Privacy policy form SA8000 (ENG)

Privacy policy As of Article 13, reg. 679/2016(EU)

OLT OFFSHORE LNG Toscana S.p.a. in its capacity as CONTROLLER of the personal data processing, in accordance with article 13 of Reg. EU no. 679/2016 (hereinafter “GDPR”), provides you with the following information about how personal data obtained when you send an email to the  address SA8000@oltoffshore.it, are processed.


Whereas

  • Reg. (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and which repeals Directive 95/46/EC (hereinafter, “GDPR”) is in force.
  • The CONTROLLER processes your personal data in compliance with the provisions of the GDPR, as well as the measures of the Italian supervisory authority (Italian Personal Data Protection Authority) and of the European Data Protection Board (EDPB).
  • Pursuant to article 13 of the GDPR, the CONTROLLER must provide DATA SUBJECTS with a series of information.
  • The CONTROLLER intends to fulfil this obligation by means of this document.
  • For more information, visit the website of the Italian Personal Data Protection Authority: https://www.garanteprivacy.it, where the reference regulation can be consulted.

1. Identity, contact data of the CONTROLLER

The Controller of the processing (hereinafter, “Controller”) is:

NAME OLT Offshore LNG Toscana S.p.A.
REGISTERED OFFICE Via Passione, n. 8 , Milano (MI) 20122
EMAIL: oltoffshore@legalmail.it
OPERATIVE OFFICE Palazzo Orlando – Via D’Alesio, n. 2 (ex Piazza Mazzini, 92), Livorno (LI) 57126
TELEPHONE + 39 0586 51941
FAX + 39 0586 210922
PRIVACY EMAIL privacy@oltoffshore.it

2. Purpose of the personal data processing and method of collection

2.1 Personal data are processed for the following purposes:

Internal identifier Description
Purpose H Fulfilment of specific requests made by the data subject (sent to the email address SA8000@oltoffshore.it)
Purpose G Exercise (also in a preventive way) of the right to file or challenge legal actions (including alternative ways of settling disputes) to enforce or defend a right of the Controller.

2.2 The personal data are collected at the time of transmission of the email and, subsequently, for any supplementary requests.

3. Legal basis for the processing

3.1 The legal basis for the processing of personal data is:

PURPOSE LEGAL BASIS
CONSENT CONTRACTUAL / PRE-CONTRACTUAL MEASURES LEGAL OBLIGATION PROTECTION OF THE VITAL INTERESTS OF THE DATA SUBJECT / OTHER INDIVIDUALS . PERFORMANCE OF TASKS IN THE PUBLIC INTEREST OR IN THE EXERCISE OF OFFICIAL AUTHORITY LEGITIMATE INTERESTS OF THE CONTROLLER OR THIRD PARTIES
Fulfilment of specific requests made by the data subject X X
Exercise (also in a preventive way) of the right to file or challenge legal actions (including alternative ways of settling disputes) to enforce or defend a right of the Controller. X

3.2 The legal basis of the processing of data belonging to special categories of data is:

PURPOSE LEGAL BASIS
CONSENT OBLIGATION – RIGHT OF CONTROLLER / DATA SUBJECT CONCERNING EMPLOYMENT, AND SOCIAL SECURITY AND SOCIAL PROTECTION PROTECTION OF THE VITAL INTERESTS OF THE DATA SUBJECT OR OF ANOTHER NATURAL PERSON WHERE THE DATA SUBJECT IS PHYSICALLY OR LEGALLY INCAPABLE OF GIVING CONSENT FOUNDATION, ASSOCIATION OR ANY OTHER NOT-FOR-PROFIT BODY PERSONAL DATA WHICH ARE MANIFESTLY MADE PUBLIC BY THE DATA SUBJECT NEED TO ESTABLISH, EXERCISE OR DEFEND LEGAL CLAIMS REASONS OF SUBSTANTIAL PUBLIC INTEREST PURPOSES OF PREVENTIVE OR OCCUPATIONAL MEDICINE / ASSESSMENT OF THE WORKING CAPACITY OF THE EMPLOYEE, MEDICAL DIAGNOSIS, THE PROVISION OF HEALTH OR SOCIAL CARE OR TREATMENT OR THE MANAGEMENT OF HEALTH OR SOCIAL CARE SYSTEMS AND SERVICES REASONS OF PUBLIC INTEREST IN THE AREA OF PUBLIC HEALTH FILING IN THE PUBLIC INTEREST, SCIENTIFIC OR HISTORICAL RESEARCH PURPOSES OR STATISTICAL PURPOSES
Response to specific requests made by the data subject X

4. Nature of the provision of personal data and consequences of refusal

The nature and prerequisite for the provision of personal data is identified in relation to the purpose as indicated in the table below:

PURPOSE ASSUMPTION OF THE PROVISION NATURE OF THE PROVISION CONSEQUENCES OF NON-PROVISION
LEGAL OBLIGATION CONTRACTUAL OBLIGATION NECESSARY REQUIREMENT FOR CONCLUSION OF CONTRACT LEGITIMATE INTEREST OBLIGATORY OPTIONAL
Response to specific requests made by the data subject X X Impossibility of fulfilling the request
Exercise (also in a preventive way) of the right to file or challenge legal actions (including alternative ways of settling disputes) to enforce or defend a right of the Controller. X X Impossibility of fulfilling the request

5. Nature of the data processed

5.1 The personal data processed will be of a generic nature.

5.2 Data belonging to special categories as of article 9 paragraph 1 GDPR.

5.3 Data belonging to special categories as of article 10, paragraph 1 GDPR will not be processed.

6. Method, security measures and means of processing

6.1. The processing of personal data will be based on the principles indicated by the GDPR and the rights of the Data Subject.

6.2. The Controller has adopted appropriate security measures (technical and organisational) to guarantee and be able to demonstrate that the processing has been performed in compliance with the GDPR. The Controller will review and update these measures, whenever necessary.

6.3 The data may be processed using electronic and non-electronic means.

7. Scope of access to personal data by the Controller’s organisational structure

7.1 Processing will be performed inside the Controller’s organisational structure solely by expressly authorised subjects, within the limits and in the ways set forth in the relative authorisation documents.

8. Scope of circulation of the data: disclosure and communication

8.1 The personal data may be made available to subjects that do not belong to the Controller’s organisational structure.

8.2 In some cases, the recipients of the data will perform processing activities in the capacity as Processors, solely for the purposes of the contract as of article 28 of the GDPR, within the limits and in the ways indicated therein.
The updated list of the Processors is available for consultation at the Controller’s offices.

8.3 The personal data will not be provided to subjects other than those indicated in the List of Processors

8.4 The personal data will not be transferred outside the European Union.

9. Storage period of the personal data / criteria used to determine such period

9.1 The data will be processed for the period of time strictly necessary to respond to the data subject’s request.

9.2 In any case, once the request has been fulfilled, the data will be stored for a further period of 6 (six) months for the purpose of managing any further related requests.

9.3 In any case, when the purpose has been achieved, the data can continue to be processed for the period of time established by regulatory provisions; that is, until the prescription period to assert a right linked to same expires.
Specifically, the data will be stored for 10 years:
– based on law provisions, for the purpose of fulfilling the obligations of storage of a civil, accounting and tax nature,
– based on the legitimate interests of the Controller: to assert or defend its rights in legal proceedings.

10. Rights of the data subject

10.1 Data subjects have the right, at any time, to obtain – where the assumptions exist:

a) confirmation as to whether or not personal data concerning him or her are being processed and, where that is the case, access to the personal data according to article 15 of the GDPR,

b) rectification of inaccurate personal data concerning him or her, including the right to have incomplete personal data completed, including by means of providing a supplementary statement as set forth in article 16 of the GDPR,

c) erasure of personal data concerning him or her, in accordance with article 17 of the GDPR,

d) restriction of processing, in accordance with article 18 of the GDPR,

e) portability of personal data, in accordance with article 20 of the GDPR,

f) object to the processing, in accordance with article 21 of the GDPR,

10.2 The right to withdraw consent at any time. Withdrawal of consent will not invalidate the legitimacy of processing already performed based on the consent provided or processed on other legal bases.

For efficient management of these rights, request must be made:

BY E-MAIL privacy@oltoffshore.it
BY FAX + 39 0586 210922
BY CERTIFIED E-MAIL oltoffshore@legalmail.it
BY LAND MAIL OLT Offshore LNG Toscana S.p.A. – Ufficio del Responsabile Privacy interno, Palazzo Orlando – Via D’Alesio, n. 2 (ex Piazza Mazzini, 92), Livorno (LI) 57126

Please indicate in the subject line: “Request pursuant to Reg. 679/2016(EU)” specifying which right you intend to exercise as specified above.

11. Right to lodge a complaint with the competent supervisory authority or before the competent courts

11.1 Every data subject shall have the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to him or her infringes the GDPR. Such supervisory authority may be that of the Member State of his or her habitual residence or the place of the alleged infringement.

11.2 As regards Italy, the supervisory authority for the purposes of the current regulation is:

Garante per la protezione dei dati personali
Address Piazza Venezia, n. 11 00187 ROME
Telephone + 39 06 696771
FAX + 39 06 69677.3785
General email garante@gpdp.it
Certified email protocollo@pec.gpdp.it
Website https://www.garanteprivacy.it

11.3 The data subject shall have the right to an effective judicial remedy where he or she considers that his or her rights under the GDPR have been infringed as a result of the processing of his or her personal data. Proceedings against the Controller or a Processor shall be brought before the courts of the Member State where the Controller or Processor has an establishment. Alternatively, such proceedings may be brought before the courts of the Member State where the Data Subject has his or her habitual residence.


This document, published at

https://www.oltoffshore.it/

is the specific privacy policy for the email address SA8000@oltoffshore.it of this website that can be subject to revision.

The previous versions are kept at the Controller’s registered office.

Version published on 15/06/2020

Date of last update 15/06/2020

Media

OLT Offshore current activities

Commercial News Article preview