Privacy policy form eventi (ENG)
Privacy policy As of Article 13, REG. EU No. 679/2016
OLT OFFSHORE LNG Toscana S.p.A., in its capacity as CONTROLLER of the personal data processing, in accordance with article 13 of Reg. 679/2016(EU) (hereinafter, “GDPR”), provides the following information on the processing of personal data that will be performed in relation to the organisation of events and participation in same.
Whereas
- Whereas Reg. (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and which repeals Directive 95/46/EC (hereinafter, “GDPR”) is in force.
- The CONTROLLER processes your personal data in compliance with the provisions of the GDPR, as well as the measures of the Italian supervisory authority (Italian Personal Data Protection Authority) and of the European Data Protection Board (EDPB).
- Pursuant to article 13 of the GDPR, the CONTROLLER must provide DATA SUBJECTS with a series of information.
- The CONTROLLER intends to fulfil this obligation by means of this document.
- For more information, visit the website of the Italian Personal Data Protection Authority at https://www.garanteprivacy.it, where the reference regulation can be consulted.
1. Identity, contact data of the controller
The Controller of the processing (hereinafter, “Controller”) is:
| NAME | OLT Offshore LNG Toscana S.p.A. |
| REGISTERED OFFICE | Via Passione, n.8 Milan (MI) 20122 |
| oltoffshore@legalmail.it | |
| OPERATING BASE | Palazzo Orlando – Via D’Alesio, n. 2, Livorno (LI) 57126 |
| TELEPHONE | + 39 0586 51941 |
| FAX | + 39 0586 210922 |
| PRIVACY E-MAIL | privacy@oltoffshore.it |
2. Purpose of the personal data processing and method of collection
2.1 Personal data are processed for the following purposes:
| Internal identifier | Description |
| Purpose A | Business management and functioning of the company (dealing with requests) |
| Purpose B | Performance of contractual obligations (adoption of pre-contractual measures to enable enrolment for events and to fulfil any related contractual and regulatory obligations) |
| Purpose D | Transmission of commercial communications (promotion and organisation of events) |
2.2 Within the context of the above-stated purposes, the Controller may process the personal data of participants also by means of audio or video recordings or through photographs taken at the events.
2.3 The personal data are collected also using remote methods (e.g. forms) used by the CONTROLLER for the organisation and promotion of events.
3. Legal basis for the processing
3.1 The legal basis for the processing of personal data is:
| PURPOSE | LEGAL BASIS | |||||
| CONSENT | CONTRACTUAL / PRE-CONTRACTUAL MEASURES | LEGAL OBLIGATION | PROTECTION OF THE VITAL INTERESTS OF THE DATA SUBJECT / OTHER INDIVIDUALS. | PERFORMANCE OF TASKS IN THE PUBLIC INTEREST OR IN THE EXERCISE OF OFFICIAL AUTHORITY | LEGITIMATE INTERESTS OF THE CONTROLLER OR THIRD PARTIES | |
| Business management and functioning of the company (dealing with requests) | X | |||||
| Performance of contractual obligations (adoption of pre-contractual measures to enable enrolment for events and to fulfil any related contractual and regulatory obligations) | X | |||||
| Transmission of commercial communications (promotion and organisation of events) | X | |||||
4. Nature of the provision of personal data and consequences of refusal
The nature and prerequisite for the provision of personal data is identified in relation to the purpose as indicated in the table below:
| PURPOSE | ASSUMPTION OF THE PROVISION | NATURE OF THE PROVISION | CONSEQUENCES OF NON-PROVISION | ||||
| LEGAL OBLIGATION | CONTRACTUAL OBLIGATION | NECESSARY REQUIREMENT FOR CONCLUSION OF CONTRACT | LEGITIMATE INTEREST | OBLIGATORY | OPTIONAL | ||
| Business management and functioning of the company (dealing with requests) | X | X | Impossibility to participate in events | ||||
| Performance of contractual obligations (adoption of pre-contractual measures to enable enrolment for events and to fulfil any related contractual and regulatory obligations) | X | X | Impossibility to participate in events | ||||
| Transmission of commercial communications (promotion and organisation of events) | X | X | Impossibility to receive information about events organised by the Controller | ||||
5. Nature of the data processed
5.1 The personal data processed will be of a generic nature.
5.2 Data belonging to special categories as of article 9 of the GDPR (e.g. food allergies, disabilities that require special measures to take part in the event, etc.) may be processed.
5.3 Data belonging to special categories as of article 10, paragraph 1 of the GDPR will not be processed.
6. Method, security measures and means of processing
6.1. The processing of personal data will be based on the principles indicated by the GDPR and the rights of the Data Subject.
6.2. The Controller has adopted appropriate security measures (technical and organisational) to guarantee and be able to demonstrate that the processing has been performed in compliance with the GDPR. The Controller will review and update these measures, whenever necessary.
6.3 The data may be processed using electronic and non-electronic means.
6.4 The personal data may also be collected through video recordings or photographs.
7. Scope of access to personal data by the Controller’s organisational structure
7.1. Processing will be performed inside the Controller’s organisational structure solely by expressly authorised subjects, within the limits and in the ways set forth in the relative authorisation documents.
8. Recipients
8.1 The personal data may be made available to subjects that do not belong to the Controller’s organisational structure.
8.2 In some cases, the recipients of the data will perform processing activities in the capacity as Processors, solely for the purposes of the contract as of article 28 of the GDPR, within the limits and in the ways indicated therein.
The updated list of the Processors is available for consultation at the Controller’s offices.
8.3 The personal data will not be disclosed to subjects other than those indicated in the List of Processors.
8.4 During the event, the CONTROLLER may make audio or video recordings and take photographs of participants at the event, also using subjects that do not belong to its organisation.
8.5 The personal data contained in these recordings may be projected during the event or be used and disseminated also using the CONTROLLER’S institutional tools (e.g. Website, Social Networks, etc.) and they may be made available to third parties (e.g. news outlets, the press) providing that this is consistent with its institutional activities and that they are used to promote the Controller’s activities or to provide information about the event held.
8.6 The personal data will not be transferred outside the European Union.
9. Storage period of the personal data / criteria used to determine such period
9.1 The data will be processed for the period of time strictly necessary for the organisation of the event.
9.2 The personal data may be stored for a period of 24 months after the event has taken place, without prejudice to the data subject’s right to exercise the rights as of point 10 and barring any specific consent given by the data subject to process the data for a further period of time and without prejudice to the Controller’s need to extend the period of storage for the judicial protection of the Controller until expiry of the stature of limitations for any appeal proceedings.. At the end of the above-stated storage periods, the personal data will be destroyed or rendered anonymous.
10. Rights of the data subject
10.1 Data subjects have the right, at any time, to obtain – where the assumptions exist:
a) confirmation as to whether or not personal data concerning him or her are being processed and, where that is the case, access to the personal data according to article 15 of the GDPR,
b) rectification of inaccurate personal data concerning him or her, including the right to have incomplete personal data completed, including by means of providing a supplementary statement as set forth in article 16 of the GDPR,
c) erasure of personal data concerning him or her, in accordance with article 17 of the GDPR,
d) restriction of processing, in accordance with article 18 of the GDPR,
e) portability of personal data, in accordance with article 20 of the GDPR,
f) object to the processing, in accordance with article 21 of the GDPR,
10.2 The right to withdraw consent at any time. Withdrawal of consent will not invalidate the legitimacy of processing already performed based on the consent provided or processed on other legal bases.
For efficient management of these rights, request must be made:
| BY E-MAIL | privacy@oltoffshore.it |
| BY FAX | + 39 0586 210922 |
| BY CERTIFIED E-MAIL | oltoffshore@legalmail.it |
| BY LAND MAIL | OLT Offshore LNG Toscana S.p.A. – Ufficio Privacy, Palazzo Orlando – Via D’Alesio, n. 2, Livorno (LI) 57126 |
Please indicate in the subject line: “Request pursuant to Reg. 679/2016(EU)” specifying which right you intend to exercise as specified above.
11. Right to lodge a complaint with the competent supervisory authority or before the competent courts
11.1 Every data subject shall have the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to him or her infringes the GDPR. Such supervisory authority may be that of the Member State of his or her habitual residence or the place of the alleged infringement.
| Supervisory authority | |
| Address | Piazza Venezia, n. 11 00187 Rome |
| Telephone | + 39 06 696771 |
| FAX | + 39 06 69677.3785 |
| General e-mail | garante@gpdp.it |
| Certified e-mail | protocollo@pec.gpdp.it |
| Website | https://www.garanteprivacy.it |
11.2 The data subject shall have the right to an effective judicial remedy where he or she considers that his or her rights under the GDPR have been infringed as a result of the processing of his or her personal data. Proceedings against the Controller or a Processor shall be brought before the courts of the Member State where the Controller or Processor has an establishment. Alternatively, such proceedings may be brought before the courts of the Member State where the Data Subject has his or her habitual residence.
This document, published at
is the specific Privacy Policy for contacts of this website and can be subject to revision.
The previous versions are kept at the CONTROLLER’s registered office.
Version published on 19/08/2020
Date of last update 19/08/2020
