Pursuant to Regulation (EU) 2016/679 (“GDPR”), Eni S.p.A. (“Company” or “Controller”) provides the following information to enable users (“Data Subjects”) of the “Eni Corporate” app (“App”) to understand how their personal data is collected and processed in connection with the use of the App and the use of the services (“Services”) provided through it according to the Terms and Conditions of Use (“T&Cs”).
1. Data Controller
The Data Controller is Eni S.p.A., with registered office in Rome, Piazzale Enrico Mattei, 1, 00144, Italy.
2. Data Processor
The Company has appointed a Data Protection Officer (“DPO”), who can be contacted at the following e-mail address dpo@eni.com.
3. Categories of personal data processed
Computer systems, software procedures used to operate the App as well as tracking technologies installed in the App acquire, during normal operation, certain personal data that are implicitly transmitted in the use of Internet communication protocols. This is information that is not collected in order to be associated with identified Data Subjects, but which by its nature could, through processing and association with data held by third parties, make it possible to identify data subjects.
This category of data includes the IP addresses or domain names of the computers used by Data Subjects accessing the App, the screens of the App, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the computer environment of the Data Subjects (“Personal Data” or “Data”).
4. Purpose and legal basis of processing
The Personal Data is processed to:
a) fulfil legal obligations and comply with requests from public authorities;
b) allow the use of the App and to check its correct functioning;
c) to follow up the request for Services by the Data Subjects. For the aforementioned purpose, Personal Data will also be processed within the context of the administration and management of the Services, support, as well as to comply with the obligations arising under the T&Cs, as well as to comply with specific requests of the Data Subjects;
d) allow to receive push notifications in the App in order to remain constantly updated on the content published in the App, based on the preferences expressed;
e) to perform, on an aggregate basis, analysis of the use of the App and the Services, in order to improve the App and the Services and meet specific needs of Data Subjects;
f) as part of extraordinary mergers, the sale or transfer of business operations, to carry out activities preparatory to such operations, including due diligence;
g) to ascertain, exercise, defend a right of the Data Controller and/or a third party including in court.
Processing of Personal Data for the purposes referred to in paragraph 4(a) is based on the provisions of applicable law or on a request by public authorities (Art. 6. par. 1(c) GDPR).
Personal Data processing for the purposes referred to in paragraph 4(b) and (c) is based on the need to fulfil the Data Subject’s request to use the App and receive the Services (Art. 6, par. 1(b) GDPR).
Personal Data processing for the purposes referred to in paragraph 4(d) is based on the consent of the Data Subject (Art. 6, par. 1(a) GDPR).
Personal Data processing for the purpose referred to in paragraph 4(e) is based on the legitimate interest of the Data Controller to continuously improve the efficiency and security of the App and their Services (Art. 6, par. 1(f) GDPR);
Personal Data processing for the purpose referred to in paragraph 4(f) is based on the legitimate interest of the Data Controller in the continuation of their business activities (Art. 6, par. 1(f) GDPR).
Personal Data processing for the purpose referred to in paragraph 4(g) is based on the legitimate interest of the Data Controller and/or third parties in protecting their rights (Art. 6, par. 1(f) GDPR).
5. Personal data processing methods
The Data may also be processed with the help of electronic or automated means, managed using tools that guarantee security and confidentiality, and will include any operation or set of operations necessary for its processing.
6. Personal data recipients
To pursue the purposes set out in point 4, the Data Controller may communicate Personal Data to third parties belonging to the following subjects or categories of subjects:
The Data Controller guarantees it will act with the utmost care to ensure that the communication of your Personal Data to the aforementioned recipients only concerns the Data necessary to achieve the specific purposes they are intended for.
With regard to the Data communicated to them, the recipients belonging to the above categories may operate either as data controllers (in which case they will receive appropriate instructions from the Data Controller) or as independent data controllers, depending on the situation.
Finally, please note that Personal Data will not be circulated.
7. Transfer of personal data outside the EU
Whenever it is deemed instrumental to the pursuit of the purposes set forth in paragraph 4, the Data may also be sent abroad to companies located outside the European Economic Area (“EEA"). Some of the jurisdictions outside the EEA may not provide the same level of Data protection as that which is guaranteed within the EEA. In such a case, the Data Controller undertakes to process the Data with the utmost confidentiality by adopting the standard contractual clauses provided by the European Commission and any other necessary measures referred to in Art. 46 GDPR where it would not be possible to resort to one of the exceptions referred to in Art. 49 GDPR.
8. Data retention period
Personal Data will be kept on the Data Controller’s computer files and protected by the appropriate security measures for however long it takes to achieve the purposes set out in paragraph 4 above, and will then be deleted.
Personal Data may be kept for longer in the event of a possible litigation, requests by competent authorities or as per the applicable law.
9. Rights of Data Subjects
Where applicable and within the limits of the GDPR, the Data Subject has the right to:
The Data Subject has the right to withdraw any consent given. Such withdrawal shall not affect the lawfulness of the processing based on the consent given before the revocation.
These rights may be exercised by sending an e-mail to the DPO’s e-mail address: dpo@eni.com. Furthermore, the withdrawal of consent for receiving push notifications in the App can be exercised directly in the App by changing the preferences in the ‘Notifications’ section.
Without prejudice to any other administrative or jurisdictional recourse, you also have the right to lodge a complaint with the competent supervisory authority (for Italy: the Garante per la Protezione dei Dati Personali) if you consider that there has been a violation of your rights regarding the protection of Personal Data.
In accordance with Regulation (EU) 2016/679 (“GDPR”), Eni S.p.A., as data controller (“Data Controller”), provides below information regarding the processing of personal data carried out by means of the tracking technologies installed on the “Eni Corporate” app (“App”).
1. Adopted tracking technologies
When the user accesses or interacts with the App and uses the services provided by the Terms and Conditions of Use (“Services”), the Data Controller and the authorised third parties that provide the latter with technical and analytical support services process the user’s personal data collected through tracking technologies known as SDKs (Software Development Kits).
2. Software Development Kits (SDKs) – General information
Software Development Kits are software embedded in the App that enables the collection and processing of users’ personal data in order to (i) ensure the functioning of the App and its proper use; (ii) perform aggregate analysis on the use of the App.
3. SDKs installed on the App
Below is a list of the SDKs installed in the App, as well as the features of each of them.
The SDKs installed in the App are owned by authorised third parties that provide the Data Controller with technical and analytical support services.
SDK name | Source | Duration | Type of SDK | Purpose |
---|---|---|---|---|
Google Analytics 4 | Google Inc. | Until the App is uninstalled | Third-party analytical SDK | To evaluate the performance of the App and carry out aggregate analysis on the use of the App, partly with a view to improving the App itself; |
Crashlytics | Google Inc. | Until the App is uninstalled | Third-party technical SDK | To ensure the technical functioning of the App, also allowing for corrections, updates and upgrades to the App itself. |
SDK name | Source | Duration | Type of SDK | Purpose |
---|---|---|---|---|
Google Analytics 4 | Google Inc. | Until the App is uninstalled | Third-party analytical SDK | To evaluate the performance of the App and carry out aggregate analysis on the use of the App, partly with a view to improving the App itself; |
Crashlytics | Google Inc. | Until the App is uninstalled | Third-party technical SDK | To ensure the technical functioning of the App, also allowing for corrections, updates and upgrades to the App itself. |
For more information on the SDKs installed on the App, please click on the following links:
https://support.google.com/analytics/answer/6004245?hl=it&sjid=7228909913557186974-EU
https://firebase.google.com/support/privacy (see sections specifically dedicated to Crashlytics)
Eni.com is a digitally designed platform that offers an immediate overview of Eni's activities. It addresses everyone, recounting in a transparent and accessible way the values, commitment and perspectives of a global technology company for the energy transition.
Discover our mission