Contact us

CANDIDATES’ PRIVACY NOTICE

pursuant to Articles 13 and 14 of UK General Data Protection Regulation

As required by Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”), the UK General Data Protection Regulation (“UK GDPR”) and the UK Data Protection Act 2018, Eni International Resources Limited (“EIRL”, “Company” or the “Data Controller”) provides you the following information regarding the processing of your personal data (“Personal Data” or “Data”) in the context of the recruitment activities carried out by EIRL through Wayfor recruitment services (“Wayfor”).

  1. Data Controller

The Data Controller is Eni International Resources Ltd, with registered office at 10 Ebury Bridge Road, London, SW1W 8PZ.

  1. Data Protection Officer

The Company has appointed a Data Protection Officer, who can be contacted at the following e-mail address: dpo@eni.com.

  1. Personal Data Processed and Source

The Company may process Data provided directly by you, contained in your CV and other relevant documents uploaded by you within Wayfor (such as but not limited to, academic qualifications, certificates, resumes, participation attestations etc.) and/or collected from job-related social profiles referred to you (e.g. LinkedIn). In particular, the following Personal Data may be processed:

  • personal, professional and contact details, such as information on your educational background, professional experience, qualifications, certifications, professional licenses, expected remuneration etc.;
  • data necessary for your registration on Wayfor and the creation of your candidate profile (“Candidate Profile”), including name, surname, contact detail and password.

In any case, we invite you not to include in your CV and/or transmit to the Company any special categories of Personal Data or information from which such Data may be inferred (e.g., data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health data, or data concerning sex life or sexual orientation).

  1. Purposes of the Processing and Legal Basis

a. Necessity for the performance of Wayfor recruitment activities according to your request to access Wayfor services (art. 6(1)(b) UK GDPR)

The Data Controller may process your Personal Data to manage the recruitment process, both when you apply for specific positions on Wayfor and when you submit a spontaneous application. In the latter case, the Company may also share your Personal Data with potential employers who may be interested in assessing your professional profile.

Furthermore, the Data Controller may contact you through different communication channels (e.g., email, telephone, text messages, etc.) to request clarification regarding the information included in your Candidate Profile, as well as to provide updates on the status of your applications.

 b. Consent of the data subject (art. 6(1)(a) UK GDPR)

Where you have applied for a specific vacancy with Wayfor and, subject to your consent, if you are unsuccessful or withdraw from the recruitment process, Wayfor may retain your Personal Data to contact you about other job opportunities that may be suitable for your profile (for example, by email, text message, or telephone).

c. Legitimate interest of the Data Controller (art. 6(1)(f) UK GDPR)

The Data Controller may process your Personal Data

  • for recruitment purposes, by collecting those available on job search platforms, such as LinkedIn, and contacting you on the same platforms, to propose vacancies managed by the Company that may be of potential interest to you, on the basis of the Data Controller and prospective employer’s legitimate interest in the recruitment activities;
  • to ascertain, exercise or defend a right of the Data Controller or of a third party before the courts or out of the courts, on the basis of the legitimate interest of the Data Controller or a third party in protecting its rights.

d. Compliance with legal obligations (art. 6(1)(c) UK GDPR)

Your Personal Data may be processed by the Data Controller in order to ensure compliance with legal obligations to which EIRL is subject to and to respond to eventual requests coming from public authorities.

  1. Means of the Processing

Personal Data may be processed with the aid of electronic or automated systems, managed through tools that ensure security and confidentiality, and will include every operation or set of operations necessary for the processing.

  1. Persons Authorised to Process and Recipients of Personal Data

Personal Data are processed by personnel appointed by the Data Controller to pursue the purposes described in paragraph 4, as persons authorised to process. For such purposes, the Data Controller may transmit your Personal Data to third parties, such as, for example, those belonging to the following subjects or categories of subjects:

  • police forces, armed forces and other public administrations, for the fulfillment of obligations established by law and other regulations or where requested by them;
  • Eni S.p.A. and other companies controlled by Eni S.p.A.;
  • to prospective employers that offer positions you may be interested in or that are interested in your profile;
  • other companies contractually linked to the Data Controller who may carry out provision of IT services, consultancy activities, support for the provision of services etc.

We remind you that your Personal Data will not be disseminated, unless required by law.

With respect to the Personal Data disclosed to them, recipients in the above categories may operate, as the case may be, as data processors (in which case they will receive appropriate instructions from the Data Controller) or as independent data controllers. The Data Controller guarantees the utmost care so that the communication of your Personal Data to the aforementioned recipients only concerns the Data necessary to achieve the specific purposes for which they are intended.

  1. Transfer of Personal Data

Where this serves the purposes described in paragraph 4, Personal Data might also be transferred abroad to companies based outside the UK. Some of the jurisdictions outside the UK might not guarantee the same level of Personal Data protection guaranteed within the UK. In this case, the Data Controller undertakes to regulate the transfer and subsequent processing of Personal Data adopting every safeguard required by Article 46 UK GDPR, if it is not possible to use one of the derogations listed in Article 49 UK GDPR.

  1. Storage of Personal Data

The Personal Data will be stored in the Data Controller’s filing systems, including automated ones, and protected by appropriate security measures, until the purposes described in section 4 above have been achieved, after which they will be erased. Specifically, Data will be retained

  • for two years from:

    • the date of submitting the application or from the last update made on Candidate Profile;
    • when the candidate has been involved in any recruitment process;
    • the collection of data subject’s consent to retain their Data to receive updates regarding other job opportunities that may be suitable with their candidate profile;
  • for 60 days from the date of the data subject’s last interaction following contact by the Company or from the date of the Company’s first contact, if no further interaction from the data subject takes place.

In any case, Personal Data might be retained for longer in the event of litigation or requests from competent authorities or where required by applicable law.

  1. Rights of Data Subjects

Where applicable, and within the limits set by the UK GDPR, you are entitled to:

  • obtain confirmation from the Data Controller as to whether or not your Personal Data are being processed, and, where that is the case, access to the information listed in article 15 UK GDPR;
  • obtain from the Data Controller the rectification of inaccurate Personal Data, or, taking into account the purposes of the processing, have incomplete Personal Data completed in accordance with article 16 UK GDPR;
  • obtain from the Data Controller the erasure of Personal Data, where one of the grounds listed in article 17 UK GDPR applies;
  • obtain from the Data Controller the restriction of processing of Personal Data in the cases listed in article 18 UK GDPR;
  • receive – in a structured, commonly used and machine-readable format – the Personal Data provided to the Data Controller, so that you may transmit those data to another data controller without hindrance, in accordance with article 20 UK GDPR;
  • object to the processing of your Personal Data on the basis of your particular situation, unless there are compelling legitimate grounds for the processing that override your interests, rights and freedoms or compelling legitimate grounds for the establishment, exercise or defence of legal claims, in accordance with article 21 UK GDPR;
  • withdraw your consent at any time. Processing of Personal Data carried out by the Data Controller before the withdrawal of consent, however, remains valid.

You can exercise these rights by writing to the Data Controller, or to the Data Protection Officer at the e-mail address dpo@eni.com. Without prejudice to your right to initiate other administrative or judicial proceedings, you also have the right to lodge a complaint with the competent supervisory authority (for UK: Information Commissioner’s Office) if you believe that there has been a breach of your rights with regard to the protection of your Personal Data.

  1. Changes to this Privacy Notice

We reserve the right to update this policy at any time, and we will notify you when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your Personal Data.