Pursuant to Regulation (EU) 2016/679 ("GDPR"), Eniverse ventures S.r.l. ("Company" or the "Data Controller") provides below the information regarding the processing of your personal data collected or provided by you when you use services on the www.eniverse.tech website ("Website").
1. Identity and contact details of the data controller
The Data Controller is Eniverse Ventures S.r.l., with registered office in Piazza Ezio Vanoni, 1 20097 San Donato Milanese (MI), VAT Number 11504520963.
2. Contact details of the Data Protection Officer
The Company has appointed a Data Protection Officer, who can be contacted at the following email address dpo@eni.com.
3. Types of data processed
The personal data subject to processing belong to the category of common personal data, as detailed below. The personal data collected refer to any user browsing the Website and using the available services and/or registered users, as specified below.
a. Browsing data for any user
The computer systems and software procedures used to operate the Website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to a website, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and IT environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the website and to check that it is functioning correctly, and is deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the Website.
b. Data provided voluntarily by the user requesting to be contacted
The personal data processed are those referred to in the 'Write to us' [FB1] form: first name, last name, e-mail address, and any further personal data voluntarily provided by the user.
c. Cookie
Cookies are small text files that are saved on the user's device when they visit a website. They are used to identify you during your navigation experience. The cookies used on the Website serve to facilitate the user's navigation (e.g. by storing the language choice) and will not be used for any other purpose. If necessary, they can be disabled by adjusting the options on your browser. More information on the types of cookies used by the Website can be found in the Cookie Policy .
4. Purpose of processing and legal basis for processing
a. Legal and contractual purposes - processing necessary to fulfil a contractual or legal obligation to which the data controller is subject or to comply with a specific request from the data subject
Your personal data may be processed, without the necessity of your consent, in cases where the processing is necessary to comply with obligations arising from legal provisions, as well as from standards, codes or procedures approved by Authorities and other competent Institutions. Providing it is necessary and without it you will not be able to access the Website and services.
This data - the provision of which is necessary for the operational performance of the services - will also be processed by electronic means, recorded in special databases, and used strictly and exclusively in the context of Web Site navigation. Since the communication of your data for the aforesaid purposes is necessary for the maintenance and provision of the services of the Web Site, failure to provide such data will make it impossible to provide the specific services in question to you.
b. Purposes based on a legitimate interest of the Controller
The Data Controller may process your personal data on the basis of its legitimate interest in improving its services and protecting its business, in the following cases:
- in the case of extraordinary operations of merger, sale or transfer of a branch of business, in order to allow the performance of the operations necessary for due diligence activities and preparatory to the sale. It is understood that the data processed for the aforementioned purposes will be exclusively necessary, in the most aggregate/anonymous form possible;
- analysis in anonymous and aggregate form of the use of the services used, in order to identify users' habits and propensities, to improve the services provided and to meet specific users' needs, i.e. the preparation of initiatives related to the improvement of the services provided
- whenever necessary in order to ascertain, exercise or defend a right of the Data Controller or of other companies within the Company's perimeter of control in court.
5. Recipients of personal data
For the pursuit of the purposes indicated in point 4, the Controller may communicate your personal data to third parties, such as, for example, those belonging to the following subjects or categories of subjects
- police forces, armed forces and other public administrations, for the fulfilment of obligations provided for by law, regulations or EU legislation
- companies, bodies or associations, i.e. parent companies, subsidiaries or associated companies within the meaning of Article 2359 of the Civil Code, or between these and companies subject to joint control, as well as between consortia, networks of companies and temporary associations of companies and with their members, limited to communications made for administrative and/or accounting purposes
- other companies contractually bound to the Controller that perform, by way of example, consultancy activities, support for the provision of IT services, Website management services, etc.
The Data Controller guarantees the utmost care so that the communication of your personal data to the aforesaid recipients only concerns the data necessary to achieve the specific purposes for which they are intended.
Your personal data are stored in the Data Controller's databases and will only be processed by authorised personnel. The latter will be provided with special instructions on the methods and purposes of processing. These data will also not be disclosed to third parties, except as provided for above and, in any case, within the limits indicated therein.
Finally, we remind you that your personal data will not be disclosed, except in the cases described above and/or provided for by law.
6. Transfer of personal data outside the European Economic Area
For some of the purposes set out in Section 4, your personal data may be transferred outside the European Economic Area ("EEA"). The management of the database and the processing of such data is bound to the purposes for which it was collected and is carried out in strict compliance with the standards of confidentiality and security set out in the applicable data protection laws.
Whenever your personal data is transferred internationally outside the EEA, the Data Controller will take all appropriate and necessary contractual measures to ensure an adequate level of protection for your personal data in accordance with this privacy policy, including, among others, the Standard Contractual Clauses approved by the European Commission.
6. Data retention period
Data will be retained for no longer than is necessary for the purposes for which it was collected or subsequently processed in accordance with legal obligations. Browsing data and cookies will be retained in accordance with the timeframe indicated in the cookie policy, unless a further period is required to defend a right or interest of the Company or third parties.
7. Rights of the data subjects
As a data subject, you are granted the following rights over the personal data collected and processed by the Controller for the purposes indicated in point 4: (i) the right of access, in particular by requesting, at any time, confirmation of the existence of your personal data in the Company's archives and the provision of such information in a clear and intelligible manner, as well as the right to know the origin, logic and purpose of the processing with express and specific indication of the persons in charge and responsible for the processing and third parties to whom your data may be communicated; (ii) the right to obtain the updating and rectification of the data, the erasure of superfluous data or their transformation into anonymous form, as well as the blocking of the processing and definitive deletion in the event of unlawful processing; (iii) if the conditions are met, the limitation of the processing and portability of the data; and (iv) the right to object, on grounds relating to your particular situation, to the processing of your data (including profiling) carried out on the basis of the legitimate interest of the Controller or the necessity of the same processing for the performance of a task carried out in the public interest.
The law also recognises your right to lodge a complaint with the competent Supervisory Authority, should you perceive a violation of your rights under the applicable data protection legislation.
You can exercise the rights listed above by writing to the Data Protection Officer dpo@eni.com.