TRANSFER OF PERSONAL DATA OUTSIDE THE EU

In the context of the contractual relationships between the Company, its subsidiaries and third parties, as well as between the subsidiaries themselves, for some of the purposes indicated in point 3, the User’s personal data may be transferred outside the EU, including through the insertion in shared databases managed by third-party companies belonging to the Company control perimeter. The management of the database and the processing of such data are bound to the purposes for which they were collected and are carried out in full compliance with the standards of confidentiality and security as for the applicable data protection laws.

Whenever the User’s personal data should be transferred internationally outside the EU, the Data holder will take all appropriate contractual measures necessary to guarantee an adequate level of protection of the User’s personal data in accordance with the provisions of the contract on the information on the processing of personal data, including, among others, the Standard Contractual Clauses approved by the European Commission.

DATA RETENTION PERIOD

The data will be stored for a period of time not exceeding that necessary for the purposes for which they are collected or subsequently processed in accordance with the provisions of the legal obligations.

RIGHTS OF THE INTERESTED PARTIES

As an interested party, the User will be granted the following rights on the personal data collected and processed by the Data Holder for the purposes indicated in point 3:

(i) the right of access, in particular, requesting at any time, confirmation of the existence of the User’s personal data in the Company's archives and making this information available in a clear and intelligible manner, as well as the right to know the origin, the logic and purpose of the processing with specific indication of the person in charge of processing and the subject third parties to whom the User’s data may be disclosed;

(ii) the right to obtain the update and rectification of data (except for evaluation data), deletion of superfluous data or transformation into anonymous form, as well as the blocking and definitive cancellation in case of unlawful processing; and

(iii) whenever the conditions are met, the limitation of processing and the portability of data. The law also recognizes, to those interested, the possibility of proposing a complaint to the Guarantor for the protection of personal data, should the User recognize a violation of the User’s rights under applicable law regarding the protection of personal data. 

The User can exercise the rights listed above sending the respective communication to the email address openinnovation@team.enigaseluce.com, or by writing to the Data Protection Officer dpo@eni.com.