Privacy Policy

For any information about to the processing of Personal Data, you can reach out to the Data Protection Officer (“DPO”) appointed by the Company at the following email adress: dpo@eni.com.

The Personal Data processed are the common data you may provide directly via the contact form and/or that the Company collects through through your browser, such as name, surname, company, telephone number, email adress, message content, IP address, etc.

• Legal obligation – processing necessary to comply with a legal obligation to which the Controller is subject (Art. 6(1)(c) GDPR).

Your Data may be processed when necessary to comply with obligations arising from laws, regulations, or procedures approved by competent authorities and institutions, as well as for the handling of any requests from authorities.

Failure to provide the Data will make it impossible to access or use the requested Website Services.

• Contractual purposes – processing necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, and processing necessary to transmit communication over an electonic communication network or necessary for the provider of an information society service explicitly requested by the user Art. 122 Privacy Code; Art. 6(1)(b) GDPR)

Your Data will be processed, including via technical browsing and technical functionality Trackers, to: (i) enable the use of the Website and the provision of the Services requested through the Website, including the submission of the contact form and related management activities, as well as the Data Controller to perform the operational and technical management of the Website and ensure cybersecurity; and (ii) remember personalization settings on the Website chosen by the user, such as language.

Failure to provide the Data will make it impossible to access or use the requested Website Services.

• Statistical analysis purposes – processing necessary to transmit a communication over an electronic communication network or necessary for the provider of an information society service explicitly requested by the user(Art. 122 privacy Code).

Your Data will be processed through analytical Trackers to collect aggregated information regarding your interaction with the Website and to perform aggregated analysis of Service usage, to improve and optimize the Services.
Consent is not required, as the analytical Trackers installed by the Website meet the conditions to be treated as technical Trackers.

Failure to provide Data will make it impossible to access and use the requested Website Services.

• Other purposes – processing necessary for the pursuit of the legitimate interest of the Data Controller or third parties (Art. 6(1)(f) GDPR)

Your Data may be processed:

• in the context of exceptional transactions involving a merger, sale or business units transfer, to enable due diligence processes;
• to establish, exercise, or defend a legal claim of the Data Controller or third parties, both judicially and extra-judically including preparatory activities.

Failure to provide the Data will make it impossible to access or use the requested Website Services.

Personal Data may be processed with the aid of electronic or automated systems, managed throguh tools that ensure security and confidentiality, and will include every operation or set of operations necessary for the processing.

For the purposes indicated in paragraph 4, Personal Data may be processed by personnel authorized by the Data Controller. The Data Controller may also communicate your Data to third parties, including:

• law enforcement, armed forces, and other public authorities for compliance with legal obligations;
• companies providing IT services (development, maintenance, support of the Website);
• web measurement service providers
• companies contractually linked to the Data Controller providing consultancy or support services;
• professional firms and consultancy companies assisting with ordinary management or litigation.

With respect to the Personal Data disclosed to them, Recipients in the above categories may operate, as the case may be, as data processors (in which case they will receive appropriate instructions from the Data Controller) or as independent data controllers.

Where this serves the purpose described in paragraph 4, Personal Data might also be transferred abroad to companies based outside the European Economic Area (“EEA”). Some of the jurisdictions outside the EEA might not guarantee the same level of Personal Data protection guaranteed within the EEA. In this case, the Data Controller undertakes to regulate the transfer and the subsequent processing of the Personal Data through the Standard Contractual Clauses providedby the European Commission and to adopt every other safeguard required under Art. 46 GDPR, if it is not possible to use one of the derogations listed in article 49 GDPR.

Data will be kept:

• for purpose (a) of paragraph 4, for the time required by applicable law and to respond to authorities’ requests;
• for purpose (b) of paragraph 4: (i) for Data processed through Trackers, according to the retention periods indicated in the  Website’s Cookie and Tracing Technologies Notice; for contact-form Data, up to maximum 14 months;  
• for purpose (c) of paragraph 4: as indicated in the Website’s Cookie and Tracing Technologies Notice
• for purpose (d) of paragraph 4: for the time strictly necessary to pursue such purposes.

Where applicable and within the limits of the GDPR, data subjects have the right to:

• obtain confirmation from the Data Controller as to whether or not their Personal Data are being processed, and, when this is the case, access to the information in Art. 15 GDPR;
• obtain from the Data Controller the rectification of inaccurate Personal Data, or, taking into account the purposes of the processing, have incomplete Personal Data completed under Art. 16 GDPR;
• obtain from the Data Controller erasure of Personal Data under Art. 17 GDPR applies;
• obtainfrom the Data Controller the restriction of processing of Personal Data in the cases listed in Art. 18 GDPR;
• receive – in a structured, commonly used and  machine-readable format – the Data provided to the Data Controller so that the Data Subject may transmit those data to another data controller without hinderance, in accordance with Art. 20 GDPR;
• object to the processing of their Personal Data on the basis of their particular situation, unless there are compelling legitimate grounds for the processing that override their interests, rights and freedoms or compelling legitimate grounds for the establishment, exercise or defence of legal claims, in accordance Art. 21 GDPR;
• withdraw consent at any time, without affecting processing already carried out.

These rights may be excersised by emailing the DPO at: dpo@eni.com.

Without prejudice to their right to initiate other administrative or judicial proceedings, you also have the right to lodge a complaint with the competent supervisory autority (Garante per la Protezione dei Dati Personali) if you believe that there has been a breach of your rights with regard to the protection of their Personal Data.