Contact us

WEBSITE PRIVACY NOTICE

pursuant to Articles 13 and 14 of UK General Data Protection Regulation

Pursuant to Regulation (EU) 2016/679 (“GDPR”), the UK General Data Protection Regulation (“UK GDPR”) and the UK Data Protection Act 2018, Eni International Resources Limited, (“Company” or “Data Controller“) trading as Wayfor provides the following information to enable users of the www.wayfor.global website (“Website“) to understand how their personal information is collected and processed when browsing the Website and using the services (“Services”) provided through it.

  1. Identity and contact details of the Data Controller

The Data Controller is Eni International Resources Limited, with registered office at 10 Ebury Bridge Road, London, SW1W 8PZ.

  1. Data protection officer contact details

The Company has appointed a Data Protection Officer, who can be contacted at the following e-mail address: dpo@eni.com

  1. Categories of processed personal data

The following Personal Data belonging to users (“Personal Data” or “Data“) is the subject of processing:

  • information related to the use of the Website; browsing data; technical data for operation of the Website; information related to the devices used, also collected through cookies;
  • data collected in the “Contact us” page (e.g., name, contact details, message drafted);
  • personal, professional and contact details collected from open accessible sources online (such as corporate websites and social media) related to points of contact at companies that may be interested in the Services offered by the Data Controller (hereinafter, “Business Contacts details”).
  1. Purpose and legal basis of processing

The Personal Data is processed:

  1. to fulfil obligations imposed by the applicable regulations and complying with requests from the public authorities;
  2. to follow up on user requests for the Services. For the aforementioned purpose, Personal Data will also be processed within the context of the administration and management of the Services, support, as well as to fulfil specific user requests;
  3. for commercial, promotional, advertising, marketing and newsletter communications (hereinafter “Marketing Communications”) from Wayfor via e-mail;
  4. to conduct analysis of the use of the Services on an aggregate basis in order to improve the Services provided and meet specific user needs;
  5. as part of extraordinary mergers, the sale or transfer of business operations, to carry out prodromal activities for such operations including due diligence;
  6. for lead generation activities – including e-mail and telephone communications to propose potential collaborations – entailing the processing of Business Contacts details;
  7. to ascertain, exercise, defend a right of the Data Controller and/or a third party including in court.

Personal Data processing for the purposes referred to in paragraph 4(a) is based on the need to fulfil legal obligations (Art. 6, para. 1(c) UK GDPR).

Personal Data processing for the purposes referred to in paragraph 4(b) is based on the need to fulfil the user’s request to receive the Services (Art. 6, para. 1(b) UK GDPR).

Personal Data processing for the purposes referred to in paragraph 4(c) and (d) is based on is based on the user’s consent (Art. 6, para. 1(a) UK GDPR).

Personal Data processing for the purpose referred to in paragraph 4(e) is based on the legitimate interest of the Data Controller in the continuation of their business activities (Art. 6, para. 1(f) UK GDPR).

Personal Data processing for the purpose referred to in paragraph 4(f) is based on the legitimate interest of the Data Controller in developing its business activities (Art. 6, para. 1(f) UK GDPR). Specifically, telephone communications are conducted subject to appropriate screening and in compliance with applicable regulatory requirements.

Personal Data processing for the purpose referred to in paragraph 4(g) is based on the legitimate interest of the Data Controller and/or third parties in protecting their rights (Art. 6, para. 1(f) UK GDPR).

For further information on the purposes of processing related to the use of cookies, please read our Cookie Policy.

  1. Personal Data processing methods

The Data may also be processed with the help of electronic or automated means, managed using tools that guarantee security and confidentiality, and will include any operation or set of operations necessary for its processing.

  1. Personal Data Recipients

To further the purposes set forth in section 4, the Data Controller may disclose users’ Personal Data to third parties from the following entities or categories of entities:

  • police forces, armed forces and other public authorities, for the fulfillment of legal or regulatory obligations or upon their request;
  • Eni S.p.A., its subsidiaries, its joint ventures, and companies in which Eni S.p.A. holds direct or indirect interests;
  • other companies contractually engaged by the Data Controller providing IT services, consultancy, service support or other related services.
  1. Transfer of Personal Data

Where necessary to fulfil the purposes described in paragraph 4, Personal Data may be transferred to and processed in a country outside the UK. Any such processing will be carried out solely for the purposes for which the data was collected and in accordance with applicable personal data protection laws, ensuring appropriate levels of confidentiality and security.

Where Personal Data is transferred outside the UK, the Data Controller will ensure that appropriate contractual, technical and organisational safeguards are implemented to ensure an adequate level of protection in accordance with this Privacy Notice and UK data protection law.

  1. Data retention period

The Personal Data will be stored on the Data Controller’s computer systems and protected using appropriate technical and organisational security measures for however long it takes to achieve the purpose described in paragraph 4 above, after which it will be securely deleted.

More specifically, (i) Personal Data for sending Marketing Communications will be retained for two years from when the user gives its consent to receive such communications; (ii) Business Contact details will be retained for a maximum period of 180 days from the date of the data subject’s last interaction following contact by the Company or from the date of the Company’s first contact, if no further interaction from the data subject takes place.

Personal Data may be retained for longer where necessary, for example, in connection with potential litigation, requests from competent authorities or to comply with other legal obligations.

  1. Rights of data subjects

Where applicable, and within the limits set by the UK GDPR, you are entitled to:

  • obtain confirmation from the Data Controller as to whether or not your Personal Data is being processed, and, where that is the case, access to the information listed in article 15 UK GDPR;
  • obtain from the Data Controller the rectification of inaccurate Personal Data, or, taking into account the purposes of the processing, have incomplete Personal Data completed in accordance with article 16 UK GDPR;
  • obtain from the Data Controller the erasure of Personal Data, where one of the grounds listed in article 17 UK GDPR applies;
  • obtain from the Data Controller the restriction of processing of Personal Data in the cases listed in article 18 UK GDPR;
  • receive – in a structured, commonly used and machine-readable format – the Personal Data provided to the Data Controller, so that you may transmit those data to another data controller without hindrance, in accordance with article 20 UK GDPR;
  • object to the processing of your Personal Data on the basis of your particular situation, unless there are compelling legitimate grounds for the processing that override your interests, rights and freedoms or compelling legitimate grounds to establish, exercise or defend legal claims, in accordance with article 21 UK GDPR;
  • withdraw your consent at any time. However, the processing of Personal Data carried out by the Data Controller prior to the withdrawal of consent will remain lawful and valid.

You can exercise these rights by writing to the Data Protection Officer at the e-mail address dpo@eni.com. Without prejudice to your right to initiate other administrative or judicial proceedings, you also have the right to lodge a complaint with the competent supervisory authority (for UK: Information Commissioner’s Office) if you believe that there has been a breach of your rights with regard to the protection of your Personal Data.

  1. Changes to this Privacy Notice

We reserve the right to update this policy at any time. If we do so, we will publish the updated policy on this website.