OLT OFFSHORE LNG Toscana S.p.a. in its capacity as CONTROLLER of the personal data processing, in accordance with article 13 of Reg. EU no. 679/2016 (hereinafter “GDPR”), provides you with the following information about how personal data obtained when you send an email to the address email@example.com, are processed.
- Reg. (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and which repeals Directive 95/46/EC (hereinafter, “GDPR”) is in force.
- The CONTROLLER processes your personal data in compliance with the provisions of the GDPR, as well as the measures of the Italian supervisory authority (Italian Personal Data Protection Authority) and of the European Data Protection Board (EDPB).
- Pursuant to article 13 of the GDPR, the CONTROLLER must provide DATA SUBJECTS with a series of information.
- The CONTROLLER intends to fulfil this obligation by means of this document.
- For more information, visit the website of the Italian Personal Data Protection Authority: https://www.garanteprivacy.it, where the reference regulation can be consulted.
1. Identity, contact data of the CONTROLLER
The Controller of the processing (hereinafter, “Controller”) is:
|NAME||OLT Offshore LNG Toscana S.p.A.|
|REGISTERED OFFICE||Via Passione, n. 8 , Milano (MI) 20122|
|OPERATIVE OFFICE||Palazzo Orlando – Via D’Alesio, n. 2 (ex Piazza Mazzini, 92), Livorno (LI) 57126|
|TELEPHONE||+ 39 0586 51941|
|FAX||+ 39 0586 210922|
2. Purpose of the personal data processing and method of collection
2.1 Personal data are processed for the following purposes:
|Purpose H||Fulfilling the specific requests of the data subject (sent to the email address firstname.lastname@example.org for more information about the Sustainability adopted by the CONTROLLER)|
|Purpose G||Exercise (also in a preventive way) of the right to file or challenge legal actions (including alternative ways of settling disputes) to enforce or defend a right of the CONTROLLER.|
2.2 The personal data are collected at the time of transmission of the email and, subsequently, for any supplementary requests.
3. Legal basis for the processing
3.1 The legal basis for the processing of personal data is:
|CONSENT||CONTRACTUAL / PRE-CONTRACTUAL MEASURES||LEGAL OBLIGATION||PROTECTION OF THE VITAL INTERESTS OF THE DATA SUBJECT / OTHER INDIVIDUALS .||PERFORMANCE OF TASKS IN THE PUBLIC INTEREST OR IN THE EXERCISE OF OFFICIAL AUTHORITY||LEGITIMATE INTERESTS OF THE CONTROLLER OR THIRD PARTIES|
|Response to specific requests made by the data subject||X||X|
|Exercise (also in a preventive way) of the right to file or challenge legal actions (including alternative ways of settling disputes) to enforce or defend a right of the CONTROLLER.||X|
4. Nature of the provision of personal data and consequences of refusal
4.1 The nature and prerequisite for the provision of personal data is identified in relation to the purpose indicated in the table below:
|PURPOSE||ASSUMPTION OF THE PROVISION||NATURE OF THE PROVISION||CONSEQUENCES OF NON-PROVISION|
|LEGAL OBLIGATION||CONTRACTUAL OBLIGATION||NECESSARY REQUIREMENT FOR CONCLUSION OF CONTRACT||LEGITIMATE INTEREST||OBLIGATORY||OPTIONAL|
|Response to specific requests made by the data subject||X||X||Impossibility of fulfilling the request|
|Exercise (also in a preventive way) of the right to file or challenge legal actions (including alternative ways of settling disputes) to enforce or defend a right of the CONTROLLER.||X||X||Impossibility of fulfilling the request|
5. Nature of the data processed
5.1 The personal data processed will be of a generic nature and do not belong to special categories as of article 9, paragraph 1 GDPR or 10, paragraph 1 GDPR.
6. Method, security measures and means of processing
6.1 The processing of personal data will be based on the principles indicated by the GDPR and rights of the Data Subject.
6.2 The CONTROLLER has adopted appropriate security measures (technical and organisational) to guarantee and be able to demonstrate that the processing has been performed in compliance with the GDPR. The CONTROLLER will review and update these measures, whenever necessary.
6.3 The data may be processed using electronic and non-electronic means.
7. Scope of access to personal data by the CONTROLLER’s organisational structure
7.1 Processing will be performed inside the CONTROLLER’s organisational structure solely by expressly authorised subjects, within the limits and in the ways set forth in the relative authorisation documents.
8. Scope of circulation of the data: disclosure and communication
8.1 The personal data may be made available to subjects that do not belong to the CONTROLLER’s organisational structure.
8.2 In some cases, the recipients of the data will perform processing activities in the capacity as Processors, solely for the purposes of the contract as of article 28 of the GDPR, within the limits and in the ways indicated therein.
The updated list of the Processors is available for consultation at the CONTROLLER’s offices.
8.3 Personal data will not be made available to subjects other than those indicated in the List of Processors
8.4 Recipients not included in the List of Processors will process details as autonomous Controllers or Co-controllers and will be subject to the related obligations.
8.5 Personal data will not be disclosed.
8.6 The personal data will not be transferred outside the European Union.
9. Storage period of the personal data / criteria used to determine such period
9.1 The data will be processed for the period of time strictly necessary to respond to the data subject’s request.
9.2 In any case, once the request has been fulfilled, the data will be stored for a further period of 6 (six) months for the purpose of managing any further related requests.
9.3 In any case, when the purpose has been achieved, the data can continue to be processed for the period of time established by regulatory provisions; that is, until the prescription period to assert a right linked to same expires.
Specifically, the data will be stored for 10 years:
– based on law provisions, for the purpose of fulfilling the obligations of storage of a civil, accounting and tax nature,
– based on the legitimate interests of the CONTROLLER: to assert or defend its rights in legal proceedings.
10. Rights of the data subject
10.1 Data subjects have the right, at any time, to obtain – where the assumptions exist:
a) confirmation as to whether or not personal data concerning him or her are being processed and, where that is the case, access to the personal data according to article 15 of the GDPR,
b) rectification of inaccurate personal data concerning him or her, including the right to have incomplete personal data completed, including by means of providing a supplementary statement as set forth in article 16 of the GDPR,
c) erasure of personal data concerning him or her, in accordance with article 17 of the GDPR,
d) restriction of processing, in accordance with article 18 of the GDPR,
e) portability of personal data, in accordance with article 20 of the GDPR,
f) object to the processing, in accordance with article 21 of the GDPR,
10.2 The right to withdraw consent at any time. Withdrawal of consent will not invalidate the legitimacy of processing already performed based on the consent provided or processed on other legal bases.
For efficient management of these rights, request must be made:
|BY FAX||+ 39 0586 210922|
|BY CERTIFIED MAILemail@example.com|
|BY LAND MAIL||OLT Offshore LNG Toscana S.p.A. – Ufficio del Responsabile Privacy interno, Palazzo Orlando – Via D’Alesio, n. 2 (ex Piazza Mazzini, 92), Livorno (LI) 57126|
Please indicate in the subject line: “Request pursuant to Reg. 679/2016(EU)” specifying which right you intend to exercise as specified above.
11. Right to lodge a complaint with the competent supervisory authority or before the competent courts
11.1 Every data subject shall have the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to him or her infringes the GDPR. Such supervisory authority may be that of the Member State of his or her habitual residence or the place of the alleged infringement.
11.2 As regards Italy, the supervisory authority for the purposes of the current regulation is:
|NAME||Garante per la protezione dei dati personali|
|Address||Piazza Venezia, n. 11 00187 ROME|
|Telephone||+ 39 06 696771|
|FAX||+ 39 06 69677.3785|
11.3 The data subject shall have the right to an effective judicial remedy where he or she considers that his or her rights under the GDPR have been infringed as a result of the processing of his or her personal data. Proceedings against the CONTROLLER or a Processor shall be brought before the courts of the Member State where the CONTROLLER or Processor has an establishment. Alternatively, such proceedings may be brought before the courts of the Member State where the Data Subject has his or her habitual residence.
This document, published at
The previous versions are kept at the CONTROLLER’s registered office.
Version published on 15/06/2020
Date of last update 15/06/2020