In accordance with Regulation (EU) 2016/679 (“GDPR”), Banque Eni S.A. (“Company” or “Controller”) provides the below information on the processing of personal data in order to allow users (“User” or “Users”) of website www.st-banqueenisa-ext.eni.com (“Website”) to know our privacy policy and understand how Users’ personal information is managed while browsing on the Website and for using its services.
The Controller is Banque Eni S.A., with registered office in 1A Rue Guirmard 1040 Brussels, which can be contacted at the email address banqueeni.info@eni.com.
The Company has appointed a Data Protection Officer, who can be contacted at the email address dpo@eni.com.
Necessary legal and contractual purposes – processing is necessary for compliance with a legal obligation to which the controller is subject or to execute a specific request of the data subject User’s personal data may be processed without his/her consent in cases where this is necessary in order to comply with obligations deriving from laws, regulations, codes or procedures approved by authorities or other competent institutions.
User’s personal data will also be processed for purposes relating and/or connected to the provision by the Company of services for the navigation of the Website, and specifically:
Given that providing data for these purposes is necessary to maintain and deliver all the services connected to navigating the Website, failure to provide such data will make it impossible to provide the specific services in question.
During normal use by Users, the Website acquires through its IT systems and software procedures for the functioning some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes IP addresses or domain names of computers and terminals used by users, URI/URL (Uniform Resource Identifier/Locator) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters relating to the operating system and computer environment.
These data, necessary for the use of web services, are also processed for the purpose of:
Defence of legal claims
In addition, User’s data will be processed whenever necessary in order to establish, exercise or defend the legal claims of the Controller or third parties.
Controller’s legitimate interest
The Controller may process User’s personal data without his/her consent in the following circumstances:
In pursuit of the purposes indicated in point 3, the Controller may communicate User’s personal data to third parties, such as those belonging to the following organisations or categories of organisations:
The Controller warrants that the utmost care will be taken to ensure that the communication of User’s personal data to the aforementioned recipients only involves the data necessary to achieve the specific purposes for which they are intended.
User’s personal data is stored in the Controller’s database and will be processed exclusively by authorised personnel. Said personnel will be given specific instructions on the methods and purposes of the processing. The data will not be disclosed to third parties except as provided above and, in any case, within the indicated limits.
Finally, we remind that User’s personal data will not be disseminated, except in the cases described above and/or the cases required by law.
For some of the purposes indicated in point 3, User’s personal data may be transferred outside the EU, including by means of their inclusion in shared databases managed by third-party companies. The management of the database and the processing of this data is restricted to the purposes for which the data was collected and must be carried out in full compliance with the confidentiality and security standards set forth in applicable personal data protection laws.
In every instance when User’s personal data is transferred internationally outside of EU territory, the Controller will take all contractual measures necessary and suitable to ensure an adequate level of protection of User’s personal data, in accordance with that which is set forth in this notice on processing of personal data, including the Standard Contractual Clauses approved by the European Commission.
The data will be stored for a period not exceeding the time necessary to fulfil the purposes for which it was collected or subsequently processed in accordance with legal obligations.
As a data subject, User has the following rights over the personal data collected and processed by the Controller for the purposes indicated in point 3: (i) the right of access, in particular to request at any time confirmation of the existence of his/her personal data in the Company’s archives and the making available of this information in a clear and intelligible form, and the right to know the origin, logic and purpose of the processing with express and specific indication of the data supervisors and processors and the third parties to which User’s data may be communicated; (ii) the right to have his/her data updated and rectified (except for subjective data), to have superfluous data erased or anonymised, and to block processing and to have his/her data definitively erased in the event of unlawful processing; and (iii) where the conditions are met, to restrict processing and data portability. The law also grants data subjects the right to complain to the Supervisory Authority for Personal Data Protection if they become aware of a violation of their rights under applicable personal data protection legislation.
Users can exercise the above rights by writing to the email address banqueeni.info@eni.com, or by contacting the data protection officer at dpo@eni.com.