Privacy notice on the processing of personal data pursuant to Article 13 of Regulation (EU) 2016/679 ("GDPR").
This privacy notice describes the types, methods and purposes of processing personal data acquired through the website www.saipem.com, with reference to those who consult it and use its services.
This notice does not apply to other websites consulted through links on www.saipem.com.
1. Data Controller and Data Protection Officer (DPO)
Data controller is Saipem S.p.A., Via Martiri di Cefalonia, 67 20097 San Donato Milanese (MI) Italy, Register of Companies of Milan, Tax Code and VAT number 00825790157, Tel. +39.02.44231, Fax +39.02.442 44415. The Data Protection Officer (DPO) can be reached at the following e-mail firstname.lastname@example.org
2. General principles
The processing of personal data is based on the principles of fairness, lawfulness and transparency, relevance, completeness and non-excessiveness.
The data is collected for the purposes illustrated below and subsequently processed by automated filing in the computer system of Saipem SpA. And, in any case, in ways compatible with these purposes, respecting the privacy and rights of the data subjects.
3. Types of data processed, purpose of processing, legal basis and terms of conservation. 3.1 Navigation data
The computer systems and software procedures used to operate this site during their normal operation acquire some personal data whose transmission is implicit in the use of Internet communication protocols.
This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or domain names of the computers used by users connecting to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user's computer environment.
3.2 Data provided voluntarily by the interested parties
Personal data voluntarily provided by the interested parties and collected by Saipem S.p.A. is processed for purposes related to the activities of the www.saipem.com website and the Services offered. Where within the site the user is asked to provide personal data, the notice ex Art. 13 GDPR on the processing of data in relation to the purposes pursued as they occur, shall be simultaneously given. Furthermore the data will be collected and processed:
a. to provide assistance with the use of the Services and, in general, for the management of the Services of the www.saipem.com website;
b. to send communications relating to the use of the Services to which you are registered;
c. to process studies and statistical and market research only after data analysis on an aggregate and never individual basis;
d. for Whistleblowing purposes and management of reports of malfunctions related to internal control system issues, corporate information, company administrative responsibility, fraud or other matters (violations of the Code of conduct, bullying practices, thefts, security, etc.);
The legal basis for the purposes of points a. and b. is the contract and the data will be kept for the time necessary to process requests for assistance as well as for the entire duration of the contract.
The legal basis for the purpose referred to in point c. is the legitimate interest of the Data Controller. The data will be kept for the period of time strictly necessary for the preparation of such studies and analyses. The legal basis for the purpose referred to in point d. is the necessity to fulfil the legal obligations and the data will be kept for the period of time foreseen by the law as well as for the ordinary prescription period foreseen by the law.
4. Data disclosure
Apart from that specified for navigation data, the disclosure of personal data for the additional purposes mentioned above is optional, but necessary to be able to take advantage of the various services provided by the site www.saipem.com.
5. Recipients of personal data
For the pursuit of the aforementioned purposes, the personal data provided by the interested party may be communicated exclusively to the associated companies or subsidiaries belonging to our group.
Pursuant to Art. 28 of the GDPR, the Data Controller appoints the third party companies that process the Personal Data on their behalf as External Data Processors (hereinafter also only "Managers"), who are given appropriate operating instructions. These subjects are essentially included in the following categories:
- companies that perform market analysis and research;
- companies that perform IT system maintenance services;
- companies that offer webcast services;
- companies that offer sourcing and recruiting services;
Your data may also be processed by third parties, independent data controllers, namely:
- people, companies, associations or professional firms that provide assistance and consulting (lawyers, accountants, auditors, etc.);
- public or private bodies, supervisory and control authorities and bodies and in general subjects, public or private, entitled to request data.
Your personal data will in no case be disseminated.
6. Subjects authorised to process data
Your personal data will be processed by employees and/or collaborators of the Data Controllers upon receipt of appropriate operating instructions and express authorisation to process it by the Owners/Managers.
7. Data transfer outside the European Union
Your data will not be transferred abroad to non-European countries.
8. Your rights
In relation to the processing of personal data made by the Data Controller, you can ask the Data Controller to access the data that concerns you, delete it, correct inaccurate information, complete any incomplete information, limit processing, in the cases established by Art. 18 GDPR, as well as oppose it being processed in the hypothesis of legitimate interest of the Owner. In the event that the processing is based on consent or contract and is performed with automated tools, you have the right to receive your data in a structured format, commonly used and readable by automatic devices, as well as, if technically feasible, to transmit it to another holder without any impediments. Without prejudice to any other administrative or judicial appeal, you have the right to lodge a complaint with the competent Supervisory Authority in the Member State in which you reside or of the State in which the alleged violation has occurred. To exercise your rights, you can contact the Data Controller by writing to the address above or an e-mail to email@example.com