Dear User,

Fincantieri S.p.A., in its capacity as data controller, provides you with information regarding the processing of the personal data of users who consult the website for reports to the Oversight Board (the "Site") pursuant to Art. 13 of EU Regulation no. 679/2016 (the "Regulation").

This policy is provided only for the Site and not for other websites that may be accessed via links.

1. Data Controller

The Data Controller for the processing of your personal data collected during the use of the Site is Fincantieri S.p.A., VAT no. 00629440322, with registered office in Trieste, Via Genova 1, (hereinafter also referred to as the "Controller"), PEC, tel. +39 040 3193111 fax +39 040 3192305.

2. Types of data, purposes and legal basis of data processing

Registration data will be collected through the Site, if the user wishes to register, and report data and navigation data and will be processed, with the support of information technology, solely for the purposes of technical management of the Site and management of registered users and reports submitted through the Site.

Registration data: The Site requires users who wish to register to enter their data (such as name, surname, e-mail, password and identity document) with the aim of creating login credentials for users. These data are processed on the basis of the consent given by the users.

Report data: users, whether registered or not, can submit reports through the Site. In relation to this activity, in addition to the personal data contained in the text of the reports, the Site uses the information already present for registered users while, for unregistered users, it allows the insertion of first and last name. In addition, this category includes all personal data relating to natural persons who are the subject of the report. These data are processed on the basis of the legitimate interest of the Controller aimed at ensuring the correct management of reports within the internal control system implemented pursuant to Legislative Decree 231/01.

Navigation data: the computer systems and software procedures used to operate the Site acquire, during their normal operation, some data whose transmission is implicit in the use of Internet communication protocols. These data are processed on the basis of the legitimate interest of the Controller to ensure the proper management and delivery of the site.

This information is not collected to be associated with identified data subjects, but by its vey nature could, through processing and association with data held by third parties, allow users to be identified.

This category of data may include IP addresses or domain names of computers used by users connecting to the Site, URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters regarding the operating system and computer environment.

3. Cookies

The Site makes use of cookies as better specified in the relevant cookie policy available on the Site.

4. Recipients of personal data

Your personal data will not be disclosed to third parties, with the exception of third party companies that perform outsourcing activities on behalf of the Data Controller, in their capacity as data processors and in any case always in strict relation to and compatibly with the purposes set out above.

5. Transfer of personal data to a third country or an international organisation

The Controller does not intend to transfer your personal data to countries outside the European Union.

6. Period of retention of personal data

Your data will be stored in the following ways:

  • access data for the reserved area: for 24 months from the last user update of the information on the site;
  • for the purpose of managing reports to the Oversight Board, for 10 years from the date of first filing of the report.

7. Nature of consent for data processing and consequence of refusal to give consent

Registration data are optional and processed on the basis of user consent; failure to provide consent will make it impossible for users to register.

The report data collected are necessary for correct handling of the reports. The navigation data collected are necessary for the data subject to navigate around the Site.

8. Rights of the data subject

We inform you that, as the data subject, you have the right to obtain from the Controller:

Right of access:
(Article 15 of the Regulation)
confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, the right to obtain, among other things, access to your personal data and information regarding the purposes of the processing, the categories of personal data concerned and the recipients or categories of recipient to whom the personal data have been or will be disclosed.
Right to rectification:
(Article 16 of the Regulation)
(i) rectification without undue delay of inaccurate personal data concerning you and (ii) completion of your personal data, where incomplete.
Right to erasure ("right to be forgotten"):
(Article 17 of the Regulation)
erasure of personal data concerning you without undue delay (the Data Controller has the obligation to erase personal data without undue delay in the cases set out in Article 17 of the Regulation).
Right to restriction of processing:
(Article 18 of the Regulation)
restriction of processing in the cases set out in Article 18 of the Regulation.
Right to data portability: 
(Article 20 of the Regulation)
receipt in a structured, commonly used and machine-readable format of personal data concerning you; the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, in the cases set out in Article 20 of the Regulation.
Right to object for processing carried out under Article 6(1)(e) or (f): 
(Article 21 of the Regulation)
right to object, at any time, on grounds relating to your particular situation, to the processing of personal data relating to you under Article 6(1)(e) or (f), including profiling on the basis of such provisions. 





You will be able to exercise your rights at any time,  as well as to withdraw the consent given during registration by means of a formal request sent to the PEC address accompanied by an identity document.

You also have the right to lodge a complaint with the Data Protection Authority if you believe that the processing of your personal data breaches the provisions of EU Regulation no. 679/2016. 

The Controller plans to appoint a Data Protection Officer (DPO) who can be contacted at the following PEC address:

Loading loading