Privacy Policy


Welcome to the website of OLT OFFSHORE LNG TOSCANA S.P.A. (hereinafter the “CONTROLLER”), whose Home Page can be reached at:

hereinafter, “WEBSITE”.

This page contains all the information about the processing by the CONTROLLER of the personal data of users that visit the website.

The information below refers solely to the website of OLT OFFSHORE LNG TOSCANA S.P.A. and not to any other websites reached by the user through links.


For better understanding, some definitions are given below; reference should be made to applicable regulations for terms not expressly defined herein:

  • ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person [art. 4, paragraph 1, no. 1) GDPR];
  • “special categories of personal data”, personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation [art. 9, paragraph 1 GDPR];
  • “personal data relating to criminal convictions and offences”, personal data relating to criminal convictions and offences or related security measures [art. 10, paragraph 1 GDPR];
  • ‘processing’, any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction [art. 4, paragraph 1, no. 2 GDPR];
  • “controller”, the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by EU or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law [art. 4, paragraph 1, no. 7 GDPR];
  • “processor”, a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller [art. 4, paragraph 1, no. 8 GDPR].


Data regarding identified or identifiable natural persons may be processed as a consequence of visiting this website

The “controller” of the data processing is

TAXPAYER’S CODE / VAT Reg. No. 07197231009
REGISTERED OFFICE Via Passione, n. 8 , Milano (MI) 20122

Represented by the pro-tempore legal representative


The list of Processors is available for consultation at the Controller’s offices.


Processing related to the web services of this website is performed at the Controller’s registered office and is managed by personnel tasked with the processing.

When necessary for the maintenance of the technological part of the site and the activities linked to the hosting / housing service, processing may be performed at the Controller’s registered office or at the registered offices or the WEB FARM of the Processor/Processors identified above.


Navigation data

During their normal functioning, the IT systems and software procedures used for the functioning of this website acquire some personal data whose transmission is implicit in the use of the Internet communication protocols.

This information is not collected for the purpose of association with identified data subjects but, by its intrinsic nature it could, due to processing and associations with data held by third parties, enable identification of users.

This category of data includes IP data or the domain names of computers used by visitors to the site, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to make the request on the server, the size of the reply file, the numerical code indicating the status of the request (successful, error, etc.) and other parameters of the user’s operating system and IT environment.

These data are used solely to gather anonymous statistical information about the use of the site and control its correct functioning and are deleted immediately after being processed. The data could be used to ascertain responsibility in the event of hypothetical cyber attacks on the site: barring this case, data about web contacts are currently stored for no more than seven days.

Data provided voluntarily by the user

The optional, explicit and voluntary transmission of e-mails to the addresses indicated on this site leads to the subsequent acquisition of the sender’s e-mail address, necessary to answer requests, as well as other personal data included in the e-mail. Transmission of the message implies consent to the processing of the data contained in the e-mail. Such consent is obligatory and necessary to allow the Controller to provide the information requested. Processing will be performed for the time necessary to provide the information requested. Should the user not intend to give his/her consent then he/she should not send the e-mail.

A specific privacy policy will be provided on the pages of the website where special processing is performed.


Reference should be made to the Website’s Cookie Policy.

Social Networks

The Website provides access to the Social Network profiles used by the Controller. This may lead to interaction with the data subject, for example, in the case of use of messaging or file sharing tools or blogs, when activated or made accessible. Moreover, these may lead to access to the data subject’s data also by identified third parties (the owners of the Social Network platform) or to unidentifiable subjects. In the first case, the identified third parties will perform the processing that is functional and necessary to make the service available, in the capacity as autonomous Controllers. It is noted that the terms and conditions adopted respectively by these controllers may be applied and that they may identify the settings adopted by users regarding the processing of personal data. Interaction with Social Networks may lead to the communication or disclosure of personal data.


The personal data are processed to allow the user to navigate the site.


For navigation data, the legal basis of the processing performed is the contract.

Data provided voluntarily by the user (e.g. by filling in a form) are processed in virtue of the legal basis coherent with the processing, in accordance with the content of the related privacy policy.


Besides the information given above about the navigation data, users are free to provide the personal data indicated in the forms and in any case indicated on the contacts page.

Non-provision of these data will make it impossible for the information requested to be obtained.


Personal data are processed using automated means for the time strictly necessary to achieve the purposes for which they were collected.

Specific security measures are observed to prevent the loss of data, their illegitimate or improper use and unauthorised access.


Data subjects have the right, at any time, to obtain – where the assumptions exist:

a) confirmation as to whether or not personal data concerning him or her are being processed and, where that is the case, access to the personal data according to article 15 of the GDPR,

b) rectification of inaccurate personal data concerning him or her, including the right to have incomplete personal data completed, including by means of providing a supplementary statement as set forth in article 16 of the GDPR,

c) erasure of personal data concerning him or her, in accordance with article 17 of the GDPR,

d) restriction of processing, in accordance with article 18 of the GDPR,

e) portability of the data, in accordance with article 20 of the GDPR,

f) object to the processing, in accordance with article 21 of the GDPR,

For efficient management of these rights, request must be made:

by e-mail, to the address
by fax + 39 0586 210922
by certified e-mail
by land mail OLT Offshore LNG Toscana S.p.A. – Ufficio del Responsabile Privacy , Via Passione, n. 8 , Milano (MI) 20122

Please indicate in the subject line: “Request pursuant to Reg. 679/2016(EU)” specifying which right you intend to exercise as specified above.


Every data subject shall have the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to him or her infringes the GDPR. Such supervisory authority may be that of the Member State of his or her habitual residence or the place of the alleged infringement.

Italian supervisory authority Garante per la protezione dei dati personali
Registered office: Piazza di Monte Citorio n. 121 00186 ROME

The data subject shall have the right to an effective judicial remedy where he or she considers that his or her rights under the GDPR have been infringed as a result of the processing of his or her personal data. Proceedings against the Controller or a Processor shall be brought before the courts of the Member State where the Controller or Processor has an establishment. Alternatively, such proceedings may be brought before the courts of the Member State where the Data Subject has his or her habitual residence.

It is noted that this document, published at is the “Privacy Policy” of this website and can be subject to new versions.

The previous versions are kept at the Controller’s registered office.

Version published on 15/06/2020

Date of last update 15/06/2020