PRIVACY NOTICE FOR THE PROCESSING OF PERSONAL DATA PURSUANT TO ARTICLE 13 OF REGULATION (EU) 2016/679 (GDPR)
Pursuant to and for the purposes of the applicable legislation, including Regulation (EU) 2016/679, the “General Data Protection Regulation” (“GDPR”), Legislative Decree No. 196/2003 (“Privacy Code”), as well as any other applicable provisions regarding the protection of personal data (collectively, the “Privacy Regulations”), Trans Tunisian Pipeline Company S.p.A., in its capacity as Data Controller, hereby informs you that it will process the data provided by the user or otherwise obtained through the use of the website https://www.ttpc.sea-corridor.com/it (the “Website”) in the manner and for the purposes described in this privacy notice (the “Notice”).The terms of this Notice apply solely and exclusively to the Website and not to any other websites owned by the Data Controller or by third parties that the user may access through any links contained on the Website. Should the user access another website, it is recommended to read the privacy information applicable to that specific site.By browsing the Website, the user acknowledges that they have read and understood the contents of this Notice.
The Data Controller is Tunisian Pipeline Company S.p.A., (hereinafter also referred to as the “Controller” or the “Company”), with its registered office in San Donato Milanese, Piazza Ezio Vanoni, 1 (MI). You may contact the Data Controller by email at gdpr@sea-corridor.com, or by regular mail at the above address.The Company has appointed a Data Protection Officer (the “DPO”), responsible for data protection matters, who can be contacted at the following email address: groupseacorridor_dpo@pglex.it.
The Controller processes the following categories of personal data of users who browse and interact with the web services of the Website, in particular:
- Browsing dataThe computer systems and software procedures used to operate the Website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols or is used to improve the quality of the service provided. This information is not collected for the purpose of being associated with identified individuals; however, by its very nature, it could, through processing and association with data held by third parties, allow users to be identified.This category of data includes IP addresses or domain names of the computers used by users connecting to the Website, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server response (successful, error, etc.), and other parameters relating to the user’s operating system and IT environment.These data are used solely to obtain anonymous statistical information on the use of the Website and to verify its correct operation. The data may also be used to ascertain responsibility in the event of alleged computer crimes or in the case of damages suffered by the Company or third parties.
- Data voluntarily provided by the userUsers are not required to provide personal data to visit the Website. However, any contact between users and the Company - through the sending of emails, messages, or any other type of communication to the addresses indicated on the Website - entails the subsequent acquisition of common personal data, such as name, surname, and email address, as well as any other personal data that the user may voluntarily provide when interacting with the Company through the Website.
Therefore, if the user wishes to avoid the processing of their data by the Company, they are invited not to send any requests, or at least to provide the minimum amount of personal data necessary.
Personal data may be collected and processed for the following purposes:
| Purpose of the Processing | Legal Basis of the Processing | Nature of the Provision |
|---|
a) To allow users to access and use the web services of the Website | Article 6(1)(b) of the GDPR: performance of a contract to which the data subject is a party or to take steps at the data subject’s request prior to entering into a contract. | The provision of personal data is necessary and does not require your consent. Refusal to provide data may result in the Company being unable to provide the requested service, fulfill legal obligations, or respond to your requests. Providing data to handle information requests is not a legal or contractual requirement; however, it is necessary in order for the Company to respond to your inquiry. |
b) To manage user information requests. | Article 6(1)(b) of the GDPR: performance of a contract to which the data subject is a party or to take steps at the data subject’s request prior to entering into a contract. |
c) To prevent the commission of unlawful acts through the Website. | Article 6(1)(f) of the GDPR: pursuit of the Controller’s legitimate interest. |
d) To protect the Company’s rights in the event of potential legal disputes. | Article 6(1)(f) of the GDPR: pursuit of the Controller’s legitimate interest. |
e) To comply with legal obligations to which the Company is subject. | Article 6(1)(c) of the GDPR: compliance with a legal obligation to which the Controller is subject. |
With regard to the processing of personal data carried out in connection with the use of the Dicom portal and the Dashboard and Archive applications (the “
Portals”), please refer to the specific privacy
notice relating to the Portals.Should the Controller intend to use the personal data collected for any purpose incompatible with those for which they were originally collected or authorized, the Controller will inform the user in advance, and the user will have the right to refuse or withdraw their consent.For any processing of personal data carried out through cookies, please refer to the specific
Cookie Policy.If the Controller intends to process the user’s personal data through cookies or similar tracking tools, the user will be duly informed, and consent will be obtained where required.
Within the Company’s organizational structure, personal data will be processed by individuals authorized to carry out the processing who act under the authority of the Data Controller and have been duly instructed by the Controller. The processing will mainly be carried out using electronic systems, in compliance with the principles applicable to personal data processing pursuant to Article 5 of the GDPR.
Your data will be retained for the period necessary to fulfill legal obligations.The retention period of the data depends on the purposes for which they are processed and may therefore vary. The criteria used to determine the applicable retention period are as follows: personal data covered by this Notice will be retained for the time necessary (i) to manage the contractual relationship with the user, (ii) to handle complaints or specific requests from the user, (iii) to assert rights in legal proceedings, and (iv) for the period required by applicable legal provisions.For the retention periods of any personal data processed through cookies, please refer to the Cookie Policy.
Personal data will not be disclosed and may be communicated to competent authorities or to public or private entities in order to fulfill legal obligations.The personal data collected may be processed by third-party providers acting as data processors in connection with the services provided on behalf of the Company, based on specific contractual agreements, including for occasional maintenance operations and as necessary to perform services upon specific requests.Your personal data will not be transferred outside the European Union and/or the European Economic Area (“EEA”).The complete list of such entities or categories of entities is available at the Controller’s registered office and may be requested by sending a communication to the contact details indicated in paragraph 1 of this Notice.
Within the limits provided under Article 2-undecies of the Italian Privacy Code, you have the right to exercise at any time the rights granted by Articles 15 to 22 and 77 of the GDPR, which are briefly summarized below:
- Right of access: you may request information about the processing we carry out on your data or confirmation as to whether the Controller processes your personal data. In such cases, you may ask us to provide a copy of your data and verify which data we hold.
- Right to rectification: you have the right to request the correction of your personal data if they are inaccurate, including the right to request the completion of incomplete personal data.
- Right to erasure: you have the right to request the deletion of your data (or part of them) that you have provided to us, including those that are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- Right to restriction of processing: you may request that we restrict the processing of your personal data when the legal conditions are met.
- Right to object: you may object to the processing of your personal data, without prejudice to the existence of overriding legitimate grounds for continuing such processing.
- Right to data portability: you may obtain from the Company, in a structured, commonly used, and machine-readable format, the personal data you have provided, in order to transmit them to another entity. This right applies when the Company processes such data by automated means, based on consent or for the purpose of providing services.
- Withdrawal of consent: where processing is based on consent, you may withdraw it at any time, without prejudice to the lawfulness of processing carried out before such withdrawal.
- Right not to be subject to automated decision-making: you may request not to be subject to processing based solely on automated decision-making, including profiling, which produces legal effects concerning you or similarly significantly affects you. This right may not be exercised if: (i) the processing is necessary for entering into or performing a contract between you and the Controller; (ii) the processing is authorized by law; or (iii) the processing is based on your consent.
- Right to lodge a complaint with the Supervisory Authority: without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the competent Supervisory Authority if you believe that the processing carried out violates the applicable data protection laws.
Without prejudice to the procedures provided by the Italian Data Protection Authority (Garante Privacy) for submitting a complaint, you may exercise all other rights by sending a request to the Controller or to the DPO using the contact details indicated in paragraph 1 of this Notice.
