Privacy policy

In accordance with Regulation (EU) 2016/679 (“GDPR”), Enilive S.p.A. (“Enilive” or the “Controller”) provides this privacy policy regarding the processing of personal data. This enables users (“User” or “Users”) of the website www.altstazionedelgusto.it (“Website”) to be informed about its personal data protection policy and to understand how Users’ personal information is collected and managed while navigating the Website. For the processing purposes referred to in paragraph 3.2 of this policy, Enilive S.p.A. has entered into a co-controller agreement with Spazio S.r.l. (“Spazio”): therefore, for the processing purposes mentioned in paragraph 3.2, Enilive S.p.A. and Spazio act as co-controllers in accordance with Article 26 GDPR (together referred to as the “Co-Controllers”).

 

  1. Identity and contact details of the Controller
The Controller is Enilive S.p.A., with its registered office located at Viale Giorgio Ribotta, 51, 00144, Rome (RM), which can be contacted at the same address.

For the data processing activities carried out as co-controllers for the purposes specified in the subsequent paragraph 3.2, the Co-Controllers are Enilive S.p.A. (as previously identified) and Spazio S.r.l., with its registered office at Contrada Santa Liberata snc, 67031, Castel di Sangro (AQ), which can be contacted at the same address or via email at info@altstazionedelgusto.it

 

  1. Contact details of the Data Protection Officer

Enilive S.p.A. has appointed a Data Protection Officer, who can be contacted at the following email address dpo@eni.com.

 

  1. Purpose of processing and legal basis of processing

3.1         Purposes of processing related to statistical analysis activities and the improvement of services carried out by Enilive S.p.A. as an autonomous Controller.

User’s personal data will be processed for conducting aggregated analyses of the use of services, identifying user habits and preferences, improving the services provided, and meeting the specific needs of the User (the legal basis for this processing is the pursuit of the legitimate interests of the Controller or third parties, in accordance with Article 6, paragraph 1, letter f) GDPR).
Providing User’s personal data for the purposes described in this paragraph is optional: failure to provide such data will prevent the Company from performing the related personal data processing.

3.2.        Purpose of processing related to the collection of applications through the “Work with Us” section by Enilive S.p.A. and Spazio acting as Co-Controllers.

Should the User submit an application request for the management of an “ALT Stazione del Gusto” point of sale through the “Work with us” section, the Co-Controllers will process the User’s personal data to:
  1. Organise, manage, and carry out selection activities or other related activities (the legal basis for this processing is the execution of a contract to which the data subject is a party or the execution of pre-contractual measures taken at the request of the same, under Article 6, paragraph 1, letter b) GDPR, and Article 111-bis of Legislative Decree 196/2003);
  2. Fulfil obligations arising from legal provisions in civil and tax matters, community legislation, as well as rules, codes, or procedures approved by authorities and other competent institutions, and to respond to any requests from them (the legal basis for this processing is the necessity to comply with a legal obligation to which the Controller is subject, under Article 6, paragraph 1, letter c) GDPR).
  3. Ascertain, exercise, or defend a right in court of Enilive S.p.A., Spazio, or both Co-Controllers, as well as other companies within the control perimeter of Eni S.p.A. and/or the Niko Romito Group (of which Spazio is part) (the legal basis for this processing is the pursuit of the legitimate interest of Enilive S.p.A., Spazio, or third parties, under Article 6, paragraph 1, letter f) GDPR).

The provision of User’s personal data for the above purposes is necessary: failure to provide such data will make it impossible to deliver the specific services in question.

 

  1. Recipients of personal data
In order to achieve the purposes outlined in paragraph 3, Enilive S.p.A. and/or Spazio may, depending on the circumstances, share User’s personal data with third parties. Such recipients include, but are not limited to, entities within the following groups or categories:
  • Law enforcement, military, public authorities, and other government agencies, to fulfil legal obligations, regulations, or EU directives, and to accommodate any requests they might have;
  • Companies, entities, or associations, or entities that are controlling, controlled by, or under common control as defined by Article 2359 of the civil code, or those among them and companies under common control, as well as consortia, business networks, and temporary associations of businesses and their members, solely for communications necessary for administrative and/or accounting purposes;
  • IT service providers or other companies that have contractual agreements with Enilive S.p.A. and/or Spazio.
Only the personal data necessary for fulfilling the specific purposes they are intended for will be communicated to the aforementioned recipients.
The processing of User’s personal data will be strictly limited to authorised personnel who will receive specific instructions regarding the processing’s methods and purposes.
It is also important to note that User’s personal data will not be disclosed, except in the situations mentioned above and/or as required by law.

 

  1. Transfer of personal data outside the EU 

For certain purposes as described in paragraph 3, it may be necessary to transfer User’s personal data outside the European Economic Area (EEA). In such cases where User’s personal data are transferred internationally outside the EEA for the processing activities mentioned in paragraph 3.1 and, for processing activities referred to in paragraph 3.2, by the Co-Controllers, appropriate and necessary contractual measures will be adopted to ensure an adequate level of data protection as outlined in Chapter V of the GDPR. This includes, among other measures, the use of Standard Contractual Clauses and adherence to adequacy decisions made by the European Commission.

 

  1. Period of retention of personal data

The retention periods for personal data collected via cookies, web beacons, and similar technologies for the purposes outlined in paragraph 3.1 are detailed in the Cookie Policy.

Regarding the purposes mentioned in paragraph 3.2, item (i), data will be deleted after a maximum of two years from the date of application submission if there has been no contact (excluding automatic contacts) by either of the Co-Controllers. Conversely, if there has been contact, the data will be deleted after a maximum of five years from the end of the selection process.

 

  1. Rights of data subjects
Users, as data subjects, have several rights regarding their personal data. These include: (i) the right of access, specifically the right to obtain confirmation at any time about whether Enilive S.p.A. holds personal data concerning the User and, for purposes mentioned in paragraph 3.2 of this policy, by the Co-Controllers, along with clear and comprehensible access to such data, including information about its origin, processing logic and purpose, with a detailed indication of the processors and those in charge of processing, and third parties to whom the data may be communicated; (ii) the right to request updates or corrections to personal data (excluding evaluative data), deletion of unnecessary personal data or anonymization, as well as restriction of processing and complete deletion in case of unlawful processing; and (iii) where applicable, restriction of processing and data portability. Moreover, data subjects have the right to lodge a complaint with the Data Protection Authority if they believe their rights under applicable data protection laws have been infringed.
Users may exercise these rights by contacting Enilive S.p.A.’s Data Protection Officer (DPO) via email at dpo@eni.com.

Our social media

Policies

Privacy policy Cookie policy General conditions